diff options
author | Sven Vermeulen <swift@gentoo.org> | 2012-01-14 19:57:53 +0000 |
---|---|---|
committer | Sven Vermeulen <swift@gentoo.org> | 2012-01-14 19:57:53 +0000 |
commit | 1ad4126a9d0b135731ed86f1226eb04f0b619ceb (patch) | |
tree | 814da63743441b33fa80240696b745b51fed0eae /sys-apps | |
parent | alpha/ia64/s390/sh/sparc stable wrt #393937 (diff) | |
download | gentoo-2-1ad4126a9d0b135731ed86f1226eb04f0b619ceb.tar.gz gentoo-2-1ad4126a9d0b135731ed86f1226eb04f0b619ceb.tar.bz2 gentoo-2-1ad4126a9d0b135731ed86f1226eb04f0b619ceb.zip |
Fix bug #393401, #375475
(Portage version: 2.1.10.41/cvs/Linux x86_64)
Diffstat (limited to 'sys-apps')
-rw-r--r-- | sys-apps/policycoreutils/ChangeLog | 13 | ||||
-rw-r--r-- | sys-apps/policycoreutils/metadata.xml | 3 | ||||
-rw-r--r-- | sys-apps/policycoreutils/policycoreutils-2.1.0-r2.ebuild | 136 |
3 files changed, 150 insertions, 2 deletions
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog index aece87eba0eb..ee248190b992 100644 --- a/sys-apps/policycoreutils/ChangeLog +++ b/sys-apps/policycoreutils/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-apps/policycoreutils -# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.94 2011/11/12 18:13:09 swift Exp $ +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.95 2012/01/14 19:57:53 swift Exp $ + + 14 Jan 2012; <swift@gentoo.org> +policycoreutils-2.1.0-r2.ebuild, + metadata.xml: + Mark audit as a local USE flag + +*policycoreutils-2.1.0-r2 (14 Jan 2012) + + 14 Jan 2012; <swift@gentoo.org> +policycoreutils-2.1.0-r2.ebuild: + Override auto-detection of pam and audit, use USE flags for this 12 Nov 2011; <swift@gentoo.org> -policycoreutils-2.0.82.ebuild, -policycoreutils-2.0.82-r1.ebuild, -policycoreutils-2.0.85.ebuild, diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml index 87cddb01c888..04b9b39ac0fe 100644 --- a/sys-apps/policycoreutils/metadata.xml +++ b/sys-apps/policycoreutils/metadata.xml @@ -14,4 +14,7 @@ avc_enforcing to query the current mode of the system, enforcing or permissive. </longdescription> + <use> + <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag> + </use> </pkgmetadata> diff --git a/sys-apps/policycoreutils/policycoreutils-2.1.0-r2.ebuild b/sys-apps/policycoreutils/policycoreutils-2.1.0-r2.ebuild new file mode 100644 index 000000000000..b2e07845059d --- /dev/null +++ b/sys-apps/policycoreutils/policycoreutils-2.1.0-r2.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.1.0-r2.ebuild,v 1.1 2012/01/14 19:57:53 swift Exp $ + +EAPI="3" +PYTHON_DEPEND="*" +PYTHON_USE_WITH="xml" +SUPPORT_PYTHON_ABIS="1" +RESTRICT_PYTHON_ABIS="*-jython" + +inherit multilib python toolchain-funcs eutils + +EXTRAS_VER="1.21" +SEMNG_VER="2.1.0" +SELNX_VER="2.1.0" +SEPOL_VER="2.1.0" + +IUSE="audit pam" + +DESCRIPTION="SELinux core utilities" +HOMEPAGE="http://userspace.selinuxproject.org" +SRC_URI="http://userspace.selinuxproject.org/releases/20110727/devel/${P}.tar.gz + http://dev.gentoo.org/~swift/patches/policycoreutils/policycoreutils-2.0.85-sesandbox.patch.gz + http://dev.gentoo.org/~swift/patches/policycoreutils/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz + http://dev.gentoo.org/~swift/patches/policycoreutils/policycoreutils-2.1.0-fix-makefile-pam-audit.patch.gz + mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2 + mirror://gentoo/policycoreutils-2.0.85-python3.