80c20a281b
(1)Release Version Upgrade (2)Matching code changes with el7 to el8 Story: 2006729 Task: 37667 Change-Id: I5875bff0a222260e2630133d38cd0f4c9855cbb5 Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
From 15d8e3a327bc4ee96845163f962837cfcb4699bb Mon Sep 17 00:00:00 2001
|
|
From: Kam Nasim <kam.nasim@windriver.com>
|
|
Date: Tue, 6 Feb 2018 15:25:00 -0500
|
|
Subject: [PATCH] CGTS-8849: Security: Set immutable attribute and permissions
|
|
|
|
Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
|
|
---
|
|
SPECS/tboot.spec | 16 ++++++++++++++--
|
|
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
|
|
index f04dd17..1673095 100644
|
|
--- a/SPECS/tboot.spec
|
|
+++ b/SPECS/tboot.spec
|
|
@@ -33,9 +33,21 @@ CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
|
|
LDFLAGS="$RPM_LD_FLAGS"; export LDFLAGS
|
|
make debug=y %{?_smp_mflags}
|
|
|
|
+# On updating this package, we want to clear the immutable
|
|
+# attribute so that the module files can get overwritten
|
|
+if [ $1 -gt 1 ]; then
|
|
+ chattr -i /boot/tboot.gz /boot/tboot-syms
|
|
+fi
|
|
+exit 0
|
|
+
|
|
%install
|
|
make debug=y DISTDIR=$RPM_BUILD_ROOT install
|
|
|
|
+%post
|
|
+# Set immutable attribute on tboot modules
|
|
+chattr +i /boot/tboot.gz /boot/tboot-syms
|
|
+exit 0
|
|
+
|
|
%files
|
|
%doc README COPYING docs/* lcptools/lcptools2.txt lcptools/Linux_LCP_Tools_User_Manual.pdf
|
|
%config %{_sysconfdir}/grub.d/20_linux_tboot
|
|
@@ -71,8 +83,8 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
|
|
%{_mandir}/man8/lcp_writepol.8.gz
|
|
%{_mandir}/man8/tb_polgen.8.gz
|
|
%{_mandir}/man8/txt-stat.8.gz
|
|
-/boot/tboot.gz
|
|
-/boot/tboot-syms
|
|
+%attr(0400,root,root) /boot/tboot.gz
|
|
+%attr(0400,root,root) /boot/tboot-syms
|
|
|
|
%changelog
|
|
* Fri Sep 7 2018 Tony Camuso <tcamuso@redhat.com> - 1:1.9.7-1
|
|
--
|
|
1.8.3.1
|
|
|