diff options
Diffstat (limited to 'sec-policy/selinux-base-policy')
8 files changed, 17 insertions, 990 deletions
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog index fd4b2b12f622..afd998d230f4 100644 --- a/sec-policy/selinux-base-policy/ChangeLog +++ b/sec-policy/selinux-base-policy/ChangeLog @@ -1,6 +1,22 @@ # ChangeLog for sec-policy/selinux-base-policy # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.104 2012/04/29 10:11:30 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.105 2012/05/13 11:50:11 swift Exp $ + + 13 May 2012; <swift@gentoo.org> -selinux-base-policy-2.20110726-r5.ebuild, + -selinux-base-policy-2.20110726-r6.ebuild, + -selinux-base-policy-2.20110726-r7.ebuild, + -selinux-base-policy-2.20110726-r8.ebuild, + -selinux-base-policy-2.20110726-r11.ebuild, + -selinux-base-policy-2.20110726-r13.ebuild, metadata.xml: + Drop unused local USE flag definitions + + 13 May 2012; <swift@gentoo.org> -selinux-base-policy-2.20110726-r5.ebuild, + -selinux-base-policy-2.20110726-r6.ebuild, + -selinux-base-policy-2.20110726-r7.ebuild, + -selinux-base-policy-2.20110726-r8.ebuild, + -selinux-base-policy-2.20110726-r11.ebuild, + -selinux-base-policy-2.20110726-r13.ebuild: + Removing deprecated ebuilds (cleanup) 29 Apr 2012; <swift@gentoo.org> selinux-base-policy-2.20120215-r7.ebuild: Stabilize rev7 diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml index 393f3bb02965..9f87a21d4a74 100644 --- a/sec-policy/selinux-base-policy/metadata.xml +++ b/sec-policy/selinux-base-policy/metadata.xml @@ -6,9 +6,4 @@ Gentoo SELinux base policy. This contains policy for a system at the end of system installation. There is no extra policy in this package. </longdescription> - <use> - <flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag> - <flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag> - <flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag> - </use> </pkgmetadata> diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r11.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r11.ebuild deleted file mode 100644 index 72a85d4fb4e6..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r11.ebuild +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r11.ebuild,v 1.2 2012/02/23 18:43:59 swift Exp $ - -EAPI="4" -IUSE="+peer_perms +open_perms +ubac doc" - -inherit eutils - -DESCRIPTION="Gentoo base policy for SELinux" -HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" -SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 - http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2" -LICENSE="GPL-2" -SLOT="0" - -KEYWORDS="amd64 x86" - -RDEPEND=">=sys-apps/policycoreutils-1.30.30 - >=sys-fs/udev-151" -DEPEND="${RDEPEND} - sys-devel/m4 - >=sys-apps/checkpolicy-1.30.12" - -S=${WORKDIR}/ - -src_prepare() { - # Apply the gentoo patches to the policy. These patches are only necessary - # for base policies, or for interface changes on modules. - EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ - EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}" \ - EPATCH_FORCE="yes" \ - epatch - - cd "${S}/refpolicy" - # Fix bug 257111 - Correct the initial sid for cron-started jobs in the - # system_r role - sed -i -e 's:system_crond_t:system_cronjob_t:g' \ - "${S}/refpolicy/config/appconfig-standard/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mls/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mcs/default_contexts" -} - -src_configure() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - # Update the SELinux refpolicy capabilities based on the users' USE flags. - - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use ubac; then - sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ - || die "Failed to disable User Based Access Control" - fi - - echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" - - # Setup the policies based on the types delivered by the end user. - # These types can be "targeted", "strict", "mcs" and "mls". - for i in ${POLICY_TYPES}; do - cp -a "${S}/refpolicy" "${S}/${i}" - - cd "${S}/${i}"; - make conf || die "Make conf in ${i} failed" - - # Define what we see as "base" and what we want to remain modular. - cp "${FILESDIR}/modules.conf" \ - "${S}/${i}/policy/modules.conf" \ - || die "failed to set up modules.conf" - # In case of "targeted", we add the "unconfined" to the base policy - if [[ "${i}" == "targeted" ]]; - then - echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" - fi - - sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ - "${S}/${i}/build.conf" || die "build.conf setup failed." - - if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; - then - # MCS/MLS require additional settings - sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ - || die "failed to set type to mls" - fi - - if [ "${i}" == "targeted" ]; then - sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ - "${S}/${i}/config/appconfig-standard/seusers" \ - || die "targeted seusers setup failed." - fi - done -} - -src_compile() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - make base || die "${i} compile failed" - if use doc; then - make html || die - fi - done -} - -src_install() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - - make DESTDIR="${D}" install \ - || die "${i} install failed." - - make DESTDIR="${D}" install-headers \ - || die "${i} headers install failed." - - echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" - - echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" - - # libsemanage won't make this on its own - keepdir "/etc/selinux/${i}/policy" - - if use doc; then - dohtml doc/html/*; - fi - done - - dodoc doc/Makefile.example doc/example.