[gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base-policy: ChangeLog selinux-base-policy-2.20101213-r21.ebuild selinux-base-policy-2.20101213-r20.ebuild - gentoo-commits

From:	"Anthony G. Basile (blueness)" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base-policy: ChangeLog selinux-base-policy-2.20101213-r21.ebuild selinux-base-policy-2.20101213-r20.ebuild
Date:	Mon, 25 Jul 2011 23:02:24
Message-Id:	`20110725221322.F06C720051@flycatcher.gentoo.org`

1

blueness    11/07/25 22:13:22

2

3

  Modified:             ChangeLog

4

  Added:                selinux-base-policy-2.20101213-r21.ebuild

5

                        selinux-base-policy-2.20101213-r20.ebuild

6

  Log:

7

  Improve portage/emerge-webrsync, layman; fix firefox, cron, semanage, bugs  #376005, #375835

8

9

  (Portage version: 2.1.10.3/cvs/Linux x86_64)

10

11

Revision  Changes    Path

12

1.81                 sec-policy/selinux-base-policy/ChangeLog

13

14

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.81&view=markup

15

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.81&content-type=text/plain

16

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.80&r2=1.81

17

18

Index: ChangeLog

19

===================================================================

20

RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v

21

retrieving revision 1.80

22

retrieving revision 1.81

23

diff -u -r1.80 -r1.81

24

--- ChangeLog	11 Jul 2011 01:59:36 -0000	1.80

25

+++ ChangeLog	25 Jul 2011 22:13:22 -0000	1.81

26

@@ -1,6 +1,18 @@

27

 # ChangeLog for sec-policy/selinux-base-policy

28

 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2

29

-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $

30

+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.81 2011/07/25 22:13:22 blueness Exp $

31

+

32

+*selinux-base-policy-2.20101213-r21 (25 Jul 2011)

33

+*selinux-base-policy-2.20101213-r20 (25 Jul 2011)

34

+

35

+  25 Jul 2011; Anthony G. Basile <blueness@g.o>

36

+  +selinux-base-policy-2.20101213-r20.ebuild,

37

+  +selinux-base-policy-2.20101213-r21.ebuild, +files/modules.conf,

38

+  files/config:

39

+  Support unattended use of portage/emerge-webrsync, add layman in its own

40

+  domain, fix a firefox context mismatch, allow cron to call portage, mark

41

+  semanage as being an eselect wrapper too (fixes /etc/selinux labeling

42

+  mismatches). Bugs fixed: #376005, #375835 (workaround)

43

44

   11 Jul 2011; Anthony G. Basile <blueness@g.o>

45

   -files/selinux-base-policy-20070329.diff,

1.1                  sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild

50

51

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild?rev=1.1&view=markup

52

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild?rev=1.1&content-type=text/plain

53

54

Index: selinux-base-policy-2.20101213-r21.ebuild

55

===================================================================

56

# Copyright 1999-2011 Gentoo Foundation

57

# Distributed under the terms of the GNU General Public License v2

58

# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $

59

60

EAPI="1"

61

IUSE="+peer_perms +open_perms +ubac"

62

63

inherit eutils

64

65

#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"

66

PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"

67

DESCRIPTION="Gentoo base policy for SELinux"

68

HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"

69

#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"

70

SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2

71

	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"

72

LICENSE="GPL-2"

73

SLOT="0"

74

75

KEYWORDS="~amd64 ~x86"

76

77

RDEPEND=">=sys-apps/policycoreutils-1.30.30

78

	>=sys-fs/udev-151"

79

DEPEND="${RDEPEND}

80

	sys-devel/m4

81

	>=sys-apps/checkpolicy-1.30.12"

82

83

S=${WORKDIR}/

84

85

src_unpack() {

86

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

87

88

	unpack ${A}

89

90

	cd "${S}"

91

	epatch "${PATCHBUNDLE}"

92

	cd "${S}/refpolicy"

93

	# Fix bug 257111

94

	sed -i -e 's:system_crond_t:system_cronjob_t:g' \

95

		"${S}/refpolicy/config/appconfig-standard/default_contexts"

96

	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \

97

		"${S}/refpolicy/config/appconfig-mls/default_contexts"

98

	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \

99

		"${S}/refpolicy/config/appconfig-mcs/default_contexts"

100

101

	if ! use peer_perms; then

102

		sed -i -e '/network_peer_controls/d' \

103

			"${S}/refpolicy/policy/policy_capabilities"