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python] + >=sys-libs/glibc-2.4 + >=sys-libs/libcap-1.10-r10 + >=sys-libs/libsemanage-${SEMNG_VER}[python] + sys-libs/libcap-ng + >=sys-libs/libsepol-${SEPOL_VER} + sys-devel/gettext + audit? ( >=sys-process/audit-1.5.1 ) + pam? ( sys-libs/pam )" + +# pax-utils for scanelf used by rlpkg +RDEPEND="${COMMON_DEPS} + dev-python/sepolgen + app-misc/pax-utils" + +DEPEND="${COMMON_DEPS}" + +S2=${WORKDIR}/policycoreutils-extra + +src_prepare() { + # rlpkg is more useful than fixfiles + sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ + || die "fixfiles sed 1 failed" + sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ + || die "fixfiles sed 2 failed" + # We currently do not support MCS, so the sandbox code in policycoreutils + # is not usable yet. However, work for MCS is on the way and a reported + # vulnerability (bug #374897) might go by unnoticed if we ignore it now. + # As such, we will + # - prepare support for switching name from "sandbox" to "sesandbox" + epatch "${DISTDIR}/policycoreutils-2.0.85-sesandbox.patch.gz" + # - patch the sandbox and seunshare code to fix the vulnerability + # (uses, with permission, extract from + # http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob_plain;f=policycoreutils-rhat.patch;hb=HEAD) + epatch "${DISTDIR}/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz" + # But for now, disable building sandbox code + sed -i -e 's/sandbox //' "${S}/Makefile" || die "failed removing sandbox" + # Disable auto-detection of PAM and audit related stuff and override + epatch "${DISTDIR}/policycoreutils-2.1.0-fix-makefile-pam-audit.patch.gz" + # Overwrite gl.po, id.po and et.po with valid PO file + cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po" + cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po" + cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po" + # Fixed scripts for Python 3 support + cp "${WORKDIR}/seobject.py" "${S}/semanage/seobject.py" || die "failed to copy seobject.py" + cp "${WORKDIR}/semanage" "${S}/semanage/semanage" || die "failed to copy semanage" + cp "${WORKDIR}/chcat" "${S}/scripts/chcat" || die "failed to copy chcat" + cp "${WORKDIR}/audit2allow" "${S}/audit2allow/audit2allow" || die "failed to copy audit2allow" +} + +src_compile() { + local use_audit="n"; + local use_pam="n"; + + use audit && use_audit="y"; + use pam && use_pam="y"; + + python_copy_sources semanage sandbox + building() { + einfo "Compiling policycoreutils" + emake -C "${S}" AUDIT_LOG_PRIVS="y" AUDITH="${use_audit}" PAMH="${use_pam}" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die + einfo "Compiling policycoreutils-extra " + emake -C "${S2}" AUDIT_LOG_PRIVS="y" AUDITH="${use_audit}" PAMH="${use_pam}" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die + } + python_execute_function -s --source-dir semanage building +} + +src_install() { + local use_audit="n"; + local use_pam="n"; + + use audit && use_audit="y"; + use pam && use_pam="y"; + + # Python scripts are present in many places. There are no extension modules. + installation() { + einfo "Installing policycoreutils" + emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDITH="${use_audit}" PAMH="${use_pam}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1 + + einfo "Installing policycoreutils-extra" + emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1 + } + python_execute_function installation + python_merge_intermediate_installation_images "${T}/images" + + # remove redhat-style init script + rm -fR "${D}/etc/rc.d" + + # compatibility symlinks + dosym /sbin/setfiles /usr/sbin/setfiles + dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so + + # location for permissive definitions + dodir /var/lib/selinux + keepdir /var/lib/selinux +} + +pkg_postinst() { + python_mod_optimize seobject.py +} + +pkg_postrm() { + python_mod_cleanup seobject.py +} |