| 1 |
commit: 25a69d7a8fc755476905c0ac23720fd166957f41 |
| 2 |
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Sep 1 15:51:58 2016 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Sep 1 16:28:16 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25a69d7a |
| 7 |
|
| 8 |
sys-libs/libsemanage: Drop old |
| 9 |
|
| 10 |
Package-Manager: portage-2.2.28 |
| 11 |
|
| 12 |
sys-libs/libsemanage/Manifest | 3 - |
| 13 |
...-Add-policy-binary-and-file_contexts.loca.patch | 318 --------------------- |
| 14 |
...-Add-file_contexts-and-seusers-to-the-sto.patch | 265 ----------------- |
| 15 |
...-save-homedir_template-in-the-policy-stor.patch | 54 ---- |
| 16 |
...age-store-users_extra-in-the-policy-store.patch | 57 ---- |
| 17 |
sys-libs/libsemanage/libsemanage-2.2-r2.ebuild | 91 ------ |
| 18 |
sys-libs/libsemanage/libsemanage-2.3-r4.ebuild | 104 ------- |
| 19 |
sys-libs/libsemanage/libsemanage-2.4-r1.ebuild | 127 -------- |
| 20 |
sys-libs/libsemanage/libsemanage-2.4-r2.ebuild | 132 --------- |
| 21 |
9 files changed, 1151 deletions(-) |
| 22 |
|
| 23 |
diff --git a/sys-libs/libsemanage/Manifest b/sys-libs/libsemanage/Manifest |
| 24 |
index 1f49a87..87c6ec0 100644 |
| 25 |
--- a/sys-libs/libsemanage/Manifest |
| 26 |
+++ b/sys-libs/libsemanage/Manifest |
| 27 |
@@ -1,4 +1 @@ |
| 28 |
-DIST libsemanage-2.2.tar.gz 138208 SHA256 11f60bfa0f1c6063cd9bd99ce0cb4acc9d6d9e9b8d7743d39e847bcd7803bd75 SHA512 09032b1b322fec7346164939ade118034812cb538ebc72121640d4ac5c89d2a66b59caa465027cfbebb590dee039a26d4345eafedf365d7f6ad0b5e90377d50f WHIRLPOOL 49170c5ee9ff57dcc4a15aa72386f37993f76436f0da25808c60dab2d03ba52932d0d4fa753c326900d83d2fae30f8bcf659251f17327783f2e2be3deb4842f4 |
| 29 |
-DIST libsemanage-2.3.tar.gz 138231 SHA256 03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b SHA512 defe3bbdbe51abdaa13a39f693c33446d8a1a8509ac1eb25c7770da2df6487bcb0ca31259d02b4531d4c81db5e221e94e95bec97f6a1a155e1de2f65e6f0da34 WHIRLPOOL 943d4d300aa8ad49c411b10b41c0c3e751c46dbcbbe129bdd1d2e975e231c58391d6ecdee6b27699fff9f6e6facf5b48fc8d57c2ff68692694c7de430750fac9 |
| 30 |
-DIST libsemanage-2.4.tar.gz 151173 SHA256 1a4cace4ef16786531ec075c0e7b2f961e2fee5dc86c5f983a689058899a6484 SHA512 54f993253b22207b053daf4d34e72c65c72279866416089b6c0f047ef77bca3e307eac0ce6dfe40bd14e2e47e79841b358d5607501779f38d9b5f7c35f3b7729 WHIRLPOOL 7303c06515ed59b5756a87d08aff07671e51d26ce9fa452ca75643dd0ce4658571dc69d86434c943d691a4ab0d90cbdccdaa27e5aaec5fdf8057cf2d5d30631e |
| 31 |
DIST libsemanage-2.5.tar.gz 152884 SHA256 46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006 SHA512 cf644b77d8a24f76c630ece582df1b49a0c5f48f1c9f79b1caee0df10372008954406974472a072360dbe6de5ebc19b1b21bb247084d75b7186f61b32f33b8ec WHIRLPOOL 397b7fd2e9b2c00dbc2f58bdc023501dcd7ecf1212fef9ad7993b4763a041068416ef06552c0abf0beef8c69f4704933feca36951866c43d867181332971f6be |
| 32 |
|
| 33 |
diff --git a/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch b/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch |
| 34 |
deleted file mode 100644 |
| 35 |
index e5e821e..00000000 |
| 36 |
--- a/sys-libs/libsemanage/files/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch |
| 37 |
+++ /dev/null |
| 38 |
@@ -1,318 +0,0 @@ |
| 39 |
-From 9638af24a1e890d673549f0b25d854458e07032e Mon Sep 17 00:00:00 2001 |
| 40 |
-From: Yuli Khodorkovskiy <ykhodorkovskiy@××××××.com> |
| 41 |
-Date: Thu, 2 Jul 2015 09:27:36 -0400 |
| 42 |
-Subject: [PATCH] libsemanage: Add policy binary and file_contexts.local to the |
| 43 |
- store |
| 44 |
- |
| 45 |
-This patch writes policy.kern and file_contexts.local to the policy store as |
| 46 |
-well as /etc/selinux/. Additionally, policy.kern and file_contexts.local |
| 47 |
-are now parsed from the store rather than the final directory which was |
| 48 |
-the old behavior. This allows all policy related files to be kept in the |
| 49 |
-policy store. |
| 50 |
- |
| 51 |
-This patch also renames /var/lib/selinux/tmp to 'final' and changes |
| 52 |
-policy.kern in the store to longer be a symlink. |
| 53 |
- |
| 54 |
-Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@××××××.com> |
| 55 |
---- |
| 56 |
- libsemanage/src/booleans_policydb.c | 6 ++-- |
| 57 |
- libsemanage/src/direct_api.c | 33 +++++++++++++++---- |
| 58 |
- libsemanage/src/interfaces_policydb.c | 6 ++-- |
| 59 |
- libsemanage/src/nodes_policydb.c | 6 ++-- |
| 60 |
- libsemanage/src/ports_policydb.c | 6 ++-- |
| 61 |
- libsemanage/src/semanage_store.c | 55 ++++++++++++++++++++++++-------- |
| 62 |
- libsemanage/src/semanage_store.h | 5 +++ |
| 63 |
- libsemanage/src/users_base_policydb.c | 6 ++-- |
| 64 |
- libsemanage/utils/semanage_migrate_store | 3 +- |
| 65 |
- 9 files changed, 86 insertions(+), 40 deletions(-) |
| 66 |
- |
| 67 |
-diff --git a/libsemanage/src/booleans_policydb.c b/libsemanage/src/booleans_policydb.c |
| 68 |
-index 74af2a3..6869d6c 100644 |
| 69 |
---- a/libsemanage/src/booleans_policydb.c |
| 70 |
-+++ b/libsemanage/src/booleans_policydb.c |
| 71 |
-@@ -55,10 +55,8 @@ int bool_policydb_dbase_init(semanage_handle_t * handle, |
| 72 |
- { |
| 73 |
- |
| 74 |
- if (dbase_policydb_init(handle, |
| 75 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 76 |
-- SEMANAGE_KERNEL), |
| 77 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 78 |
-- SEMANAGE_KERNEL), |
| 79 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL), |
| 80 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL), |
| 81 |
- &SEMANAGE_BOOL_RTABLE, |
| 82 |
- &SEMANAGE_BOOL_POLICYDB_RTABLE, |
| 83 |
- &dconfig->dbase) < 0) |
| 84 |
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c |
| 85 |
-index d57f934..3c6b168 100644 |
| 86 |
---- a/libsemanage/src/direct_api.c |
| 87 |
-+++ b/libsemanage/src/direct_api.c |
| 88 |
-@@ -196,10 +196,8 @@ int semanage_direct_connect(semanage_handle_t * sh) |
| 89 |
- goto err; |
| 90 |
- |
| 91 |
- if (fcontext_file_dbase_init(sh, |
| 92 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 93 |
-- SEMANAGE_FC_LOCAL), |
| 94 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 95 |
-- SEMANAGE_FC_LOCAL), |
| 96 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_LOCAL), |
| 97 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL), |
| 98 |
- semanage_fcontext_dbase_local(sh)) < 0) |
| 99 |
- goto err; |
| 100 |
- |
| 101 |
-@@ -1041,7 +1039,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 102 |
- size_t fc_buffer_len = 0; |
| 103 |
- const char *ofilename = NULL; |
| 104 |
- const char *path; |
| 105 |
-- int retval = -1, num_modinfos = 0, i; |
| 106 |
-+ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0; |
| 107 |
- sepol_policydb_t *out = NULL; |
| 108 |
- struct cil_db *cildb = NULL; |
| 109 |
- semanage_module_info_t *modinfos = NULL; |
| 110 |
-@@ -1143,8 +1141,20 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 111 |
- modified |= dontaudit_modified; |
