Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/
Date: Wed, 29 Jun 2011 12:56:39
Message-Id: 3af26ee84b983f63e555df803fe1e8d38b605ce7.SwifT@gentoo
1 commit: 3af26ee84b983f63e555df803fe1e8d38b605ce7
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Wed Jun 29 12:55:05 2011 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Wed Jun 29 12:55:05 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=3af26ee8
7
8 add zabbix support
9
10 ---
11 sec-policy/selinux-base-policy/ChangeLog | 505 ++++++++++++++++++++
12 sec-policy/selinux-base-policy/files/config | 12 +
13 .../files/modules.conf.strict.20090730 | 49 ++
14 .../files/modules.conf.targeted.20090730 | 50 ++
15 ...ndle-selinux-base-policy-2.20101213-r17.tar.bz2 | Bin 0 -> 15055 bytes
16 sec-policy/selinux-base-policy/metadata.xml | 14 +
17 .../selinux-base-policy-2.20101213-r17.ebuild | 129 +++++
18 7 files changed, 759 insertions(+), 0 deletions(-)
19
20 diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
21 new file mode 100644
22 index 0000000..54c4b50
23 --- /dev/null
24 +++ b/sec-policy/selinux-base-policy/ChangeLog
25 @@ -0,0 +1,505 @@
26 +# ChangeLog for sec-policy/selinux-base-policy
27 +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
28 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.75 2011/06/02 12:06:45 blueness Exp $
29 +
30 +*selinux-base-policy-2.20101213-r17 (29 Jun 2011)
31 +
32 + 29 Jun 2011; <swift@g.o> +selinux-base-policy-2.20101213-r17.ebuild,
33 + +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2, +files/config,
34 + +files/modules.conf.strict.20090730, +files/modules.conf.targeted.20090730,
35 + +metadata.xml:
36 + Add support for zabbix interfaces
37 +
38 + 02 Jun 2011; Anthony G. Basile <blueness@g.o>
39 + selinux-base-policy-2.20101213-r16.ebuild:
40 + Stable amd64 x86
41 +
42 + 20 May 2011; Anthony G. Basile <blueness@g.o>
43 + -selinux-base-policy-2.20101213-r5.ebuild,
44 + -selinux-base-policy-2.20101213-r6.ebuild,
45 + -selinux-base-policy-2.20101213-r7.ebuild,
46 + -selinux-base-policy-2.20101213-r9.ebuild,
47 + -selinux-base-policy-2.20101213-r10.ebuild,
48 + -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
49 + -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
50 + -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
51 + -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2,
52 + -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
53 + Removed deprecated revisions of base policy 2.20101213
54 +
55 +*selinux-base-policy-2.20101213-r16 (20 May 2011)
56 +
57 + 20 May 2011; Anthony G. Basile <blueness@g.o>
58 + +selinux-base-policy-2.20101213-r16.ebuild,
59 + +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml:
60 + Drop obsoleted policy builds, add openrc support (rc-update, rc-status),
61 + correct file contexts for /lib64, make UBAC optional (#257111 and #306393),
62 + use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream
63 +
64 +*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
65 +*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
66 +
67 + 16 Apr 2011; Anthony G. Basile <blueness@g.o>
68 + +selinux-base-policy-2.20101213-r11.ebuild,
69 + +selinux-base-policy-2.20101213-r12.ebuild,
70 + +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
71 + +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
72 + Added new patchbundles for rev bumps to base policy 2.20101213
73 +
74 +*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
75 +*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
76 +
77 + 07 Mar 2011; Anthony G. Basile <blueness@g.o>
78 + +selinux-base-policy-2.20101213-r9.ebuild,
79 + +selinux-base-policy-2.20101213-r10.ebuild,
80 + +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
81 + +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
82 + Added new patchbundles for rev bumps to base policy 2.20101213
83 +
84 + 05 Feb 2011; Anthony G. Basile <blueness@g.o>
85 + +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
86 + +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
87 + +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
88 + Added patchbundle for base policy 2.20101213.