{te,fc,if} - - insinto /etc/selinux - doins "${FILESDIR}/config" -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-2.20101213-r13" - previous_less_than_r13=$? -} - -pkg_postinst() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - einfo "Inserting base module into ${i} module store." - - cd "${ROOT}/usr/share/selinux/${i}" - semodule -s "${i}" -b base.pp || die "Could not load in new base policy" - done - elog "Updates on policies might require you to relabel files. If you, after" - elog "installing new SELinux policies, get 'permission denied' errors," - elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r13.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r13.ebuild deleted file mode 100644 index 1ad17d1bb6a2..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r13.ebuild +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r13.ebuild,v 1.2 2012/03/31 12:56:49 swift Exp $ - -EAPI="4" -IUSE="+peer_perms +open_perms +ubac doc" - -inherit eutils - -DESCRIPTION="Gentoo base policy for SELinux" -HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" -SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 - http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2" -LICENSE="GPL-2" -SLOT="0" - -KEYWORDS="amd64 x86" - -RDEPEND=">=sys-apps/policycoreutils-1.30.30 - >=sys-fs/udev-151" -DEPEND="${RDEPEND} - sys-devel/m4 - >=sys-apps/checkpolicy-1.30.12" - -S=${WORKDIR}/ - -src_prepare() { - # Apply the gentoo patches to the policy. These patches are only necessary - # for base policies, or for interface changes on modules. - EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ - EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}" \ - EPATCH_FORCE="yes" \ - epatch - - cd "${S}/refpolicy" - # Fix bug 257111 - Correct the initial sid for cron-started jobs in the - # system_r role - sed -i -e 's:system_crond_t:system_cronjob_t:g' \ - "${S}/refpolicy/config/appconfig-standard/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mls/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mcs/default_contexts" -} - -src_configure() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - # Update the SELinux refpolicy capabilities based on the users' USE flags. - - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use ubac; then - sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ - || die "Failed to disable User Based Access Control" - fi - - echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" - - # Setup the policies based on the types delivered by the end user. - # These types can be "targeted", "strict", "mcs" and "mls". - for i in ${POLICY_TYPES}; do - cp -a "${S}/refpolicy" "${S}/${i}" - - cd "${S}/${i}"; - make conf || die "Make conf in ${i} failed" - - # Define what we see as "base" and what we want to remain modular. - cp "${FILESDIR}/modules.conf" \ - "${S}/${i}/policy/modules.conf" \ - || die "failed to set up modules.conf" - # In case of "targeted", we add the "unconfined" to the base policy - if [[ "${i}" == "targeted" ]]; - then - echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" - fi - - sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ - "${S}/${i}/build.conf" || die "build.conf setup failed." - - if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; - then - # MCS/MLS require additional settings - sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ - || die "failed to set type to mls" - fi - - if [ "${i}" == "targeted" ]; then - sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ - "${S}/${i}/config/appconfig-standard/seusers" \ - || die "targeted seusers setup failed." - fi - done -} - -src_compile() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - make base || die "${i} compile failed" - if use doc; then - make html || die - fi - done -} - -src_install() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - - make DESTDIR="${D}" install \ - || die "${i} install failed." - - make DESTDIR="${D}" install-headers \ - || die "${i} headers install failed." - - echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" - - echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" - - # libsemanage won't make this on its own - keepdir "/etc/selinux/${i}/policy" - - if use doc; then - dohtml doc/html/*; - fi - done - - dodoc doc/Makefile.example doc/example.