1 |
blueness 11/07/25 22:13:22 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: selinux-base-policy-2.20101213-r21.ebuild |
5 |
selinux-base-policy-2.20101213-r20.ebuild |
6 |
Log: |
7 |
Improve portage/emerge-webrsync, layman; fix firefox, cron, semanage, bugs #376005, #375835 |
8 |
|
9 |
(Portage version: 2.1.10.3/cvs/Linux x86_64) |
10 |
|
11 |
Revision Changes Path |
12 |
1.81 sec-policy/selinux-base-policy/ChangeLog |
13 |
|
14 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.81&view=markup |
15 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.81&content-type=text/plain |
16 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.80&r2=1.81 |
17 |
|
18 |
Index: ChangeLog |
19 |
=================================================================== |
20 |
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v |
21 |
retrieving revision 1.80 |
22 |
retrieving revision 1.81 |
23 |
diff -u -r1.80 -r1.81 |
24 |
--- ChangeLog 11 Jul 2011 01:59:36 -0000 1.80 |
25 |
+++ ChangeLog 25 Jul 2011 22:13:22 -0000 1.81 |
26 |
@@ -1,6 +1,18 @@ |
27 |
# ChangeLog for sec-policy/selinux-base-policy |
28 |
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 |
29 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $ |
30 |
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.81 2011/07/25 22:13:22 blueness Exp $ |
31 |
+ |
32 |
+*selinux-base-policy-2.20101213-r21 (25 Jul 2011) |
33 |
+*selinux-base-policy-2.20101213-r20 (25 Jul 2011) |
34 |
+ |
35 |
+ 25 Jul 2011; Anthony G. Basile <blueness@g.o> |
36 |
+ +selinux-base-policy-2.20101213-r20.ebuild, |
37 |
+ +selinux-base-policy-2.20101213-r21.ebuild, +files/modules.conf, |
38 |
+ files/config: |
39 |
+ Support unattended use of portage/emerge-webrsync, add layman in its own |
40 |
+ domain, fix a firefox context mismatch, allow cron to call portage, mark |
41 |
+ semanage as being an eselect wrapper too (fixes /etc/selinux labeling |
42 |
+ mismatches). Bugs fixed: #376005, #375835 (workaround) |
43 |
|
44 |
11 Jul 2011; Anthony G. Basile <blueness@g.o> |
45 |
-files/selinux-base-policy-20070329.diff, |
46 |
|
47 |
|
48 |
|
49 |
1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild |
50 |
|
51 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild?rev=1.1&view=markup |
52 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild?rev=1.1&content-type=text/plain |
53 |
|
54 |
Index: selinux-base-policy-2.20101213-r21.ebuild |
55 |
=================================================================== |
56 |
# Copyright 1999-2011 Gentoo Foundation |
57 |
# Distributed under the terms of the GNU General Public License v2 |
58 |
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $ |
59 |
|
60 |
EAPI="1" |
61 |
IUSE="+peer_perms +open_perms +ubac" |
62 |
|
63 |
inherit eutils |
64 |
|
65 |
#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2" |
66 |
PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2" |
67 |
DESCRIPTION="Gentoo base policy for SELinux" |
68 |
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" |
69 |
#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2" |
70 |
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 |
71 |
http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2" |
72 |
LICENSE="GPL-2" |
73 |
SLOT="0" |
74 |
|
75 |
KEYWORDS="~amd64 ~x86" |
76 |
|
77 |
RDEPEND=">=sys-apps/policycoreutils-1.30.30 |
78 |
>=sys-fs/udev-151" |
79 |
DEPEND="${RDEPEND} |
80 |
sys-devel/m4 |
81 |
>=sys-apps/checkpolicy-1.30.12" |
82 |
|
83 |
S=${WORKDIR}/ |
84 |
|
85 |
src_unpack() { |
86 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
87 |
|
88 |
unpack ${A} |
89 |
|
90 |
cd "${S}" |
91 |
epatch "${PATCHBUNDLE}" |
92 |
cd "${S}/refpolicy" |
93 |
# Fix bug 257111 |
94 |
sed -i -e 's:system_crond_t:system_cronjob_t:g' \ |
95 |
"${S}/refpolicy/config/appconfig-standard/default_contexts" |
96 |
sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ |
97 |
"${S}/refpolicy/config/appconfig-mls/default_contexts" |
98 |
sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ |
99 |
"${S}/refpolicy/config/appconfig-mcs/default_contexts" |
100 |
|
101 |
if ! use peer_perms; then |
102 |
sed -i -e '/network_peer_controls/d' \ |
103 |