| 112 |
- modified |= preserve_tunables_modified; |
| 113 |
- |
| 114 |
-+ /* This is for systems that have already migrated with an older version |
| 115 |
-+ * of semanage_migrate_store. The older version did not copy policy.kern so |
| 116 |
-+ * the policy binary must be rebuilt here. |
| 117 |
-+ */ |
| 118 |
-+ if (!sh->do_rebuild && !modified) { |
| 119 |
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL); |
| 120 |
-+ |
| 121 |
-+ if (access(path, F_OK) != 0) { |
| 122 |
-+ missing_policy_kern = 1; |
| 123 |
-+ } |
| 124 |
-+ } |
| 125 |
-+ |
| 126 |
- /* If there were policy changes, or explicitly requested, rebuild the policy */ |
| 127 |
-- if (sh->do_rebuild || modified) { |
| 128 |
-+ if (sh->do_rebuild || modified || missing_policy_kern) { |
| 129 |
- /* =================== Module expansion =============== */ |
| 130 |
- |
| 131 |
- retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos); |
| 132 |
-@@ -1302,6 +1312,17 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 133 |
- if (retval < 0) |
| 134 |
- goto cleanup; |
| 135 |
- |
| 136 |
-+ retval = semanage_copy_policydb(sh); |
| 137 |
-+ if (retval < 0) |
| 138 |
-+ goto cleanup; |
| 139 |
-+ |
| 140 |
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL); |
| 141 |
-+ if (access(path, F_OK) == 0) { |
| 142 |
-+ retval = semanage_copy_fc_local(sh); |
| 143 |
-+ if (retval < 0) |
| 144 |
-+ goto cleanup; |
| 145 |
-+ } |
| 146 |
-+ |
| 147 |
- /* run genhomedircon if its enabled, this should be the last operation |
| 148 |
- * which requires the out policydb */ |
| 149 |
- if (!sh->conf->disable_genhomedircon) { |
| 150 |
-diff --git a/libsemanage/src/interfaces_policydb.c b/libsemanage/src/interfaces_policydb.c |
| 151 |
-index 6a42eed..552ce7d 100644 |
| 152 |
---- a/libsemanage/src/interfaces_policydb.c |
| 153 |
-+++ b/libsemanage/src/interfaces_policydb.c |
| 154 |
-@@ -51,10 +51,8 @@ int iface_policydb_dbase_init(semanage_handle_t * handle, |
| 155 |
- { |
| 156 |
- |
| 157 |
- if (dbase_policydb_init(handle, |
| 158 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 159 |
-- SEMANAGE_KERNEL), |
| 160 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 161 |
-- SEMANAGE_KERNEL), |
| 162 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL), |
| 163 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL), |
| 164 |
- &SEMANAGE_IFACE_RTABLE, |
| 165 |
- &SEMANAGE_IFACE_POLICYDB_RTABLE, |
| 166 |
- &dconfig->dbase) < 0) |
| 167 |
-diff --git a/libsemanage/src/nodes_policydb.c b/libsemanage/src/nodes_policydb.c |
| 168 |
-index 56012fb..7224f00 100644 |
| 169 |
---- a/libsemanage/src/nodes_policydb.c |
| 170 |
-+++ b/libsemanage/src/nodes_policydb.c |
| 171 |
-@@ -50,10 +50,8 @@ int node_policydb_dbase_init(semanage_handle_t * handle, |
| 172 |
- { |
| 173 |
- |
| 174 |
- if (dbase_policydb_init(handle, |
| 175 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 176 |
-- SEMANAGE_KERNEL), |
| 177 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 178 |
-- SEMANAGE_KERNEL), |
| 179 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL), |
| 180 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL), |
| 181 |
- &SEMANAGE_NODE_RTABLE, |
| 182 |
- &SEMANAGE_NODE_POLICYDB_RTABLE, |
| 183 |
- &dconfig->dbase) < 0) |
| 184 |
-diff --git a/libsemanage/src/ports_policydb.c b/libsemanage/src/ports_policydb.c |
| 185 |
-index b9600f0..37d7deb 100644 |
| 186 |
---- a/libsemanage/src/ports_policydb.c |
| 187 |
-+++ b/libsemanage/src/ports_policydb.c |
| 188 |
-@@ -50,10 +50,8 @@ int port_policydb_dbase_init(semanage_handle_t * handle, |
| 189 |
- { |
| 190 |
- |
| 191 |
- if (dbase_policydb_init(handle, |
| 192 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 193 |
-- SEMANAGE_KERNEL), |
| 194 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 195 |
-- SEMANAGE_KERNEL), |
| 196 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL), |
| 197 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL), |
| 198 |
- &SEMANAGE_PORT_RTABLE, |
| 199 |
- &SEMANAGE_PORT_POLICYDB_RTABLE, |
| 200 |
- &dconfig->dbase) < 0) |
| 201 |
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c |
| 202 |
-index 6051691..2856aaf 100644 |
| 203 |
---- a/libsemanage/src/semanage_store.c |
| 204 |
-+++ b/libsemanage/src/semanage_store.c |
| 205 |
-@@ -110,10 +110,12 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { |
| 206 |
- "/disable_dontaudit", |
| 207 |
- "/preserve_tunables", |
| 208 |
- "/modules/disabled", |
| 209 |
-+ "/policy.kern", |
| 210 |
-+ "/file_contexts.local" |
| 211 |
- }; |
| 212 |
- |
| 213 |
- static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = { |
| 214 |
-- "/tmp", |
| 215 |
-+ "/final", |
| 216 |
- "", |
| 217 |
- }; |
| 218 |
- |
| 219 |
-@@ -943,9 +945,7 @@ int semanage_make_final(semanage_handle_t *sh) |
| 220 |
- goto cleanup; |
| 221 |
- } |
| 222 |
- |
| 223 |
-- /* Copy in exported databases. |
| 224 |
-- * i = 1 to avoid copying the top level directory. |
| 225 |
-- */ |
| 226 |
-+ // Build final directory structure |
| 227 |
- int i; |
| 228 |
- for (i = 1; i < SEMANAGE_FINAL_PATH_NUM; i++) { |
| 229 |
- if (strlen(semanage_final_path(SEMANAGE_FINAL_TMP, i)) >= sizeof(fn)) { |
| 230 |
-@@ -959,12 +959,6 @@ int semanage_make_final(semanage_handle_t *sh) |
| 231 |
- status = -1; |
| 232 |
- goto cleanup; |
| 233 |
- } |
| 234 |
-- |
| 235 |
-- semanage_copy_file( |
| 236 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, i), |
| 237 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, i), |
| 238 |
-- sh->conf->file_mode); |
| 239 |
-- /* ignore errors, these files may not exist */ |
| 240 |
- } |
| 241 |
- |
| 242 |
- cleanup: |
| 243 |
-@@ -2019,8 +2013,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in) |
| 244 |
- FILE *infile = NULL; |
| 245 |
- |
| 246 |
- if ((kernel_filename = |
| 247 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 248 |
-- SEMANAGE_KERNEL)) == NULL) { |
| 249 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL)) == NULL) { |
| 250 |
- goto cleanup; |
| 251 |
- } |
| 252 |
- if ((infile = fopen(kernel_filename, "r")) == NULL) { |
| 253 |
-@@ -2061,7 +2054,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out) |
| 254 |
- FILE *outfile = NULL; |
| 255 |
- |
| 256 |
- if ((kernel_filename = |
| 257 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL)) == NULL) { |
| 258 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL)) == NULL) { |
| 259 |
- goto cleanup; |
| 260 |
- } |
| 261 |
- if ((outfile = fopen(kernel_filename, "wb")) == NULL) { |
| 262 |
-@@ -2921,3 +2914,39 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, |
| 263 |
- |
| 264 |
- return 0; |
| 265 |
- } |
| 266 |
-+ |
| 267 |
-+int semanage_copy_policydb(semanage_handle_t *sh) |
| 268 |
-+{ |
| 269 |
-+ const char *src = NULL; |
| 270 |
-+ const char *dst = NULL; |
| 271 |
-+ int rc = -1; |