{te,fc,if} - - insinto /etc/selinux - doins "${FILESDIR}/config" -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-2.20101213-r13" - previous_less_than_r13=$? -} - -pkg_postinst() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - einfo "Inserting base module into ${i} module store." - - cd "${ROOT}/usr/share/selinux/${i}" - semodule -s "${i}" -b base.pp || die "Could not load in new base policy" - done - elog "Updates on policies might require you to relabel files. If you, after" - elog "installing new SELinux policies, get 'permission denied' errors," - elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r5.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r5.ebuild deleted file mode 100644 index e6f32be0bde6..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r5.ebuild +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r5.ebuild,v 1.2 2011/11/27 18:12:39 swift Exp $ - -EAPI="4" -IUSE="+peer_perms +open_perms +ubac doc" - -inherit eutils - -DESCRIPTION="Gentoo base policy for SELinux" -HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" -SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 - http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2" -LICENSE="GPL-2" -SLOT="0" - -KEYWORDS="amd64 x86" - -RDEPEND=">=sys-apps/policycoreutils-1.30.30 - >=sys-fs/udev-151" -DEPEND="${RDEPEND} - sys-devel/m4 - >=sys-apps/checkpolicy-1.30.12" - -S=${WORKDIR}/ - -src_prepare() { - # Apply the gentoo patches to the policy. These patches are only necessary - # for base policies, or for interface changes on modules. - EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ - EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}" \ - EPATCH_FORCE="yes" \ - epatch - - cd "${S}/refpolicy" - # Fix bug 257111 - Correct the initial sid for cron-started jobs in the - # system_r role - sed -i -e 's:system_crond_t:system_cronjob_t:g' \ - "${S}/refpolicy/config/appconfig-standard/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mls/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mcs/default_contexts" -} - -src_configure() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - # Update the SELinux refpolicy capabilities based on the users' USE flags. - - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use ubac; then - sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ - || die "Failed to disable User Based Access Control" - fi - - echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" - - # Setup the policies based on the types delivered by the end user. - # These types can be "targeted", "strict", "mcs" and "mls". - for i in ${POLICY_TYPES}; do - cp -a "${S}/refpolicy" "${S}/${i}" - - cd "${S}/${i}"; - make conf || die "Make conf in ${i} failed" - - # Define what we see as "base" and what we want to remain modular. - cp "${FILESDIR}/modules.conf" \ - "${S}/${i}/policy/modules.conf" \ - || die "failed to set up modules.conf" - # In case of "targeted", we add the "unconfined" to the base policy - if [[ "${i}" == "targeted" ]]; - then - echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" - fi - - sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ - "${S}/${i}/build.conf" || die "build.conf setup failed." - - if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; - then - # MCS/MLS require additional settings - sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ - || die "failed to set type to mls" - fi - - if [ "${i}" == "targeted" ]; then - sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ - "${S}/${i}/config/appconfig-standard/seusers" \ - || die "targeted seusers setup failed." - fi - done -} - -src_compile() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - make base || die "${i} compile failed" - if use doc; then - make html || die - fi - done -} - -src_install() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - - make DESTDIR="${D}" install \ - || die "${i} install failed." - - make DESTDIR="${D}" install-headers \ - || die "${i} headers install failed." - - echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" - - echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" - - # libsemanage won't make this on its own - keepdir "/etc/selinux/${i}/policy" - - if use doc; then - dohtml doc/html/*; - fi - done - - dodoc doc/Makefile.example doc/example.{te,fc,if} - - insinto /etc/selinux - doins "${FILESDIR}/config" -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-2.20101213-r13" - previous_less_than_r13=$? -} - -pkg_postinst() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - einfo "Inserting base module into ${i} module store." - - cd "${ROOT}/usr/share/selinux/${i}" - semodule -s "${i}" -b base.pp || die "Could not load in new base policy" - done - elog "Updates on policies might require you to relabel files. If you, after" - elog "installing new SELinux policies, get 'permission denied' errors," - elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r6.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r6.ebuild deleted file mode 100644 index c481ed38badc..