89 +
90 +*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
91 +*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
92 +*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
93 +
94 + 05 Feb 2011; Anthony G. Basile <blueness@g.o>
95 + +selinux-base-policy-2.20101213-r5.ebuild,
96 + +selinux-base-policy-2.20101213-r6.ebuild,
97 + +selinux-base-policy-2.20101213-r7.ebuild:
98 + New upstream policy.
99 +
100 +*selinux-base-policy-2.20091215 (16 Dec 2009)
101 +
102 + 16 Dec 2009; Chris PeBenito <pebenito@g.o>
103 + +selinux-base-policy-2.20091215.ebuild:
104 + New upstream release.
105 +
106 +*selinux-base-policy-20080525-r1 (14 Sep 2009)
107 +
108 + 14 Sep 2009; Chris PeBenito <pebenito@g.o>
109 + +selinux-base-policy-20080525-r1.ebuild:
110 + Update old base policy to support ext4.
111 +
112 + 14 Aug 2009; Chris PeBenito <pebenito@g.o>
113 + -selinux-base-policy-20070329.ebuild,
114 + -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
115 + Mark 20080525 stable, clear old ebuilds.
116 +
117 +*selinux-base-policy-2.20090814 (14 Aug 2009)
118 +
119 + 14 Aug 2009; Chris PeBenito <pebenito@g.o>
120 + +selinux-base-policy-2.20090814.ebuild:
121 + Git version of refpolicy for misc fixes including some cron problems.
122 +
123 +*selinux-base-policy-2.20090730 (03 Aug 2009)
124 +
125 + 03 Aug 2009; Chris PeBenito <pebenito@g.o>
126 + +selinux-base-policy-2.20090730.ebuild:
127 + New upstream release.
128 +
129 + 18 Jul 2009; Chris PeBenito <pebenito@g.o>
130 + selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
131 + selinux-base-policy-20080525.ebuild:
132 + Drop alpha, mips, ppc, sparc selinux support.
133 +
134 +*selinux-base-policy-20080525 (25 May 2008)
135 +
136 + 25 May 2008; Chris PeBenito <pebenito@g.o>
137 + +selinux-base-policy-20080525.ebuild:
138 + New SVN snapshot.
139 +
140 + 16 Mar 2008; Chris PeBenito <pebenito@g.o>
141 + -selinux-base-policy-20051022-r1.ebuild,
142 + -selinux-base-policy-20061114.ebuild:
143 + Remove old ebuilds.
144 +
145 + 03 Feb 2008; Chris PeBenito <pebenito@g.o>
146 + selinux-base-policy-20070928.ebuild:
147 + Mark stable.
148 +
149 +*selinux-base-policy-20070928 (26 Nov 2007)
150 +
151 + 26 Nov 2007; Chris PeBenito <pebenito@g.o>
152 + +selinux-base-policy-20070928.ebuild:
153 + New SVN snapshot.
154 +
155 + 04 Jun 2007; Chris PeBenito <pebenito@g.o>
156 + selinux-base-policy-20070329.ebuild:
157 + Mark stable.
158 +
159 + 30 Mar 2007; Chris PeBenito <pebenito@g.o>
160 + +files/selinux-base-policy-20070329.diff,
161 + selinux-base-policy-20070329.ebuild:
162 + Compile fix.
163 +
164 +*selinux-base-policy-20070329 (29 Mar 2007)
165 +
166 + 29 Mar 2007; Chris PeBenito <pebenito@g.o>
167 + +selinux-base-policy-20070329.ebuild:
168 + New SVN snapshot.
169 +
170 + 22 Feb 2007; Markus Ullmann <jokey@g.o> ChangeLog:
171 + Redigest for Manifest2
172 +
173 +*selinux-base-policy-20061114 (15 Nov 2006)
174 +
175 + 15 Nov 2006; Chris PeBenito <pebenito@g.o>
176 + +selinux-base-policy-20061114.ebuild:
177 + New SVN snapshot.
178 +
179 + 25 Oct 2006; Chris PeBenito <pebenito@g.o>
180 + selinux-base-policy-20061015.ebuild:
181 + Fix to have default POLICY_TYPES if it is empty.