| 272 |
-+ |
| 273 |
-+ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL); |
| 274 |
-+ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); |
| 275 |
-+ |
| 276 |
-+ rc = semanage_copy_file(src, dst, sh->conf->file_mode); |
| 277 |
-+ if (rc != 0) { |
| 278 |
-+ goto cleanup; |
| 279 |
-+ } |
| 280 |
-+ |
| 281 |
-+cleanup: |
| 282 |
-+ return rc; |
| 283 |
-+} |
| 284 |
-+ |
| 285 |
-+int semanage_copy_fc_local(semanage_handle_t *sh) |
| 286 |
-+{ |
| 287 |
-+ const char *src = NULL; |
| 288 |
-+ const char *dst = NULL; |
| 289 |
-+ int rc = -1; |
| 290 |
-+ |
| 291 |
-+ src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL); |
| 292 |
-+ dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL); |
| 293 |
-+ |
| 294 |
-+ rc = semanage_copy_file(src, dst, sh->conf->file_mode); |
| 295 |
-+ if (rc != 0) { |
| 296 |
-+ goto cleanup; |
| 297 |
-+ } |
| 298 |
-+ |
| 299 |
-+cleanup: |
| 300 |
-+ return rc; |
| 301 |
-+} |
| 302 |
-diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h |
| 303 |
-index 62c7079..ade43f2 100644 |
| 304 |
---- a/libsemanage/src/semanage_store.h |
| 305 |
-+++ b/libsemanage/src/semanage_store.h |
| 306 |
-@@ -55,6 +55,8 @@ enum semanage_sandbox_defs { |
| 307 |
- SEMANAGE_DISABLE_DONTAUDIT, |
| 308 |
- SEMANAGE_PRESERVE_TUNABLES, |
| 309 |
- SEMANAGE_MODULES_DISABLED, |
| 310 |
-+ SEMANAGE_STORE_KERNEL, |
| 311 |
-+ SEMANAGE_STORE_FC_LOCAL, |
| 312 |
- SEMANAGE_STORE_NUM_PATHS |
| 313 |
- }; |
| 314 |
- |
| 315 |
-@@ -148,4 +150,7 @@ int semanage_nc_sort(semanage_handle_t * sh, |
| 316 |
- size_t buf_len, |
| 317 |
- char **sorted_buf, size_t * sorted_buf_len); |
| 318 |
- |
| 319 |
-+int semanage_copy_policydb(semanage_handle_t *sh); |
| 320 |
-+int semanage_copy_fc_local(semanage_handle_t *sh); |
| 321 |
-+ |
| 322 |
- #endif |
| 323 |
-diff --git a/libsemanage/src/users_base_policydb.c b/libsemanage/src/users_base_policydb.c |
| 324 |
-index 0a6ab9c..b42279c 100644 |
| 325 |
---- a/libsemanage/src/users_base_policydb.c |
| 326 |
-+++ b/libsemanage/src/users_base_policydb.c |
| 327 |
-@@ -50,10 +50,8 @@ int user_base_policydb_dbase_init(semanage_handle_t * handle, |
| 328 |
- { |
| 329 |
- |
| 330 |
- if (dbase_policydb_init(handle, |
| 331 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 332 |
-- SEMANAGE_KERNEL), |
| 333 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 334 |
-- SEMANAGE_KERNEL), |
| 335 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL), |
| 336 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL), |
| 337 |
- &SEMANAGE_USER_BASE_RTABLE, |
| 338 |
- &SEMANAGE_USER_BASE_POLICYDB_RTABLE, |
| 339 |
- &dconfig->dbase) < 0) |
| 340 |
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store |
| 341 |
-index 2f85e9c..b170eda 100755 |
| 342 |
---- a/libsemanage/utils/semanage_migrate_store |
| 343 |
-+++ b/libsemanage/utils/semanage_migrate_store |
| 344 |
-@@ -243,7 +243,8 @@ if __name__ == "__main__": |
| 345 |
- "users.local", |
| 346 |
- "users_extra.local", |
| 347 |
- "disable_dontaudit", |
| 348 |
-- "preserve_tunables" ] |
| 349 |
-+ "preserve_tunables", |
| 350 |
-+ "policy.kern" ] |
| 351 |
- |
| 352 |
- |
| 353 |
- create_dir(newroot_path(), 0o755) |
| 354 |
--- |
| 355 |
-2.4.6 |
| 356 |
- |
| 357 |
|
| 358 |
diff --git a/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch b/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch |
| 359 |
deleted file mode 100644 |
| 360 |
index 24e9778..00000000 |
| 361 |
--- a/sys-libs/libsemanage/files/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch |
| 362 |
+++ /dev/null |
| 363 |
@@ -1,265 +0,0 @@ |
| 364 |
-From d56c2b434e99f60612c1290e82021ecbcbfaf5e6 Mon Sep 17 00:00:00 2001 |
| 365 |
-From: Yuli Khodorkovskiy <ykhodorkovskiy@××××××.com> |
| 366 |
-Date: Tue, 21 Jul 2015 15:08:15 -0400 |
| 367 |
-Subject: [PATCH] libsemanage: Add file_contexts and seusers to the store |
| 368 |
- |
| 369 |
-This patch writes file_contexts and seusers to the policy store as well as |
| 370 |
-/etc/selinux/. Additionally, file_contexts and seusers are now parsed from the |
| 371 |
-store rather than the final directory which was the old behavior. This allows |
| 372 |
-all policy related files to be kept in the policy store. |
| 373 |
- |
| 374 |
-Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@××××××.com> |
| 375 |
---- |
| 376 |
- libsemanage/src/direct_api.c | 69 +++++++++++++++++++++++++------- |
| 377 |
- libsemanage/src/semanage_store.c | 49 ++++------------------- |
| 378 |
- libsemanage/src/semanage_store.h | 5 ++- |
| 379 |
- libsemanage/utils/semanage_migrate_store | 3 +- |
| 380 |
- 4 files changed, 66 insertions(+), 60 deletions(-) |
| 381 |
- |
| 382 |
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c |
| 383 |
-index 3c6b168..b11f2ba 100644 |
| 384 |
---- a/libsemanage/src/direct_api.c |
| 385 |
-+++ b/libsemanage/src/direct_api.c |
| 386 |
-@@ -248,18 +248,14 @@ int semanage_direct_connect(semanage_handle_t * sh) |
| 387 |
- goto err; |
| 388 |
- |
| 389 |
- if (fcontext_file_dbase_init(sh, |
| 390 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 391 |
-- SEMANAGE_FC), |
| 392 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 393 |
-- SEMANAGE_FC), |
| 394 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC), |
| 395 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC), |
| 396 |
- semanage_fcontext_dbase_policy(sh)) < 0) |
| 397 |
- goto err; |
| 398 |
- |
| 399 |
- if (seuser_file_dbase_init(sh, |
| 400 |
-- semanage_final_path(SEMANAGE_FINAL_SELINUX, |
| 401 |
-- SEMANAGE_SEUSERS), |
| 402 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 403 |
-- SEMANAGE_SEUSERS), |
| 404 |
-+ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_SEUSERS), |
| 405 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS), |
| 406 |
- semanage_seuser_dbase_policy(sh)) < 0) |
| 407 |
- goto err; |
| 408 |
- |
| 409 |
-@@ -602,7 +598,7 @@ static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb |
| 410 |
- } |
| 411 |
- |
| 412 |
- if (size > 0) { |
| 413 |
-- ofilename = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS); |
| 414 |
-+ ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS); |
| 415 |
- if (ofilename == NULL) { |
| 416 |
- return -1; |
| 417 |
- } |
| 418 |
-@@ -1039,7 +1035,8 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 419 |
- size_t fc_buffer_len = 0; |
| 420 |
- const char *ofilename = NULL; |
| 421 |
- const char *path; |
| 422 |
-- int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0; |
| 423 |
-+ int retval = -1, num_modinfos = 0, i, missing_policy_kern = 0, |
| 424 |
-+ missing_seusers = 0, missing_fc = 0, missing = 0; |
| 425 |
- sepol_policydb_t *out = NULL; |
| 426 |
- struct cil_db *cildb = NULL; |
| 427 |
- semanage_module_info_t *modinfos = NULL; |
| 428 |
-@@ -1151,10 +1148,26 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 429 |