"${S}/refpolicy/policy/policy_capabilities" |
104 |
fi |
105 |
|
106 |
if ! use open_perms; then |
107 |
sed -i -e '/open_perms/d' \ |
108 |
"${S}/refpolicy/policy/policy_capabilities" |
109 |
fi |
110 |
|
111 |
for i in ${POLICY_TYPES}; do |
112 |
cp -a "${S}/refpolicy" "${S}/${i}" |
113 |
|
114 |
cd "${S}/${i}"; |
115 |
make conf || die "Make conf in ${i} failed" |
116 |
|
117 |
# Define what we see as "base" and what we want to remain modular |
118 |
cp "${FILESDIR}/modules.conf" \ |
119 |
"${S}/${i}/policy/modules.conf" \ |
120 |
|| die "failed to set up modules.conf" |
121 |
if [[ "${i}" == "targeted" ]]; |
122 |
then |
123 |
echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" |
124 |
fi |
125 |
sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \ |
126 |
-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \ |
127 |
|| die "build.conf setup failed." |
128 |
|
129 |
if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; |
130 |
then |
131 |
# MCS/MLS require additional settings |
132 |
sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ |
133 |
|| die "failed to set type to mls" |
134 |
fi |
135 |
|
136 |
if ! use ubac; then |
137 |
sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf" |
138 |
fi |
139 |
|
140 |
echo "DISTRO = gentoo" >> "${S}/${i}/build.conf" |
141 |
|
142 |
if [ "${i}" == "targeted" ]; then |
143 |
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ |
144 |
"${S}/${i}/config/appconfig-standard/seusers" \ |
145 |
|| die "targeted seusers setup failed." |
146 |
fi |
147 |
done |
148 |
} |
149 |
|
150 |
src_compile() { |
151 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
152 |
|
153 |
for i in ${POLICY_TYPES}; do |
154 |
cd "${S}/${i}" |
155 |
make base || die "${i} compile failed" |
156 |
done |
157 |
} |
158 |
|
159 |
src_install() { |
160 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
161 |
|
162 |
for i in ${POLICY_TYPES}; do |
163 |
cd "${S}/${i}" |
164 |
|
165 |
make DESTDIR="${D}" install \ |
166 |
|| die "${i} install failed." |
167 |
|
168 |
make DESTDIR="${D}" install-headers \ |
169 |
|| die "${i} headers install failed." |
170 |
|
171 |
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" |
172 |
|
173 |
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" |
174 |
|
175 |
# libsemanage won't make this on its own |
176 |
keepdir "/etc/selinux/${i}/policy" |
177 |
done |
178 |
|
179 |
dodoc doc/Makefile.example doc/example.{te,fc,if} |
180 |
|
181 |
insinto /etc/selinux |
182 |
doins "${FILESDIR}/config" |
183 |
} |
184 |
|
185 |
pkg_preinst() { |
186 |
has_version "<${CATEGORY}/${PN}-2.20101213-r13" |
187 |
previous_less_than_r13=$? |
188 |
} |
189 |
|
190 |
pkg_postinst() { |
191 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
192 |
|
193 |
for i in ${POLICY_TYPES}; do |
194 |
einfo "Inserting base module into ${i} module store." |
195 |
|
196 |
cd "/usr/share/selinux/${i}" |
197 |
semodule -s "${i}" -b base.pp || die "Could not load in new base policy" |
198 |
done |
199 |
elog "Updates on policies might require you to relabel files. If you, after" |
200 |
elog "installing new SELinux policies, get 'permission denied' errors," |
201 |
elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." |
202 |
} |
203 |
|
204 |
|
205 |
|
206 |
1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild |
207 |
|
208 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild?rev=1.1&view=markup |
209 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild?rev=1.1&content-type=text/plain |
210 |
|
211 |
Index: selinux-base-policy-2.20101213-r20.ebuild |
212 |
=================================================================== |
213 |
# Copyright 1999-2011 Gentoo Foundation |
214 |
# Distributed under the terms of the GNU General Public License v2 |
215 |
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $ |
216 |
|
217 |
EAPI="1" |
218 |
IUSE="+peer_perms +open_perms +ubac" |
219 |
|
220 |
inherit eutils |
221 |
|
222 |
#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2" |
223 |
PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2" |
224 |
DESCRIPTION="Gentoo base policy for SELinux" |
225 |
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" |
