Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/
Date: Mon, 02 May 2011 19:09:47
Message-Id: 4373a85d84f4066ed245e9ef1b31ed6fa15069bf.SwifT@gentoo
1 commit: 4373a85d84f4066ed245e9ef1b31ed6fa15069bf
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Mon May 2 19:09:15 2011 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Mon May 2 19:09:15 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=4373a85d
7
8 Add r13, make UBAC optional (#257111 and #306393)
9
10 ---
11 sec-policy/selinux-base-policy/ChangeLog | 482 ++++++++++++++++++++
12 sec-policy/selinux-base-policy/files/config | 12 +
13 .../selinux-base-policy/files/modules.conf.strict | 44 ++
14 .../files/modules.conf.strict.20090730 | 49 ++
15 .../files/modules.conf.targeted | 45 ++
16 .../files/modules.conf.targeted.20090730 | 50 ++
17 ...ndle-selinux-base-policy-2.20101213-r13.tar.bz2 | Bin 0 -> 12910 bytes
18 sec-policy/selinux-base-policy/metadata.xml | 13 +
19 .../selinux-base-policy-2.20101213-r13.ebuild | 129 ++++++
20 9 files changed, 824 insertions(+), 0 deletions(-)
21
22 diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
23 new file mode 100644
24 index 0000000..b68a020
25 --- /dev/null
26 +++ b/sec-policy/selinux-base-policy/ChangeLog
27 @@ -0,0 +1,482 @@
28 +# ChangeLog for sec-policy/selinux-base-policy
29 +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
30 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.72 2011/04/16 13:02:44 blueness Exp $
31 +
32 +*selinux-base-policy-2.20101213-r13 (02 May 2011)
33 +
34 + 02 May 2011; <swift@g.o>
35 + +selinux-base-policy-2.20101213-r13.ebuild,
36 + +files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2,
37 + +files/config, +files/modules.conf.strict,
38 + +files/modules.conf.strict.20090730, +files/modules.conf.targeted,
39 + +files/modules.conf.targeted.20090730, +metadata.xml:
40 + Make UBAC optional (#257111 and #306393), use portage_srcrepo_t for live
41 + ebuilds and match mdadm policy with upstream
42 +
43 +*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
44 +*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
45 +
46 + 16 Apr 2011; Anthony G. Basile <blueness@g.o>
47 + +selinux-base-policy-2.20101213-r11.ebuild,
48 + +selinux-base-policy-2.20101213-r12.ebuild,
49 + +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
50 + +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
51 + Added new patchbundles for rev bumps to base policy 2.20101213
52 +
53 +*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
54 +*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
55 +
56 + 07 Mar 2011; Anthony G. Basile <blueness@g.o>
57 + +selinux-base-policy-2.20101213-r9.ebuild,
58 + +selinux-base-policy-2.20101213-r10.ebuild,
59 + +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
60 + +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
61 + Added new patchbundles for rev bumps to base policy 2.20101213
62 +
63 + 05 Feb 2011; Anthony G. Basile <blueness@g.o>
64 + +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
65 + +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
66 + +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
67 + Added patchbundle for base policy 2.20101213.
68 +
69 +*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
70 +*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
71 +*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
72 +
73 + 05 Feb 2011; Anthony G. Basile <blueness@g.o>
74 + +selinux-base-policy-2.20101213-r5.ebuild,
75 + +selinux-base-policy-2.20101213-r6.ebuild,
76 + +selinux-base-policy-2.20101213-r7.ebuild:
77 + New upstream policy.
78 +
79 +*selinux-base-policy-2.20091215 (16 Dec 2009)
80 +
81 + 16 Dec 2009; Chris PeBenito <pebenito@g.o>
82 + +selinux-base-policy-2.20091215.ebuild:
83 + New upstream release.
84 +
85 +*selinux-base-policy-20080525-r1 (14 Sep 2009)
86 +
87 + 14 Sep 2009; Chris PeBenito <pebenito@g.o>
88 + +selinux-base-policy-20080525-r1.ebuild:
89 + Update old base policy to support ext4.
90 +
91 + 14 Aug 2009; Chris PeBenito <pebenito@g.o>
92 + -selinux-base-policy-20070329.ebuild,
93 + -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
94 + Mark 20080525 stable, clear old ebuilds.