- if (access(path, F_OK) != 0) { |
| 430 |
- missing_policy_kern = 1; |
| 431 |
- } |
| 432 |
-+ |
| 433 |
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC); |
| 434 |
-+ |
| 435 |
-+ if (access(path, F_OK) != 0) { |
| 436 |
-+ missing_fc = 1; |
| 437 |
-+ } |
| 438 |
-+ |
| 439 |
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS); |
| 440 |
-+ |
| 441 |
-+ if (access(path, F_OK) != 0) { |
| 442 |
-+ missing_seusers = 1; |
| 443 |
-+ } |
| 444 |
- } |
| 445 |
- |
| 446 |
-+ missing |= missing_policy_kern; |
| 447 |
-+ missing |= missing_fc; |
| 448 |
-+ missing |= missing_seusers; |
| 449 |
-+ |
| 450 |
- /* If there were policy changes, or explicitly requested, rebuild the policy */ |
| 451 |
-- if (sh->do_rebuild || modified || missing_policy_kern) { |
| 452 |
-+ if (sh->do_rebuild || modified || missing) { |
| 453 |
- /* =================== Module expansion =============== */ |
| 454 |
- |
| 455 |
- retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos); |
| 456 |
-@@ -1312,15 +1325,41 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 457 |
- if (retval < 0) |
| 458 |
- goto cleanup; |
| 459 |
- |
| 460 |
-- retval = semanage_copy_policydb(sh); |
| 461 |
-- if (retval < 0) |
| 462 |
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL), |
| 463 |
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL), |
| 464 |
-+ sh->conf->file_mode); |
| 465 |
-+ if (retval < 0) { |
| 466 |
- goto cleanup; |
| 467 |
-+ } |
| 468 |
- |
| 469 |
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL); |
| 470 |
- if (access(path, F_OK) == 0) { |
| 471 |
-- retval = semanage_copy_fc_local(sh); |
| 472 |
-- if (retval < 0) |
| 473 |
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL), |
| 474 |
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL), |
| 475 |
-+ sh->conf->file_mode); |
| 476 |
-+ if (retval < 0) { |
| 477 |
- goto cleanup; |
| 478 |
-+ } |
| 479 |
-+ } |
| 480 |
-+ |
| 481 |
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC); |
| 482 |
-+ if (access(path, F_OK) == 0) { |
| 483 |
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC), |
| 484 |
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC), |
| 485 |
-+ sh->conf->file_mode); |
| 486 |
-+ if (retval < 0) { |
| 487 |
-+ goto cleanup; |
| 488 |
-+ } |
| 489 |
-+ } |
| 490 |
-+ |
| 491 |
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS); |
| 492 |
-+ if (access(path, F_OK) == 0) { |
| 493 |
-+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS), |
| 494 |
-+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS), |
| 495 |
-+ sh->conf->file_mode); |
| 496 |
-+ if (retval < 0) { |
| 497 |
-+ goto cleanup; |
| 498 |
-+ } |
| 499 |
- } |
| 500 |
- |
| 501 |
- /* run genhomedircon if its enabled, this should be the last operation |
| 502 |
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c |
| 503 |
-index 2856aaf..fa0876f 100644 |
| 504 |
---- a/libsemanage/src/semanage_store.c |
| 505 |
-+++ b/libsemanage/src/semanage_store.c |
| 506 |
-@@ -111,7 +111,9 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = { |
| 507 |
- "/preserve_tunables", |
| 508 |
- "/modules/disabled", |
| 509 |
- "/policy.kern", |
| 510 |
-- "/file_contexts.local" |
| 511 |
-+ "/file_contexts.local", |
| 512 |
-+ "/file_contexts", |
| 513 |
-+ "/seusers" |
| 514 |
- }; |
| 515 |
- |
| 516 |
- static char const * const semanage_final_prefix[SEMANAGE_FINAL_NUM] = { |
| 517 |
-@@ -666,7 +668,7 @@ static int semanage_filename_select(const struct dirent *d) |
| 518 |
- |
| 519 |
- /* Copies a file from src to dst. If dst already exists then |
| 520 |
- * overwrite it. Returns 0 on success, -1 on error. */ |
| 521 |
--static int semanage_copy_file(const char *src, const char *dst, mode_t mode) |
| 522 |
-+int semanage_copy_file(const char *src, const char *dst, mode_t mode) |
| 523 |
- { |
| 524 |
- int in, out, retval = 0, amount_read, n, errsv = errno; |
| 525 |
- char tmp[PATH_MAX]; |
| 526 |
-@@ -1425,11 +1427,11 @@ int semanage_split_fc(semanage_handle_t * sh) |
| 527 |
- goto cleanup; |
| 528 |
- } |
| 529 |
- |
| 530 |
-- fc = open(semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC), |
| 531 |
-+ fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC), |
| 532 |
- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); |
| 533 |
- if (fc < 0) { |
| 534 |
- ERR(sh, "Could not open %s for writing.", |
| 535 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC)); |
| 536 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC)); |
| 537 |
- goto cleanup; |
| 538 |
- } |
| 539 |
- hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL), |
| 540 |
-@@ -1454,8 +1456,7 @@ int semanage_split_fc(semanage_handle_t * sh) |
| 541 |
- } else { |
| 542 |
- if (write(fc, buf, strlen(buf)) < 0) { |
| 543 |
- ERR(sh, "Write to %s failed.", |
| 544 |
-- semanage_final_path(SEMANAGE_FINAL_TMP, |
| 545 |
-- SEMANAGE_FC)); |
| 546 |
-+ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC)); |
| 547 |
- goto cleanup; |
| 548 |
- } |
| 549 |
- } |
| 550 |
-@@ -2914,39 +2915,3 @@ int semanage_nc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, |
| 551 |
- |
| 552 |
- return 0; |
| 553 |
- } |
| 554 |
-- |
| 555 |
--int semanage_copy_policydb(semanage_handle_t *sh) |
| 556 |
--{ |
| 557 |
-- const char *src = NULL; |
| 558 |
-- const char *dst = NULL; |
| 559 |
-- int rc = -1; |
| 560 |
-- |
| 561 |
-- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL); |
| 562 |
-- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); |
| 563 |
-- |
| 564 |
-- rc = semanage_copy_file(src, dst, sh->conf->file_mode); |
| 565 |
-- if (rc != 0) { |
| 566 |
-- goto cleanup; |
| 567 |
-- } |
| 568 |
-- |
| 569 |
--cleanup: |
| 570 |
-- return rc; |
| 571 |
--} |
| 572 |
-- |
| 573 |
--int semanage_copy_fc_local(semanage_handle_t *sh) |
| 574 |
--{ |
| 575 |
-- const char *src = NULL; |
| 576 |
-- const char *dst = NULL; |
| 577 |
-- int rc = -1; |
| 578 |
-- |
| 579 |
-- src = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL); |
| 580 |
-- dst = semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL); |
| 581 |
-- |
| 582 |
-- rc = semanage_copy_file(src, dst, sh->conf->file_mode); |
| 583 |
-- if (rc != 0) { |
| 584 |
-- goto cleanup; |
| 585 |
-- } |
| 586 |
-- |
| 587 |
--cleanup: |
| 588 |
-- return rc; |
| 589 |
--} |
| 590 |
-diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h |
| 591 |
-index ade43f2..acb6e3f 100644 |
| 592 |
---- a/libsemanage/src/semanage_store.h |
| 593 |
-+++ b/libsemanage/src/semanage_store.h |
| 594 |
-@@ -57,6 +57,8 @@ enum semanage_sandbox_defs { |
| 595 |
- SEMANAGE_MODULES_DISABLED, |
| 596 |
- SEMANAGE_STORE_KERNEL, |
| 597 |
- SEMANAGE_STORE_FC_LOCAL, |
| 598 |
-+ SEMANAGE_STORE_FC, |
| 599 |
-+ SEMANAGE_STORE_SEUSERS, |
| 600 |
- SEMANAGE_STORE_NUM_PATHS |
| 601 |
- }; |
| 602 |
- |
| 603 |
-@@ -150,7 +152,6 @@ int semanage_nc_sort(semanage_handle_t * sh, |
