1 |
commit: 8f2aa45db35bbf3a74f8db09ece9edac60e79ee4 |
2 |
Author: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Aug 30 08:34:24 2015 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Aug 30 08:34:24 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f2aa45d |
7 |
|
8 |
selinux-policy-2.eclass: Enable CIL support |
9 |
|
10 |
Recent SELinux userspace supports a new intermediate policy language |
11 |
called CIL. This enables using .cil files in our policy ebuilds. |
12 |
|
13 |
Gentoo-Bug: 558958 |
14 |
|
15 |
eclass/selinux-policy-2.eclass | 24 +++++++++++++++++------- |
16 |
1 file changed, 17 insertions(+), 7 deletions(-) |
17 |
|
18 |
diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass |
19 |
index d582b2d..92f2f82 100644 |
20 |
--- a/eclass/selinux-policy-2.eclass |
21 |
+++ b/eclass/selinux-policy-2.eclass |
22 |
@@ -198,6 +198,7 @@ selinux-policy-2_src_prepare() { |
23 |
for i in ${MODS}; do |
24 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" |
25 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" |
26 |
+ modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.cil) $modfiles" |
27 |
if [ ${add_interfaces} -eq 1 ]; |
28 |
then |
29 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.if) $modfiles" |
30 |
@@ -239,7 +240,7 @@ selinux-policy-2_src_compile() { |
31 |
|
32 |
# @FUNCTION: selinux-policy-2_src_install |
33 |
# @DESCRIPTION: |
34 |
-# Install the built .pp files in the correct subdirectory within |
35 |
+# Install the built .pp (or copied .cil) files in the correct subdirectory within |
36 |
# /usr/share/selinux. |
37 |
selinux-policy-2_src_install() { |
38 |
local BASEDIR="/usr/share/selinux" |
39 |
@@ -248,7 +249,11 @@ selinux-policy-2_src_install() { |
40 |
for j in ${MODS}; do |
41 |
einfo "Installing ${i} ${j} policy package" |
42 |
insinto ${BASEDIR}/${i} |
43 |
- doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" |
44 |
+ if [ -f "${S}/${i}/${j}.pp" ] ; then |
45 |
+ doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" |
46 |
+ elif [ -f "${S}/${i}/${j}.cil" ] ; then |
47 |
+ doins "${S}"/${i}/${j}.cil || die "Failed to add ${j}.cil to ${i}" |
48 |
+ fi |
49 |
|
50 |
if [[ "${POLICY_FILES[@]}" == *"${j}.if"* ]]; |
51 |
then |
52 |
@@ -261,14 +266,11 @@ selinux-policy-2_src_install() { |
53 |
|
54 |
# @FUNCTION: selinux-policy-2_pkg_postinst |
55 |
# @DESCRIPTION: |
56 |
-# Install the built .pp files in the SELinux policy stores, effectively |
57 |
+# Install the built .pp (or copied .cil) files in the SELinux policy stores, effectively |
58 |
# activating the policy on the system. |
59 |
selinux-policy-2_pkg_postinst() { |
60 |
# build up the command in the case of multiple modules |
61 |
local COMMAND |
62 |
- for i in ${MODS}; do |
63 |
- COMMAND="-i ${i}.pp ${COMMAND}" |
64 |
- done |
65 |
|
66 |
for i in ${POLICY_TYPES}; do |
67 |
if [ "${i}" == "strict" ] && [ "${MODS}" = "unconfined" ]; |
68 |
@@ -279,7 +281,14 @@ selinux-policy-2_pkg_postinst() { |
69 |
einfo "Inserting the following modules into the $i module store: ${MODS}" |
70 |
|
71 |
cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" |
72 |
- semodule -s ${i} ${COMMAND} |
73 |
+ for j in ${MODS} ; do |
74 |
+ if [ -f "${j}.pp" ] ; then |
75 |
+ COMMAND="${j}.pp ${COMMAND}" |
76 |
+ elif [ -f "${j}.cil" ] ; then |
77 |
+ COMMAND="${j}.cil ${COMMAND}" |
78 |
+ fi |
79 |
+ done |
80 |
+ semodule -s ${i} -i ${COMMAND} |
81 |
if [ $? -ne 0 ]; |
82 |
then |
83 |
ewarn "SELinux module load failed. Trying full reload..."; |
84 |
@@ -313,6 +322,7 @@ selinux-policy-2_pkg_postinst() { |
85 |
else |
86 |
einfo "SELinux modules loaded succesfully." |
87 |
fi |
88 |
+ COMMAND=""; |
89 |
done |
90 |
|
91 |
# Relabel depending packages |