Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sec-policy/selinux-base
diff options
context:
space:
mode:
Diffstat (limited to 'sec-policy/selinux-base')
-rw-r--r--sec-policy/selinux-base/ChangeLog8
-rw-r--r--sec-policy/selinux-base/Manifest10
-rw-r--r--sec-policy/selinux-base/selinux-base-2.20130424-r2.ebuild160
3 files changed, 173 insertions, 5 deletions
diff --git a/sec-policy/selinux-base/ChangeLog b/sec-policy/selinux-base/ChangeLog
index 183252936d4b..9feef5e5e3cc 100644
--- a/sec-policy/selinux-base/ChangeLog
+++ b/sec-policy/selinux-base/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for sec-policy/selinux-base
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.32 2013/06/16 16:23:00 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.33 2013/07/20 21:30:38 swift Exp $
+
+*selinux-base-2.20130424-r2 (20 Jul 2013)
+
+ 20 Jul 2013; Sven Vermeulen <swift@gentoo.org>
+ +selinux-base-2.20130424-r2.ebuild:
+ Pushing out rev 2
16 Jun 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20130424-r1.ebuild:
diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest
index 3ac0e1db7e92..2f9febe83b2c 100644
--- a/sec-policy/selinux-base/Manifest
+++ b/sec-policy/selinux-base/Manifest
@@ -10,6 +10,7 @@ DIST patchbundle-selinux-base-policy-2.20120725-r7.tar.bz2 334263 SHA256 f96436d
DIST patchbundle-selinux-base-policy-2.20120725-r8.tar.bz2 335267 SHA256 17e5534f966b46ef101e452082d8349636d38e1850cdf55cd7c268e14bdb0124 SHA512 f167e5691a3769d7eb66ddba6a000df860387a3df2cc581df60e924e51495fe94247acfbc9991cd815f05ade747f7806a67c965929fe12994e8b362ab4da15df WHIRLPOOL 533a98fc8860aa8e91d738c2e4d932f2c16dddf02966716649e78d74126bc949524653e0a5443ca6e1e073ae37265ca3b0e28f1ceea510b7adfd510cf3167ac4
DIST patchbundle-selinux-base-policy-2.20120725-r9.tar.bz2 426009 SHA256 7abc4939838f69ad26100dc5f43358c5d9465db78acb0d343f59d59a02160591 SHA512 819075bb38f5a05f8eb1bb76157f911be5b71bb02d4789369e09b134241a9f776e660d02cea1cd2f5aae7aa93cfbc25cd3abe42fb1f9e4ccd9fdff8e6a45babe WHIRLPOOL 4ba77ea6e18f090d1e8a9d382adf28378d54bc5a6e1477733b46a3eef337b8159d5bdf702264aa54b3cb0881f1756790da906806d6fa5382424de95aeb864cec
DIST patchbundle-selinux-base-policy-2.20130424-r1.tar.bz2 249865 SHA256 a2f6d0ed3c02839cf71f7f3b75d52fd2182e1a929107e8c4dced0f5a4e01ddae SHA512 71f99b3f727be56c98c8e5129362dcdc01361cf3471107de79ce26cb908b059f24db23918b03b6ae52f5f7742a2d5f47e13f428fd1eb41e8c42e8e16b57415b6 WHIRLPOOL 39bd60b23eeda705d083ebc60f048fedb49e70b71b6a56173a656608d9c11adb060d47e66439d4fb53ab6670ffd79e1152586fbc0e6e2601b5e5b19fe06e2f83
+DIST patchbundle-selinux-base-policy-2.20130424-r2.tar.bz2 250772 SHA256 d7965b0c876a4b217cab35fcc4b709621d0e02ad21d7fed74fb588ea3125f06a SHA512 822f5c7905162e891989a43fd366f947bf1e34926d9eec6b2f2519348fa8430ae1c66914481973cac2ac128411dfa1ca9e3e9336c45bc1121fd8e83e9079ab14 WHIRLPOOL 1d213b77b87ad180da8bbda88aaf3e4bd7da14b397debc5df0696a7b6c28a72fceda600b1a62e17ada8dde8fcbace4e83f36e6b5a4da2cd11e38c92b46fb1a1d