182 +
183 + 21 Oct 2006; Chris PeBenito <pebenito@g.o>
184 + selinux-base-policy-20061015.ebuild:
185 + Fix xml generation failure to die.
186 +
187 +*selinux-base-policy-20061015 (15 Oct 2006)
188 +
189 + 15 Oct 2006; Chris PeBenito <pebenito@g.o>
190 + -selinux-base-policy-20061008.ebuild,
191 + +selinux-base-policy-20061015.ebuild:
192 + Update for testing fixes.
193 +
194 +*selinux-base-policy-20061008 (08 Oct 2006)
195 +
196 + 08 Oct 2006; Chris PeBenito <pebenito@g.o> -files/semanage.conf,
197 + +selinux-base-policy-20061008.ebuild,
198 + -selinux-base-policy-99999999.ebuild:
199 + First mainstream reference policy testing release.
200 +
201 + 29 Sep 2006; Chris PeBenito <pebenito@g.o>
202 + selinux-base-policy-99999999.ebuild:
203 + Fix for new SVN location. Fixes 147781.
204 +
205 + 22 Feb 2006; Stephen Bennett <spb@g.o>
206 + selinux-base-policy-20051022-r1.ebuild:
207 + Alpha stable
208 +
209 +*selinux-base-policy-99999999 (02 Feb 2006)
210 +
211 + 02 Feb 2006; Chris PeBenito <pebenito@g.o> +files/config,
212 + +files/modules.conf.strict, +files/modules.conf.targeted,
213 + +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
214 + Add experimental policy for testing reference policy. Requires portage fix
215 + from bug #110857.
216 +
217 + 02 Feb 2006; Chris PeBenito <pebenito@g.o>
218 + -selinux-base-policy-20050322.ebuild,
219 + -selinux-base-policy-20050618.ebuild,
220 + -selinux-base-policy-20050821.ebuild,
221 + -selinux-base-policy-20051022.ebuild:
222 + Clean out old ebuilds.
223 +
224 + 14 Jan 2006; Stephen Bennett <spb@g.o>
225 + selinux-base-policy-20051022-r1.ebuild:
226 + Added ~alpha
227 +
228 +*selinux-base-policy-20051022-r1 (08 Dec 2005)
229 +
230 + 08 Dec 2005; Chris PeBenito <pebenito@g.o>
231 + +selinux-base-policy-20051022-r1.ebuild:
232 + Change to use compatability genhomedircon. Newer policycoreutils (1.28)
233 + breaks the backwards compatability this policy uses.
234 +
235 +*selinux-base-policy-20051022 (22 Oct 2005)
236 +
237 + 22 Oct 2005; Chris PeBenito <pebenito@g.o>
238 + +selinux-base-policy-20051022.ebuild:
239 + Very trivial fixes.
240 +
241 + 08 Sep 2005; Chris PeBenito <pebenito@g.o>
242 + selinux-base-policy-20050821.ebuild:
243 + Mark stable.
244 +
245 +*selinux-base-policy-20050821 (21 Aug 2005)
246 +
247 + 21 Aug 2005; Chris PeBenito <pebenito@g.o>
248 + +selinux-base-policy-20050821.ebuild:
249 + Minor updates for 2.6.12.
250 +
251 + 21 Jun 2005; Chris PeBenito <pebenito@g.o>
252 + selinux-base-policy-20050618.ebuild:
253 + Mark stable.
254 +
255 +*selinux-base-policy-20050618 (18 Jun 2005)
256 +
257 + 18 Jun 2005; Chris PeBenito <pebenito@g.o>
258 + -selinux-base-policy-20041123.ebuild,
259 + -selinux-base-policy-20050306.ebuild,
260 + +selinux-base-policy-20050618.ebuild:
261 + New release to support 2.6.12 features.
262 +
263 + 10 May 2005; Stephen Bennett <spb@g.o>
264 + selinux-base-policy-20050322.ebuild:
265 + mips stable
266 +
267 + 01 May 2005; Stephen Bennett <spb@g.o>
268 + selinux-base-policy-20050322.ebuild:
269 + Added ~mips.
