Gentoo Archives: gentoo-dev

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-dev@l.g.o
Subject:	*[gentoo-dev] We need you* for a USE="selinux" dependency**
Date:	Sun, 04 Dec 2011 20:37:35
Message-Id:	`20111204203550.GA20891@gentoo.org`

1	Hi guys 'n gals
2
3	obligatory tl;dr:
4	Please check your package below this list and see if it (the package) has
5	a proper DEPEND and RDEPEND on the listed sec-policy/selinux-<module> package(s)
6
7	Within the Gentoo Hardened project, we are working on getting the SELinux
8	support into shape. Recent evolutions are the stabilization of latest upstream
9	userspace utilities and policies as well as documentation improvements and even
10	some "human resource improvements" (read: fresh blood in our ranks).
11
12	Within SELinux, specific modules are used (called SELinux modules, because we
13	are not that creative in our naming) that contain the SELinux policy (what is
14	allowed) as well as labeling information for files (which we call file context
15	information). This labeling is very important in order for the policies to work
16	well - wrong labels will lead to applications running with wrong permissions
17	(which usually means "Application No Workie").
18
19	In Gentoo, unlike some other distributions, we try to keep the number of
20	loaded/installed modules to a minimum so that policy rebuilds as well as the
21	system overhead is limited. This results in a "base" policy (provided by
22	selinux-base-policy) and modules (provided by sec-policy/selinux-<modulename>). To make
23	sure that installations of a package pull in the right SELinux module, the
24	proper dependencies must be defined.
25
26	In the list below you will find "package dependency" information. This means
27	that the given package should have both DEPEND and RDEPEND on the dependency
28	(which is always of the form sec-policy/selinux-<modulename> since dependencies
29	on sec-policy/selinux-base-policy are always satisfied the moment a user has SELinux
30	enabled on his Gentoo system).
31
32	The dependency should be USE="selinux"-triggered (the selinux USE flag is masked
33	for non-SELinux profiles and mandatory on SELinux systems), like so:
34	IUSE="selinux"
35	DEPEND="selinux? ( sec-policy/selinux-<modulename> )"
36	RDEPEND="selinux? ( sec-policy/selinux-<modulename> )"
37
38	The dependency must be on both levels, because the SELinux module must be
39	installed before the package is installed (and in theory, RDEPEND could
40	trigger an installation afterwards): during the installation phase, Portage
41	labels the files on the system (which would get wrong labels if the module
42	isn't installed yet[1]). Also, DEPEND isn't sufficient due to binary package
43	support requirements.
44
45	Since there are quite a few packages that would need updates, I thought about
46	first mailing gentoo-dev for feedback and perhaps a first chunk of work done. I
47	also wouldn't mind creating bugreports for each of them, but that would still be
48	best done after having mailed gentoo-dev ;-)
49
50	Wkr,
51	Sven Vermeulen
52
53	[1] I am aware that Portage currently installs RDEPEND before the package
54	itself, but that might change in the future and other package managers might
55	exhibit different behavior.
56
57	games-board/aisleriot sec-policy/selinux-games
58	sys-apps/apmd sec-policy/selinux-apm