DIST refpolicy-2.20120725.tar.bz2 594120 SHA256 7cd46ed908a4001368e6509d93e306ec6c9af2bfa6b70db88c9eaaefe257c635 SHA512 9cbe27fe30460c018da2bb3d94f321d656a259bf4f2e7ce6c2b015d02b5801de8a68c765c154c30ba5abf4f986957c9f303fc95b453f53db4fc4040443512333 WHIRLPOOL 107c10e89e99a3c63f8a806989e869dffd5baca1b9e41e2b02b12067a796d11abc87ac41a9c44a44a61215ed36df127f79e045b00cfb67d3c5318a766ff78b89
DIST refpolicy-2.20130424.tar.bz2 649845 SHA256 6039ba854f244a39dc727cc7db25632f7b933bb271c803772d754d4354f5aef4 SHA512 82ab38bc3425eb4b7d50c42564ebc28603e32e6f3266da164502f0cdc3a2f6bfe457518297824cb78f6f94211f9823fbc7254bb9e1d9df1cc7f284d326299705 WHIRLPOOL ba7539261a072d33e34afb940a1899ccdb2493c3b11eea3b166b9eb565478fd93cf580d09ef016f799a5dd5a4452086a623f9b3f38fbfb9a812e6e31bcd68e25
EBUILD selinux-base-2.20120725-r10.ebuild 4453 SHA256 41d014f4b0434050b18bd6eb174236fd815de9f0ddc0a818099dcfe4919cd102 SHA512 70dadf75b28d77783395f3153e4ea6679a274684a053e7cb2359db94d3d02a62f62e37fb1c239e9d1cd81ede8d66984415aa25af07e53c15c3b382c6856e984e WHIRLPOOL dde22fb3df31b28a1fced3251794e1a769a9db875deb14b0271e431dc1ec61f867c7a410ff4b7dc918e0e6d4e2a76873c95f83dc6734878270993b77fa58c3b8
@@ -20,13 +21,14 @@ EBUILD selinux-base-2.20120725-r7.ebuild 4174 SHA256 e7b94afe300457fd8295584d2e3
EBUILD selinux-base-2.20120725-r8.ebuild 4168 SHA256 56b1379b8849ee4c610aff727467fe477e89619d6af7172a6098f3a544d69609 SHA512 1138a9216299eac2d0bdd8cf3e5041613bafd878f1e4172d97e972099f981fa3633534abef1c85c0d678e65618fca2aa2e7307c43bfb9979ac1f8e1f65450eea WHIRLPOOL 65f4abb795749d0bd090a7cf52cc305eca349fd1287af1d963b29f571d6e5d97ee90bf3ef0b748e7e223a9f672fd27007ae0ba8e3f07488f0ecdbf8b9452eb12
EBUILD selinux-base-2.20120725-r9.ebuild 4452 SHA256 5bae3574a7be5837858a354c3587ca475bd209ef59e15b48dc2060a4e4194bee SHA512 07aa6e752df0b5c24ade53494b1b04d724011dd5e5c219a31e819bc1b465de6537b4791dd49a16b8b65a84a80b0b2ec567708dd163e27278a7706cfa7584c005 WHIRLPOOL c35df4248120889a6b0ee84bb1eaeed8bac3d7ea4873dc79de5cd31185abf98479cfa96b2ef01c725e26ccede4599b53330c6d35e508630f258b9146b0708a53
EBUILD selinux-base-2.20130424-r1.ebuild 4489 SHA256 9799bbe46cb1bae05e7b67c06aad7659a2eed4c1d27b1277fef47a2a0986f807 SHA512 fabc32275583875881623b5e428b1c12d1534f4b604928443d1f802c5e3a2e3e63b1fbfb2467af6581bfdd80913c28e3e26aee6053d225d54d0538b6439788af WHIRLPOOL f49b11b87e72664faf52d82427488460a3e5991c19636c2f00b876c7df06f17a75e3eb7c68a36d8c07cce4dc272249f2730e6f404765baea89eb014b3c518399
+EBUILD selinux-base-2.20130424-r2.ebuild 4491 SHA256 af3f418f4811b91b3b65e7060c6eb952ccf5533b7bb974d75b58367830d773fe SHA512 92b66199a07b59552f861787fba9dd0f6edf3f75927de4c2cfe1961051ab7521464925fd40701d6f0387f2ff80fd1f556fef7fb17af9cd3fa318f1ee0cee24dc WHIRLPOOL 89985210e63092ae55ec7ab703e8368d875d48eb94ca80f99f6d44c0f946e9bfb32ccc657e14fe2bc62b5d43b2a64c80639e674d9f2070da2f391f057e892cb6