270 +
271 +*selinux-base-policy-20050322 (23 Mar 2005)
272 +
273 + 23 Mar 2005; Chris PeBenito <pebenito@g.o>
274 + +selinux-base-policy-20050322.ebuild:
275 + New release.
276 +
277 +*selinux-base-policy-20050306 (06 Mar 2005)
278 +
279 + 06 Mar 2005; Chris PeBenito <pebenito@g.o>
280 + +selinux-base-policy-20050306.ebuild:
281 + Fix bad samba_domain dummy macro. Add policies needed for udev support.
282 +
283 +*selinux-base-policy-20050224 (24 Feb 2005)
284 +
285 + 24 Feb 2005; Chris PeBenito <pebenito@g.o>
286 + +selinux-base-policy-20050224.ebuild:
287 + New release.
288 +
289 + 19 Jan 2005; Chris PeBenito <pebenito@g.o>
290 + selinux-base-policy-20041123.ebuild:
291 + Mark stable.
292 +
293 +*selinux-base-policy-20041123 (23 Nov 2004)
294 +
295 + 23 Nov 2004; Chris PeBenito <pebenito@g.o>
296 + +selinux-base-policy-20041123.ebuild:
297 + New release with 1.18 merge.
298 +
299 +*selinux-base-policy-20041023 (23 Oct 2004)
300 +
301 + 23 Oct 2004; Chris PeBenito <pebenito@g.o>
302 + +selinux-base-policy-20041023.ebuild:
303 + New release with 1.16 merge. Tcpd and inetd have been deprecated since they
304 + are not in the base system anymore, and probably no one uses them anyway.
305 +
306 +*selinux-base-policy-20040906 (06 Sep 2004)
307 +
308 + 06 Sep 2004; Chris PeBenito <pebenito@g.o>
309 + +selinux-base-policy-20040906.ebuild:
310 + New release with 1.14 merge, which has policy 18 (fine-grained netlink)
311 + features.
312 +
313 + 05 Sep 2004; Chris PeBenito <pebenito@g.o>
314 + selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
315 + -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
316 + selinux-base-policy-20040702.ebuild:
317 + Remove old builds, switch to epause and ebeep in remaining builds.
318 +
319 +*selinux-base-policy-20040702 (02 Jul 2004)
320 +
321 + 02 Jul 2004; Chris PeBenito <pebenito@g.o>
322 + +selinux-base-policy-20040702.ebuild:
323 + Same as 20040629, except with updated flask headers, which will come out in
324 + 2.6.8.
325 +
326 +*selinux-base-policy-20040629 (29 Jun 2004)
327 +
328 + 29 Jun 2004; Chris PeBenito <pebenito@g.o>
329 + +selinux-base-policy-20040629.ebuild:
330 + Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
331 + ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
332 + breakage fixed, put back manual PaX policy for pageexec/segmexec.
333 +
334 + 16 Jun 2004; Chris PeBenito <pebenito@g.o>
335 + selinux-base-policy-20040604.ebuild:
336 + Mark stable.
337 +
338 + 10 Jun 2004; Chris PeBenito <pebenito@g.o>
339 + selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
340 + selinux-base-policy-20040604.ebuild:
341 + Add src_compile() stub
342 +
343 +*selinux-base-policy-20040604 (04 Jun 2004)
344 +
345 + 04 Jun 2004; Chris PeBenito <pebenito@g.o>
346 + +selinux-base-policy-20040604.ebuild:
347 + New release including 1.12 NSA policy, and experimental sesandbox.
348 +
349 + 15 May 2004; Chris PeBenito <pebenito@g.o>
350 + selinux-base-policy-20040509.ebuild:
351 + Mark stable.
352 +
353 +*selinux-base-policy-20040509 (09 May 2004)
354 +
355 + 09 May 2004; Chris PeBenito <pebenito@g.o>
356 + +selinux-base-policy-20040509.ebuild:
357 + A few small cleanups. Make PaX non exec pages macro based on arch. Large
358 + portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
359 + global_ssp tunable.