59	net-dns/bind sec-policy/selinux-bind
60	net-wireless/bluez sec-policy/selinux-bluetooth
61	app-i18n/canna sec-policy/selinux-canna
62	app-cdr/cdrkit sec-policy/selinux-cdrecord
63	app-cdr/cdrtools sec-policy/selinux-cdrecord
64	app-antivirus/clamav sec-policy/selinux-clamav
65	net-im/climm sec-policy/selinux-games
66	mail-mta/courier sec-policy/selinux-courier
67	net-print/cups sec-policy/selinux-lpd
68	dev-vcs/cvs sec-policy/selinux-cvs
69	sys-process/daemontools sec-policy/selinux-daemontools
70	sys-process/daemontools-encore sec-policy/selinux-daemontools
71	mail-filter/dcc sec-policy/selinux-dcc
72	app-admin/denyhosts sec-policy/selinux-denyhosts
73	sys-devel/distcc sec-policy/selinux-distcc
74	net-dns/djbdns sec-policy/selinux-djbdns
75	app-arch/dpkg sec-policy/selinux-dpkg
76	app-cdr/dvd+rw-tools sec-policy/selinux-cdrecord
77	www-client/epiphany sec-policy/selinux-mozilla
78	x11-misc/expocity sec-policy/selinux-wm
79	net-analyzer/fail2ban sec-policy/selinux-fail2ban
80	app-arch/fastjar sec-policy/selinux-java
81	net-mail/fetchmail sec-policy/selinux-fetchmail
82	www-client/firefox-bin sec-policy/selinux-mozilla
83	dev-java/gcj-jdk sec-policy/selinux-java
84	dev-vcs/gitolite sec-policy/selinux-gitosis
85	dev-vcs/gitolite-gentoo sec-policy/selinux-gitosis
86	dev-vcs/gitosis sec-policy/selinux-gitosis
87	dev-vcs/gitosis-gentoo sec-policy/selinux-gitosis
88	virtual/gnat sec-policy/selinux-ada
89	gnome-base/gnome-applets sec-policy/selinux-cpufreqselector
90	gnome-extra/gnome-games sec-policy/selinux-games
91	gnome-base/gnome-shell sec-policy/selinux-wm
92	app-crypt/gnupg sec-policy/selinux-gpg
93	www-servers/gorg sec-policy/selinux-gorg
94	gpe-base/gpe-dm sec-policy/selinux-xserver
95	net-print/hplip sec-policy/selinux-cups
96	x11-apps/iceauth sec-policy/selinux-xserver
97	net-misc/icecast sec-policy/selinux-icecast
98	net-nntp/inn sec-policy/selinux-inn
99	kde-base/katomic sec-policy/selinux-games
100	kde-base/kbattleship sec-policy/selinux-games
101	sys-apps/kbd sec-policy/selinux-loadkeys
102	kde-base/kblackbox sec-policy/selinux-games
103	kde-base/kbounce sec-policy/selinux-games
104	kde-base/kgoldrunner sec-policy/selinux-games
105	kde-base/kgpg sec-policy/selinux-gpg
106	net-wireless/kismet sec-policy/selinux-kismet
107	kde-base/kjumpingcube sec-policy/selinux-games
108	kde-base/klickety sec-policy/selinux-games
109	kde-base/klines sec-policy/selinux-games
110	kde-base/kmahjongg sec-policy/selinux-games
111	kde-base/kmines sec-policy/selinux-games
112	kde-base/kolf sec-policy/selinux-games
113	kde-base/konquest sec-policy/selinux-games
114	kde-base/kpat sec-policy/selinux-games
115	kde-base/kreversi sec-policy/selinux-games
116	kde-base/kshisen sec-policy/selinux-games
117	kde-base/kspaceduel sec-policy/selinux-games
118	kde-base/ktron sec-policy/selinux-games
119	kde-base/ktuberling sec-policy/selinux-games
120	app-emulation/libvirt sec-policy/selinux-xen
121	www-client/links sec-policy/selinux-links
122	kde-base/lskat sec-policy/selinux-games
123	dev-db/mariadb sec-policy/selinux-mysql
124	net-misc/memcached sec-policy/selinux-memcached
125	x11-wm/metacity sec-policy/selinux-wm
126	sys-apps/mlocate sec-policy/selinux-slocate
127	www-servers/mongrel sec-policy/selinux-apache
128	media-sound/mpd sec-policy/selinux-mpd
129	sys-cluster/mpich2 sec-policy/selinux-mpd