EBUILD selinux-base-9999.ebuild 4168 SHA256 f48585c88a4a9f43fbf816244109dc522ae922dbddfca1c4b439de3a28cd3ea2 SHA512 55682deb8674faac0514fa056c1c9244a14d1479ec208eb40067bafd42badcec87d4abb28fe9e36e876919d8b9cd4de2a3f51bf5a9ccf3492d942778f0e85c0b WHIRLPOOL a36b1ef5136e40af7e8d7e18749a9d892f961703ad4168300a0f0ab137bfcc93d7c0a36fc5d6deb7ec0b8e3159ddba21ffcb7b5b8a3828cd2b458ca6d782afa0
-MISC ChangeLog 5621 SHA256 8b6308770e3f818df0076664ab190746bb9f3b9171a6f4d75798af46dec5a3ad SHA512 aa4649040efdf43c6585af9521180f46fd1113ea75084d4d8edf928e6f7fa29da0b8005cc665e9051fc759ec02b86a56b5cc72e19bb7ba4e60afa4c7c1d8c48c WHIRLPOOL 3129532bb4b8373dae6f4c9811dd1e1d727be2c6396a07589bcc338f7894b3ca4ccb198a8509f14039c58fd9b69bbf5c83f20e816b4c179cebf418096d15e8e0
+MISC ChangeLog 5772 SHA256 59dcae1cc75bbb09ce1169c70b6b8924797bc9d5229a9cf485d721fef5584262 SHA512 2240e5059980d06c3da70c5ea47f20e59c503127911930c94b541c40b10b0b4c73e4432a308b354cd3d4b1490840236e11548d1b2b297632e865a6408fd4fa1d WHIRLPOOL 7ae6ae52631161233a14e16f3080167be1057c4a2ae05e9bb8f8a6b3361a82597f3509a520db63c1c2e16326f350e5b4f07f83cb9f8be4a4f56d1674554ae765
MISC metadata.xml 753 SHA256 2542c8e9c994b3b2699d601ba980a8daef2288b5ad199867764f607978ddee67 SHA512 d5e803494fe0831fdddada0f1f464c941d93896afa19d9d1005daa8a4ebea7b20f905e6d0d89dd10ff1aceaee0c7c41c190f16b68bf4466c0f75d3a6110b8df0 WHIRLPOOL cd2535802ffacbdae1ff1787aa203311330202cb08df488dae59b178b102b818766d2320fe62de3cf7710047e8cafa6a41963381655d9fd5fb4c75a232decd52
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
-iEYEAREIAAYFAlG95jIACgkQXfqz7M26L9tMKwCgh9iUhg1sO2w9ypCphEtZQiSo
-QUAAoIk/W5ceaEgeBPKSu/4gmVBAT2Do
-=OYse
+iEYEAREIAAYFAlHrAbkACgkQXfqz7M26L9u+2wCdHkbsUcDaORA92sBDSbBbyPbs
+fTkAnjimtn9BeecaFTVmlRu5VeA7QYcC
+=FNxS
-----END PGP SIGNATURE-----
diff --git a/sec-policy/selinux-base/selinux-base-2.20130424-r2.ebuild b/sec-policy/selinux-base/selinux-base-2.20130424-r2.ebuild
new file mode 100644
index 000000000000..56de8b068588
--- /dev/null
+++ b/sec-policy/selinux-base/selinux-base-2.20130424-r2.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20130424-r2.ebuild,v 1.1 2013/07/20 21:30:38 swift Exp $
+EAPI="4"
+
+inherit eutils
+
+IUSE="+peer_perms +open_perms +ubac +unconfined doc"
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
+ http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-2.1.10
+ virtual/udev
+ !<=sec-policy/selinux-base-policy-2.20130424"
+DEPEND="${RDEPEND}
+ sys-devel/m4
+ >=sys-apps/checkpolicy-2.1.8"
+
+S=${WORKDIR}/
+
+src_prepare() {
+ # Apply the gentoo patches to the policy. These patches are only necessary
+ # for base policies, or for interface changes on modules.
+ EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
+ EPATCH_SUFFIX="patch" \
+ EPATCH_SOURCE="${WORKDIR}" \
+ EPATCH_FORCE="yes" \
+ epatch
+
+ cd "${S}/refpolicy"
+ # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
+ # system_r role
+ sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+ "${S}/refpolicy/config/appconfig-standard/default_contexts"
+ sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+ "${S}/refpolicy/config/appconfig-mls/default_contexts"
+ sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+ "${S}/refpolicy/config/appconfig-mcs/default_contexts"
+
+ epatch_user
+}
+
+src_configure() {
+ [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+ # Update the SELinux refpolicy capabilities based on the users' USE flags.
+
+ if ! use peer_perms; then
+ sed -i -e '/network_peer_controls/d' \
+ "${S}/refpolicy/policy/policy_capabilities"
+ fi
+
+ if ! use open_perms; then
+ sed -i -e '/open_perms/d' \
+ "${S}/refpolicy/policy/policy_capabilities"
+ fi
+
+ if ! use ubac; then
+ sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
+ || die "Failed to disable User Based Access Control"
+ fi
+
+ echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
+
+ # Prepare initial configuration
+ cd "${S}/refpolicy";
+ make conf || die "Make conf failed"
+
+ # Setup the policies based on the types delivered by the end user.
+ # These types can be "targeted", "strict", "mcs" and "mls".
+ for i in ${POLICY_TYPES}; do
+ cp -a "${S}/refpolicy" "${S}/${i}"
+ cd "${S}/${i}";
+
+ #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
+ sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
+
+ sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
+ "${S}/${i}/build.conf" || die "build.conf setup failed."
+
+ if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
+ then
+ # MCS/MLS require additional settings
+ sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
+ || die "failed to set type to mls"
+ fi
+
+ if [ "${i}" == "targeted" ]; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${i}/config/appconfig-standard/seusers" \
+ || die "targeted seusers setup failed."
+ fi
+
+ if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${i}/config/appconfig-${i}/seusers" \
+ || die "policy seusers setup failed."
+ fi
+ done
+}
+
+src_compile() {
+ [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+ for i in ${POLICY_TYPES}; do
+ cd "${S}/${i}"
+ make base || die "${i} compile failed"
+ if use doc; then
+ make html || die
+ fi
+ done
+}
+
+src_install() {
+ [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+ for i in ${POLICY_TYPES}; do
+ cd "${S}/${i}"
+
+ make DESTDIR="${D}" install \
+ || die "${i} install failed."
+
+ make DESTDIR="${D}" install-headers \
+ || die "${i} headers install failed."
+
+ echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+ echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+ # libsemanage won't make this on its own
+ keepdir "/etc/selinux/${i}/policy"
+
+ if use doc; then
+ dohtml doc/html/*;
+ fi
+
+ insinto /usr/share/selinux/devel;
+ doins doc/policy.xml;
+
+ done
+
+ doman man/man8/*.8;
+
+ dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+ insinto /etc/selinux
+ doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+ has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+ previous_less_than_r13=$?
+}