360 +
361 +*selinux-base-policy-20040418 (18 Apr 2004)
362 +
363 + 18 Apr 2004; Chris PeBenito <pebenito@g.o>
364 + +selinux-base-policy-20040418.ebuild:
365 + New release for checkpolicy 1.10
366 +
367 +*selinux-base-policy-20040414 (14 Apr 2004)
368 +
369 + 14 Apr 2004; Chris PeBenito <pebenito@g.o>
370 + -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
371 + Minor updates
372 +
373 +*selinux-base-policy-20040408 (08 Apr 2004)
374 +
375 + 08 Apr 2004; Chris PeBenito <pebenito@g.o>
376 + selinux-base-policy-20040408.ebuild:
377 + New update. Users.fc is now deprecated, as the contexts for user directories
378 + is now automatically generated. Portage fetching of distfiles now has a
379 + subdomain, for dropping priviledges.
380 +
381 + 28 Feb 2004; Chris PeBenito <pebenito@g.o>
382 + selinux-base-policy-20040225.ebuild:
383 + Mark stable.
384 +
385 +*selinux-base-policy-20040225 (25 Feb 2004)
386 +
387 + 25 Feb 2004; Chris PeBenito <pebenito@g.o>
388 + selinux-base-policy-20040225.ebuild:
389 + New support for PaX ACL hooks. Addition of tunable.te for configurable policy
390 + options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
391 + reenable portage_r by tunable.te. Makefile update from NSA CVS.
392 +
393 +*selinux-base-policy-20040209 (09 Feb 2004)
394 +
395 + 09 Feb 2004; Chris PeBenito <pebenito@g.o>
396 + selinux-base-policy-20040209.ebuild:
397 + Minor revision to add XFS labeling and policy for integrated
398 + runscript-run_init.
399 +
400 + 07 Feb 2004; Chris PeBenito <pebenito@g.o>
401 + selinux-base-policy-20040202.ebuild:
402 + Mark x86 stable.
403 +
404 +*selinux-base-policy-20040202 (02 Feb 2004)
405 +
406 + 02 Feb 2004; Chris PeBenito <pebenito@g.o>
407 + selinux-base-policy-20040202.ebuild:
408 + A few misc fixes. Allow portage to update bootloader code, such as in lilo or
409 + grub postinst. This requires checkpolicy 1.4-r1.
410 +
411 +*selinux-base-policy-20031225 (25 Dec 2003)
412 +
413 + 25 Dec 2003; Chris PeBenito <pebenito@g.o>
414 + selinux-base-policy-20031225.ebuild:
415 + New release, with merged NSA 1.4 policy. One critical note, this policy
416 + requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
417 + and one requirement is in the patch for pam 0.77. If you do not use this pam
418 + version or newer, you will be unable to authenticate in enforcing. Since
419 + devfs no longer is usable in SELinux, it's policy has been removed. You
420 + should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
421 + load the policy, and relabel.
422 +
423 + 27 Nov 2003; Chris PeBenito <pebenito@g.o>
424 + selinux-base-policy-20031010-r1.ebuild:
425 + Mark stable. Add build USE flag for stage building.
426 +
427 +*selinux-base-policy-20031010-r1 (12 Nov 2003)
428 +
429 + 12 Nov 2003; Chris PeBenito <pebenito@g.o>
430 + selinux-base-policy-20031010-r1.ebuild,
431 + files/selinux-base-policy-20031010-cvs.diff:
432 + Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
433 + work. Also portage update as a side effect of updated setfiles code in
434 + portage, from bug 31748.
435 +
436 + 28 Oct 2003; Chris PeBenito <pebenito@g.o>
437 + selinux-base-policy-20031010.ebuild:
438 + Mark stable
439 +
440 +*selinux-base-policy-20031010 (10 Oct 2003)
441 +
442 + 10 Oct 2003; Chris PeBenito <pebenito@g.o>
443 + selinux-base-policy-20031010.ebuild:
444 + New release for new API. Massive cleanups all over the place.
