1 |
commit: 6c6fe18612deef41e53b1e008dd3fc90fc209d73 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jun 30 10:19:07 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jun 30 10:19:07 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=6c6fe186 |
7 |
|
8 |
sec-policy/elinux-base-policy: -r17 moved to the tree |
9 |
|
10 |
(Portage version: 2.1.9.42/git/Linux x86_64, signed Manifest commit with key 0xD0455535) |
11 |
|
12 |
--- |
13 |
sec-policy/selinux-base-policy/ChangeLog | 505 -------------------- |
14 |
sec-policy/selinux-base-policy/files/config | 12 - |
15 |
.../files/modules.conf.strict.20090730 | 49 -- |
16 |
.../files/modules.conf.targeted.20090730 | 50 -- |
17 |
...ndle-selinux-base-policy-2.20101213-r17.tar.bz2 | Bin 15055 -> 0 bytes |
18 |
sec-policy/selinux-base-policy/metadata.xml | 14 - |
19 |
.../selinux-base-policy-2.20101213-r17.ebuild | 129 ----- |
20 |
7 files changed, 0 insertions(+), 759 deletions(-) |
21 |
|
22 |
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog |
23 |
deleted file mode 100644 |
24 |
index 54c4b50..0000000 |
25 |
--- a/sec-policy/selinux-base-policy/ChangeLog |
26 |
+++ /dev/null |
27 |
@@ -1,505 +0,0 @@ |
28 |
-# ChangeLog for sec-policy/selinux-base-policy |
29 |
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 |
30 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.75 2011/06/02 12:06:45 blueness Exp $ |
31 |
- |
32 |
-*selinux-base-policy-2.20101213-r17 (29 Jun 2011) |
33 |
- |
34 |
- 29 Jun 2011; <swift@g.o> +selinux-base-policy-2.20101213-r17.ebuild, |
35 |
- +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2, +files/config, |
36 |
- +files/modules.conf.strict.20090730, +files/modules.conf.targeted.20090730, |
37 |
- +metadata.xml: |
38 |
- Add support for zabbix interfaces |
39 |
- |
40 |
- 02 Jun 2011; Anthony G. Basile <blueness@g.o> |
41 |
- selinux-base-policy-2.20101213-r16.ebuild: |
42 |
- Stable amd64 x86 |
43 |
- |
44 |
- 20 May 2011; Anthony G. Basile <blueness@g.o> |
45 |
- -selinux-base-policy-2.20101213-r5.ebuild, |
46 |
- -selinux-base-policy-2.20101213-r6.ebuild, |
47 |
- -selinux-base-policy-2.20101213-r7.ebuild, |
48 |
- -selinux-base-policy-2.20101213-r9.ebuild, |
49 |
- -selinux-base-policy-2.20101213-r10.ebuild, |
50 |
- -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2, |
51 |
- -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2, |
52 |
- -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2, |
53 |
- -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2, |
54 |
- -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2: |
55 |
- Removed deprecated revisions of base policy 2.20101213 |
56 |
- |
57 |
-*selinux-base-policy-2.20101213-r16 (20 May 2011) |
58 |
- |
59 |
- 20 May 2011; Anthony G. Basile <blueness@g.o> |
60 |
- +selinux-base-policy-2.20101213-r16.ebuild, |
61 |
- +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml: |
62 |
- Drop obsoleted policy builds, add openrc support (rc-update, rc-status), |
63 |
- correct file contexts for /lib64, make UBAC optional (#257111 and #306393), |
64 |
- use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream |
65 |
- |
66 |
-*selinux-base-policy-2.20101213-r12 (16 Apr 2011) |
67 |
-*selinux-base-policy-2.20101213-r11 (16 Apr 2011) |
68 |
- |
69 |
- 16 Apr 2011; Anthony G. Basile <blueness@g.o> |
70 |
- +selinux-base-policy-2.20101213-r11.ebuild, |
71 |
- +selinux-base-policy-2.20101213-r12.ebuild, |
72 |
- +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2, |
73 |
- +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2: |
74 |
- Added new patchbundles for rev bumps to base policy 2.20101213 |
75 |
- |
76 |
-*selinux-base-policy-2.20101213-r10 (07 Mar 2011) |
77 |
-*selinux-base-policy-2.20101213-r9 (07 Mar 2011) |
78 |
- |
79 |
- 07 Mar 2011; Anthony G. Basile <blueness@g.o> |
80 |
- +selinux-base-policy-2.20101213-r9.ebuild, |
81 |
- +selinux-base-policy-2.20101213-r10.ebuild, |
82 |
- +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2, |
83 |