104

fi

105

106

	if ! use open_perms; then

107

		sed -i -e '/open_perms/d' \

108

			"${S}/refpolicy/policy/policy_capabilities"

109

fi

110

111

	for i in ${POLICY_TYPES}; do

112

		cp -a "${S}/refpolicy" "${S}/${i}"

113

114

		cd "${S}/${i}";

115

		make conf || die "Make conf in ${i} failed"

116

117

		# Define what we see as "base" and what we want to remain modular

118

		cp "${FILESDIR}/modules.conf" \

119

			"${S}/${i}/policy/modules.conf" \

120

			|| die "failed to set up modules.conf"

121

		if [[ "${i}" == "targeted" ]];

122

		then

123

			echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"

124

fi

125

		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \

126

			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \

127

			|| die "build.conf setup failed."

128

129

		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];

130

		then

131

			# MCS/MLS require additional settings

132

			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \

133

				|| die "failed to set type to mls"

134

fi

135

136

		if ! use ubac; then

137

			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"

138

fi

139

140

		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"

141

142

		if [ "${i}" == "targeted" ]; then

143

			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \

144

			"${S}/${i}/config/appconfig-standard/seusers" \

145

			|| die "targeted seusers setup failed."

146

fi

147

	done

148

}

149

150

src_compile() {

151

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

152

153

	for i in ${POLICY_TYPES}; do

154

		cd "${S}/${i}"

155

		make base || die "${i} compile failed"

156

	done

157

}

158

159

src_install() {

160

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

161

162

	for i in ${POLICY_TYPES}; do

163

		cd "${S}/${i}"

164

165

		make DESTDIR="${D}" install \

166

			|| die "${i} install failed."

167

168

		make DESTDIR="${D}" install-headers \

169

			|| die "${i} headers install failed."

170

171

		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"

172

173

		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"

174

175

		# libsemanage won't make this on its own

176

		keepdir "/etc/selinux/${i}/policy"

177

	done

178

179

	dodoc doc/Makefile.example doc/example.{te,fc,if}

180

181

	insinto /etc/selinux

182

	doins "${FILESDIR}/config"

183

}

184

185

pkg_preinst() {

186

	has_version "<${CATEGORY}/${PN}-2.20101213-r13"

187

	previous_less_than_r13=$?

188

}

189

190

pkg_postinst() {

191

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

192

193

	for i in ${POLICY_TYPES}; do

194

		einfo "Inserting base module into ${i} module store."

195

196

		cd "/usr/share/selinux/${i}"

197

		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"

198

	done

199

	elog "Updates on policies might require you to relabel files. If you, after"

200

	elog "installing new SELinux policies, get 'permission denied' errors,"

201

	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."

202

}

1.1                  sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild

207

208

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild?rev=1.1&view=markup

209

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild?rev=1.1&content-type=text/plain

210

211

Index: selinux-base-policy-2.20101213-r20.ebuild

212

===================================================================

213

# Copyright 1999-2011 Gentoo Foundation

214

# Distributed under the terms of the GNU General Public License v2

215

# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $

216

217

EAPI="1"

218

IUSE="+peer_perms +open_perms +ubac"

219

220

inherit eutils

221

222

#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"

223

PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"

224

DESCRIPTION="Gentoo base policy for SELinux"

225

HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"

226

#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"

227

SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2

228

	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"

229

LICENSE="GPL-2"

230

SLOT="0"

231

232

KEYWORDS="~amd64 ~x86"

233

234

RDEPEND=">=sys-apps/policycoreutils-1.30.30

235

	>=sys-fs/udev-151"

236

DEPEND="${RDEPEND}

237

	sys-devel/m4

238

	>=sys-apps/checkpolicy-1.30.12"

239

240

S=${WORKDIR}/

241

242

src_unpack() {

243

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

244

245

	unpack ${A}

246

247

	cd "${S}"

248

	epatch "${PATCHBUNDLE}"

249

	cd "${S}/refpolicy"

250

	# Fix bug 257111

251

	sed -i -e 's:system_crond_t:system_cronjob_t:g' \

252

		"${S}/refpolicy/config/appconfig-standard/default_contexts"

253

254

	if ! use peer_perms; then

255

		sed -i -e '/network_peer_controls/d' \

256

			"${S}/refpolicy/policy/policy_capabilities"

257

fi

258

259

	if ! use open_perms; then

260

		sed -i -e '/open_perms/d' \

261

			"${S}/refpolicy/policy/policy_capabilities"

262

fi

263

264

	for i in ${POLICY_TYPES}; do

265

		cp -a "${S}/refpolicy" "${S}/${i}"

266

267

		cd "${S}/${i}";

268

		make conf || die "Make conf in ${i} failed"

269

270

		# Define what we see as "base" and what we want to remain modular

271

		cp "${FILESDIR}/modules.conf" \

272

			"${S}/${i}/policy/modules.conf" \

273

			|| die "failed to set up modules.conf"

274

		if [[ "${i}" == "targeted" ]];

275

		then

276

			echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"

277

fi

278

		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \

279

			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \

280

			|| die "build.conf setup failed."

