Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Sven Vermeulen (swift)" <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base-policy: ChangeLog Manifest selinux-base-policy-2.20110726-r7.ebuild
Date: Sun, 04 Dec 2011 19:03:11
Message-Id: 20111204190217.C395A2004B@flycatcher.gentoo.org
1 swift 11/12/04 19:02:17
2
3 Modified: ChangeLog Manifest
4 Added: selinux-base-policy-2.20110726-r7.ebuild
5 Log:
6 New base policy; updated qemu, networkmanager, dhcp, inetd and qemu; added denyhosts, dpkg, howl, mpd, ncftool, plymouthd, rpm, ucspitcp, uucp, vncstatd, wm and xprint
7
8 Revision Changes Path
9 1.90 sec-policy/selinux-base-policy/ChangeLog
10
11 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.90&view=markup
12 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.90&content-type=text/plain
13 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.89&r2=1.90
14
15 Index: ChangeLog
16 ===================================================================
17 RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v
18 retrieving revision 1.89
19 retrieving revision 1.90
20 diff -u -r1.89 -r1.90
21 --- ChangeLog 27 Nov 2011 18:12:39 -0000 1.89
22 +++ ChangeLog 4 Dec 2011 19:02:17 -0000 1.90
23 @@ -1,6 +1,11 @@
24 # ChangeLog for sec-policy/selinux-base-policy
25 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
26 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.89 2011/11/27 18:12:39 swift Exp $
27 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.90 2011/12/04 19:02:17 swift Exp $
28 +
29 +*selinux-base-policy-2.20110726-r7 (04 Dec 2011)
30 +
31 + 04 Dec 2011; <swift@g.o> +selinux-base-policy-2.20110726-r7.ebuild:
32 + Bumping to rev 7
33
34 27 Nov 2011; <swift@g.o> selinux-base-policy-2.20110726-r4.ebuild,
35 selinux-base-policy-2.20110726-r5.ebuild,
36
37
38
39 1.130 sec-policy/selinux-base-policy/Manifest
40
41 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/Manifest?rev=1.130&view=markup
42 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/Manifest?rev=1.130&content-type=text/plain
43 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/Manifest?r1=1.129&r2=1.130
44
45 Index: Manifest
46 ===================================================================
47 RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/Manifest,v
48 retrieving revision 1.129
49 retrieving revision 1.130
50 diff -u -r1.129 -r1.130
51 --- Manifest 27 Nov 2011 18:12:48 -0000 1.129
52 +++ Manifest 4 Dec 2011 19:02:17 -0000 1.130
53 @@ -3,9 +3,11 @@
54 DIST patchbundle-selinux-base-policy-2.20110726-r4.tar.bz2 22344 RMD160 b4ecb26fb48b21f21e4836dd560cc39b463f76b7 SHA1 7505a0eb3863f3949224512d7329c185c37883f9 SHA256 62d9a41b087a47a09d1e1e5cee4451b8427b53d63babd7e61c7620aea4cbb009
55 DIST patchbundle-selinux-base-policy-2.20110726-r5.tar.bz2 23064 RMD160 289c82cd3d5207321afd826bc6b496943f4e0076 SHA1 d5202ce8fb89242c66b9af276a1aef342372e01d SHA256 696090195a0eaf768fa63230c8b2c22ae9d434698302bfd27490d486760e3f81
56 DIST patchbundle-selinux-base-policy-2.20110726-r6.tar.bz2 23875 RMD160 f39dfcde7ab79bc8c5b5fc9d5744922c1d1fdf94 SHA1 2aa434dc720f70ef7f4b64acc5da6028f853cef5 SHA256 f74b8385520846597532d56d4952fd001fc6cd044a6b876508a398e1cc865619