- +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2: |
84 |
- Added new patchbundles for rev bumps to base policy 2.20101213 |
85 |
- |
86 |
- 05 Feb 2011; Anthony G. Basile <blueness@g.o> |
87 |
- +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2, |
88 |
- +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2, |
89 |
- +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2: |
90 |
- Added patchbundle for base policy 2.20101213. |
91 |
- |
92 |
-*selinux-base-policy-2.20101213-r7 (05 Feb 2011) |
93 |
-*selinux-base-policy-2.20101213-r6 (05 Feb 2011) |
94 |
-*selinux-base-policy-2.20101213-r5 (05 Feb 2011) |
95 |
- |
96 |
- 05 Feb 2011; Anthony G. Basile <blueness@g.o> |
97 |
- +selinux-base-policy-2.20101213-r5.ebuild, |
98 |
- +selinux-base-policy-2.20101213-r6.ebuild, |
99 |
- +selinux-base-policy-2.20101213-r7.ebuild: |
100 |
- New upstream policy. |
101 |
- |
102 |
-*selinux-base-policy-2.20091215 (16 Dec 2009) |
103 |
- |
104 |
- 16 Dec 2009; Chris PeBenito <pebenito@g.o> |
105 |
- +selinux-base-policy-2.20091215.ebuild: |
106 |
- New upstream release. |
107 |
- |
108 |
-*selinux-base-policy-20080525-r1 (14 Sep 2009) |
109 |
- |
110 |
- 14 Sep 2009; Chris PeBenito <pebenito@g.o> |
111 |
- +selinux-base-policy-20080525-r1.ebuild: |
112 |
- Update old base policy to support ext4. |
113 |
- |
114 |
- 14 Aug 2009; Chris PeBenito <pebenito@g.o> |
115 |
- -selinux-base-policy-20070329.ebuild, |
116 |
- -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild: |
117 |
- Mark 20080525 stable, clear old ebuilds. |
118 |
- |
119 |
-*selinux-base-policy-2.20090814 (14 Aug 2009) |
120 |
- |
121 |
- 14 Aug 2009; Chris PeBenito <pebenito@g.o> |
122 |
- +selinux-base-policy-2.20090814.ebuild: |
123 |
- Git version of refpolicy for misc fixes including some cron problems. |
124 |
- |
125 |
-*selinux-base-policy-2.20090730 (03 Aug 2009) |
126 |
- |
127 |
- 03 Aug 2009; Chris PeBenito <pebenito@g.o> |
128 |
- +selinux-base-policy-2.20090730.ebuild: |
129 |
- New upstream release. |
130 |
- |
131 |
- 18 Jul 2009; Chris PeBenito <pebenito@g.o> |
132 |
- selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild, |
133 |
- selinux-base-policy-20080525.ebuild: |
134 |
- Drop alpha, mips, ppc, sparc selinux support. |
135 |
- |
136 |
-*selinux-base-policy-20080525 (25 May 2008) |
137 |
- |
138 |
- 25 May 2008; Chris PeBenito <pebenito@g.o> |
139 |
- +selinux-base-policy-20080525.ebuild: |
140 |
- New SVN snapshot. |
141 |
- |
142 |
- 16 Mar 2008; Chris PeBenito <pebenito@g.o> |
143 |
- -selinux-base-policy-20051022-r1.ebuild, |
144 |
- -selinux-base-policy-20061114.ebuild: |
145 |
- Remove old ebuilds. |
146 |
- |
147 |
- 03 Feb 2008; Chris PeBenito <pebenito@g.o> |
148 |
- selinux-base-policy-20070928.ebuild: |
149 |
- Mark stable. |
150 |
- |
151 |
-*selinux-base-policy-20070928 (26 Nov 2007) |
152 |
- |
153 |
- 26 Nov 2007; Chris PeBenito <pebenito@g.o> |
154 |
- +selinux-base-policy-20070928.ebuild: |
155 |
- New SVN snapshot. |
156 |
- |
157 |
- 04 Jun 2007; Chris PeBenito <pebenito@g.o> |
158 |
- selinux-base-policy-20070329.ebuild: |
159 |
- Mark stable. |
160 |
- |
161 |
- 30 Mar 2007; Chris PeBenito <pebenito@g.o> |
162 |
- +files/selinux-base-policy-20070329.diff, |
163 |
- selinux-base-policy-20070329.ebuild: |
164 |
- Compile fix. |
165 |
- |
166 |
-*selinux-base-policy-20070329 (29 Mar 2007) |
167 |
- |
168 |
- 29 Mar 2007; Chris PeBenito <pebenito@g.o> |
169 |
- +selinux-base-policy-20070329.ebuild: |
170 |
- New SVN snapshot. |
171 |
- |
172 |
- 22 Feb 2007; Markus Ullmann <jokey@g.o> ChangeLog: |
173 |
- Redigest for Manifest2 |
174 |
- |
175 |
-*selinux-base-policy-20061114 (15 Nov 2006) |
176 |
- |
177 |
- 15 Nov 2006; Chris PeBenito <pebenito@g.o> |
178 |
- +selinux-base-policy-20061114.ebuild: |
179 |
- New SVN snapshot. |
180 |
- |
181 |
- 25 Oct 2006; Chris PeBenito <pebenito@g.o> |
182 |
- selinux-base-policy-20061015.ebuild: |
183 |
- Fix to have default POLICY_TYPES if it is empty. |
184 |
- |
185 |
- 21 Oct 2006; Chris PeBenito <pebenito@g.o> |
186 |