445 +
446 +*selinux-base-policy-20030817 (17 Aug 2003)
447 +
448 + 17 Aug 2003; Chris PeBenito <pebenito@g.o>
449 + selinux-base-policy-20030817.ebuild:
450 + Initial commit of new API policy
451 +
452 + 10 Aug 2003; Chris PeBenito <pebenito@g.o>
453 + selinux-base-policy-20030729-r1.ebuild:
454 + Mark stable
455 +
456 +*selinux-base-policy-20030729-r1 (31 Jul 2003)
457 +
458 + 31 Jul 2003; Chris PeBenito <pebenito@g.o>
459 + selinux-base-policy-20030729-r1.ebuild:
460 + New rev that handles an empty POLICYDIR sanely.
461 +
462 +*selinux-base-policy-20030729 (29 Jul 2003)
463 +
464 + 29 Jul 2003; Chris PeBenito <pebenito@g.o>
465 + selinux-base-policy-20030729.ebuild:
466 + Make the ebuild use POLICYDIR. Important fix so portage can load policy so
467 + selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
468 + merging baselayout.
469 +
470 +*selinux-base-policy-20030720 (20 Jul 2003)
471 +
472 + 20 Jul 2003; Chris PeBenito <pebenito@g.o>
473 + selinux-base-policy-20030720.ebuild:
474 + Many fixes, including the syslog fix. File contexts have changed, so a relabel
475 + is needed. You may encounter problems relabeling /usr/portage, as its file
476 + context has changed, as files should not have the same type as a domain.
477 + Relabelling in permissive will fix this, or temporarily give portage_t a
478 + file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
479 + users.fc, since all users with SELinux identities should have their home
480 + directories have the correct identity, not the generic identity.
481 +
482 + 06 Jun 2003; Chris PeBenito <pebenito@g.o>
483 + selinux-base-policy-20030604.ebuild:
484 + Mark stable
485 +
486 +*selinux-base-policy-20030604 (04 Jun 2003)
487 +
488 + 04 Jun 2003; Chris PeBenito <pebenito@g.o>
489 + selinux-base-policy-20030604.ebuild:
490 + Fix broken 20030603
491 +
492 + 04 Jun 2003; Chris PeBenito <pebenito@g.o>
493 + selinux-base-policy-20030603.ebuild:
494 + Pulling 20030603, as there are problems, 20030604 later today
495 +
496 +*selinux-base-policy-20030603 (03 Jun 2003)
497 +
498 + 03 Jun 2003; Chris PeBenito <pebenito@g.o>
499 + selinux-base-policy-20030603.ebuild:
500 + Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
501 + as they are not appropriate for the base policy, and untested.
502 +
503 +*selinux-base-policy-20030522 (22 May 2003)
504 +
505 + 22 May 2003; Chris PeBenito <pebenito@g.o>
506 + selinux-base-policy-20030522.ebuild:
507 + The policy is in pretty good shape now. I've been able to run in enforcing mode
508 + with little problem. I've also been able to successfully merge and unmerge
509 + packages in enforcing mode, with few exceptions (why does mysql need to run ps
510 + during configure?).
511 +
512 +*selinux-base-policy-20030514 (14 May 2003)
513 +
514 + 14 May 2003; Chris PeBenito <pebenito@g.o>
515 + selinux-base-policy-20030514.ebuild:
516 + Many improvements in many areas. Of note, rlogind policies were removed. Klogd
517 + is being merged into syslogd. The portage policy is much more complete, but
518 + still needs work. Its suggested that all changes be merged in, policy
519 + reloaded, then relabel.
520 +
521 +*selinux-base-policy-20030419 (19 Apr 2003)
522 +
523 + 23 Apr 2003; Chris PeBenito <pebenito@g.o>
524 + selinux-base-policy-20030419.ebuild:
525 + Marking stable for selinux-small stable usage
526 +
527 + 19 Apr 2003; Chris PeBenito <pebenito@g.o> Manifest,
528 + selinux-base-policy-20030419.ebuild:
529 + Initial commit. Base policies for SELinux, with Gentoo-specifics
530 +
531
532 diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
533 new file mode 100644
534 index 0000000..41e6993
535 --- /dev/null
536 +++ b/sec-policy/selinux-base-policy/files/config
537 @@ -0,0 +1,12 @@
538 +# This file controls the state of SELinux on the system on boot.