| 604 |
- size_t buf_len, |
| 605 |
- char **sorted_buf, size_t * sorted_buf_len); |
| 606 |
- |
| 607 |
--int semanage_copy_policydb(semanage_handle_t *sh); |
| 608 |
--int semanage_copy_fc_local(semanage_handle_t *sh); |
| 609 |
-+int semanage_copy_file(const char *src, const char *dst, mode_t mode); |
| 610 |
- |
| 611 |
- #endif |
| 612 |
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store |
| 613 |
-index b170eda..6443002 100755 |
| 614 |
---- a/libsemanage/utils/semanage_migrate_store |
| 615 |
-+++ b/libsemanage/utils/semanage_migrate_store |
| 616 |
-@@ -244,7 +244,8 @@ if __name__ == "__main__": |
| 617 |
- "users_extra.local", |
| 618 |
- "disable_dontaudit", |
| 619 |
- "preserve_tunables", |
| 620 |
-- "policy.kern" ] |
| 621 |
-+ "policy.kern", |
| 622 |
-+ "file_contexts"] |
| 623 |
- |
| 624 |
- |
| 625 |
- create_dir(newroot_path(), 0o755) |
| 626 |
--- |
| 627 |
-2.4.6 |
| 628 |
- |
| 629 |
|
| 630 |
diff --git a/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch b/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch |
| 631 |
deleted file mode 100644 |
| 632 |
index 3bc1370..00000000 |
| 633 |
--- a/sys-libs/libsemanage/files/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch |
| 634 |
+++ /dev/null |
| 635 |
@@ -1,54 +0,0 @@ |
| 636 |
-From 75dd8c062d1f6f0e0a7a9f1856c0957b423e8a02 Mon Sep 17 00:00:00 2001 |
| 637 |
-From: Steve Lawrence <slawrence@××××××.com> |
| 638 |
-Date: Thu, 3 Sep 2015 09:28:08 -0400 |
| 639 |
-Subject: [PATCH 1/3] libsemanage: save homedir_template in the policy store |
| 640 |
- for genhomedircon |
| 641 |
- |
| 642 |
-We don't currently store homedir_template in the policy store, which |
| 643 |
-means genhomedircon only has a template file to use if the |
| 644 |
-homedir_template was generated from the file contexts in the same |
| 645 |
-transaction. But homedir_template isn't always generated, as in the |
| 646 |
-case with setsebool -P. In this and other cases, genhomedircon will not |
| 647 |
-have a template file resulting in an empty file_contexts.homedir file. |
| 648 |
- |
| 649 |
-This commit changes this so that homedir_template is always stored in |
| 650 |
-the policy store so it can be used by genhomedircon regardless of how |
| 651 |
-policy was built. Also add the homedir_template file to the migration |
| 652 |
-script. |
| 653 |
- |
| 654 |
-Signed-off by: Steve Lawrence <slawrence@××××××.com> |
| 655 |
-Acked-by: Stephen Smalley <sds@×××××××××.gov> |
| 656 |
---- |
| 657 |
- libsemanage/src/direct_api.c | 1 - |
| 658 |
- libsemanage/utils/semanage_migrate_store | 3 ++- |
| 659 |
- 2 files changed, 2 insertions(+), 2 deletions(-) |
| 660 |
- |
| 661 |
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c |
| 662 |
-index 90a7b22..6e49cae 100644 |
| 663 |
---- a/libsemanage/src/direct_api.c |
| 664 |
-+++ b/libsemanage/src/direct_api.c |
| 665 |
-@@ -1415,7 +1415,6 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 666 |
- |
| 667 |
- /* remove files that are automatically generated and no longer needed */ |
| 668 |
- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)); |
| 669 |
-- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL)); |
| 670 |
- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA)); |
| 671 |
- |
| 672 |
- if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) { |
| 673 |
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store |
| 674 |
-index 539f469..297c71b 100755 |
| 675 |
---- a/libsemanage/utils/semanage_migrate_store |
| 676 |
-+++ b/libsemanage/utils/semanage_migrate_store |
| 677 |
-@@ -251,7 +251,8 @@ if __name__ == "__main__": |
| 678 |
- "disable_dontaudit", |
| 679 |
- "preserve_tunables", |
| 680 |
- "policy.kern", |
| 681 |
-- "file_contexts"] |
| 682 |
-+ "file_contexts", |
| 683 |
-+ "homedir_template"] |
| 684 |
- |
| 685 |
- |
| 686 |
- create_dir(newroot_path(), 0o755) |
| 687 |
--- |
| 688 |
-2.4.6 |
| 689 |
- |
| 690 |
|
| 691 |
diff --git a/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch b/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch |
| 692 |
deleted file mode 100644 |
| 693 |
index 1aca2ad..00000000 |
| 694 |
--- a/sys-libs/libsemanage/files/0005-libsemanage-store-users_extra-in-the-policy-store.patch |
| 695 |
+++ /dev/null |
| 696 |
@@ -1,57 +0,0 @@ |
| 697 |
-From dbc639a35af71eec1a1b386b74a822d794bb59df Mon Sep 17 00:00:00 2001 |
| 698 |
-From: Steve Lawrence <slawrence@××××××.com> |
| 699 |
-Date: Thu, 3 Sep 2015 13:07:36 -0400 |
| 700 |
-Subject: [PATCH 2/3] libsemanage: store users_extra in the policy store |
| 701 |
- |
| 702 |
-users_extra is needed by genhomedircon and when listing seusers, so it |
| 703 |
-must be kept in the policy store. Also move the FC_TMPL unlink() closer |
| 704 |
-to where the FC_TMPL is created; not a functional change, but eaiser to |
| 705 |
-follow. |
| 706 |
- |
| 707 |
-Signed-off-by: Steve Lawrence <slawrence@××××××.com> |
| 708 |
-Acked-by: Stephen Smalley <sds@×××××××××.gov> |
| 709 |
---- |
| 710 |
- libsemanage/src/direct_api.c | 7 +++---- |
| 711 |
- libsemanage/utils/semanage_migrate_store | 1 + |
| 712 |
- 2 files changed, 4 insertions(+), 4 deletions(-) |
| 713 |
- |
| 714 |
-diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c |
| 715 |
-index 6e49cae..68dd0d1 100644 |
| 716 |
---- a/libsemanage/src/direct_api.c |
| 717 |
-+++ b/libsemanage/src/direct_api.c |
| 718 |
-@@ -1272,6 +1272,9 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 719 |
- if (retval < 0) |
| 720 |
- goto cleanup; |
| 721 |
- |
| 722 |
-+ /* remove FC_TMPL now that it is now longer needed */ |
| 723 |
-+ unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)); |
| 724 |
-+ |
| 725 |
- pfcontexts->dtable->drop_cache(pfcontexts->dbase); |
| 726 |
- |
| 727 |
- /* SEUsers */ |
| 728 |
-@@ -1413,10 +1416,6 @@ static int semanage_direct_commit(semanage_handle_t * sh) |
| 729 |
- sepol_policydb_free(out); |
| 730 |
- out = NULL; |
| 731 |
- |
| 732 |
-- /* remove files that are automatically generated and no longer needed */ |
| 733 |
-- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)); |
| 734 |
-- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA)); |
| 735 |
-- |
| 736 |
- if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) { |
| 737 |
- retval = semanage_install_sandbox(sh); |
| 738 |
- } |
| 739 |
-diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store |
| 740 |
-index 297c71b..b5eefaa 100755 |
| 741 |
---- a/libsemanage/utils/semanage_migrate_store |
| 742 |
-+++ b/libsemanage/utils/semanage_migrate_store |
| 743 |
-@@ -247,6 +247,7 @@ if __name__ == "__main__": |
| 744 |
- "file_contexts.local", |
| 745 |
- "seusers", |
| 746 |
- "users.local", |
| 747 |
-+ "users_extra", |
| 748 |
- "users_extra.local", |
| 749 |
- "disable_dontaudit", |
| 750 |
- "preserve_tunables", |
| 751 |
--- |