95 +
96 +*selinux-base-policy-2.20090814 (14 Aug 2009)
97 +
98 + 14 Aug 2009; Chris PeBenito <pebenito@g.o>
99 + +selinux-base-policy-2.20090814.ebuild:
100 + Git version of refpolicy for misc fixes including some cron problems.
101 +
102 +*selinux-base-policy-2.20090730 (03 Aug 2009)
103 +
104 + 03 Aug 2009; Chris PeBenito <pebenito@g.o>
105 + +selinux-base-policy-2.20090730.ebuild:
106 + New upstream release.
107 +
108 + 18 Jul 2009; Chris PeBenito <pebenito@g.o>
109 + selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
110 + selinux-base-policy-20080525.ebuild:
111 + Drop alpha, mips, ppc, sparc selinux support.
112 +
113 +*selinux-base-policy-20080525 (25 May 2008)
114 +
115 + 25 May 2008; Chris PeBenito <pebenito@g.o>
116 + +selinux-base-policy-20080525.ebuild:
117 + New SVN snapshot.
118 +
119 + 16 Mar 2008; Chris PeBenito <pebenito@g.o>
120 + -selinux-base-policy-20051022-r1.ebuild,
121 + -selinux-base-policy-20061114.ebuild:
122 + Remove old ebuilds.
123 +
124 + 03 Feb 2008; Chris PeBenito <pebenito@g.o>
125 + selinux-base-policy-20070928.ebuild:
126 + Mark stable.
127 +
128 +*selinux-base-policy-20070928 (26 Nov 2007)
129 +
130 + 26 Nov 2007; Chris PeBenito <pebenito@g.o>
131 + +selinux-base-policy-20070928.ebuild:
132 + New SVN snapshot.
133 +
134 + 04 Jun 2007; Chris PeBenito <pebenito@g.o>
135 + selinux-base-policy-20070329.ebuild:
136 + Mark stable.
137 +
138 + 30 Mar 2007; Chris PeBenito <pebenito@g.o>
139 + +files/selinux-base-policy-20070329.diff,
140 + selinux-base-policy-20070329.ebuild:
141 + Compile fix.
142 +
143 +*selinux-base-policy-20070329 (29 Mar 2007)
144 +
145 + 29 Mar 2007; Chris PeBenito <pebenito@g.o>
146 + +selinux-base-policy-20070329.ebuild:
147 + New SVN snapshot.
148 +
149 + 22 Feb 2007; Markus Ullmann <jokey@g.o> ChangeLog:
150 + Redigest for Manifest2
151 +
152 +*selinux-base-policy-20061114 (15 Nov 2006)
153 +
154 + 15 Nov 2006; Chris PeBenito <pebenito@g.o>
155 + +selinux-base-policy-20061114.ebuild:
156 + New SVN snapshot.
157 +
158 + 25 Oct 2006; Chris PeBenito <pebenito@g.o>
159 + selinux-base-policy-20061015.ebuild:
160 + Fix to have default POLICY_TYPES if it is empty.
161 +
162 + 21 Oct 2006; Chris PeBenito <pebenito@g.o>
163 + selinux-base-policy-20061015.ebuild:
164 + Fix xml generation failure to die.
165 +
166 +*selinux-base-policy-20061015 (15 Oct 2006)
167 +
168 + 15 Oct 2006; Chris PeBenito <pebenito@g.o>
169 + -selinux-base-policy-20061008.ebuild,
170 + +selinux-base-policy-20061015.ebuild:
171 + Update for testing fixes.
172 +
173 +*selinux-base-policy-20061008 (08 Oct 2006)
174 +
175 + 08 Oct 2006; Chris PeBenito <pebenito@g.o> -files/semanage.conf,
176 + +selinux-base-policy-20061008.ebuild,
177 + -selinux-base-policy-99999999.ebuild:
178 + First mainstream reference policy testing release.
179 +
180 + 29 Sep 2006; Chris PeBenito <pebenito@g.o>
181 + selinux-base-policy-99999999.ebuild:
182 + Fix for new SVN location. Fixes 147781.