281

282

		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];

283

		then

284

			# MCS/MLS require additional settings

285

			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \

286

				|| die "failed to set type to mls"

287

fi

288

289

		if ! use ubac; then

290

			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"

291

fi

292

293

		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"

294

295

		if [ "${i}" == "targeted" ]; then

296

			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \

297

			"${S}/${i}/config/appconfig-standard/seusers" \

298

			|| die "targeted seusers setup failed."

299

fi

300

	done

301

}

302

303

src_compile() {

304

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

305

306

	for i in ${POLICY_TYPES}; do

307

		cd "${S}/${i}"

308

		make base || die "${i} compile failed"

309

	done

310

}

311

312

src_install() {

313

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

314

315

	for i in ${POLICY_TYPES}; do

316

		cd "${S}/${i}"

317

318

		make DESTDIR="${D}" install \

319

			|| die "${i} install failed."

320

321

		make DESTDIR="${D}" install-headers \

322

			|| die "${i} headers install failed."

323

324

		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"

325

326

		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"

327

328

		# libsemanage won't make this on its own

329

		keepdir "/etc/selinux/${i}/policy"

330

	done

331

332

	dodoc doc/Makefile.example doc/example.{te,fc,if}

333

334

	insinto /etc/selinux

335

	doins "${FILESDIR}/config"

336

}

337

338

pkg_preinst() {

339

	has_version "<${CATEGORY}/${PN}-2.20101213-r13"

340

	previous_less_than_r13=$?

341

}

342

343

pkg_postinst() {

344

	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

345

346

	for i in ${POLICY_TYPES}; do

347

		einfo "Inserting base module into ${i} module store."

348

349

		cd "/usr/share/selinux/${i}"

350

		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"

351

	done

352

	elog "Updates on policies might require you to relabel files. If you, after"

353

	elog "installing new SELinux policies, get 'permission denied' errors,"

354

	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."