130	media-video/mplayer sec-policy/selinux-mplayer
131	media-video/mplayer2 sec-policy/selinux-mplayer
132	net-analyzer/mrtg sec-policy/selinux-mrtg
133	mail-client/mutt sec-policy/selinux-mutt
134	dev-db/mysql sec-policy/selinux-mysql
135	media-libs/nas sec-policy/selinux-soundserver
136	net-misc/netcf sec-policy/selinux-ncftool
137	net-ftp/netkit-ftpd sec-policy/selinux-publicfile
138	mail-mta/netqmail sec-policy/selinux-qmail
139	net-analyzer/ntop sec-policy/selinux-ntop
140	net-misc/nxserver-freeedition sec-policy/selinux-nx
141	net-misc/nxserver-freenx sec-policy/selinux-nx
142	x11-wm/openbox sec-policy/selinux-wm
143	net-misc/openconnect sec-policy/selinux-vpn
144	net-nntp/pan sec-policy/selinux-pan
145	sys-boot/plymouth sec-policy/selinux-plymouthd
146	app-admin/prelude-lml sec-policy/selinux-prelude
147	app-admin/prelude-manager sec-policy/selinux-prelude
148	mail-filter/procmail sec-policy/selinux-procmail
149	net-ftp/proftpd sec-policy/selinux-ftp
150	www-servers/publicfile sec-policy/selinux-publicfile
151	media-sound/pulseaudio sec-policy/selinux-pulseaudio
152	app-admin/puppet sec-policy/selinux-puppet
153	dev-python/pyzor sec-policy/selinux-pyzor
154	app-emulation/qemu sec-policy/selinux-qemu
155	app-emulation/qemu-kvm sec-policy/selinux-qemu
156	www-apps/roundup sec-policy/selinux-roundup
157	app-arch/rpm sec-policy/selinux-rpm
158	app-shells/rssh sec-policy/selinux-rssh
159	net-fs/samba sec-policy/selinux-samba
160	app-misc/screen sec-policy/selinux-screen
161	net-mail/serialmail sec-policy/selinux-daemontools
162	net-im/skype sec-policy/selinux-skype
163	net-nntp/slrn sec-policy/selinux-slrnpull
164	mail-filter/spamassassin sec-policy/selinux-spamassassin
165	net-misc/stunnel sec-policy/selinux-stunnel
166	net-nntp/suck sec-policy/selinux-inn
167	net-misc/taylor-uucp sec-policy/selinux-uucp
168	media-sound/timidity++ sec-policy/selinux-timidity
169	net-irc/tirc sec-policy/selinux-irc
170	net-misc/tor sec-policy/selinux-tor
171	media-tv/tvtime sec-policy/selinux-tvtime
172	x11-wm/twm sec-policy/selinux-wm
173	sys-apps/ucspi-tcp sec-policy/selinux-ucspitcp
174	sys-apps/usermode-utilities sec-policy/selinux-uml
175	www-servers/varnish sec-policy/selinux-varnishd
176	net-misc/vde sec-policy/selinux-vde
177	media-video/vlc sec-policy/selinux-mplayer
178	app-emulation/vmware-workstation sec-policy/selinux-vmware
179	net-analyzer/vnstat sec-policy/selinux-vnstatd
180	app-admin/webalizer sec-policy/selinux-webalizer
181	app-emulation/wine sec-policy/selinux-wine
182	net-analyzer/wireshark sec-policy/selinux-wireshark
183	net-wireless/wpa_supplicant sec-policy/selinux-networkmanager
184	x11-apps/xauth sec-policy/selinux-xserver
185	media-video/xine-ui sec-policy/selinux-mplayer
186	x11-base/xorg-server sec-policy/selinux-xprint
187	x11-base/xorg-server sec-policy/selinux-xprint
188	x11-misc/xscreensaver sec-policy/selinux-xscreensaver
189	sys-apps/yum sec-policy/selinux-rpm

Replies

Subject	Author
Re: [gentoo-dev] We need you for a USE="selinux" dependency	"Petteri Räty" <betelgeuse@g.o>
Re: [gentoo-dev] We need you for a USE="selinux" dependency	Fabio Erculiani <lxnay@g.o>
Re: [gentoo-dev] We need you for a USE="selinux" dependency	Mike Frysinger <vapier@g.o>
Re: [gentoo-dev] We need you for a USE="selinux" dependency	"Paweł Hajdan

Report Message

Find on MARC Find on Google Groups