- selinux-base-policy-20061015.ebuild: |
187 |
- Fix xml generation failure to die. |
188 |
- |
189 |
-*selinux-base-policy-20061015 (15 Oct 2006) |
190 |
- |
191 |
- 15 Oct 2006; Chris PeBenito <pebenito@g.o> |
192 |
- -selinux-base-policy-20061008.ebuild, |
193 |
- +selinux-base-policy-20061015.ebuild: |
194 |
- Update for testing fixes. |
195 |
- |
196 |
-*selinux-base-policy-20061008 (08 Oct 2006) |
197 |
- |
198 |
- 08 Oct 2006; Chris PeBenito <pebenito@g.o> -files/semanage.conf, |
199 |
- +selinux-base-policy-20061008.ebuild, |
200 |
- -selinux-base-policy-99999999.ebuild: |
201 |
- First mainstream reference policy testing release. |
202 |
- |
203 |
- 29 Sep 2006; Chris PeBenito <pebenito@g.o> |
204 |
- selinux-base-policy-99999999.ebuild: |
205 |
- Fix for new SVN location. Fixes 147781. |
206 |
- |
207 |
- 22 Feb 2006; Stephen Bennett <spb@g.o> |
208 |
- selinux-base-policy-20051022-r1.ebuild: |
209 |
- Alpha stable |
210 |
- |
211 |
-*selinux-base-policy-99999999 (02 Feb 2006) |
212 |
- |
213 |
- 02 Feb 2006; Chris PeBenito <pebenito@g.o> +files/config, |
214 |
- +files/modules.conf.strict, +files/modules.conf.targeted, |
215 |
- +files/semanage.conf, +selinux-base-policy-99999999.ebuild: |
216 |
- Add experimental policy for testing reference policy. Requires portage fix |
217 |
- from bug #110857. |
218 |
- |
219 |
- 02 Feb 2006; Chris PeBenito <pebenito@g.o> |
220 |
- -selinux-base-policy-20050322.ebuild, |
221 |
- -selinux-base-policy-20050618.ebuild, |
222 |
- -selinux-base-policy-20050821.ebuild, |
223 |
- -selinux-base-policy-20051022.ebuild: |
224 |
- Clean out old ebuilds. |
225 |
- |
226 |
- 14 Jan 2006; Stephen Bennett <spb@g.o> |
227 |
- selinux-base-policy-20051022-r1.ebuild: |
228 |
- Added ~alpha |
229 |
- |
230 |
-*selinux-base-policy-20051022-r1 (08 Dec 2005) |
231 |
- |
232 |
- 08 Dec 2005; Chris PeBenito <pebenito@g.o> |
233 |
- +selinux-base-policy-20051022-r1.ebuild: |
234 |
- Change to use compatability genhomedircon. Newer policycoreutils (1.28) |
235 |
- breaks the backwards compatability this policy uses. |
236 |
- |
237 |
-*selinux-base-policy-20051022 (22 Oct 2005) |
238 |
- |
239 |
- 22 Oct 2005; Chris PeBenito <pebenito@g.o> |
240 |
- +selinux-base-policy-20051022.ebuild: |
241 |
- Very trivial fixes. |
242 |
- |
243 |
- 08 Sep 2005; Chris PeBenito <pebenito@g.o> |
244 |
- selinux-base-policy-20050821.ebuild: |
245 |
- Mark stable. |
246 |
- |
247 |
-*selinux-base-policy-20050821 (21 Aug 2005) |
248 |
- |
249 |
- 21 Aug 2005; Chris PeBenito <pebenito@g.o> |
250 |
- +selinux-base-policy-20050821.ebuild: |
251 |
- Minor updates for 2.6.12. |
252 |
- |
253 |
- 21 Jun 2005; Chris PeBenito <pebenito@g.o> |
254 |
- selinux-base-policy-20050618.ebuild: |
255 |
- Mark stable. |
256 |
- |
257 |
-*selinux-base-policy-20050618 (18 Jun 2005) |
258 |
- |
259 |
- 18 Jun 2005; Chris PeBenito <pebenito@g.o> |
260 |
- -selinux-base-policy-20041123.ebuild, |
261 |
- -selinux-base-policy-20050306.ebuild, |
262 |
- +selinux-base-policy-20050618.ebuild: |
263 |
- New release to support 2.6.12 features. |
264 |
- |
265 |
- 10 May 2005; Stephen Bennett <spb@g.o> |
266 |
- selinux-base-policy-20050322.ebuild: |
267 |
- mips stable |
268 |
- |
269 |
- 01 May 2005; Stephen Bennett <spb@g.o> |
270 |
- selinux-base-policy-20050322.ebuild: |
271 |
- Added ~mips. |
272 |
- |
273 |
-*selinux-base-policy-20050322 (23 Mar 2005) |
274 |
- |
275 |
- 23 Mar 2005; Chris PeBenito <pebenito@g.o> |
276 |
- +selinux-base-policy-20050322.ebuild: |
277 |
- New release. |
278 |
- |
279 |
-*selinux-base-policy-20050306 (06 Mar 2005) |
280 |
- |
281 |
- 06 Mar 2005; Chris PeBenito <pebenito@g.o> |
282 |
- +selinux-base-policy-20050306.ebuild: |
283 |
- Fix bad samba_domain dummy macro. Add policies needed for udev support. |
284 |
- |
285 |
-*selinux-base-policy-20050224 (24 Feb 2005) |
286 |
- |
287 |
- 24 Feb 2005; Chris PeBenito <pebenito@g.o> |
288 |
- +selinux-base-policy-20050224.ebuild: |
289 |
- New release. |
290 |
- |
291 |