355

}

1	blueness 11/07/25 22:13:22
2
3	Modified: ChangeLog
4	Added: selinux-base-policy-2.20101213-r21.ebuild
5	selinux-base-policy-2.20101213-r20.ebuild
6	Log:
7	Improve portage/emerge-webrsync, layman; fix firefox, cron, semanage, bugs #376005, #375835
8
9	(Portage version: 2.1.10.3/cvs/Linux x86_64)
10
11	Revision Changes Path
12	1.81 sec-policy/selinux-base-policy/ChangeLog
13
14	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.81&view=markup
15	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.81&content-type=text/plain
16	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.80&r2=1.81
17
18	Index: ChangeLog
19	===================================================================
20	RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v
21	retrieving revision 1.80
22	retrieving revision 1.81
23	diff -u -r1.80 -r1.81
24	--- ChangeLog 11 Jul 2011 01:59:36 -0000 1.80
25	+++ ChangeLog 25 Jul 2011 22:13:22 -0000 1.81
26	@@ -1,6 +1,18 @@
27	# ChangeLog for sec-policy/selinux-base-policy
28	# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
29	-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $
30	+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.81 2011/07/25 22:13:22 blueness Exp $
31	+
32	+*selinux-base-policy-2.20101213-r21 (25 Jul 2011)
33	+*selinux-base-policy-2.20101213-r20 (25 Jul 2011)
34	+
35	+ 25 Jul 2011; Anthony G. Basile <blueness@g.o>
36	+ +selinux-base-policy-2.20101213-r20.ebuild,
37	+ +selinux-base-policy-2.20101213-r21.ebuild, +files/modules.conf,
38	+ files/config:
39	+ Support unattended use of portage/emerge-webrsync, add layman in its own
40	+ domain, fix a firefox context mismatch, allow cron to call portage, mark
41	+ semanage as being an eselect wrapper too (fixes /etc/selinux labeling
42	+ mismatches). Bugs fixed: #376005, #375835 (workaround)
43
44	11 Jul 2011; Anthony G. Basile <blueness@g.o>
45	-files/selinux-base-policy-20070329.diff,
46
47
48
49	1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild
50
51	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild?rev=1.1&view=markup
52	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild?rev=1.1&content-type=text/plain
53
54	Index: selinux-base-policy-2.20101213-r21.ebuild
55	===================================================================
56	# Copyright 1999-2011 Gentoo Foundation
57	# Distributed under the terms of the GNU General Public License v2
58	# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $
59
60	EAPI="1"
61	IUSE="+peer_perms +open_perms +ubac"
62
63	inherit eutils
64
65	#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
66	PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
67	DESCRIPTION="Gentoo base policy for SELinux"
68	HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
69	#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
70	SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
71	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
72	LICENSE="GPL-2"
73	SLOT="0"
74
75	KEYWORDS="~amd64 ~x86"
76
77	RDEPEND=">=sys-apps/policycoreutils-1.30.30
78	>=sys-fs/udev-151"
79	DEPEND="${RDEPEND}
80	sys-devel/m4
81	>=sys-apps/checkpolicy-1.30.12"
82
83	S=${WORKDIR}/
84
85	src_unpack() {
86	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
87
88	unpack ${A}
89
90	cd "${S}"
91	epatch "${PATCHBUNDLE}"
92	cd "${S}/refpolicy"
93	# Fix bug 257111
94	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
95	"${S}/refpolicy/config/appconfig-standard/default_contexts"
96	sed -i -e 's\|system_r:cronjob_t\|system_r:system_cronjob_t\|g' \
97	"${S}/refpolicy/config/appconfig-mls/default_contexts"
98	sed -i -e 's\|system_r:cronjob_t\|system_r:system_cronjob_t\|g' \
99	"${S}/refpolicy/config/appconfig-mcs/default_contexts"
100
101	if ! use peer_perms; then
102	sed -i -e '/network_peer_controls/d' \
103	"${S}/refpolicy/policy/policy_capabilities"
104	fi
105
106	if ! use open_perms; then
107	sed -i -e '/open_perms/d' \
108	"${S}/refpolicy/policy/policy_capabilities"
109	fi
110
111	for i in ${POLICY_TYPES}; do
112	cp -a "${S}/refpolicy" "${S}/${i}"
113
114	cd "${S}/${i}";
115	make conf \|\| die "Make conf in ${i} failed"
116
117	# Define what we see as "base" and what we want to remain modular
118	cp "${FILESDIR}/modules.conf" \
119	"${S}/${i}/policy/modules.conf" \
120	\|\| die "failed to set up modules.conf"
121	if [[ "${i}" == "targeted" ]];
122	then
123	echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
124	fi
125	sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
126	-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
127	\|\| die "build.conf setup failed."
128
129	if [[ "${i}" == "mls" ]] \|\| [[ "${i}" == "mcs" ]];
130	then
131	# MCS/MLS require additional settings
132	sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
133	\|\| die "failed to set type to mls"
134	fi
135
136	if ! use ubac; then
137	sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
138	fi
139
140	echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
141
142	if [ "${i}" == "targeted" ]; then
143	sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
144	"${S}/${i}/config/appconfig-standard/seusers" \
145	\|\| die "targeted seusers setup failed."
146	fi
147	done
148	}
149
150	src_compile() {
151	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
152
153	for i in ${POLICY_TYPES}; do
154	cd "${S}/${i}"
155	make base \|\| die "${i} compile failed"
156	done
157	}
158
159	src_install() {
160	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
161
162	for i in ${POLICY_TYPES}; do
163	cd "${S}/${i}"
164
165	make DESTDIR="${D}" install \
166	\|\| die "${i} install failed."
167
168	make DESTDIR="${D}" install-headers \