| 752 |
-2.4.6 |
| 753 |
- |
| 754 |
|
| 755 |
diff --git a/sys-libs/libsemanage/libsemanage-2.2-r2.ebuild b/sys-libs/libsemanage/libsemanage-2.2-r2.ebuild |
| 756 |
deleted file mode 100644 |
| 757 |
index 2d6bc07..00000000 |
| 758 |
--- a/sys-libs/libsemanage/libsemanage-2.2-r2.ebuild |
| 759 |
+++ /dev/null |
| 760 |
@@ -1,91 +0,0 @@ |
| 761 |
-# Copyright 1999-2015 Gentoo Foundation |
| 762 |
-# Distributed under the terms of the GNU General Public License v2 |
| 763 |
-# $Id$ |
| 764 |
- |
| 765 |
-EAPI="5" |
| 766 |
-PYTHON_COMPAT=( python2_7 python3_3 ) |
| 767 |
- |
| 768 |
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal |
| 769 |
- |
| 770 |
-SEPOL_VER="2.2" |
| 771 |
-SELNX_VER="2.2.2-r1" |
| 772 |
- |
| 773 |
-DESCRIPTION="SELinux kernel and policy management library" |
| 774 |
-HOMEPAGE="http://userspace.selinuxproject.org" |
| 775 |
-SRC_URI="http://userspace.selinuxproject.org/releases/20131030/${P}.tar.gz" |
| 776 |
- |
| 777 |
-LICENSE="GPL-2" |
| 778 |
-SLOT="0" |
| 779 |
-KEYWORDS="amd64 x86" |
| 780 |
-IUSE="python" |
| 781 |
- |
| 782 |
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER} |
| 783 |
- >=sys-libs/libselinux-${SELNX_VER} |
| 784 |
- dev-libs/ustr |
| 785 |
- sys-process/audit" |
| 786 |
-DEPEND="${RDEPEND} |
| 787 |
- sys-devel/bison |
| 788 |
- sys-devel/flex |
| 789 |
- python? ( |
| 790 |
- >=dev-lang/swig-2.0.4-r1 |
| 791 |
- virtual/pkgconfig |
| 792 |
- ${PYTHON_DEPS} |
| 793 |
- )" |
| 794 |
- |
| 795 |
-# tests are not meant to be run outside of the |
| 796 |
-# full SELinux userland repo |
| 797 |
-RESTRICT="test" |
| 798 |
- |
| 799 |
-src_prepare() { |
| 800 |
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" |
| 801 |
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" |
| 802 |
- echo "# or debugging of policy." >> "${S}/src/semanage.conf" |
| 803 |
- echo "save-linked=false" >> "${S}/src/semanage.conf" |
| 804 |
- echo >> "${S}/src/semanage.conf" |
| 805 |
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" |
| 806 |
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" |
| 807 |
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" |
| 808 |
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" |
| 809 |
- echo "# would catch." >> "${S}/src/semanage.conf" |
| 810 |
- echo "expand-check=1" >> "${S}/src/semanage.conf" |
| 811 |
- echo >> "${S}/src/semanage.conf" |
| 812 |
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" |
| 813 |
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" |
| 814 |
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" |
| 815 |
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" |
| 816 |
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" |
| 817 |
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" |
| 818 |
- echo >> "${S}/src/semanage.conf" |
| 819 |
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" |
| 820 |
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" |
| 821 |
- echo "bzip-small=true" >> "${S}/src/semanage.conf" |
| 822 |
- |
| 823 |
- epatch_user |
| 824 |
- |
| 825 |
- multilib_copy_sources |
| 826 |
-} |
| 827 |
- |
| 828 |
-multilib_src_compile() { |
| 829 |
- emake AR="$(tc-getAR)" CC="$(tc-getCC)" all || die |
| 830 |
- |
| 831 |
- if multilib_is_native_abi && use python; then |
| 832 |
- building() { |
| 833 |
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH |
| 834 |
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@" |
| 835 |
- } |
| 836 |
- python_foreach_impl building swigify |
| 837 |
- python_foreach_impl building pywrap |
| 838 |
- fi |
| 839 |
-} |
| 840 |
- |
| 841 |
-multilib_src_install() { |
| 842 |
- LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(PREFIX)/$(get_libdir)" \ |
| 843 |
- emake DESTDIR="${D}" install |
| 844 |
- |
| 845 |
- if multilib_is_native_abi && use python; then |
| 846 |
- installation() { |
| 847 |
- emake DESTDIR="${D}" install-pywrap |
| 848 |
- } |
| 849 |
- python_foreach_impl installation |
| 850 |
- fi |
| 851 |
-} |
| 852 |
|
| 853 |
diff --git a/sys-libs/libsemanage/libsemanage-2.3-r4.ebuild b/sys-libs/libsemanage/libsemanage-2.3-r4.ebuild |
| 854 |
deleted file mode 100644 |
| 855 |
index 3e52b94..00000000 |
| 856 |
--- a/sys-libs/libsemanage/libsemanage-2.3-r4.ebuild |
| 857 |
+++ /dev/null |
| 858 |
@@ -1,104 +0,0 @@ |
| 859 |
-# Copyright 1999-2015 Gentoo Foundation |
| 860 |
-# Distributed under the terms of the GNU General Public License v2 |
| 861 |
-# $Id$ |
| 862 |
- |
| 863 |
-EAPI="5" |
| 864 |
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) |
| 865 |
- |
| 866 |
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal |
| 867 |
- |
| 868 |
-MY_P="${P//_/-}" |
| 869 |
- |
| 870 |
-SEPOL_VER="2.3" |
| 871 |
-SELNX_VER="2.3" |
| 872 |
- |
| 873 |
-DESCRIPTION="SELinux kernel and policy management library" |
| 874 |
-HOMEPAGE="http://userspace.selinuxproject.org" |
| 875 |
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/${MY_P}.tar.gz" |
| 876 |
- |
| 877 |
-LICENSE="GPL-2" |
| 878 |
-SLOT="0" |
| 879 |
-KEYWORDS="amd64 x86" |
| 880 |
-IUSE="python" |
| 881 |
- |
| 882 |
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}] |
| 883 |
- >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}] |
| 884 |
- >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] |
| 885 |
- >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}] |
| 886 |
- " |
| 887 |
-DEPEND="${RDEPEND} |
| 888 |
- sys-devel/bison |
| 889 |
- sys-devel/flex |
| 890 |
- python? ( |
| 891 |
- >=dev-lang/swig-2.0.4-r1 |
| 892 |
- virtual/pkgconfig |
| 893 |
- ${PYTHON_DEPS} |
| 894 |
- )" |
| 895 |
- |
| 896 |
-# tests are not meant to be run outside of the |
| 897 |
-# full SELinux userland repo |
| 898 |
-RESTRICT="test" |
| 899 |
- |
| 900 |
-S="${WORKDIR}/${MY_P}" |
| 901 |
- |
| 902 |
-src_prepare() { |
| 903 |
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" |
| 904 |
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" |
| 905 |
- echo "# or debugging of policy." >> "${S}/src/semanage.conf" |
| 906 |
- echo "save-linked=false" >> "${S}/src/semanage.conf" |
| 907 |
- echo >> "${S}/src/semanage.conf" |
| 908 |
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" |
| 909 |
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" |
| 910 |
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" |
| 911 |
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" |
| 912 |
- echo "# would catch." >> "${S}/src/semanage.conf" |
| 913 |
- echo "expand-check=1" >> "${S}/src/semanage.conf" |
| 914 |
- echo >> "${S}/src/semanage.conf" |
| 915 |
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" |
| 916 |
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" |
| 917 |
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" |
| 918 |
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" |
| 919 |
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" |
