1 |
blueness 11/06/30 10:17:35 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: selinux-base-policy-2.20101213-r17.ebuild |
5 |
Log: |
6 |
Add support for zabbix |
7 |
|
8 |
(Portage version: 2.1.9.42/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.76 sec-policy/selinux-base-policy/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.76&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.76&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.75&r2=1.76 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v |
20 |
retrieving revision 1.75 |
21 |
retrieving revision 1.76 |
22 |
diff -u -r1.75 -r1.76 |
23 |
--- ChangeLog 2 Jun 2011 12:06:45 -0000 1.75 |
24 |
+++ ChangeLog 30 Jun 2011 10:17:35 -0000 1.76 |
25 |
@@ -1,6 +1,13 @@ |
26 |
# ChangeLog for sec-policy/selinux-base-policy |
27 |
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.75 2011/06/02 12:06:45 blueness Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.76 2011/06/30 10:17:35 blueness Exp $ |
30 |
+ |
31 |
+*selinux-base-policy-2.20101213-r17 (30 Jun 2011) |
32 |
+ |
33 |
+ 30 Jun 2011; Anthony G. Basile <blueness@g.o> |
34 |
+ +selinux-base-policy-2.20101213-r17.ebuild, |
35 |
+ +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2: |
36 |
+ Add support for zabbix |
37 |
|
38 |
02 Jun 2011; Anthony G. Basile <blueness@g.o> |
39 |
selinux-base-policy-2.20101213-r16.ebuild: |
40 |
|
41 |
|
42 |
|
43 |
1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild |
44 |
|
45 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild?rev=1.1&view=markup |
46 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild?rev=1.1&content-type=text/plain |
47 |
|
48 |
Index: selinux-base-policy-2.20101213-r17.ebuild |
49 |
=================================================================== |
50 |
# Copyright 1999-2011 Gentoo Foundation |
51 |
# Distributed under the terms of the GNU General Public License v2 |
52 |
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild,v 1.1 2011/06/30 10:17:35 blueness Exp $ |
53 |
|
54 |
EAPI="1" |
55 |
IUSE="+peer_perms +open_perms +ubac" |
56 |
|
57 |
inherit eutils |
58 |
|
59 |
PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2" |
60 |
DESCRIPTION="Gentoo base policy for SELinux" |
61 |
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" |
62 |
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2" |
63 |
LICENSE="GPL-2" |
64 |
SLOT="0" |
65 |
|
66 |
KEYWORDS="~amd64 ~x86" |
67 |
|
68 |
RDEPEND=">=sys-apps/policycoreutils-1.30.30 |
69 |
>=sys-fs/udev-151" |
70 |
DEPEND="${RDEPEND} |
71 |
sys-devel/m4 |
72 |
>=sys-apps/checkpolicy-1.30.12" |
73 |
|
74 |
S=${WORKDIR}/ |
75 |
|
76 |
src_unpack() { |
77 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
78 |
MOD_CONF_VER="20090730" |
79 |
|
80 |
unpack ${A} |
81 |
|
82 |
cd "${S}" |
83 |
epatch "${PATCHBUNDLE}" |
84 |
cd "${S}/refpolicy" |
85 |
# Fix bug 257111 |
86 |
sed -i -e 's:system_crond_t:system_cronjob_t:g' \ |
87 |
"${S}/refpolicy/config/appconfig-standard/default_contexts" |
88 |
|
89 |
if ! use peer_perms; then |
90 |
sed -i -e '/network_peer_controls/d' \ |
91 |
"${S}/refpolicy/policy/policy_capabilities" |
92 |
fi |
93 |
|
94 |
if ! use open_perms; then |
95 |
sed -i -e '/open_perms/d' \ |
96 |
"${S}/refpolicy/policy/policy_capabilities" |
97 |
fi |
98 |
|
99 |
for i in ${POLICY_TYPES}; do |
100 |
cp -a "${S}/refpolicy" "${S}/${i}" |
101 |
|
102 |
cd "${S}/${i}"; |
103 |
make conf || die "Make conf in ${i} failed" |
104 |
|
105 |
cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \ |
106 |
"${S}/${i}/policy/modules.conf" \ |
107 |
|| die "failed to set up modules.conf" |
108 |
sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \ |
109 |
-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \ |
110 |
|| die "build.conf setup failed." |
111 |
|
112 |
if ! use ubac; then |
113 |
sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf" |
114 |
fi |
115 |
|
116 |
echo "DISTRO = gentoo" >> "${S}/${i}/build.conf" |
117 |
|
118 |
if [ "${i}" == "targeted" ]; then |
119 |
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ |
120 |
"${S}/${i}/config/appconfig-standard/seusers" \ |
121 |
|| die "targeted seusers setup failed." |
122 |
fi |
123 |
done |
124 |
} |
125 |
|
126 |
src_compile() { |
127 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
128 |
|
129 |
for i in ${POLICY_TYPES}; do |
130 |
cd "${S}/${i}" |
131 |
make base || die "${i} compile failed" |
132 |
done |
133 |
} |
134 |
|
135 |
src_install() { |
136 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
137 |
|
138 |
for i in ${POLICY_TYPES}; do |
139 |
cd "${S}/${i}" |
140 |
|
141 |
make DESTDIR="${D}" install \ |
142 |
|| die "${i} install failed." |
143 |
|
144 |
make DESTDIR="${D}" install-headers \ |
145 |
|| die "${i} headers install failed." |
146 |
|
147 |
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" |
148 |
|
149 |
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" |
150 |
|
151 |
# libsemanage won't make this on its own |
152 |
keepdir "/etc/selinux/${i}/policy" |
153 |
done |
154 |
|
155 |
dodoc doc/Makefile.example doc/example.{te,fc,if} |
156 |
|
157 |
insinto /etc/selinux |
158 |
doins "${FILESDIR}/config" |
159 |
} |
160 |
|
161 |
pkg_preinst() { |
162 |
has_version "<${CATEGORY}/${PN}-2.20101213-r13" |
163 |
previous_less_than_r13=$? |
164 |
} |
165 |
|
166 |
pkg_postinst() { |
167 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted" |
168 |
|
169 |
for i in ${POLICY_TYPES}; do |
170 |
einfo "Inserting base module into ${i} module store." |
171 |
|
172 |
cd "/usr/share/selinux/${i}" |
173 |
semodule -s "${i}" -b base.pp || die "Could not load in new base policy" |
174 |
done |
175 |
elog "Updates on policies might require you to relabel files. If you, after" |
176 |
elog "installing new SELinux policies, get 'permission denied' errors," |
177 |
elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." |
178 |
} |