1 |
swift 11/12/04 19:02:17 |
2 |
|
3 |
Modified: ChangeLog Manifest |
4 |
Added: selinux-base-policy-2.20110726-r7.ebuild |
5 |
Log: |
6 |
New base policy; updated qemu, networkmanager, dhcp, inetd and qemu; added denyhosts, dpkg, howl, mpd, ncftool, plymouthd, rpm, ucspitcp, uucp, vncstatd, wm and xprint |
7 |
|
8 |
Revision Changes Path |
9 |
1.90 sec-policy/selinux-base-policy/ChangeLog |
10 |
|
11 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.90&view=markup |
12 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.90&content-type=text/plain |
13 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.89&r2=1.90 |
14 |
|
15 |
Index: ChangeLog |
16 |
=================================================================== |
17 |
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v |
18 |
retrieving revision 1.89 |
19 |
retrieving revision 1.90 |
20 |
diff -u -r1.89 -r1.90 |
21 |
--- ChangeLog 27 Nov 2011 18:12:39 -0000 1.89 |
22 |
+++ ChangeLog 4 Dec 2011 19:02:17 -0000 1.90 |
23 |
@@ -1,6 +1,11 @@ |
24 |
# ChangeLog for sec-policy/selinux-base-policy |
25 |
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 |
26 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.89 2011/11/27 18:12:39 swift Exp $ |
27 |
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.90 2011/12/04 19:02:17 swift Exp $ |
28 |
+ |
29 |
+*selinux-base-policy-2.20110726-r7 (04 Dec 2011) |
30 |
+ |
31 |
+ 04 Dec 2011; <swift@g.o> +selinux-base-policy-2.20110726-r7.ebuild: |
32 |
+ Bumping to rev 7 |
33 |
|
34 |
27 Nov 2011; <swift@g.o> selinux-base-policy-2.20110726-r4.ebuild, |
35 |
selinux-base-policy-2.20110726-r5.ebuild, |
36 |
|
37 |
|
38 |
|
39 |
1.130 sec-policy/selinux-base-policy/Manifest |
40 |
|
41 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/Manifest?rev=1.130&view=markup |
42 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/Manifest?rev=1.130&content-type=text/plain |
43 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/Manifest?r1=1.129&r2=1.130 |
44 |
|
45 |
Index: Manifest |
46 |
=================================================================== |
47 |
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/Manifest,v |
48 |
retrieving revision 1.129 |
49 |
retrieving revision 1.130 |
50 |
diff -u -r1.129 -r1.130 |
51 |
--- Manifest 27 Nov 2011 18:12:48 -0000 1.129 |
52 |
+++ Manifest 4 Dec 2011 19:02:17 -0000 1.130 |
53 |
@@ -3,9 +3,11 @@ |
54 |
DIST patchbundle-selinux-base-policy-2.20110726-r4.tar.bz2 22344 RMD160 b4ecb26fb48b21f21e4836dd560cc39b463f76b7 SHA1 7505a0eb3863f3949224512d7329c185c37883f9 SHA256 62d9a41b087a47a09d1e1e5cee4451b8427b53d63babd7e61c7620aea4cbb009 |
55 |
DIST patchbundle-selinux-base-policy-2.20110726-r5.tar.bz2 23064 RMD160 289c82cd3d5207321afd826bc6b496943f4e0076 SHA1 d5202ce8fb89242c66b9af276a1aef342372e01d SHA256 696090195a0eaf768fa63230c8b2c22ae9d434698302bfd27490d486760e3f81 |
56 |
DIST patchbundle-selinux-base-policy-2.20110726-r6.tar.bz2 23875 RMD160 f39dfcde7ab79bc8c5b5fc9d5744922c1d1fdf94 SHA1 2aa434dc720f70ef7f4b64acc5da6028f853cef5 SHA256 f74b8385520846597532d56d4952fd001fc6cd044a6b876508a398e1cc865619 |
57 |
+DIST patchbundle-selinux-base-policy-2.20110726-r7.tar.bz2 24545 RMD160 b85b95f4da29a11cfa7ff0b3209933741b1918be SHA1 b2a99809b5a293c1d6dbff3686b6120a2a779560 SHA256 cd8c9e78dcfdc78a957fe6231667eb7982146ab3523baa8d9a738d7cbee53f65 |
58 |
DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f4fdc8d3f SHA1 cc27b06c3f541d8f2c57c52804ab6893afcd9db2 SHA256 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb |
59 |
EBUILD selinux-base-policy-2.20110726-r4.ebuild 4803 RMD160 bc338f97f88edfb893ebb0dd844b86110762690a SHA1 9a21fb4cfd00c3d2afc536ef623038a56451ab3f SHA256 cfa11c4150752d17523f4e5c4e56c2b6ce03eed59b196763f3a00ad434aa7830 |