| 920 |
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" |
| 921 |
- echo >> "${S}/src/semanage.conf" |
| 922 |
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" |
| 923 |
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" |
| 924 |
- echo "bzip-small=true" >> "${S}/src/semanage.conf" |
| 925 |
- |
| 926 |
- epatch_user |
| 927 |
- |
| 928 |
- multilib_copy_sources |
| 929 |
-} |
| 930 |
- |
| 931 |
-multilib_src_compile() { |
| 932 |
- emake \ |
| 933 |
- AR="$(tc-getAR)" \ |
| 934 |
- CC="$(tc-getCC)" \ |
| 935 |
- LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ |
| 936 |
- all |
| 937 |
- |
| 938 |
- if multilib_is_native_abi && use python; then |
| 939 |
- building_py() { |
| 940 |
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH |
| 941 |
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@" |
| 942 |
- python_optimize # bug 531638 |
| 943 |
- } |
| 944 |
- python_foreach_impl building_py swigify |
| 945 |
- python_foreach_impl building_py pywrap |
| 946 |
- fi |
| 947 |
-} |
| 948 |
- |
| 949 |
-multilib_src_install() { |
| 950 |
- emake \ |
| 951 |
- LIBDIR="${ED}/usr/$(get_libdir)" \ |
| 952 |
- SHLIBDIR="${ED}/usr/$(get_libdir)" \ |
| 953 |
- DESTDIR="${ED}" install |
| 954 |
- |
| 955 |
- if multilib_is_native_abi && use python; then |
| 956 |
- installation_py() { |
| 957 |
- emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \ |
| 958 |
- SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap |
| 959 |
- } |
| 960 |
- python_foreach_impl installation_py |
| 961 |
- fi |
| 962 |
-} |
| 963 |
|
| 964 |
diff --git a/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild b/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild |
| 965 |
deleted file mode 100644 |
| 966 |
index f28af4c..00000000 |
| 967 |
--- a/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild |
| 968 |
+++ /dev/null |
| 969 |
@@ -1,127 +0,0 @@ |
| 970 |
-# Copyright 1999-2015 Gentoo Foundation |
| 971 |
-# Distributed under the terms of the GNU General Public License v2 |
| 972 |
-# $Id$ |
| 973 |
- |
| 974 |
-EAPI="5" |
| 975 |
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) |
| 976 |
- |
| 977 |
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal |
| 978 |
- |
| 979 |
-MY_P="${P//_/-}" |
| 980 |
- |
| 981 |
-SEPOL_VER="${PV}" |
| 982 |
-SELNX_VER="${PV}" |
| 983 |
- |
| 984 |
-DESCRIPTION="SELinux kernel and policy management library" |
| 985 |
-HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" |
| 986 |
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz" |
| 987 |
- |
| 988 |
-LICENSE="GPL-2" |
| 989 |
-SLOT="0" |
| 990 |
-KEYWORDS="amd64 x86" |
| 991 |
-IUSE="python" |
| 992 |
- |
| 993 |
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}] |
| 994 |
- >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}] |
| 995 |
- >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] |
| 996 |
- >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}] |
| 997 |
- " |
| 998 |
-DEPEND="${RDEPEND} |
| 999 |
- sys-devel/bison |
| 1000 |
- sys-devel/flex |
| 1001 |
- python? ( |
| 1002 |
- >=dev-lang/swig-2.0.4-r1 |
| 1003 |
- virtual/pkgconfig |
| 1004 |
- ${PYTHON_DEPS} |
| 1005 |
- )" |
| 1006 |
- |
| 1007 |
-# tests are not meant to be run outside of the |
| 1008 |
-# full SELinux userland repo |
| 1009 |
-RESTRICT="test" |
| 1010 |
- |
| 1011 |
-S="${WORKDIR}/${MY_P}" |
| 1012 |
- |
| 1013 |
-src_prepare() { |
| 1014 |
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" |
| 1015 |
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" |
| 1016 |
- echo "# or debugging of policy." >> "${S}/src/semanage.conf" |
| 1017 |
- echo "save-linked=false" >> "${S}/src/semanage.conf" |
| 1018 |
- echo >> "${S}/src/semanage.conf" |
| 1019 |
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" |
| 1020 |
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" |
| 1021 |
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" |
| 1022 |
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" |
| 1023 |
- echo "# would catch." >> "${S}/src/semanage.conf" |
| 1024 |
- echo "expand-check=1" >> "${S}/src/semanage.conf" |
| 1025 |
- echo >> "${S}/src/semanage.conf" |
| 1026 |
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" |
| 1027 |
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" |
| 1028 |
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" |
| 1029 |
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" |
| 1030 |
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" |
| 1031 |
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" |
| 1032 |
- echo >> "${S}/src/semanage.conf" |
| 1033 |
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" |
| 1034 |
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" |
| 1035 |
- echo "bzip-small=true" >> "${S}/src/semanage.conf" |
| 1036 |
- |
| 1037 |
- epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch" |
| 1038 |
- |
| 1039 |
- epatch_user |
| 1040 |
- |
| 1041 |
- multilib_copy_sources |
| 1042 |
-} |
| 1043 |
- |
| 1044 |
-multilib_src_compile() { |
| 1045 |
- emake \ |
| 1046 |
- AR="$(tc-getAR)" \ |
| 1047 |
- CC="$(tc-getCC)" \ |
| 1048 |
- LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ |
| 1049 |
- all |
| 1050 |
- |
| 1051 |
- if multilib_is_native_abi && use python; then |
| 1052 |
- building_py() { |
| 1053 |
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH |
| 1054 |
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@" |
| 1055 |
- } |
| 1056 |
- python_foreach_impl building_py swigify |
| 1057 |
- python_foreach_impl building_py pywrap |
| 1058 |
- fi |
| 1059 |
-} |
| 1060 |
- |
| 1061 |
-multilib_src_install() { |
| 1062 |
- emake \ |
| 1063 |
- LIBDIR="${ED}/usr/$(get_libdir)" \ |
| 1064 |
- SHLIBDIR="${ED}/usr/$(get_libdir)" \ |
| 1065 |
- DESTDIR="${ED}" install |
| 1066 |
- |
| 1067 |
- if multilib_is_native_abi && use python; then |
| 1068 |
- installation_py() { |
| 1069 |
- emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \ |
| 1070 |
- SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap |
| 1071 |
- python_optimize # bug 531638 |
| 1072 |
- } |
| 1073 |
- python_foreach_impl installation_py |
| 1074 |
- fi |
| 1075 |
-} |
| 1076 |
- |
| 1077 |
-pkg_postinst() { |
| 1078 |
- # Migrate the SELinux semanage configuration store if not done already |
| 1079 |
- local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' /etc/selinux/config); |
| 1080 |
- if [ -n "${selinuxtype}" ] && [ ! -d /var/lib/selinux/${mcs}/active ] ; then |
| 1081 |
- ewarn "Since the 2.4 SELinux userspace, the policy module store is moved" |
| 1082 |
- ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now." |
| 1083 |
- ewarn "If there are any issues, it can be done manually by running:" |
| 1084 |
- ewarn "/usr/libexec/selinux/semanage_migrate_store" |
| 1085 |
- ewarn "For more information, please see" |
