1 |
swift 14/11/01 17:26:17 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: selinux-base-2.20140311-r7.ebuild |
5 |
Log: |
6 |
Bump revision r7 of SELinux policies |
7 |
|
8 |
(Portage version: 2.2.8-r2/cvs/Linux x86_64, signed Manifest commit with key 0x2EDD52403B68AF47) |
9 |
|
10 |
Revision Changes Path |
11 |
1.55 sec-policy/selinux-base/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?rev=1.55&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?rev=1.55&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?r1=1.54&r2=1.55 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v |
20 |
retrieving revision 1.54 |
21 |
retrieving revision 1.55 |
22 |
diff -u -r1.54 -r1.55 |
23 |
--- ChangeLog 1 Nov 2014 16:13:32 -0000 1.54 |
24 |
+++ ChangeLog 1 Nov 2014 17:26:17 -0000 1.55 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for sec-policy/selinux-base |
27 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.54 2014/11/01 16:13:32 swift Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.55 2014/11/01 17:26:17 swift Exp $ |
30 |
+ |
31 |
+*selinux-base-2.20140311-r7 (01 Nov 2014) |
32 |
+ |
33 |
+ 01 Nov 2014; Sven Vermeulen <swift@g.o> |
34 |
+ +selinux-base-2.20140311-r7.ebuild: |
35 |
+ Bump revision r7 of SELinux policies |
36 |
|
37 |
01 Nov 2014; Sven Vermeulen <swift@g.o> selinux-base-9999.ebuild: |
38 |
Add KEYWORDS logic in -9999 ebuilds for ease of copying |
39 |
|
40 |
|
41 |
|
42 |
1.1 sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: selinux-base-2.20140311-r7.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2014 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild,v 1.1 2014/11/01 17:26:17 swift Exp $ |
52 |
EAPI="5" |
53 |
|
54 |
inherit eutils |
55 |
|
56 |
if [[ ${PV} == 9999* ]]; then |
57 |
EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://git.overlays.gentoo.org/proj/hardened-refpolicy.git https://git.overlays.gentoo.org/gitroot/proj/hardened-refpolicy.git}" |
58 |
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" |
59 |
EGIT_SOURCEDIR="${WORKDIR}/refpolicy" |
60 |
|
61 |
inherit git-2 |
62 |
|
63 |
if [[ $PV == 9999* ]] ; then |
64 |
KEYWORDS="" |
65 |
else |
66 |
KEYWORDS="~amd64 ~x86" |
67 |
fi |
68 |
else |
69 |
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 |
70 |
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" |
71 |
|
72 |
KEYWORDS="~amd64 ~x86" |
73 |
fi |
74 |
|
75 |
IUSE="+peer_perms +open_perms +ubac +unconfined doc" |
76 |
|
77 |
DESCRIPTION="Gentoo base policy for SELinux" |
78 |
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" |
79 |
LICENSE="GPL-2" |
80 |
SLOT="0" |
81 |
|
82 |
RDEPEND=">=sys-apps/policycoreutils-2.3 |
83 |
virtual/udev |
84 |
!<=sec-policy/selinux-base-policy-2.20120725" |
85 |
DEPEND="${RDEPEND} |
86 |
sys-devel/m4 |
87 |
>=sys-apps/checkpolicy-2.3" |
88 |
|
89 |
S=${WORKDIR}/ |
90 |
|
91 |
#src_unpack() { |
92 |
# git-2_src_unpack |
93 |
#} |
94 |
|
95 |
src_prepare() { |
96 |
if [[ ${PV} != 9999* ]]; then |
97 |
# Apply the gentoo patches to the policy. These patches are only necessary |
98 |
# for base policies, or for interface changes on modules. |
99 |
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ |
100 |
EPATCH_SUFFIX="patch" \ |
101 |
EPATCH_SOURCE="${WORKDIR}" \ |
102 |
EPATCH_FORCE="yes" \ |
103 |
epatch |
104 |
fi |
105 |
|
106 |
cd "${S}/refpolicy" |
107 |
make bare |
108 |
# Fix bug 257111 - Correct the initial sid for cron-started jobs in the |
109 |
# system_r role |
110 |
sed -i -e 's:system_crond_t:system_cronjob_t:g' \ |
111 |
"${S}/refpolicy/config/appconfig-standard/default_contexts" |
112 |
sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ |
113 |
