[meta-virtualization] [PATCH 1/3] xen: avoid installing flask policy file as '/boot'

flihp at twobit.us flihp at twobit.us
Thu Oct 17 11:47:34 PDT 2013 

From: Philip Tricca <flihp at twobit.us>

Upstream patch to fix race condition between creating /boot and
installing the XSM policy. Race would cause policy to be written
to /boot instead of into the /boot directory if it didn't already
exist.

Signed-off-by: Philip Tricca <flihp at twobit.us>
---
 ...lask-avoid-installing-policy-file-as-boot.patch |   26 ++++++++++++++++++++
 recipes-extended/xen/xen_4.3.0.bb                  |    5 +++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 recipes-extended/xen/xen-4.3.0/flask-avoid-installing-policy-file-as-boot.patch

diff --git a/recipes-extended/xen/xen-4.3.0/flask-avoid-installing-policy-file-as-boot.patch b/recipes-extended/xen/xen-4.3.0/flask-avoid-installing-policy-file-as-boot.patch
new file mode 100644
index 0000000..d980807
--- /dev/null
+++ b/recipes-extended/xen/xen-4.3.0/flask-avoid-installing-policy-file-as-boot.patch
@@ -0,0 +1,26 @@
+From 8bff3edead4318bfebc487f929f833d11922c238 Mon Sep 17 00:00:00 2001
+From: "Vadim A. Misbakh-Soloviov" <mva at mva.name>
+Date: Tue, 30 Jul 2013 16:34:38 +0400
+Subject: [PATCH] flask: avoid installing policy file as '/boot'
+
+Signed-off-by: Vadim A. Misbakh-Soloviov <mva at mva.name>
+Acked-by: Daniel De Graaf <dgdegra at tycho.nsa.gov>
+---
+ tools/flask/policy/Makefile |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile
+index e666f3e..df1e8f3 100644
+--- a/tools/flask/policy/Makefile
++++ b/tools/flask/policy/Makefile
+@@ -103,6 +103,7 @@ POLICY_SECTIONS += $(USERS) $(CONSTRAINTS) $(ISID_DEFS)
+ all: $(POLICY_FILENAME)
+ 
+ install: $(POLICY_FILENAME)
++	$(INSTALL_DIR) $(POLICY_LOADPATH)
+ 	$(INSTALL_DATA) $^ $(POLICY_LOADPATH)
+ 
+ $(POLICY_FILENAME): policy.conf
+-- 
+1.7.10.4
+
diff --git a/recipes-extended/xen/xen_4.3.0.bb b/recipes-extended/xen/xen_4.3.0.bb
index e9a22cc..228f75f 100644
--- a/recipes-extended/xen/xen_4.3.0.bb
+++ b/recipes-extended/xen/xen_4.3.0.bb
@@ -6,7 +6,10 @@ PR = "r0"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=e0f0f3ac55608719a82394cc353928df"
 
-SRC_URI = "http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz"
+SRC_URI = " \
+    http://bits.xensource.com/oss-xen/release/${PV}/xen-${PV}.tar.gz \
+    file://flask-avoid-installing-policy-file-as-boot.patch \
+    "
 
 SRC_URI[md5sum] = "7b18cfb58f1ac2ce39cf35a1867f0c0a"
 SRC_URI[sha256sum] = "e1e9faabe4886e2227aacdbde74410653b233d66642ca1972a860cbec6439961"
-- 
1.7.10.4

More information about the meta-virtualization mailing list