169	\|\| die "${i} headers install failed."
170
171	echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
172
173	echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
174
175	# libsemanage won't make this on its own
176	keepdir "/etc/selinux/${i}/policy"
177	done
178
179	dodoc doc/Makefile.example doc/example.{te,fc,if}
180
181	insinto /etc/selinux
182	doins "${FILESDIR}/config"
183	}
184
185	pkg_preinst() {
186	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
187	previous_less_than_r13=$?
188	}
189
190	pkg_postinst() {
191	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
192
193	for i in ${POLICY_TYPES}; do
194	einfo "Inserting base module into ${i} module store."
195
196	cd "/usr/share/selinux/${i}"
197	semodule -s "${i}" -b base.pp \|\| die "Could not load in new base policy"
198	done
199	elog "Updates on policies might require you to relabel files. If you, after"
200	elog "installing new SELinux policies, get 'permission denied' errors,"
201	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
202	}
203
204
205
206	1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild
207
208	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild?rev=1.1&view=markup
209	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild?rev=1.1&content-type=text/plain
210
211	Index: selinux-base-policy-2.20101213-r20.ebuild
212	===================================================================
213	# Copyright 1999-2011 Gentoo Foundation
214	# Distributed under the terms of the GNU General Public License v2
215	# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $
216
217	EAPI="1"
218	IUSE="+peer_perms +open_perms +ubac"
219
220	inherit eutils
221
222	#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
223	PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
224	DESCRIPTION="Gentoo base policy for SELinux"
225	HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
226	#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
227	SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
228	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
229	LICENSE="GPL-2"
230	SLOT="0"
231
232	KEYWORDS="~amd64 ~x86"
233
234	RDEPEND=">=sys-apps/policycoreutils-1.30.30
235	>=sys-fs/udev-151"
236	DEPEND="${RDEPEND}
237	sys-devel/m4
238	>=sys-apps/checkpolicy-1.30.12"
239
240	S=${WORKDIR}/
241
242	src_unpack() {
243	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
244
245	unpack ${A}
246
247	cd "${S}"
248	epatch "${PATCHBUNDLE}"
249	cd "${S}/refpolicy"
250	# Fix bug 257111
251	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
252	"${S}/refpolicy/config/appconfig-standard/default_contexts"
253
254	if ! use peer_perms; then
255	sed -i -e '/network_peer_controls/d' \
256	"${S}/refpolicy/policy/policy_capabilities"
257	fi
258
259	if ! use open_perms; then
260	sed -i -e '/open_perms/d' \
261	"${S}/refpolicy/policy/policy_capabilities"
262	fi
263
264	for i in ${POLICY_TYPES}; do
265	cp -a "${S}/refpolicy" "${S}/${i}"
266
267	cd "${S}/${i}";
268	make conf \|\| die "Make conf in ${i} failed"
269
270	# Define what we see as "base" and what we want to remain modular
271	cp "${FILESDIR}/modules.conf" \
272	"${S}/${i}/policy/modules.conf" \
273	\|\| die "failed to set up modules.conf"
274	if [[ "${i}" == "targeted" ]];
275	then
276	echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
277	fi
278	sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
279	-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
280	\|\| die "build.conf setup failed."
281
282	if [[ "${i}" == "mls" ]] \|\| [[ "${i}" == "mcs" ]];
283	then
284	# MCS/MLS require additional settings
285	sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
286	\|\| die "failed to set type to mls"
287	fi
288
289	if ! use ubac; then
290	sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
291	fi
292
293	echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
294
295	if [ "${i}" == "targeted" ]; then
296	sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
297	"${S}/${i}/config/appconfig-standard/seusers" \
298	\|\| die "targeted seusers setup failed."
299	fi
300	done
301	}
302
303	src_compile() {
304	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
305
306	for i in ${POLICY_TYPES}; do
307	cd "${S}/${i}"
308	make base \|\| die "${i} compile failed"
309	done
310	}
311
312	src_install() {
313	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
314
315	for i in ${POLICY_TYPES}; do
316	cd "${S}/${i}"
317
318	make DESTDIR="${D}" install \
319	\|\| die "${i} install failed."
320
321	make DESTDIR="${D}" install-headers \
322	\|\| die "${i} headers install failed."
323
324	echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
325
326	echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
327
328	# libsemanage won't make this on its own
329	keepdir "/etc/selinux/${i}/policy"
330	done
331
332	dodoc doc/Makefile.example doc/example.{te,fc,if}
333
334	insinto /etc/selinux
335	doins "${FILESDIR}/config"
336	}
337
338	pkg_preinst() {
339	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
340	previous_less_than_r13=$?
341	}
342
343	pkg_postinst() {
344	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
345
346	for i in ${POLICY_TYPES}; do
347	einfo "Inserting base module into ${i} module store."
348
349	cd "/usr/share/selinux/${i}"
350	semodule -s "${i}" -b base.pp \|\| die "Could not load in new base policy"
351	done
352	elog "Updates on policies might require you to relabel files. If you, after"
353	elog "installing new SELinux policies, get 'permission denied' errors,"
354	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
355	}

Gentoo Archives: gentoo-commits