183 +
184 + 22 Feb 2006; Stephen Bennett <spb@g.o>
185 + selinux-base-policy-20051022-r1.ebuild:
186 + Alpha stable
187 +
188 +*selinux-base-policy-99999999 (02 Feb 2006)
189 +
190 + 02 Feb 2006; Chris PeBenito <pebenito@g.o> +files/config,
191 + +files/modules.conf.strict, +files/modules.conf.targeted,
192 + +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
193 + Add experimental policy for testing reference policy. Requires portage fix
194 + from bug #110857.
195 +
196 + 02 Feb 2006; Chris PeBenito <pebenito@g.o>
197 + -selinux-base-policy-20050322.ebuild,
198 + -selinux-base-policy-20050618.ebuild,
199 + -selinux-base-policy-20050821.ebuild,
200 + -selinux-base-policy-20051022.ebuild:
201 + Clean out old ebuilds.
202 +
203 + 14 Jan 2006; Stephen Bennett <spb@g.o>
204 + selinux-base-policy-20051022-r1.ebuild:
205 + Added ~alpha
206 +
207 +*selinux-base-policy-20051022-r1 (08 Dec 2005)
208 +
209 + 08 Dec 2005; Chris PeBenito <pebenito@g.o>
210 + +selinux-base-policy-20051022-r1.ebuild:
211 + Change to use compatability genhomedircon. Newer policycoreutils (1.28)
212 + breaks the backwards compatability this policy uses.
213 +
214 +*selinux-base-policy-20051022 (22 Oct 2005)
215 +
216 + 22 Oct 2005; Chris PeBenito <pebenito@g.o>
217 + +selinux-base-policy-20051022.ebuild:
218 + Very trivial fixes.
219 +
220 + 08 Sep 2005; Chris PeBenito <pebenito@g.o>
221 + selinux-base-policy-20050821.ebuild:
222 + Mark stable.
223 +
224 +*selinux-base-policy-20050821 (21 Aug 2005)
225 +
226 + 21 Aug 2005; Chris PeBenito <pebenito@g.o>
227 + +selinux-base-policy-20050821.ebuild:
228 + Minor updates for 2.6.12.
229 +
230 + 21 Jun 2005; Chris PeBenito <pebenito@g.o>
231 + selinux-base-policy-20050618.ebuild:
232 + Mark stable.
233 +
234 +*selinux-base-policy-20050618 (18 Jun 2005)
235 +
236 + 18 Jun 2005; Chris PeBenito <pebenito@g.o>
237 + -selinux-base-policy-20041123.ebuild,
238 + -selinux-base-policy-20050306.ebuild,
239 + +selinux-base-policy-20050618.ebuild:
240 + New release to support 2.6.12 features.
241 +
242 + 10 May 2005; Stephen Bennett <spb@g.o>
243 + selinux-base-policy-20050322.ebuild:
244 + mips stable
245 +
246 + 01 May 2005; Stephen Bennett <spb@g.o>
247 + selinux-base-policy-20050322.ebuild:
248 + Added ~mips.
249 +
250 +*selinux-base-policy-20050322 (23 Mar 2005)
251 +
252 + 23 Mar 2005; Chris PeBenito <pebenito@g.o>
253 + +selinux-base-policy-20050322.ebuild:
254 + New release.
255 +
256 +*selinux-base-policy-20050306 (06 Mar 2005)
257 +
258 + 06 Mar 2005; Chris PeBenito <pebenito@g.o>
259 + +selinux-base-policy-20050306.ebuild:
260 + Fix bad samba_domain dummy macro. Add policies needed for udev support.
261 +
262 +*selinux-base-policy-20050224 (24 Feb 2005)
263 +
264 + 24 Feb 2005; Chris PeBenito <pebenito@g.o>
265 + +selinux-base-policy-20050224.ebuild:
266 + New release.
267 +
268 + 19 Jan 2005; Chris PeBenito <pebenito@g.o>
269 + selinux-base-policy-20041123.ebuild:
270 + Mark stable.
271 +
272 +*selinux-base-policy-20041123 (23 Nov 2004)
273 +
274 + 23 Nov 2004; Chris PeBenito <pebenito@g.o>
275 + +selinux-base-policy-20041123.ebuild:
276 + New release with 1.18 merge.
277 +
278 +*selinux-base-policy-20041023 (23 Oct 2004)
279 +
280 + 23 Oct 2004; Chris PeBenito <pebenito@g.o>
281 + +selinux-base-policy-20041023.ebuild:
282 + New release with 1.16 merge. Tcpd and inetd have been deprecated since they
283 + are not in the base system anymore, and probably no one uses them anyway.