539 +
540 +# SELINUX can take one of these three values:
541 +# enforcing - SELinux security policy is enforced.
542 +# permissive - SELinux prints warnings instead of enforcing.
543 +# disabled - No SELinux policy is loaded.
544 +SELINUX=permissive
545 +
546 +# SELINUXTYPE can take one of these two values:
547 +# targeted - Only targeted network daemons are protected.
548 +# strict - Full SELinux protection.
549 +SELINUXTYPE=strict
550
551 diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
552 new file mode 100644
553 index 0000000..fcb3fd8
554 --- /dev/null
555 +++ b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
556 @@ -0,0 +1,49 @@
557 +application = base
558 +authlogin = base
559 +bootloader = base
560 +clock = base
561 +consoletype = base
562 +corecommands = base
563 +corenetwork = base
564 +cron = base
565 +devices = base
566 +dmesg = base
567 +domain = base
568 +files = base
569 +filesystem = base
570 +fstools = base
571 +getty = base
572 +hostname = base
573 +hotplug = base
574 +init = base
575 +iptables = base
576 +kernel = base
577 +libraries = base
578 +locallogin = base
579 +logging = base
580 +lvm = base
581 +miscfiles = base
582 +mcs = base
583 +mls = base
584 +modutils = base
585 +mount = base
586 +mta = base
587 +netutils = base
588 +nscd = base
589 +portage = base
590 +raid = base
591 +rsync = base
592 +selinux = base
593 +selinuxutil = base
594 +ssh = base
595 +staff = base
596 +storage = base
597 +su = base
598 +sysadm = base
599 +sysnetwork = base
600 +terminal = base
601 +ubac = base
602 +udev = base
603 +userdomain = base
604 +usermanage = base
605 +unprivuser = base
606
607 diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
608 new file mode 100644
609 index 0000000..ee8a14c
610 --- /dev/null
611 +++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
612 @@ -0,0 +1,50 @@
613 +application = base
614 +authlogin = base
615 +bootloader = base
616 +clock = base
617 +consoletype = base
618 +corecommands = base
619 +corenetwork = base
620 +cron = base
621 +devices = base
622 +dmesg = base
623 +domain = base
624 +files = base
625 +filesystem = base
626 +fstools = base
627 +getty = base
628 +hostname = base
629 +hotplug = base
630 +init = base
631 +iptables = base
632 +kernel = base
633 +libraries = base
634 +locallogin = base
635 +logging = base
636 +lvm = base
637 +miscfiles = base
638 +mcs = base
639 +mls = base
640 +modutils = base
641 +mount = base
642 +mta = base
643 +netutils = base
644 +nscd = base
645 +portage = base
646 +raid = base
647 +rsync = base
648 +selinux = base
649 +selinuxutil = base
650 +ssh = base
651 +staff = base
652 +storage = base
653 +su = base
654 +sysadm = base
655 +sysnetwork = base
656 +terminal = base
657 +ubac = base
658 +udev = base
659 +unconfined = base
660 +userdomain = base
661 +usermanage = base
662 +unprivuser = base
663
664 diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2
665 new file mode 100644
666 index 0000000..5cab0d3
667 Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 differ
668
669 diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
670 new file mode 100644
671 index 0000000..393f3bb
672 --- /dev/null
673 +++ b/sec-policy/selinux-base-policy/metadata.xml
674 @@ -0,0 +1,14 @@
675 +<?xml version="1.0" encoding="UTF-8"?>
676 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
677 +<pkgmetadata>
678 + <herd>selinux</herd>
679 + <longdescription>
680 + Gentoo SELinux base policy. This contains policy for a system at the end of system installation.
681 + There is no extra policy in this package.