- 19 Jan 2005; Chris PeBenito <pebenito@g.o> |
292 |
- selinux-base-policy-20041123.ebuild: |
293 |
- Mark stable. |
294 |
- |
295 |
-*selinux-base-policy-20041123 (23 Nov 2004) |
296 |
- |
297 |
- 23 Nov 2004; Chris PeBenito <pebenito@g.o> |
298 |
- +selinux-base-policy-20041123.ebuild: |
299 |
- New release with 1.18 merge. |
300 |
- |
301 |
-*selinux-base-policy-20041023 (23 Oct 2004) |
302 |
- |
303 |
- 23 Oct 2004; Chris PeBenito <pebenito@g.o> |
304 |
- +selinux-base-policy-20041023.ebuild: |
305 |
- New release with 1.16 merge. Tcpd and inetd have been deprecated since they |
306 |
- are not in the base system anymore, and probably no one uses them anyway. |
307 |
- |
308 |
-*selinux-base-policy-20040906 (06 Sep 2004) |
309 |
- |
310 |
- 06 Sep 2004; Chris PeBenito <pebenito@g.o> |
311 |
- +selinux-base-policy-20040906.ebuild: |
312 |
- New release with 1.14 merge, which has policy 18 (fine-grained netlink) |
313 |
- features. |
314 |
- |
315 |
- 05 Sep 2004; Chris PeBenito <pebenito@g.o> |
316 |
- selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild, |
317 |
- -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild, |
318 |
- selinux-base-policy-20040702.ebuild: |
319 |
- Remove old builds, switch to epause and ebeep in remaining builds. |
320 |
- |
321 |
-*selinux-base-policy-20040702 (02 Jul 2004) |
322 |
- |
323 |
- 02 Jul 2004; Chris PeBenito <pebenito@g.o> |
324 |
- +selinux-base-policy-20040702.ebuild: |
325 |
- Same as 20040629, except with updated flask headers, which will come out in |
326 |
- 2.6.8. |
327 |
- |
328 |
-*selinux-base-policy-20040629 (29 Jun 2004) |
329 |
- |
330 |
- 29 Jun 2004; Chris PeBenito <pebenito@g.o> |
331 |
- +selinux-base-policy-20040629.ebuild: |
332 |
- Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its |
333 |
- ablility to modify all files. Minor fixes: portage_r works again, syslog-ng |
334 |
- breakage fixed, put back manual PaX policy for pageexec/segmexec. |
335 |
- |
336 |
- 16 Jun 2004; Chris PeBenito <pebenito@g.o> |
337 |
- selinux-base-policy-20040604.ebuild: |
338 |
- Mark stable. |
339 |
- |
340 |
- 10 Jun 2004; Chris PeBenito <pebenito@g.o> |
341 |
- selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild, |
342 |
- selinux-base-policy-20040604.ebuild: |
343 |
- Add src_compile() stub |
344 |
- |
345 |
-*selinux-base-policy-20040604 (04 Jun 2004) |
346 |
- |
347 |
- 04 Jun 2004; Chris PeBenito <pebenito@g.o> |
348 |
- +selinux-base-policy-20040604.ebuild: |
349 |
- New release including 1.12 NSA policy, and experimental sesandbox. |
350 |
- |
351 |
- 15 May 2004; Chris PeBenito <pebenito@g.o> |
352 |
- selinux-base-policy-20040509.ebuild: |
353 |
- Mark stable. |
354 |
- |
355 |
-*selinux-base-policy-20040509 (09 May 2004) |
356 |
- |
357 |
- 09 May 2004; Chris PeBenito <pebenito@g.o> |
358 |
- +selinux-base-policy-20040509.ebuild: |
359 |
- A few small cleanups. Make PaX non exec pages macro based on arch. Large |
360 |
- portage update, get rid of portage_exec_fetch_t, portage will setexec. Add |
361 |
- global_ssp tunable. |
362 |
- |
363 |
-*selinux-base-policy-20040418 (18 Apr 2004) |
364 |
- |
365 |
- 18 Apr 2004; Chris PeBenito <pebenito@g.o> |
366 |
- +selinux-base-policy-20040418.ebuild: |
367 |
- New release for checkpolicy 1.10 |
368 |
- |
369 |
-*selinux-base-policy-20040414 (14 Apr 2004) |
370 |
- |
371 |
- 14 Apr 2004; Chris PeBenito <pebenito@g.o> |
372 |
- -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild: |
373 |
- Minor updates |
374 |
- |
375 |
-*selinux-base-policy-20040408 (08 Apr 2004) |
376 |
- |
377 |
- 08 Apr 2004; Chris PeBenito <pebenito@g.o> |
378 |
- selinux-base-policy-20040408.ebuild: |
379 |
- New update. Users.fc is now deprecated, as the contexts for user directories |
380 |
- is now automatically generated. Portage fetching of distfiles now has a |
381 |
- subdomain, for dropping priviledges. |
382 |
- |
383 |
- 28 Feb 2004; Chris PeBenito <pebenito@g.o> |
384 |
- selinux-base-policy-20040225.ebuild: |
385 |
- Mark stable. |
386 |
- |
387 |