57 +DIST patchbundle-selinux-base-policy-2.20110726-r7.tar.bz2 24545 RMD160 b85b95f4da29a11cfa7ff0b3209933741b1918be SHA1 b2a99809b5a293c1d6dbff3686b6120a2a779560 SHA256 cd8c9e78dcfdc78a957fe6231667eb7982146ab3523baa8d9a738d7cbee53f65
58 DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f4fdc8d3f SHA1 cc27b06c3f541d8f2c57c52804ab6893afcd9db2 SHA256 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb
59 EBUILD selinux-base-policy-2.20110726-r4.ebuild 4803 RMD160 bc338f97f88edfb893ebb0dd844b86110762690a SHA1 9a21fb4cfd00c3d2afc536ef623038a56451ab3f SHA256 cfa11c4150752d17523f4e5c4e56c2b6ce03eed59b196763f3a00ad434aa7830
60 EBUILD selinux-base-policy-2.20110726-r5.ebuild 4803 RMD160 2ef25e94c9675977f6f4e1ee692d72f730c18679 SHA1 c4423bf2b2eb0398d7888af91562bd068c9270e7 SHA256 cba82ab15ccb45e6e38bcd36b71a2ed8e6e11c6a07f6667c4b21de1c616b7650
61 EBUILD selinux-base-policy-2.20110726-r6.ebuild 4805 RMD160 035d674c9beb0eaa988ca93cb6914ad004201eeb SHA1 2435ab418a33e178196db3a51fcca112a79c62a9 SHA256 a4b2cb368ca76646763965e87a9ffd092a701436befea31b82ba0a8d03eefa0f
62 -MISC ChangeLog 22374 RMD160 89aa37c246f59dee40b05685ab3ef32b53f13cbe SHA1 10581346a04b30ef8b973868470dd311831bdb19 SHA256 0189e352ea0175a2b08aaea6c3b49f5a921405e174fe50c411404d9e613e94df
63 +EBUILD selinux-base-policy-2.20110726-r7.ebuild 4809 RMD160 385f9e9ad2331164d7fb40275b1296e52b995cad SHA1 58f19e4ffd0302c4f25f7b7402b5172351df6ad3 SHA256 f1940690dcfbc7ac74f19c2ba7f89f10d33e61aef1315dae274e62476c0783a0
64 +MISC ChangeLog 22521 RMD160 2b105832c3e58e52ed2463fb1b5b2aeddfff74a7 SHA1 89ac004655368c179a9b72b981d8081a3c643788 SHA256 0c494af2cafceafd7c55f63f4c80d81e1e6cf88fdb3e9cf351639da37d8a4cd7
65 MISC metadata.xml 671 RMD160 49dd94bb827c4ab2bb8043739ef7564df4cf1c07 SHA1 a92b8a5ef129707a44fe2ae1913060d02badd566 SHA256 c32ccc54ca7df400974a19ad14c093ea7b777f7a40467bdb672f441314122e55
66
67
68
69 1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild
70
71 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild?rev=1.1&view=markup
72 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild?rev=1.1&content-type=text/plain
73
74 Index: selinux-base-policy-2.20110726-r7.ebuild
75 ===================================================================
76 # Copyright 1999-2011 Gentoo Foundation
77 # Distributed under the terms of the GNU General Public License v2
78 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild,v 1.1 2011/12/04 19:02:17 swift Exp $
79
80 EAPI="4"
81 IUSE="+peer_perms +open_perms +ubac doc"
82
83 inherit eutils
84
85 DESCRIPTION="Gentoo base policy for SELinux"
86 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
87 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
88 http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2"
89 LICENSE="GPL-2"
90 SLOT="0"
91
92 KEYWORDS="~amd64 ~x86"
93
94 RDEPEND=">=sys-apps/policycoreutils-1.30.30
95 >=sys-fs/udev-151"
96 DEPEND="${RDEPEND}
97 sys-devel/m4
98 >=sys-apps/checkpolicy-1.30.12"
99
100 S=${WORKDIR}/
101
102 src_prepare() {
103 # Apply the gentoo patches to the policy. These patches are only necessary
104 # for base policies, or for interface changes on modules.