284 +
285 +*selinux-base-policy-20040906 (06 Sep 2004)
286 +
287 + 06 Sep 2004; Chris PeBenito <pebenito@g.o>
288 + +selinux-base-policy-20040906.ebuild:
289 + New release with 1.14 merge, which has policy 18 (fine-grained netlink)
290 + features.
291 +
292 + 05 Sep 2004; Chris PeBenito <pebenito@g.o>
293 + selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
294 + -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
295 + selinux-base-policy-20040702.ebuild:
296 + Remove old builds, switch to epause and ebeep in remaining builds.
297 +
298 +*selinux-base-policy-20040702 (02 Jul 2004)
299 +
300 + 02 Jul 2004; Chris PeBenito <pebenito@g.o>
301 + +selinux-base-policy-20040702.ebuild:
302 + Same as 20040629, except with updated flask headers, which will come out in
303 + 2.6.8.
304 +
305 +*selinux-base-policy-20040629 (29 Jun 2004)
306 +
307 + 29 Jun 2004; Chris PeBenito <pebenito@g.o>
308 + +selinux-base-policy-20040629.ebuild:
309 + Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
310 + ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
311 + breakage fixed, put back manual PaX policy for pageexec/segmexec.
312 +
313 + 16 Jun 2004; Chris PeBenito <pebenito@g.o>
314 + selinux-base-policy-20040604.ebuild:
315 + Mark stable.
316 +
317 + 10 Jun 2004; Chris PeBenito <pebenito@g.o>
318 + selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
319 + selinux-base-policy-20040604.ebuild:
320 + Add src_compile() stub
321 +
322 +*selinux-base-policy-20040604 (04 Jun 2004)
323 +
324 + 04 Jun 2004; Chris PeBenito <pebenito@g.o>
325 + +selinux-base-policy-20040604.ebuild:
326 + New release including 1.12 NSA policy, and experimental sesandbox.
327 +
328 + 15 May 2004; Chris PeBenito <pebenito@g.o>
329 + selinux-base-policy-20040509.ebuild:
330 + Mark stable.
331 +
332 +*selinux-base-policy-20040509 (09 May 2004)
333 +
334 + 09 May 2004; Chris PeBenito <pebenito@g.o>
335 + +selinux-base-policy-20040509.ebuild:
336 + A few small cleanups. Make PaX non exec pages macro based on arch. Large
337 + portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
338 + global_ssp tunable.
339 +
340 +*selinux-base-policy-20040418 (18 Apr 2004)
341 +
342 + 18 Apr 2004; Chris PeBenito <pebenito@g.o>
343 + +selinux-base-policy-20040418.ebuild:
344 + New release for checkpolicy 1.10
345 +
346 +*selinux-base-policy-20040414 (14 Apr 2004)
347 +
348 + 14 Apr 2004; Chris PeBenito <pebenito@g.o>
349 + -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
350 + Minor updates
351 +
352 +*selinux-base-policy-20040408 (08 Apr 2004)
353 +
354 + 08 Apr 2004; Chris PeBenito <pebenito@g.o>
355 + selinux-base-policy-20040408.ebuild:
356 + New update. Users.fc is now deprecated, as the contexts for user directories
357 + is now automatically generated. Portage fetching of distfiles now has a
358 + subdomain, for dropping priviledges.
359 +
360 + 28 Feb 2004; Chris PeBenito <pebenito@g.o>
361 + selinux-base-policy-20040225.ebuild:
362 + Mark stable.
363 +
364 +*selinux-base-policy-20040225 (25 Feb 2004)
365 +
366 + 25 Feb 2004; Chris PeBenito <pebenito@g.o>
367 + selinux-base-policy-20040225.ebuild:
368 + New support for PaX ACL hooks. Addition of tunable.te for configurable policy
369 + options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
370 + reenable portage_r by tunable.te. Makefile update from NSA CVS.
371 +
372 +*selinux-base-policy-20040209 (09 Feb 2004)
373 +
374 + 09 Feb 2004; Chris PeBenito <pebenito@g.o>
375 + selinux-base-policy-20040209.ebuild:
376 + Minor revision to add XFS labeling and policy for integrated
377 + runscript-run_init.