-*selinux-base-policy-20040225 (25 Feb 2004) |
388 |
- |
389 |
- 25 Feb 2004; Chris PeBenito <pebenito@g.o> |
390 |
- selinux-base-policy-20040225.ebuild: |
391 |
- New support for PaX ACL hooks. Addition of tunable.te for configurable policy |
392 |
- options. Rewrite of portage.te. Now auto-transition for sysadm is default, can |
393 |
- reenable portage_r by tunable.te. Makefile update from NSA CVS. |
394 |
- |
395 |
-*selinux-base-policy-20040209 (09 Feb 2004) |
396 |
- |
397 |
- 09 Feb 2004; Chris PeBenito <pebenito@g.o> |
398 |
- selinux-base-policy-20040209.ebuild: |
399 |
- Minor revision to add XFS labeling and policy for integrated |
400 |
- runscript-run_init. |
401 |
- |
402 |
- 07 Feb 2004; Chris PeBenito <pebenito@g.o> |
403 |
- selinux-base-policy-20040202.ebuild: |
404 |
- Mark x86 stable. |
405 |
- |
406 |
-*selinux-base-policy-20040202 (02 Feb 2004) |
407 |
- |
408 |
- 02 Feb 2004; Chris PeBenito <pebenito@g.o> |
409 |
- selinux-base-policy-20040202.ebuild: |
410 |
- A few misc fixes. Allow portage to update bootloader code, such as in lilo or |
411 |
- grub postinst. This requires checkpolicy 1.4-r1. |
412 |
- |
413 |
-*selinux-base-policy-20031225 (25 Dec 2003) |
414 |
- |
415 |
- 25 Dec 2003; Chris PeBenito <pebenito@g.o> |
416 |
- selinux-base-policy-20031225.ebuild: |
417 |
- New release, with merged NSA 1.4 policy. One critical note, this policy |
418 |
- requires pam 0.77. Much work has been done to minimize access to /etc/shadow, |
419 |
- and one requirement is in the patch for pam 0.77. If you do not use this pam |
420 |
- version or newer, you will be unable to authenticate in enforcing. Since |
421 |
- devfs no longer is usable in SELinux, it's policy has been removed. You |
422 |
- should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc), |
423 |
- load the policy, and relabel. |
424 |
- |
425 |
- 27 Nov 2003; Chris PeBenito <pebenito@g.o> |
426 |
- selinux-base-policy-20031010-r1.ebuild: |
427 |
- Mark stable. Add build USE flag for stage building. |
428 |
- |
429 |
-*selinux-base-policy-20031010-r1 (12 Nov 2003) |
430 |
- |
431 |
- 12 Nov 2003; Chris PeBenito <pebenito@g.o> |
432 |
- selinux-base-policy-20031010-r1.ebuild, |
433 |
- files/selinux-base-policy-20031010-cvs.diff: |
434 |
- Add fixes from policy cvs for compilers, so non x86 and ppc compilers can |
435 |
- work. Also portage update as a side effect of updated setfiles code in |
436 |
- portage, from bug 31748. |
437 |
- |
438 |
- 28 Oct 2003; Chris PeBenito <pebenito@g.o> |
439 |
- selinux-base-policy-20031010.ebuild: |
440 |
- Mark stable |
441 |
- |
442 |
-*selinux-base-policy-20031010 (10 Oct 2003) |
443 |
- |
444 |
- 10 Oct 2003; Chris PeBenito <pebenito@g.o> |
445 |
- selinux-base-policy-20031010.ebuild: |
446 |
- New release for new API. Massive cleanups all over the place. |
447 |
- |
448 |
-*selinux-base-policy-20030817 (17 Aug 2003) |
449 |
- |
450 |
- 17 Aug 2003; Chris PeBenito <pebenito@g.o> |
451 |
- selinux-base-policy-20030817.ebuild: |
452 |
- Initial commit of new API policy |
453 |
- |
454 |
- 10 Aug 2003; Chris PeBenito <pebenito@g.o> |
455 |
- selinux-base-policy-20030729-r1.ebuild: |
456 |
- Mark stable |
457 |
- |
458 |
-*selinux-base-policy-20030729-r1 (31 Jul 2003) |
459 |
- |
460 |
- 31 Jul 2003; Chris PeBenito <pebenito@g.o> |
461 |
- selinux-base-policy-20030729-r1.ebuild: |
462 |
- New rev that handles an empty POLICYDIR sanely. |
463 |
- |
464 |
-*selinux-base-policy-20030729 (29 Jul 2003) |
465 |
- |
466 |
- 29 Jul 2003; Chris PeBenito <pebenito@g.o> |
467 |
- selinux-base-policy-20030729.ebuild: |
468 |
- Make the ebuild use POLICYDIR. Important fix so portage can load policy so |
469 |
- selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when |
470 |
- merging baselayout. |
471 |
- |
472 |
-*selinux-base-policy-20030720 (20 Jul 2003) |
473 |
- |
474 |
- 20 Jul 2003; Chris PeBenito <pebenito@g.o> |
475 |
- selinux-base-policy-20030720.ebuild: |
476 |
- Many fixes, including the syslog fix. File contexts have changed, so a relabel |