| 1086 |
- ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration" |
| 1087 |
- fi |
| 1088 |
- |
| 1089 |
- # Run the store migration without rebuilds |
| 1090 |
- for POLICY_TYPE in ${POLICY_TYPES} ; do |
| 1091 |
- if [ ! -d "${ROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then |
| 1092 |
- einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)." |
| 1093 |
- /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}" |
| 1094 |
- fi |
| 1095 |
- done |
| 1096 |
-} |
| 1097 |
|
| 1098 |
diff --git a/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild b/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild |
| 1099 |
deleted file mode 100644 |
| 1100 |
index 9e0890f..00000000 |
| 1101 |
--- a/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild |
| 1102 |
+++ /dev/null |
| 1103 |
@@ -1,132 +0,0 @@ |
| 1104 |
-# Copyright 1999-2015 Gentoo Foundation |
| 1105 |
-# Distributed under the terms of the GNU General Public License v2 |
| 1106 |
-# $Id$ |
| 1107 |
- |
| 1108 |
-EAPI="5" |
| 1109 |
-PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) |
| 1110 |
- |
| 1111 |
-inherit multilib python-r1 toolchain-funcs eutils multilib-minimal |
| 1112 |
- |
| 1113 |
-MY_P="${P//_/-}" |
| 1114 |
- |
| 1115 |
-SEPOL_VER="${PV}" |
| 1116 |
-SELNX_VER="${PV}" |
| 1117 |
- |
| 1118 |
-DESCRIPTION="SELinux kernel and policy management library" |
| 1119 |
-HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" |
| 1120 |
-SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz" |
| 1121 |
- |
| 1122 |
-LICENSE="GPL-2" |
| 1123 |
-SLOT="0" |
| 1124 |
-KEYWORDS="amd64 ~arm ~arm64 ~mips x86" |
| 1125 |
-IUSE="python" |
| 1126 |
- |
| 1127 |
-RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}] |
| 1128 |
- >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}] |
| 1129 |
- >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] |
| 1130 |
- >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}] |
| 1131 |
- " |
| 1132 |
-DEPEND="${RDEPEND} |
| 1133 |
- sys-devel/bison |
| 1134 |
- sys-devel/flex |
| 1135 |
- python? ( |
| 1136 |
- >=dev-lang/swig-2.0.4-r1 |
| 1137 |
- virtual/pkgconfig |
| 1138 |
- ${PYTHON_DEPS} |
| 1139 |
- )" |
| 1140 |
- |
| 1141 |
-# tests are not meant to be run outside of the |
| 1142 |
-# full SELinux userland repo |
| 1143 |
-RESTRICT="test" |
| 1144 |
- |
| 1145 |
-S="${WORKDIR}/${MY_P}" |
| 1146 |
- |
| 1147 |
-src_prepare() { |
| 1148 |
- echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" |
| 1149 |
- echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" |
| 1150 |
- echo "# or debugging of policy." >> "${S}/src/semanage.conf" |
| 1151 |
- echo "save-linked=false" >> "${S}/src/semanage.conf" |
| 1152 |
- echo >> "${S}/src/semanage.conf" |
| 1153 |
- echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" |
| 1154 |
- echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" |
| 1155 |
- echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" |
| 1156 |
- echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" |
| 1157 |
- echo "# would catch." >> "${S}/src/semanage.conf" |
| 1158 |
- echo "expand-check=1" >> "${S}/src/semanage.conf" |
| 1159 |
- echo >> "${S}/src/semanage.conf" |
| 1160 |
- echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" |
| 1161 |
- echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" |
| 1162 |
- echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" |
| 1163 |
- echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" |
| 1164 |
- echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" |
| 1165 |
- echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" |
| 1166 |
- echo >> "${S}/src/semanage.conf" |
| 1167 |
- echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" |
| 1168 |
- echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" |
| 1169 |
- echo "bzip-small=true" >> "${S}/src/semanage.conf" |
| 1170 |
- |
| 1171 |
- epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch" \ |
| 1172 |
- "${FILESDIR}/0002-libsemanage-Add-policy-binary-and-file_contexts.loca.patch" \ |
| 1173 |
- "${FILESDIR}/0003-libsemanage-Add-file_contexts-and-seusers-to-the-sto.patch" \ |
| 1174 |
- "${FILESDIR}/0004-libsemanage-save-homedir_template-in-the-policy-stor.patch" \ |
| 1175 |
- "${FILESDIR}/0005-libsemanage-store-users_extra-in-the-policy-store.patch" |
| 1176 |
- epatch "${FILESDIR}"/${PN}-2.4-build-paths.patch |
| 1177 |
- |
| 1178 |
- epatch_user |
| 1179 |
- |
| 1180 |
- multilib_copy_sources |
| 1181 |
-} |
| 1182 |
- |
| 1183 |
-multilib_src_compile() { |
| 1184 |
- emake \ |
| 1185 |
- AR="$(tc-getAR)" \ |
| 1186 |
- CC="$(tc-getCC)" \ |
| 1187 |
- LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ |
| 1188 |
- all |
| 1189 |
- |
| 1190 |
- if multilib_is_native_abi && use python; then |
| 1191 |
- building_py() { |
| 1192 |
- python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH |
| 1193 |
- emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@" |
| 1194 |
- } |
| 1195 |
- python_foreach_impl building_py swigify |
| 1196 |
- python_foreach_impl building_py pywrap |
| 1197 |
- fi |
| 1198 |
-} |
| 1199 |
- |
| 1200 |
-multilib_src_install() { |
| 1201 |
- emake \ |
| 1202 |
- LIBDIR="${ED}/usr/$(get_libdir)" \ |
| 1203 |
- SHLIBDIR="${ED}/usr/$(get_libdir)" \ |
| 1204 |
- DESTDIR="${ED}" install |
| 1205 |
- |
| 1206 |
- if multilib_is_native_abi && use python; then |
| 1207 |
- installation_py() { |
| 1208 |
- emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \ |
| 1209 |
- SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap |
| 1210 |
- python_optimize # bug 531638 |
| 1211 |
- } |
| 1212 |
- python_foreach_impl installation_py |
| 1213 |
- fi |
| 1214 |
-} |
| 1215 |
- |
| 1216 |
-pkg_postinst() { |
| 1217 |
- # Migrate the SELinux semanage configuration store if not done already |
| 1218 |
- local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null) |
| 1219 |
- if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${mcs}/active ] ; then |
| 1220 |
- ewarn "Since the 2.4 SELinux userspace, the policy module store is moved" |
| 1221 |
- ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now." |
| 1222 |
- ewarn "If there are any issues, it can be done manually by running:" |
| 1223 |
- ewarn "/usr/libexec/selinux/semanage_migrate_store" |
| 1224 |
- ewarn "For more information, please see" |
| 1225 |
- ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration" |
| 1226 |
- fi |
| 1227 |
- |
| 1228 |
- # Run the store migration without rebuilds |
| 1229 |
- for POLICY_TYPE in ${POLICY_TYPES} ; do |
| 1230 |
- if [ ! -d "${EROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then |
| 1231 |
- einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)." |
| 1232 |
- /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}" |
| 1233 |
- fi |
| 1234 |
- done |
| 1235 |
-} |
Archives