| 1 |
commit: 8f2aa45db35bbf3a74f8db09ece9edac60e79ee4 |
| 2 |
Author: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Aug 30 08:34:24 2015 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Aug 30 08:34:24 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f2aa45d |
| 7 |
|
| 8 |
selinux-policy-2.eclass: Enable CIL support |
| 9 |
|
| 10 |
Recent SELinux userspace supports a new intermediate policy language |
| 11 |
called CIL. This enables using .cil files in our policy ebuilds. |
| 12 |
|
| 13 |
Gentoo-Bug: 558958 |
| 14 |
|
| 15 |
eclass/selinux-policy-2.eclass | 24 +++++++++++++++++------- |
| 16 |
1 file changed, 17 insertions(+), 7 deletions(-) |
| 17 |
|
| 18 |
diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass |
| 19 |
index d582b2d..92f2f82 100644 |
| 20 |
--- a/eclass/selinux-policy-2.eclass |
| 21 |
+++ b/eclass/selinux-policy-2.eclass |
| 22 |
@@ -198,6 +198,7 @@ selinux-policy-2_src_prepare() { |
| 23 |
for i in ${MODS}; do |
| 24 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" |
| 25 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" |
| 26 |
+ modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.cil) $modfiles" |
| 27 |
if [ ${add_interfaces} -eq 1 ]; |
| 28 |
then |
| 29 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.if) $modfiles" |
| 30 |
@@ -239,7 +240,7 @@ selinux-policy-2_src_compile() { |
| 31 |
|
| 32 |
# @FUNCTION: selinux-policy-2_src_install |
| 33 |
# @DESCRIPTION: |
| 34 |
-# Install the built .pp files in the correct subdirectory within |
| 35 |
+# Install the built .pp (or copied .cil) files in the correct subdirectory within |
| 36 |
# /usr/share/selinux. |
| 37 |
selinux-policy-2_src_install() { |
| 38 |
local BASEDIR="/usr/share/selinux" |
| 39 |
@@ -248,7 +249,11 @@ selinux-policy-2_src_install() { |
| 40 |
for j in ${MODS}; do |
| 41 |
einfo "Installing ${i} ${j} policy package" |
| 42 |
insinto ${BASEDIR}/${i} |
| 43 |
- doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" |
| 44 |
+ if [ -f "${S}/${i}/${j}.pp" ] ; then |
| 45 |
+ doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" |
| 46 |
+ elif [ -f "${S}/${i}/${j}.cil" ] ; then |
| 47 |
+ doins "${S}"/${i}/${j}.cil || die "Failed to add ${j}.cil to ${i}" |
| 48 |
+ fi |
| 49 |
|
| 50 |
if [[ "${POLICY_FILES[@]}" == *"${j}.if"* ]]; |
| 51 |
then |
| 52 |
@@ -261,14 +266,11 @@ selinux-policy-2_src_install() { |
| 53 |
|
| 54 |
# @FUNCTION: selinux-policy-2_pkg_postinst |
| 55 |
# @DESCRIPTION: |
| 56 |
-# Install the built .pp files in the SELinux policy stores, effectively |
| 57 |
+# Install the built .pp (or copied .cil) files in the SELinux policy stores, effectively |
| 58 |
# activating the policy on the system. |
| 59 |
selinux-policy-2_pkg_postinst() { |
| 60 |
# build up the command in the case of multiple modules |
| 61 |
local COMMAND |
| 62 |
- for i in ${MODS}; do |
| 63 |
- COMMAND="-i ${i}.pp ${COMMAND}" |
| 64 |
- done |
| 65 |
|
| 66 |
for i in ${POLICY_TYPES}; do |
| 67 |
if [ "${i}" == "strict" ] && [ "${MODS}" = "unconfined" ]; |
| 68 |
@@ -279,7 +281,14 @@ selinux-policy-2_pkg_postinst() { |
| 69 |
einfo "Inserting the following modules into the $i module store: ${MODS}" |
| 70 |
|
| 71 |
cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" |
| 72 |
- semodule -s ${i} ${COMMAND} |
| 73 |
+ for j in ${MODS} ; do |
| 74 |
+ if [ -f "${j}.pp" ] ; then |
| 75 |
+ COMMAND="${j}.pp ${COMMAND}" |
| 76 |
+ elif [ -f "${j}.cil" ] ; then |
| 77 |
+ COMMAND="${j}.cil ${COMMAND}" |
| 78 |
+ fi |
| 79 |
+ done |
| 80 |
+ semodule -s ${i} -i ${COMMAND} |
| 81 |
if [ $? -ne 0 ]; |
| 82 |
then |
| 83 |
ewarn "SELinux module load failed. Trying full reload..."; |
| 84 |
@@ -313,6 +322,7 @@ selinux-policy-2_pkg_postinst() { |
| 85 |
else |
| 86 |
einfo "SELinux modules loaded succesfully." |
| 87 |
fi |
| 88 |
+ COMMAND=""; |
| 89 |
done |
| 90 |
|
| 91 |
# Relabel depending packages |
Archives