378 +
379 + 07 Feb 2004; Chris PeBenito <pebenito@g.o>
380 + selinux-base-policy-20040202.ebuild:
381 + Mark x86 stable.
382 +
383 +*selinux-base-policy-20040202 (02 Feb 2004)
384 +
385 + 02 Feb 2004; Chris PeBenito <pebenito@g.o>
386 + selinux-base-policy-20040202.ebuild:
387 + A few misc fixes. Allow portage to update bootloader code, such as in lilo or
388 + grub postinst. This requires checkpolicy 1.4-r1.
389 +
390 +*selinux-base-policy-20031225 (25 Dec 2003)
391 +
392 + 25 Dec 2003; Chris PeBenito <pebenito@g.o>
393 + selinux-base-policy-20031225.ebuild:
394 + New release, with merged NSA 1.4 policy. One critical note, this policy
395 + requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
396 + and one requirement is in the patch for pam 0.77. If you do not use this pam
397 + version or newer, you will be unable to authenticate in enforcing. Since
398 + devfs no longer is usable in SELinux, it's policy has been removed. You
399 + should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
400 + load the policy, and relabel.
401 +
402 + 27 Nov 2003; Chris PeBenito <pebenito@g.o>
403 + selinux-base-policy-20031010-r1.ebuild:
404 + Mark stable. Add build USE flag for stage building.
405 +
406 +*selinux-base-policy-20031010-r1 (12 Nov 2003)
407 +
408 + 12 Nov 2003; Chris PeBenito <pebenito@g.o>
409 + selinux-base-policy-20031010-r1.ebuild,
410 + files/selinux-base-policy-20031010-cvs.diff:
411 + Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
412 + work. Also portage update as a side effect of updated setfiles code in
413 + portage, from bug 31748.
414 +
415 + 28 Oct 2003; Chris PeBenito <pebenito@g.o>
416 + selinux-base-policy-20031010.ebuild:
417 + Mark stable
418 +
419 +*selinux-base-policy-20031010 (10 Oct 2003)
420 +
421 + 10 Oct 2003; Chris PeBenito <pebenito@g.o>
422 + selinux-base-policy-20031010.ebuild:
423 + New release for new API. Massive cleanups all over the place.
424 +
425 +*selinux-base-policy-20030817 (17 Aug 2003)
426 +
427 + 17 Aug 2003; Chris PeBenito <pebenito@g.o>
428 + selinux-base-policy-20030817.ebuild:
429 + Initial commit of new API policy
430 +
431 + 10 Aug 2003; Chris PeBenito <pebenito@g.o>
432 + selinux-base-policy-20030729-r1.ebuild:
433 + Mark stable
434 +
435 +*selinux-base-policy-20030729-r1 (31 Jul 2003)
436 +
437 + 31 Jul 2003; Chris PeBenito <pebenito@g.o>
438 + selinux-base-policy-20030729-r1.ebuild:
439 + New rev that handles an empty POLICYDIR sanely.
440 +
441 +*selinux-base-policy-20030729 (29 Jul 2003)
442 +
443 + 29 Jul 2003; Chris PeBenito <pebenito@g.o>
444 + selinux-base-policy-20030729.ebuild:
445 + Make the ebuild use POLICYDIR. Important fix so portage can load policy so
446 + selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
447 + merging baselayout.
448 +
449 +*selinux-base-policy-20030720 (20 Jul 2003)
450 +
451 + 20 Jul 2003; Chris PeBenito <pebenito@g.o>
452 + selinux-base-policy-20030720.ebuild:
453 + Many fixes, including the syslog fix. File contexts have changed, so a relabel
454 + is needed. You may encounter problems relabeling /usr/portage, as its file
455 + context has changed, as files should not have the same type as a domain.
456 + Relabelling in permissive will fix this, or temporarily give portage_t a
457 + file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
458 + users.fc, since all users with SELinux identities should have their home
459 + directories have the correct identity, not the generic identity.