682 + </longdescription>
683 + <use>
684 + <flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
685 + <flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
686 + <flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
687 + </use>
688 +</pkgmetadata>
689
690 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild
691 new file mode 100644
692 index 0000000..7bc78de
693 --- /dev/null
694 +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild
695 @@ -0,0 +1,129 @@
696 +# Copyright 1999-2011 Gentoo Foundation
697 +# Distributed under the terms of the GNU General Public License v2
698 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
699 +
700 +EAPI="1"
701 +IUSE="+peer_perms +open_perms +ubac"
702 +
703 +inherit eutils
704 +
705 +PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
706 +DESCRIPTION="Gentoo base policy for SELinux"
707 +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
708 +SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
709 +LICENSE="GPL-2"
710 +SLOT="0"
711 +
712 +KEYWORDS="~amd64 ~x86"
713 +
714 +RDEPEND=">=sys-apps/policycoreutils-1.30.30
715 + >=sys-fs/udev-151"
716 +DEPEND="${RDEPEND}
717 + sys-devel/m4
718 + >=sys-apps/checkpolicy-1.30.12"
719 +
720 +S=${WORKDIR}/
721 +
722 +src_unpack() {
723 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
724 + MOD_CONF_VER="20090730"
725 +
726 + unpack ${A}
727 +
728 + cd "${S}"
729 + epatch "${PATCHBUNDLE}"
730 + cd "${S}/refpolicy"
731 + # Fix bug 257111
732 + sed -i -e 's:system_crond_t:system_cronjob_t:g' \
733 + "${S}/refpolicy/config/appconfig-standard/default_contexts"
734 +
735 + if ! use peer_perms; then
736 + sed -i -e '/network_peer_controls/d' \
737 + "${S}/refpolicy/policy/policy_capabilities"
738 + fi
739 +
740 + if ! use open_perms; then
741 + sed -i -e '/open_perms/d' \
742 + "${S}/refpolicy/policy/policy_capabilities"
743 + fi
744 +
745 + for i in ${POLICY_TYPES}; do
746 + cp -a "${S}/refpolicy" "${S}/${i}"
747 +
748 + cd "${S}/${i}";
749 + make conf || die "Make conf in ${i} failed"
750 +
751 + cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
752 + "${S}/${i}/policy/modules.conf" \
753 + || die "failed to set up modules.conf"
754 + sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
755 + -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
756 + || die "build.conf setup failed."
757 +
758 + if ! use ubac; then
759 + sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
760 + fi
761 +
762 + echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
763 +
764 + if [ "${i}" == "targeted" ]; then
765 + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
766 + "${S}/${i}/config/appconfig-standard/seusers" \
767 + || die "targeted seusers setup failed."
768 + fi
769 + done
770 +}
771 +
772 +src_compile() {
773 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
774 +
775 + for i in ${POLICY_TYPES}; do
776 + cd "${S}/${i}"
777 + make base || die "${i} compile failed"
778 + done
779 +}
780 +
781 +src_install() {
782 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
783 +
784 + for i in ${POLICY_TYPES}; do
785 + cd "${S}/${i}"
786 +
787 + make DESTDIR="${D}" install \
788 + || die "${i} install failed."
789 +
790 + make DESTDIR="${D}" install-headers \
791 + || die "${i} headers install failed."
792 +
793 + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
794 +
795 + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
796 +
797 + # libsemanage won't make this on its own
798 + keepdir "/etc/selinux/${i}/policy"
799 + done
800 +
801 + dodoc doc/Makefile.example doc/example.{te,fc,if}
802 +
803 + insinto /etc/selinux
804 + doins "${FILESDIR}/config"
805 +}
806 +
807 +pkg_preinst() {
808 + has_version "<${CATEGORY}/${PN}-2.20101213-r13"
809 + previous_less_than_r13=$?
810 +}
811 +
812 +pkg_postinst() {
813 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
814 +
815 + for i in ${POLICY_TYPES}; do
816 + einfo "Inserting base module into ${i} module store."
817 +
818 + cd "/usr/share/selinux/${i}"
819 + semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
820 + done
821 + elog "Updates on policies might require you to relabel files. If you, after"
822 + elog "installing new SELinux policies, get 'permission denied' errors,"
823 + elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
824 +}
Report Message
Find on MARC Find on Google Groups