477 |
- is needed. You may encounter problems relabeling /usr/portage, as its file |
478 |
- context has changed, as files should not have the same type as a domain. |
479 |
- Relabelling in permissive will fix this, or temporarily give portage_t a |
480 |
- file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to |
481 |
- users.fc, since all users with SELinux identities should have their home |
482 |
- directories have the correct identity, not the generic identity. |
483 |
- |
484 |
- 06 Jun 2003; Chris PeBenito <pebenito@g.o> |
485 |
- selinux-base-policy-20030604.ebuild: |
486 |
- Mark stable |
487 |
- |
488 |
-*selinux-base-policy-20030604 (04 Jun 2003) |
489 |
- |
490 |
- 04 Jun 2003; Chris PeBenito <pebenito@g.o> |
491 |
- selinux-base-policy-20030604.ebuild: |
492 |
- Fix broken 20030603 |
493 |
- |
494 |
- 04 Jun 2003; Chris PeBenito <pebenito@g.o> |
495 |
- selinux-base-policy-20030603.ebuild: |
496 |
- Pulling 20030603, as there are problems, 20030604 later today |
497 |
- |
498 |
-*selinux-base-policy-20030603 (03 Jun 2003) |
499 |
- |
500 |
- 03 Jun 2003; Chris PeBenito <pebenito@g.o> |
501 |
- selinux-base-policy-20030603.ebuild: |
502 |
- Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies |
503 |
- as they are not appropriate for the base policy, and untested. |
504 |
- |
505 |
-*selinux-base-policy-20030522 (22 May 2003) |
506 |
- |
507 |
- 22 May 2003; Chris PeBenito <pebenito@g.o> |
508 |
- selinux-base-policy-20030522.ebuild: |
509 |
- The policy is in pretty good shape now. I've been able to run in enforcing mode |
510 |
- with little problem. I've also been able to successfully merge and unmerge |
511 |
- packages in enforcing mode, with few exceptions (why does mysql need to run ps |
512 |
- during configure?). |
513 |
- |
514 |
-*selinux-base-policy-20030514 (14 May 2003) |
515 |
- |
516 |
- 14 May 2003; Chris PeBenito <pebenito@g.o> |
517 |
- selinux-base-policy-20030514.ebuild: |
518 |
- Many improvements in many areas. Of note, rlogind policies were removed. Klogd |
519 |
- is being merged into syslogd. The portage policy is much more complete, but |
520 |
- still needs work. Its suggested that all changes be merged in, policy |
521 |
- reloaded, then relabel. |
522 |
- |
523 |
-*selinux-base-policy-20030419 (19 Apr 2003) |
524 |
- |
525 |
- 23 Apr 2003; Chris PeBenito <pebenito@g.o> |
526 |
- selinux-base-policy-20030419.ebuild: |
527 |
- Marking stable for selinux-small stable usage |
528 |
- |
529 |
- 19 Apr 2003; Chris PeBenito <pebenito@g.o> Manifest, |
530 |
- selinux-base-policy-20030419.ebuild: |
531 |
- Initial commit. Base policies for SELinux, with Gentoo-specifics |
532 |
- |
533 |
|
534 |
diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config |
535 |
deleted file mode 100644 |
536 |
index 41e6993..0000000 |
537 |
--- a/sec-policy/selinux-base-policy/files/config |
538 |
+++ /dev/null |
539 |
@@ -1,12 +0,0 @@ |
540 |
-# This file controls the state of SELinux on the system on boot. |
541 |
- |
542 |
-# SELINUX can take one of these three values: |
543 |
-# enforcing - SELinux security policy is enforced. |
544 |
-# permissive - SELinux prints warnings instead of enforcing. |
545 |
-# disabled - No SELinux policy is loaded. |
546 |
-SELINUX=permissive |
547 |
- |
548 |
-# SELINUXTYPE can take one of these two values: |
549 |
-# targeted - Only targeted network daemons are protected. |
550 |
-# strict - Full SELinux protection. |
551 |
-SELINUXTYPE=strict |
552 |
|
553 |
diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 |
554 |
deleted file mode 100644 |
555 |
index fcb3fd8..0000000 |
556 |
--- a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 |
557 |
+++ /dev/null |
558 |
@@ -1,49 +0,0 @@ |
559 |
-application = base |
560 |
-authlogin = base |
561 |
-bootloader = base |
562 |
-clock = base |
563 |
-consoletype = base |
564 |
-corecommands = base |
565 |
-corenetwork = base |
566 |
-cron = base |
567 |
-devices = base |
568 |
-dmesg = base |
569 |
-domain = base |