460 +
461 + 06 Jun 2003; Chris PeBenito <pebenito@g.o>
462 + selinux-base-policy-20030604.ebuild:
463 + Mark stable
464 +
465 +*selinux-base-policy-20030604 (04 Jun 2003)
466 +
467 + 04 Jun 2003; Chris PeBenito <pebenito@g.o>
468 + selinux-base-policy-20030604.ebuild:
469 + Fix broken 20030603
470 +
471 + 04 Jun 2003; Chris PeBenito <pebenito@g.o>
472 + selinux-base-policy-20030603.ebuild:
473 + Pulling 20030603, as there are problems, 20030604 later today
474 +
475 +*selinux-base-policy-20030603 (03 Jun 2003)
476 +
477 + 03 Jun 2003; Chris PeBenito <pebenito@g.o>
478 + selinux-base-policy-20030603.ebuild:
479 + Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
480 + as they are not appropriate for the base policy, and untested.
481 +
482 +*selinux-base-policy-20030522 (22 May 2003)
483 +
484 + 22 May 2003; Chris PeBenito <pebenito@g.o>
485 + selinux-base-policy-20030522.ebuild:
486 + The policy is in pretty good shape now. I've been able to run in enforcing mode
487 + with little problem. I've also been able to successfully merge and unmerge
488 + packages in enforcing mode, with few exceptions (why does mysql need to run ps
489 + during configure?).
490 +
491 +*selinux-base-policy-20030514 (14 May 2003)
492 +
493 + 14 May 2003; Chris PeBenito <pebenito@g.o>
494 + selinux-base-policy-20030514.ebuild:
495 + Many improvements in many areas. Of note, rlogind policies were removed. Klogd
496 + is being merged into syslogd. The portage policy is much more complete, but
497 + still needs work. Its suggested that all changes be merged in, policy
498 + reloaded, then relabel.
499 +
500 +*selinux-base-policy-20030419 (19 Apr 2003)
501 +
502 + 23 Apr 2003; Chris PeBenito <pebenito@g.o>
503 + selinux-base-policy-20030419.ebuild:
504 + Marking stable for selinux-small stable usage
505 +
506 + 19 Apr 2003; Chris PeBenito <pebenito@g.o> Manifest,
507 + selinux-base-policy-20030419.ebuild:
508 + Initial commit. Base policies for SELinux, with Gentoo-specifics
509 +
510
511 diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
512 new file mode 100644
513 index 0000000..41e6993
514 --- /dev/null
515 +++ b/sec-policy/selinux-base-policy/files/config
516 @@ -0,0 +1,12 @@
517 +# This file controls the state of SELinux on the system on boot.
518 +
519 +# SELINUX can take one of these three values:
520 +# enforcing - SELinux security policy is enforced.
521 +# permissive - SELinux prints warnings instead of enforcing.
522 +# disabled - No SELinux policy is loaded.
523 +SELINUX=permissive
524 +
525 +# SELINUXTYPE can take one of these two values:
526 +# targeted - Only targeted network daemons are protected.
527 +# strict - Full SELinux protection.
528 +SELINUXTYPE=strict
529
530 diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict b/sec-policy/selinux-base-policy/files/modules.conf.strict
531 new file mode 100644
532 index 0000000..a9c7a9b
533 --- /dev/null
534 +++ b/sec-policy/selinux-base-policy/files/modules.conf.strict
535 @@ -0,0 +1,44 @@
536 +authlogin = base
537 +bootloader = base
538 +clock = base
539 +consoletype = base
540 +corecommands = base
541 +corenetwork = base
542 +cron = base
543 +devices = base
544 +dmesg = base
545 +domain = base
546 +files = base
547 +filesystem = base
548 +fstools = base
549 +getty = base
550 +hostname = base
551 +hotplug = base
552 +init = base
553 +iptables = base
554 +kernel = base
555 +libraries = base
556 +locallogin = base
557 +logging = base
558 +lvm = base
559 +miscfiles = base
560 +mcs = base
561 +mls = base
562 +modutils = base
563 +mount = base
564 +mta = base
565 +netutils = base
566 +nscd = base
567 +portage = base
568 +raid = base
569 +rsync = base
570 +selinux = base
571 +selinuxutil = base
572 +ssh = base
573 +storage = base
574 +su = base
575 +sysnetwork = base
576 +terminal = base
577 +udev = base
578 +userdomain = base
579 +usermanage = base
580
581 diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
582 new file mode 100644
583 index 0000000..fcb3fd8
584 --- /dev/null
585 +++ b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
586 @@ -0,0 +1,49 @@