"${S}/refpolicy/config/appconfig-mls/default_contexts" |
114 |
sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ |
115 |
"${S}/refpolicy/config/appconfig-mcs/default_contexts" |
116 |
|
117 |
epatch_user |
118 |
} |
119 |
|
120 |
src_configure() { |
121 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
122 |
|
123 |
# Update the SELinux refpolicy capabilities based on the users' USE flags. |
124 |
|
125 |
if ! use peer_perms; then |
126 |
sed -i -e '/network_peer_controls/d' \ |
127 |
"${S}/refpolicy/policy/policy_capabilities" |
128 |
fi |
129 |
|
130 |
if ! use open_perms; then |
131 |
sed -i -e '/open_perms/d' \ |
132 |
"${S}/refpolicy/policy/policy_capabilities" |
133 |
fi |
134 |
|
135 |
if ! use ubac; then |
136 |
sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ |
137 |
|| die "Failed to disable User Based Access Control" |
138 |
fi |
139 |
|
140 |
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" |
141 |
|
142 |
# Prepare initial configuration |
143 |
cd "${S}/refpolicy"; |
144 |
make conf || die "Make conf failed" |
145 |
|
146 |
# Setup the policies based on the types delivered by the end user. |
147 |
# These types can be "targeted", "strict", "mcs" and "mls". |
148 |
for i in ${POLICY_TYPES}; do |
149 |
cp -a "${S}/refpolicy" "${S}/${i}" |
150 |
cd "${S}/${i}"; |
151 |
|
152 |
#cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf" |
153 |
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" |
154 |
|
155 |
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ |
156 |
"${S}/${i}/build.conf" || die "build.conf setup failed." |
157 |
|
158 |
if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; |
159 |
then |
160 |
# MCS/MLS require additional settings |
161 |
sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ |
162 |
|| die "failed to set type to mls" |
163 |
fi |
164 |
|
165 |
if [ "${i}" == "targeted" ]; then |
166 |
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ |
167 |
"${S}/${i}/config/appconfig-standard/seusers" \ |
168 |
|| die "targeted seusers setup failed." |
169 |
fi |
170 |
|
171 |
if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then |
172 |
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ |
173 |
"${S}/${i}/config/appconfig-${i}/seusers" \ |
174 |
|| die "policy seusers setup failed." |
175 |
fi |
176 |
done |
177 |
} |
178 |
|
179 |
src_compile() { |
180 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
181 |
|
182 |
for i in ${POLICY_TYPES}; do |
183 |
cd "${S}/${i}" |
184 |
make base || die "${i} compile failed" |
185 |
if use doc; then |
186 |
make html || die |
187 |
fi |
188 |
done |
189 |
} |
190 |
|
191 |
src_install() { |
192 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
193 |
|
194 |
for i in ${POLICY_TYPES}; do |
195 |
cd "${S}/${i}" |
196 |
|
197 |
make DESTDIR="${D}" install \ |
198 |
|| die "${i} install failed." |
199 |
|
200 |
make DESTDIR="${D}" install-headers \ |
201 |
|| die "${i} headers install failed." |
202 |
|
203 |
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" |
204 |
|
205 |
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" |
206 |
|
207 |
# libsemanage won't make this on its own |
208 |
keepdir "/etc/selinux/${i}/policy" |
209 |
|
210 |
if use doc; then |
211 |
dohtml doc/html/*; |
212 |
fi |
213 |
|
214 |
insinto /usr/share/selinux/devel; |
215 |
doins doc/policy.xml; |
216 |
|
217 |
done |
218 |
|
219 |
dodoc doc/Makefile.example doc/example.{te,fc,if} |
220 |
|
221 |
doman man/man8/*.8; |
222 |
|
223 |
insinto /etc/selinux |
224 |
doins "${FILESDIR}/config" |
225 |
} |
226 |
|
227 |
pkg_preinst() { |
228 |
has_version "<${CATEGORY}/${PN}-2.20101213-r13" |
229 |
previous_less_than_r13=$? |
230 |
} |