meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch

   1 From d919b110a2fbccdce084c651f4d7d7de66f2f869 Mon Sep 17 00:00:00 2001
   2 From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
   3 Date: Thu, 25 Jan 2018 13:47:37 +0100
   4 Subject: [PATCH 5/6] Allow to tune sockets
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 Allow to change the directory of sockets
  10 through a true integration of SOCKET_DIR
  11
  12 Allow to override the socket's group of
  13  - /run/cynara/cynara-agent.socket
  14  - /run/cynara/cynara-monitor-get.socket
  15
  16 through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP
  17
  18 Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef
  19 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
  20 ---
  21  systemd/CMakeLists.txt                                | 19 +++++++++++++++----
  22  .../{cynara-admin.socket => cynara-admin.socket.in}   |  2 +-
  23  .../{cynara-agent.socket => cynara-agent.socket.in}   |  4 ++--
  24  ...onitor-get.socket => cynara-monitor-get.socket.in} |  4 ++--
  25  systemd/{cynara.socket => cynara.socket.in}           |  2 +-
  26  5 files changed, 21 insertions(+), 10 deletions(-)
  27  rename systemd/{cynara-admin.socket => cynara-admin.socket.in} (78%)
  28  rename systemd/{cynara-agent.socket => cynara-agent.socket.in} (66%)
  29  rename systemd/{cynara-monitor-get.socket => cynara-monitor-get.socket.in} (64%)
  30  rename systemd/{cynara.socket => cynara.socket.in} (80%)
  31
  32 diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
  33 index 20accf0..1b75c12 100644
  34 --- a/systemd/CMakeLists.txt
  35 +++ b/systemd/CMakeLists.txt
  36 @@ -16,13 +16,24 @@
  37  # @author      Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
  38  #
  39
  40 +SET(CYNARA_ADMIN_SOCKET_GROUP
  41 +    "security_fw"
  42 +    CACHE STRING
  43 +    "Group to apply on administrative sockets")
  44 +
  45 +
  46 +CONFIGURE_FILE(cynara.socket.in             cynara.socket @ONLY)
  47 +CONFIGURE_FILE(cynara-admin.socket.in       cynara-admin.socket @ONLY)
  48 +CONFIGURE_FILE(cynara-agent.socket.in       cynara-agent.socket @ONLY)
  49 +CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY)
  50 +
  51  INSTALL(FILES
  52      ${CMAKE_SOURCE_DIR}/systemd/cynara.service
  53      ${CMAKE_SOURCE_DIR}/systemd/cynara.target
  54 -    ${CMAKE_SOURCE_DIR}/systemd/cynara.socket
  55 -    ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket
  56 -    ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket
  57 -    ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket
  58 +    ${CMAKE_BINARY_DIR}/systemd/cynara.socket
  59 +    ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket
  60 +    ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket
  61 +    ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket
  62      DESTINATION
  63      ${SYSTEMD_UNIT_DIR}
  64  )
  65 diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket.in
  66 similarity index 78%
  67 rename from systemd/cynara-admin.socket
  68 rename to systemd/cynara-admin.socket.in
  69 index ed38386..2364c3e 100644
  70 --- a/systemd/cynara-admin.socket
  71 +++ b/systemd/cynara-admin.socket.in
  72 @@ -1,5 +1,5 @@
  73  [Socket]
  74 -ListenStream=/run/cynara/cynara-admin.socket
  75 +ListenStream=@SOCKET_DIR@/cynara-admin.socket
  76  SocketMode=0600
  77  SmackLabelIPIn=@
  78  SmackLabelIPOut=@
  79 diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket.in
  80 similarity index 66%
  81 rename from systemd/cynara-agent.socket
  82 rename to systemd/cynara-agent.socket.in
  83 index 5a677e0..4f86c9d 100644
  84 --- a/systemd/cynara-agent.socket
  85 +++ b/systemd/cynara-agent.socket.in
  86 @@ -1,6 +1,6 @@
  87  [Socket]
  88 -ListenStream=/run/cynara/cynara-agent.socket
  89 -SocketGroup=security_fw
  90 +ListenStream=@SOCKET_DIR@/cynara-agent.socket
  91 +SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
  92  SocketMode=0060
  93  SmackLabelIPIn=*
  94  SmackLabelIPOut=@
  95 diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket.in
  96 similarity index 64%
  97 rename from systemd/cynara-monitor-get.socket
  98 rename to systemd/cynara-monitor-get.socket.in
  99 index a50feeb..b88dbf7 100644
 100 --- a/systemd/cynara-monitor-get.socket
 101 +++ b/systemd/cynara-monitor-get.socket.in
 102 @@ -1,6 +1,6 @@
 103  [Socket]
 104 -ListenStream=/run/cynara/cynara-monitor-get.socket
 105 -SocketGroup=security_fw
 106 +ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket
 107 +SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
 108  SocketMode=0060
 109  SmackLabelIPIn=@
 110  SmackLabelIPOut=@
 111 diff --git a/systemd/cynara.socket b/systemd/cynara.socket.in
 112 similarity index 80%
 113 rename from systemd/cynara.socket
 114 rename to systemd/cynara.socket.in
 115 index fad2745..ba76549 100644
 116 --- a/systemd/cynara.socket
 117 +++ b/systemd/cynara.socket.in
 118 @@ -1,5 +1,5 @@
 119  [Socket]
 120 -ListenStream=/run/cynara/cynara.socket
 121 +ListenStream=@SOCKET_DIR@/cynara.socket
 122  SocketMode=0666
 123  SmackLabelIPIn=*
 124  SmackLabelIPOut=@
 125 --
 126 2.14.3
 127