587 +application = base
588 +authlogin = base
589 +bootloader = base
590 +clock = base
591 +consoletype = base
592 +corecommands = base
593 +corenetwork = base
594 +cron = base
595 +devices = base
596 +dmesg = base
597 +domain = base
598 +files = base
599 +filesystem = base
600 +fstools = base
601 +getty = base
602 +hostname = base
603 +hotplug = base
604 +init = base
605 +iptables = base
606 +kernel = base
607 +libraries = base
608 +locallogin = base
609 +logging = base
610 +lvm = base
611 +miscfiles = base
612 +mcs = base
613 +mls = base
614 +modutils = base
615 +mount = base
616 +mta = base
617 +netutils = base
618 +nscd = base
619 +portage = base
620 +raid = base
621 +rsync = base
622 +selinux = base
623 +selinuxutil = base
624 +ssh = base
625 +staff = base
626 +storage = base
627 +su = base
628 +sysadm = base
629 +sysnetwork = base
630 +terminal = base
631 +ubac = base
632 +udev = base
633 +userdomain = base
634 +usermanage = base
635 +unprivuser = base
636
637 diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted b/sec-policy/selinux-base-policy/files/modules.conf.targeted
638 new file mode 100644
639 index 0000000..90f9ad3
640 --- /dev/null
641 +++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted
642 @@ -0,0 +1,45 @@
643 +authlogin = base
644 +bootloader = base
645 +clock = base
646 +consoletype = base
647 +corecommands = base
648 +corenetwork = base
649 +cron = base
650 +devices = base
651 +dmesg = base
652 +domain = base
653 +files = base
654 +filesystem = base
655 +fstools = base
656 +getty = base
657 +hostname = base
658 +hotplug = base
659 +init = base
660 +iptables = base
661 +kernel = base
662 +libraries = base
663 +locallogin = base
664 +logging = base
665 +lvm = base
666 +miscfiles = base
667 +mcs = base
668 +mls = base
669 +modutils = base
670 +mount = base
671 +mta = base
672 +netutils = base
673 +nscd = base
674 +portage = base
675 +raid = base
676 +rsync = base
677 +selinux = base
678 +selinuxutil = base
679 +ssh = base
680 +storage = base
681 +su = base
682 +sysnetwork = base
683 +terminal = base
684 +udev = base
685 +unconfined = base
686 +userdomain = base
687 +usermanage = base
688
689 diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
690 new file mode 100644
691 index 0000000..ee8a14c
692 --- /dev/null
693 +++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
694 @@ -0,0 +1,50 @@
695 +application = base
696 +authlogin = base
697 +bootloader = base
698 +clock = base
699 +consoletype = base
700 +corecommands = base
701 +corenetwork = base
702 +cron = base
703 +devices = base
704 +dmesg = base
705 +domain = base
706 +files = base
707 +filesystem = base
708 +fstools = base
709 +getty = base
710 +hostname = base
711 +hotplug = base
712 +init = base
713 +iptables = base
714 +kernel = base
715 +libraries = base
716 +locallogin = base
717 +logging = base
718 +lvm = base
719 +miscfiles = base
720 +mcs = base
721 +mls = base
722 +modutils = base
723 +mount = base
724 +mta = base
725 +netutils = base
726 +nscd = base
727 +portage = base
728 +raid = base
729 +rsync = base
730 +selinux = base
731 +selinuxutil = base
732 +ssh = base
733 +staff = base
734 +storage = base
735 +su = base
736 +sysadm = base
737 +sysnetwork = base
738 +terminal = base
739 +ubac = base
740 +udev = base
741 +unconfined = base
742 +userdomain = base
743 +usermanage = base
744 +unprivuser = base
745
746 diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2
747 new file mode 100644
748 index 0000000..259e230
749 Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2 differ
750
751 diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
752 new file mode 100644
753 index 0000000..4e26a86
754 --- /dev/null
755 +++ b/sec-policy/selinux-base-policy/metadata.xml
756 @@ -0,0 +1,13 @@
757 +<?xml version="1.0" encoding="UTF-8"?>
758 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
759 +<pkgmetadata>
760 + <herd>selinux</herd>
761 + <longdescription>
762 + Gentoo SELinux base policy. This contains policy for a system at the end of system installation.
763 + There is no extra policy in this package.