570 |
-files = base |
571 |
-filesystem = base |
572 |
-fstools = base |
573 |
-getty = base |
574 |
-hostname = base |
575 |
-hotplug = base |
576 |
-init = base |
577 |
-iptables = base |
578 |
-kernel = base |
579 |
-libraries = base |
580 |
-locallogin = base |
581 |
-logging = base |
582 |
-lvm = base |
583 |
-miscfiles = base |
584 |
-mcs = base |
585 |
-mls = base |
586 |
-modutils = base |
587 |
-mount = base |
588 |
-mta = base |
589 |
-netutils = base |
590 |
-nscd = base |
591 |
-portage = base |
592 |
-raid = base |
593 |
-rsync = base |
594 |
-selinux = base |
595 |
-selinuxutil = base |
596 |
-ssh = base |
597 |
-staff = base |
598 |
-storage = base |
599 |
-su = base |
600 |
-sysadm = base |
601 |
-sysnetwork = base |
602 |
-terminal = base |
603 |
-ubac = base |
604 |
-udev = base |
605 |
-userdomain = base |
606 |
-usermanage = base |
607 |
-unprivuser = base |
608 |
|
609 |
diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 |
610 |
deleted file mode 100644 |
611 |
index ee8a14c..0000000 |
612 |
--- a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 |
613 |
+++ /dev/null |
614 |
@@ -1,50 +0,0 @@ |
615 |
-application = base |
616 |
-authlogin = base |
617 |
-bootloader = base |
618 |
-clock = base |
619 |
-consoletype = base |
620 |
-corecommands = base |
621 |
-corenetwork = base |
622 |
-cron = base |
623 |
-devices = base |
624 |
-dmesg = base |
625 |
-domain = base |
626 |
-files = base |
627 |
-filesystem = base |
628 |
-fstools = base |
629 |
-getty = base |
630 |
-hostname = base |
631 |
-hotplug = base |
632 |
-init = base |
633 |
-iptables = base |
634 |
-kernel = base |
635 |
-libraries = base |
636 |
-locallogin = base |
637 |
-logging = base |
638 |
-lvm = base |
639 |
-miscfiles = base |
640 |
-mcs = base |
641 |
-mls = base |
642 |
-modutils = base |
643 |
-mount = base |
644 |
-mta = base |
645 |
-netutils = base |
646 |
-nscd = base |
647 |
-portage = base |
648 |
-raid = base |
649 |
-rsync = base |
650 |
-selinux = base |
651 |
-selinuxutil = base |
652 |
-ssh = base |
653 |
-staff = base |
654 |
-storage = base |
655 |
-su = base |
656 |
-sysadm = base |
657 |
-sysnetwork = base |
658 |
-terminal = base |
659 |
-ubac = base |
660 |
-udev = base |
661 |
-unconfined = base |
662 |
-userdomain = base |
663 |
-usermanage = base |
664 |
-unprivuser = base |
665 |
|
666 |
diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 |
667 |
deleted file mode 100644 |
668 |
index 5cab0d3..0000000 |
669 |
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 and /dev/null differ |
670 |
|
671 |
diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml |
672 |
deleted file mode 100644 |
673 |
index 393f3bb..0000000 |
674 |
--- a/sec-policy/selinux-base-policy/metadata.xml |
675 |
+++ /dev/null |
676 |
@@ -1,14 +0,0 @@ |
677 |
-<?xml version="1.0" encoding="UTF-8"?> |
678 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
679 |
-<pkgmetadata> |
680 |
- <herd>selinux</herd> |
681 |
- <longdescription> |
682 |
- Gentoo SELinux base policy. This contains policy for a system at the end of system installation. |
683 |
- There is no extra policy in this package. |
684 |
- </longdescription> |
685 |
- <use> |
686 |
- <flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag> |
687 |
- <flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag> |
688 |
- <flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag> |
689 |
- </use> |
690 |
-</pkgmetadata> |
691 |
|
692 |
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild |
693 |
deleted file mode 100644 |
694 |
index 7bc78de..0000000 |
695 |
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild |
696 |
+++ /dev/null |
697 |
@@ -1,129 +0,0 @@ |
698 |
-# Copyright 1999-2011 Gentoo Foundation |
699 |
-# Distributed under the terms of the GNU General Public License v2 |
700 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $ |
701 |
- |
702 |
-EAPI="1" |
703 |
-IUSE="+peer_perms +open_perms +ubac" |
704 |
- |
705 |
-inherit eutils |
706 |
- |
707 |
-PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2" |
708 |
-DESCRIPTION="Gentoo base policy for SELinux" |
709 |
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" |
710 |
-SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2" |
711 |
-LICENSE="GPL-2" |
712 |
-SLOT="0" |
713 |
- |
714 |
-KEYWORDS="~amd64 ~x86" |
715 |
- |
716 |
-RDEPEND=">=sys-apps/policycoreutils-1.30.30 |
717 |
- >=sys-fs/udev-151" |
718 |
-DEPEND="${RDEPEND} |
719 |
- sys-devel/m4 |
720 |
- >=sys-apps/checkpolicy-1.30.12" |
721 |
- |
722 |
-S=${WORKDIR}/ |
723 |
- |
724 |
-src_unpack() { |
725 |
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
726 |
- MOD_CONF_VER="20090730" |
727 |
- |
728 |
- unpack ${A} |
729 |
- |
730 |
- cd "${S}" |
731 |
- epatch "${PATCHBUNDLE}" |
732 |
- cd "${S}/refpolicy" |
733 |
- # Fix bug 257111 |
734 |
- sed -i -e 's:system_crond_t:system_cronjob_t:g' \ |
735 |
- "${S}/refpolicy/config/appconfig-standard/default_contexts" |
736 |
- |
737 |
- if ! use peer_perms; then |
738 |
- sed -i -e '/network_peer_controls/d' \ |
739 |
- "${S}/refpolicy/policy/policy_capabilities" |
740 |
- fi |
741 |
- |
742 |
- if ! use open_perms; then |
743 |
- sed -i -e '/open_perms/d' \ |
744 |
- "${S}/refpolicy/policy/policy_capabilities" |
745 |
- fi |
746 |
- |
747 |
- for i in ${POLICY_TYPES}; do |
748 |
- cp -a "${S}/refpolicy" "${S}/${i}" |
749 |
- |
750 |
- cd "${S}/${i}"; |
751 |
- make conf || die "Make conf in ${i} failed" |
752 |
- |
753 |
- cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \ |
754 |
- "${S}/${i}/policy/modules.conf" \ |
755 |
- || die "failed to set up modules.conf" |
756 |
- sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \ |
757 |
- -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \ |
758 |
- || die "build.conf setup failed." |
759 |
- |
760 |
- if ! use ubac; then |
761 |
- sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf" |
762 |
- fi |
763 |
- |
764 |
- echo "DISTRO = gentoo" >> "${S}/${i}/build.conf" |
765 |
- |
766 |
- if [ "${i}" == "targeted" ]; then |
767 |
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ |
768 |
- "${S}/${i}/config/appconfig-standard/seusers" \ |
769 |
- || die "targeted seusers setup failed." |
770 |
- fi |
771 |
- done |
772 |
-} |
773 |
- |
774 |
-src_compile() { |
775 |
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
776 |
- |
777 |
- for i in ${POLICY_TYPES}; do |
778 |
- cd "${S}/${i}" |
779 |
- make base || die "${i} compile failed" |
780 |
- done |
781 |
-} |
782 |
- |
783 |
-src_install() { |
784 |
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
785 |
- |
786 |
- for i in ${POLICY_TYPES}; do |
787 |
- cd "${S}/${i}" |
788 |
- |
789 |
- make DESTDIR="${D}" install \ |
790 |
- || die "${i} install failed." |
791 |
- |
792 |
- make DESTDIR="${D}" install-headers \ |
793 |
- || die "${i} headers install failed." |
794 |
- |
795 |
- echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" |
796 |
- |
797 |
- echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" |
798 |
- |
799 |
- # libsemanage won't make this on its own |
800 |
- keepdir "/etc/selinux/${i}/policy" |
801 |
- done |
802 |
- |
803 |
- dodoc doc/Makefile.example doc/example.{te,fc,if} |
804 |
- |
805 |
- insinto /etc/selinux |
806 |
- doins "${FILESDIR}/config" |
807 |
-} |
808 |
- |
809 |
-pkg_preinst() { |
810 |
- has_version "<${CATEGORY}/${PN}-2.20101213-r13" |
811 |
- previous_less_than_r13=$? |
812 |
-} |
813 |
- |
814 |
-pkg_postinst() { |
815 |
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
816 |
- |
817 |
- for i in ${POLICY_TYPES}; do |
818 |
- einfo "Inserting base module into ${i} module store." |
819 |
- |
820 |
- cd "/usr/share/selinux/${i}" |
821 |
- semodule -s "${i}" -b base.pp || die "Could not load in new base policy" |
822 |
- done |
823 |
- elog "Updates on policies might require you to relabel files. If you, after" |
824 |
- elog "installing new SELinux policies, get 'permission denied' errors," |
825 |
- elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." |
826 |
-} |