105 EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
106 EPATCH_SUFFIX="patch" \
107 EPATCH_SOURCE="${WORKDIR}" \
108 EPATCH_FORCE="yes" \
109 epatch
110
111 cd "${S}/refpolicy"
112 # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
113 # system_r role
114 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
115 "${S}/refpolicy/config/appconfig-standard/default_contexts"
116 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
117 "${S}/refpolicy/config/appconfig-mls/default_contexts"
118 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
119 "${S}/refpolicy/config/appconfig-mcs/default_contexts"
120 }
121
122 src_configure() {
123 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
124
125 # Update the SELinux refpolicy capabilities based on the users' USE flags.
126
127 if ! use peer_perms; then
128 sed -i -e '/network_peer_controls/d' \
129 "${S}/refpolicy/policy/policy_capabilities"
130 fi
131
132 if ! use open_perms; then
133 sed -i -e '/open_perms/d' \
134 "${S}/refpolicy/policy/policy_capabilities"
135 fi
136
137 if ! use ubac; then
138 sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
139 || die "Failed to disable User Based Access Control"
140 fi
141
142 echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
143
144 # Setup the policies based on the types delivered by the end user.
145 # These types can be "targeted", "strict", "mcs" and "mls".
146 for i in ${POLICY_TYPES}; do
147 cp -a "${S}/refpolicy" "${S}/${i}"
148
149 cd "${S}/${i}";
150 make conf || die "Make conf in ${i} failed"
151
152 # Define what we see as "base" and what we want to remain modular.
153 cp "${FILESDIR}/modules.conf" \
154 "${S}/${i}/policy/modules.conf" \
155 || die "failed to set up modules.conf"
156 # In case of "targeted", we add the "unconfined" to the base policy
157 if [[ "${i}" == "targeted" ]];
158 then
159 echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
160 fi
161
162 sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
163 "${S}/${i}/build.conf" || die "build.conf setup failed."
164
165 if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
166 then
167 # MCS/MLS require additional settings
168 sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
169 || die "failed to set type to mls"
170 fi
171
172 if [ "${i}" == "targeted" ]; then
173 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
174 "${S}/${i}/config/appconfig-standard/seusers" \
175 || die "targeted seusers setup failed."
176 fi
177 done
178 }
179
180 src_compile() {
181 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
182
183 for i in ${POLICY_TYPES}; do
184 cd "${S}/${i}"
185 make base || die "${i} compile failed"
186 if use doc; then
187 make html || die
188 fi
189 done
190 }
191
192 src_install() {
193 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
194
195 for i in ${POLICY_TYPES}; do
196 cd "${S}/${i}"
197
198 make DESTDIR="${D}" install \
199 || die "${i} install failed."
200
201 make DESTDIR="${D}" install-headers \
202 || die "${i} headers install failed."
203
204 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
205
206 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
207
208 # libsemanage won't make this on its own
209 keepdir "/etc/selinux/${i}/policy"
210
211 if use doc; then
212 dohtml doc/html/*;
213 fi
214 done
215
216 dodoc doc/Makefile.example doc/example.{te,fc,if}
217
218 insinto /etc/selinux
219 doins "${FILESDIR}/config"
220 }
221
222 pkg_preinst() {
223 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
224 previous_less_than_r13=$?
225 }
226
227 pkg_postinst() {
228 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
229
230 for i in ${POLICY_TYPES}; do
231 einfo "Inserting base module into ${i} module store."
232
233 cd "${ROOT}/usr/share/selinux/${i}"
234 semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
235 done
236 elog "Updates on policies might require you to relabel files. If you, after"
237 elog "installing new SELinux policies, get 'permission denied' errors,"
238 elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
239 }
Report Message
Find on MARC Find on Google Groups