226 |
#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2" |
227 |
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 |
228 |
http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2" |
229 |
LICENSE="GPL-2" |
230 |
SLOT="0" |
231 |
|
232 |
KEYWORDS="~amd64 ~x86" |
233 |
|
234 |
RDEPEND=">=sys-apps/policycoreutils-1.30.30 |
235 |
>=sys-fs/udev-151" |
236 |
DEPEND="${RDEPEND} |
237 |
sys-devel/m4 |
238 |
>=sys-apps/checkpolicy-1.30.12" |
239 |
|
240 |
S=${WORKDIR}/ |
241 |
|
242 |
src_unpack() { |
243 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
244 |
|
245 |
unpack ${A} |
246 |
|
247 |
cd "${S}" |
248 |
epatch "${PATCHBUNDLE}" |
249 |
cd "${S}/refpolicy" |
250 |
# Fix bug 257111 |
251 |
sed -i -e 's:system_crond_t:system_cronjob_t:g' \ |
252 |
"${S}/refpolicy/config/appconfig-standard/default_contexts" |
253 |
|
254 |
if ! use peer_perms; then |
255 |
sed -i -e '/network_peer_controls/d' \ |
256 |
"${S}/refpolicy/policy/policy_capabilities" |
257 |
fi |
258 |
|
259 |
if ! use open_perms; then |
260 |
sed -i -e '/open_perms/d' \ |
261 |
"${S}/refpolicy/policy/policy_capabilities" |
262 |
fi |
263 |
|
264 |
for i in ${POLICY_TYPES}; do |
265 |
cp -a "${S}/refpolicy" "${S}/${i}" |
266 |
|
267 |
cd "${S}/${i}"; |
268 |
make conf || die "Make conf in ${i} failed" |
269 |
|
270 |
# Define what we see as "base" and what we want to remain modular |
271 |
cp "${FILESDIR}/modules.conf" \ |
272 |
"${S}/${i}/policy/modules.conf" \ |
273 |
|| die "failed to set up modules.conf" |
274 |
if [[ "${i}" == "targeted" ]]; |
275 |
then |
276 |
echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" |
277 |
fi |
278 |
sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \ |
279 |
-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \ |
280 |
|| die "build.conf setup failed." |
281 |
|
282 |
if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; |
283 |
then |
284 |
# MCS/MLS require additional settings |
285 |
sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ |
286 |
|| die "failed to set type to mls" |
287 |
fi |
288 |
|
289 |
if ! use ubac; then |
290 |
sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf" |
291 |
fi |
292 |
|
293 |
echo "DISTRO = gentoo" >> "${S}/${i}/build.conf" |
294 |
|
295 |
if [ "${i}" == "targeted" ]; then |
296 |
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ |
297 |
"${S}/${i}/config/appconfig-standard/seusers" \ |
298 |
|| die "targeted seusers setup failed." |
299 |
fi |
300 |
done |
301 |
} |
302 |
|
303 |
src_compile() { |
304 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
305 |
|
306 |
for i in ${POLICY_TYPES}; do |
307 |
cd "${S}/${i}" |
308 |
make base || die "${i} compile failed" |
309 |
done |
310 |
} |
311 |
|
312 |
src_install() { |
313 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
314 |
|
315 |
for i in ${POLICY_TYPES}; do |
316 |
cd "${S}/${i}" |
317 |
|
318 |
make DESTDIR="${D}" install \ |
319 |
|| die "${i} install failed." |
320 |
|
321 |
make DESTDIR="${D}" install-headers \ |
322 |
|| die "${i} headers install failed." |
323 |
|
324 |
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" |
325 |
|
326 |
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" |
327 |
|
328 |
# libsemanage won't make this on its own |
329 |
keepdir "/etc/selinux/${i}/policy" |
330 |
done |
331 |
|
332 |
dodoc doc/Makefile.example doc/example.{te,fc,if} |
333 |
|
334 |
insinto /etc/selinux |
335 |
doins "${FILESDIR}/config" |
336 |
} |
337 |
|
338 |
pkg_preinst() { |
339 |
has_version "<${CATEGORY}/${PN}-2.20101213-r13" |
340 |
previous_less_than_r13=$? |
341 |
} |
342 |
|
343 |
pkg_postinst() { |
344 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
345 |
|
346 |
for i in ${POLICY_TYPES}; do |
347 |
einfo "Inserting base module into ${i} module store." |
348 |
|
349 |
cd "/usr/share/selinux/${i}" |
350 |
semodule -s "${i}" -b base.pp || die "Could not load in new base policy" |
351 |
done |
352 |
elog "Updates on policies might require you to relabel files. If you, after" |
353 |
elog "installing new SELinux policies, get 'permission denied' errors," |
354 |
elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." |
355 |
} |