60 |
EBUILD selinux-base-policy-2.20110726-r5.ebuild 4803 RMD160 2ef25e94c9675977f6f4e1ee692d72f730c18679 SHA1 c4423bf2b2eb0398d7888af91562bd068c9270e7 SHA256 cba82ab15ccb45e6e38bcd36b71a2ed8e6e11c6a07f6667c4b21de1c616b7650 |
61 |
EBUILD selinux-base-policy-2.20110726-r6.ebuild 4805 RMD160 035d674c9beb0eaa988ca93cb6914ad004201eeb SHA1 2435ab418a33e178196db3a51fcca112a79c62a9 SHA256 a4b2cb368ca76646763965e87a9ffd092a701436befea31b82ba0a8d03eefa0f |
62 |
-MISC ChangeLog 22374 RMD160 89aa37c246f59dee40b05685ab3ef32b53f13cbe SHA1 10581346a04b30ef8b973868470dd311831bdb19 SHA256 0189e352ea0175a2b08aaea6c3b49f5a921405e174fe50c411404d9e613e94df |
63 |
+EBUILD selinux-base-policy-2.20110726-r7.ebuild 4809 RMD160 385f9e9ad2331164d7fb40275b1296e52b995cad SHA1 58f19e4ffd0302c4f25f7b7402b5172351df6ad3 SHA256 f1940690dcfbc7ac74f19c2ba7f89f10d33e61aef1315dae274e62476c0783a0 |
64 |
+MISC ChangeLog 22521 RMD160 2b105832c3e58e52ed2463fb1b5b2aeddfff74a7 SHA1 89ac004655368c179a9b72b981d8081a3c643788 SHA256 0c494af2cafceafd7c55f63f4c80d81e1e6cf88fdb3e9cf351639da37d8a4cd7 |
65 |
MISC metadata.xml 671 RMD160 49dd94bb827c4ab2bb8043739ef7564df4cf1c07 SHA1 a92b8a5ef129707a44fe2ae1913060d02badd566 SHA256 c32ccc54ca7df400974a19ad14c093ea7b777f7a40467bdb672f441314122e55 |
66 |
|
67 |
|
68 |
|
69 |
1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild |
70 |
|
71 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild?rev=1.1&view=markup |
72 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild?rev=1.1&content-type=text/plain |
73 |
|
74 |
Index: selinux-base-policy-2.20110726-r7.ebuild |
75 |
=================================================================== |
76 |
# Copyright 1999-2011 Gentoo Foundation |
77 |
# Distributed under the terms of the GNU General Public License v2 |
78 |
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild,v 1.1 2011/12/04 19:02:17 swift Exp $ |
79 |
|
80 |
EAPI="4" |
81 |
IUSE="+peer_perms +open_perms +ubac doc" |
82 |
|
83 |
inherit eutils |
84 |
|
85 |
DESCRIPTION="Gentoo base policy for SELinux" |
86 |
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" |
87 |
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 |
88 |
http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2" |
89 |
LICENSE="GPL-2" |
90 |
SLOT="0" |
91 |
|
92 |
KEYWORDS="~amd64 ~x86" |
93 |
|
94 |
RDEPEND=">=sys-apps/policycoreutils-1.30.30 |
95 |
>=sys-fs/udev-151" |
96 |
DEPEND="${RDEPEND} |
97 |
sys-devel/m4 |
98 |
>=sys-apps/checkpolicy-1.30.12" |
99 |
|
100 |
S=${WORKDIR}/ |
101 |
|
102 |
src_prepare() { |
103 |
# Apply the gentoo patches to the policy. These patches are only necessary |
104 |
# for base policies, or for interface changes on modules. |
105 |
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ |
106 |
EPATCH_SUFFIX="patch" \ |
107 |
EPATCH_SOURCE="${WORKDIR}" \ |
108 |
EPATCH_FORCE="yes" \ |
109 |
epatch |
110 |
|
111 |
cd "${S}/refpolicy" |
112 |
# Fix bug 257111 - Correct the initial sid for cron-started jobs in the |
113 |
# system_r role |
114 |
sed -i -e 's:system_crond_t:system_cronjob_t:g' \ |
115 |
"${S}/refpolicy/config/appconfig-standard/default_contexts" |
116 |
sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ |
117 |
"${S}/refpolicy/config/appconfig-mls/default_contexts" |
118 |
sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ |
119 |
"${S}/refpolicy/config/appconfig-mcs/default_contexts" |
120 |
} |
121 |
|
122 |
src_configure() { |
123 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
124 |
|
125 |
# Update the SELinux refpolicy capabilities based on the users' USE flags. |
126 |
|
127 |
if ! use peer_perms; then |