764 + </longdescription>
765 + <use>
766 + <flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
767 + <flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
768 + </use>
769 +</pkgmetadata>
770
771 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild
772 new file mode 100644
773 index 0000000..ad8f44f
774 --- /dev/null
775 +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild
776 @@ -0,0 +1,129 @@
777 +# Copyright 1999-2011 Gentoo Foundation
778 +# Distributed under the terms of the GNU General Public License v2
779 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
780 +
781 +EAPI="1"
782 +IUSE="+peer_perms open_perms ubac"
783 +
784 +inherit eutils
785 +
786 +PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
787 +DESCRIPTION="Gentoo base policy for SELinux"
788 +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
789 +SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
790 +LICENSE="GPL-2"
791 +SLOT="0"
792 +
793 +KEYWORDS="~amd64 ~x86"
794 +
795 +RDEPEND=">=sys-apps/policycoreutils-1.30.30
796 + >=sys-fs/udev-151"
797 +DEPEND="${RDEPEND}
798 + sys-devel/m4
799 + >=sys-apps/checkpolicy-1.30.12"
800 +
801 +S=${WORKDIR}/
802 +
803 +src_unpack() {
804 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
805 + MOD_CONF_VER="20090730"
806 +
807 + unpack ${A}
808 +
809 + cd "${S}"
810 + epatch "${PATCHBUNDLE}"
811 + cd "${S}/refpolicy"
812 + # Fix bug 257111
813 + sed -i -e 's:system_crond_t:system_cronjob_t:g' \
814 + "${S}/refpolicy/config/appconfig-standard/default_contexts"
815 +
816 + if ! use peer_perms; then
817 + sed -i -e '/network_peer_controls/d' \
818 + "${S}/refpolicy/policy/policy_capabilities"
819 + fi
820 +
821 + if ! use open_perms; then
822 + sed -i -e '/open_perms/d' \
823 + "${S}/refpolicy/policy/policy_capabilities"
824 + fi
825 +
826 + for i in ${POLICY_TYPES}; do
827 + cp -a "${S}/refpolicy" "${S}/${i}"
828 +
829 + cd "${S}/${i}";
830 + make conf || die "${i} reconfiguration failed"
831 +
832 + cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
833 + "${S}/${i}/policy/modules.conf" \
834 + || die "failed to set up modules.conf"
835 + sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
836 + -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
837 + || die "build.conf setup failed."
838 +
839 + if ! use ubac; then
840 + sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
841 + fi
842 +
843 + echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
844 +
845 + if [ "${i}" == "targeted" ]; then
846 + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
847 + "${S}/${i}/config/appconfig-standard/seusers" \
848 + || die "targeted seusers setup failed."
849 + fi
850 + done
851 +}
852 +
853 +src_compile() {
854 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
855 +
856 + for i in ${POLICY_TYPES}; do
857 + cd "${S}/${i}"
858 + make base || die "${i} compile failed"
859 + done
860 +}
861 +
862 +src_install() {
863 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
864 +
865 + for i in ${POLICY_TYPES}; do
866 + cd "${S}/${i}"
867 +
868 + make DESTDIR="${D}" install \
869 + || die "${i} install failed."
870 +
871 + make DESTDIR="${D}" install-headers \
872 + || die "${i} headers install failed."
873 +
874 + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
875 +
876 + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
877 +
878 + # libsemanage won't make this on its own
879 + keepdir "/etc/selinux/${i}/policy"
880 + done
881 +
882 + dodoc doc/Makefile.example doc/example.{te,fc,if}
883 +
884 + insinto /etc/selinux
885 + doins "${FILESDIR}/config"
886 +}
887 +
888 +pkg_preinst() {
889 + has_version "<${CATEGORY}/${PN}-2.20101213-r13"
890 + previous_less_than_r13=$?
891 +}
892 +
893 +pkg_postinst() {
894 + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
895 +
896 + for i in ${POLICY_TYPES}; do
897 + einfo "Inserting base module into ${i} module store."
898 +
899 + cd "/usr/share/selinux/${i}"
900 + semodule -s "${i}" -b base.pp
901 + done
902 + elog "Updates on policies might require you to relabel files. If you, after installing"
903 + elog "new SELinux policies, get 'permission denied' errors, relabelling your system"
904 + elog "using 'rlpkg -a -r' might resolve the issues."
905 +}