128 |
sed -i -e '/network_peer_controls/d' \ |
129 |
"${S}/refpolicy/policy/policy_capabilities" |
130 |
fi |
131 |
|
132 |
if ! use open_perms; then |
133 |
sed -i -e '/open_perms/d' \ |
134 |
"${S}/refpolicy/policy/policy_capabilities" |
135 |
fi |
136 |
|
137 |
if ! use ubac; then |
138 |
sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ |
139 |
|| die "Failed to disable User Based Access Control" |
140 |
fi |
141 |
|
142 |
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" |
143 |
|
144 |
# Setup the policies based on the types delivered by the end user. |
145 |
# These types can be "targeted", "strict", "mcs" and "mls". |
146 |
for i in ${POLICY_TYPES}; do |
147 |
cp -a "${S}/refpolicy" "${S}/${i}" |
148 |
|
149 |
cd "${S}/${i}"; |
150 |
make conf || die "Make conf in ${i} failed" |
151 |
|
152 |
# Define what we see as "base" and what we want to remain modular. |
153 |
cp "${FILESDIR}/modules.conf" \ |
154 |
"${S}/${i}/policy/modules.conf" \ |
155 |
|| die "failed to set up modules.conf" |
156 |
# In case of "targeted", we add the "unconfined" to the base policy |
157 |
if [[ "${i}" == "targeted" ]]; |
158 |
then |
159 |
echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" |
160 |
fi |
161 |
|
162 |
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ |
163 |
"${S}/${i}/build.conf" || die "build.conf setup failed." |
164 |
|
165 |
if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; |
166 |
then |
167 |
# MCS/MLS require additional settings |
168 |
sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ |
169 |
|| die "failed to set type to mls" |
170 |
fi |
171 |
|
172 |
if [ "${i}" == "targeted" ]; then |
173 |
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ |
174 |
"${S}/${i}/config/appconfig-standard/seusers" \ |
175 |
|| die "targeted seusers setup failed." |
176 |
fi |
177 |
done |
178 |
} |
179 |
|
180 |
src_compile() { |
181 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
182 |
|
183 |
for i in ${POLICY_TYPES}; do |
184 |
cd "${S}/${i}" |
185 |
make base || die "${i} compile failed" |
186 |
if use doc; then |
187 |
make html || die |
188 |
fi |
189 |
done |
190 |
} |
191 |
|
192 |
src_install() { |
193 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
194 |
|
195 |
for i in ${POLICY_TYPES}; do |
196 |
cd "${S}/${i}" |
197 |
|
198 |
make DESTDIR="${D}" install \ |
199 |
|| die "${i} install failed." |
200 |
|
201 |
make DESTDIR="${D}" install-headers \ |
202 |
|| die "${i} headers install failed." |
203 |
|
204 |
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" |
205 |
|
206 |
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" |
207 |
|
208 |
# libsemanage won't make this on its own |
209 |
keepdir "/etc/selinux/${i}/policy" |
210 |
|
211 |
if use doc; then |
212 |
dohtml doc/html/*; |
213 |
fi |
214 |
done |
215 |
|
216 |
dodoc doc/Makefile.example doc/example.{te,fc,if} |
217 |
|
218 |
insinto /etc/selinux |
219 |
doins "${FILESDIR}/config" |
220 |
} |
221 |
|
222 |
pkg_preinst() { |
223 |
has_version "<${CATEGORY}/${PN}-2.20101213-r13" |
224 |
previous_less_than_r13=$? |
225 |
} |
226 |
|
227 |
pkg_postinst() { |
228 |
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" |
229 |
|
230 |
for i in ${POLICY_TYPES}; do |
231 |
einfo "Inserting base module into ${i} module store." |
232 |
|
233 |
cd "${ROOT}/usr/share/selinux/${i}" |
234 |
semodule -s "${i}" -b base.pp || die "Could not load in new base policy" |
235 |
done |
236 |
elog "Updates on policies might require you to relabel files. If you, after" |
237 |
elog "installing new SELinux policies, get 'permission denied' errors," |
238 |
elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." |
239 |
} |