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r6.ebuild +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r6.ebuild,v 1.3 2011/12/19 18:17:16 swift Exp $ - -EAPI="4" -IUSE="+peer_perms +open_perms +ubac doc" - -inherit eutils - -DESCRIPTION="Gentoo base policy for SELinux" -HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" -SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 - http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2" -LICENSE="GPL-2" -SLOT="0" - -KEYWORDS="amd64 x86" - -RDEPEND=">=sys-apps/policycoreutils-1.30.30 - >=sys-fs/udev-151" -DEPEND="${RDEPEND} - sys-devel/m4 - >=sys-apps/checkpolicy-1.30.12" - -S=${WORKDIR}/ - -src_prepare() { - # Apply the gentoo patches to the policy. These patches are only necessary - # for base policies, or for interface changes on modules. - EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ - EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}" \ - EPATCH_FORCE="yes" \ - epatch - - cd "${S}/refpolicy" - # Fix bug 257111 - Correct the initial sid for cron-started jobs in the - # system_r role - sed -i -e 's:system_crond_t:system_cronjob_t:g' \ - "${S}/refpolicy/config/appconfig-standard/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mls/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mcs/default_contexts" -} - -src_configure() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - # Update the SELinux refpolicy capabilities based on the users' USE flags. - - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use ubac; then - sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ - || die "Failed to disable User Based Access Control" - fi - - echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" - - # Setup the policies based on the types delivered by the end user. - # These types can be "targeted", "strict", "mcs" and "mls". - for i in ${POLICY_TYPES}; do - cp -a "${S}/refpolicy" "${S}/${i}" - - cd "${S}/${i}"; - make conf || die "Make conf in ${i} failed" - - # Define what we see as "base" and what we want to remain modular. - cp "${FILESDIR}/modules.conf" \ - "${S}/${i}/policy/modules.conf" \ - || die "failed to set up modules.conf" - # In case of "targeted", we add the "unconfined" to the base policy - if [[ "${i}" == "targeted" ]]; - then - echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" - fi - - sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ - "${S}/${i}/build.conf" || die "build.conf setup failed." - - if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; - then - # MCS/MLS require additional settings - sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ - || die "failed to set type to mls" - fi - - if [ "${i}" == "targeted" ]; then - sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ - "${S}/${i}/config/appconfig-standard/seusers" \ - || die "targeted seusers setup failed." - fi - done -} - -src_compile() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - make base || die "${i} compile failed" - if use doc; then - make html || die - fi - done -} - -src_install() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - - make DESTDIR="${D}" install \ - || die "${i} install failed." - - make DESTDIR="${D}" install-headers \ - || die "${i} headers install failed." - - echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" - - echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" - - # libsemanage won't make this on its own - keepdir "/etc/selinux/${i}/policy" - - if use doc; then - dohtml doc/html/*; - fi - done - - dodoc doc/Makefile.example doc/example.{te,fc,if} - - insinto /etc/selinux - doins "${FILESDIR}/config" -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-2.20101213-r13" - previous_less_than_r13=$? -} - -pkg_postinst() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - einfo "Inserting base module into ${i} module store." - - cd "${ROOT}/usr/share/selinux/${i}" - semodule -s "${i}" -b base.pp || die "Could not load in new base policy" - done - elog "Updates on policies might require you to relabel files. If you, after" - elog "installing new SELinux policies, get 'permission denied' errors," - elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild deleted file mode 100644 index 211b3ad89369..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild,v 1.1 2011/12/04 19:02:17 swift Exp $ - -EAPI="4" -IUSE="+peer_perms +open_perms +ubac doc" - -inherit eutils - -DESCRIPTION="Gentoo base policy for SELinux" -HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" -SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 - http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2" -LICENSE="GPL-2" -SLOT="0" - -KEYWORDS="~amd64 ~x86" - -RDEPEND=">=sys-apps/policycoreutils-1.30.30 - >=sys-fs/udev-151" -DEPEND="${RDEPEND} - sys-devel/m4 - >=sys-apps/checkpolicy-1.30.12" - -S=${WORKDIR}/ - -src_prepare() { - # Apply the gentoo patches to the policy. These patches are only necessary - # for base policies, or for interface changes on modules. - EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ - EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}" \ - EPATCH_FORCE="yes" \ - epatch - - cd "${S}/refpolicy" - # Fix bug 257111 - Correct the initial sid for cron-started jobs in the - # system_r role - sed -i -e 's:system_crond_t:system_cronjob_t:g' \ - "${S}/refpolicy/config/appconfig-standard/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mls/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mcs/default_contexts" -} - -src_configure() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - # Update the SELinux refpolicy capabilities based on the users' USE flags. - - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use ubac; then - sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ - || die "Failed to disable User Based Access Control" - fi - - echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" - - # Setup the policies based on the types delivered by the end user. - # These types can be "targeted", "strict", "mcs" and "mls". - for i in ${POLICY_TYPES}; do - cp -a "${S}/refpolicy" "${S}/${i}" - - cd "${S}/${i}"; - make conf || die "Make conf in ${i} failed" - - # Define what we see as "base" and what we want to remain modular. - cp "${FILESDIR}/modules.conf" \ - "${S}/${i}/policy/modules.conf" \ - || die "failed to set up modules.conf" - # In case of "targeted", we add the "unconfined" to the base policy - if [[ "${i}" == "targeted" ]]; - then - echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" - fi - - sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ - "${S}/${i}/build.conf" || die "build.conf setup failed." - - if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; - then - # MCS/MLS require additional settings - sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ - || die "failed to set type to mls" - fi - - if [ "${i}" == "targeted" ]; then - sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ - "${S}/${i}/config/appconfig-standard/seusers" \ - || die "targeted seusers setup failed." - fi - done -} - -src_compile() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - make base || die "${i} compile failed" - if use doc; then - make html || die - fi - done -} - -src_install() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - - make DESTDIR="${D}" install \ - || die "${i} install failed." - - make DESTDIR="${D}" install-headers \ - || die "${i} headers install failed." - - echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" - - echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" - - # libsemanage won't make this on its own - keepdir "/etc/selinux/${i}/policy" - - if use doc; then - dohtml doc/html/*; - fi - done - - dodoc doc/Makefile.example doc/example.{te,fc,if} - - insinto /etc/selinux - doins "${FILESDIR}/config" -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-2.20101213-r13" - previous_less_than_r13=$? -} - -pkg_postinst() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - einfo "Inserting base module into ${i} module store." - - cd "${ROOT}/usr/share/selinux/${i}" - semodule -s "${i}" -b base.pp || die "Could not load in new base policy" - done - elog "Updates on policies might require you to relabel files. If you, after" - elog "installing new SELinux policies, get 'permission denied' errors," - elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r8.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r8.ebuild deleted file mode 100644 index 189ab9b07f7a..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r8.ebuild +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r8.ebuild,v 1.2 2012/01/29 11:23:08 swift Exp $ - -EAPI="4" -IUSE="+peer_perms +open_perms +ubac doc" - -inherit eutils - -DESCRIPTION="Gentoo base policy for SELinux" -HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" -SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 - http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2" -LICENSE="GPL-2" -SLOT="0" - -KEYWORDS="amd64 x86" - -RDEPEND=">=sys-apps/policycoreutils-1.30.30 - >=sys-fs/udev-151" -DEPEND="${RDEPEND} - sys-devel/m4 - >=sys-apps/checkpolicy-1.30.12" - -S=${WORKDIR}/ - -src_prepare() { - # Apply the gentoo patches to the policy. These patches are only necessary - # for base policies, or for interface changes on modules. - EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ - EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}" \ - EPATCH_FORCE="yes" \ - epatch - - cd "${S}/refpolicy" - # Fix bug 257111 - Correct the initial sid for cron-started jobs in the - # system_r role - sed -i -e 's:system_crond_t:system_cronjob_t:g' \ - "${S}/refpolicy/config/appconfig-standard/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mls/default_contexts" - sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ - "${S}/refpolicy/config/appconfig-mcs/default_contexts" -} - -src_configure() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - # Update the SELinux refpolicy capabilities based on the users' USE flags. - - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" - fi - - if ! use ubac; then - sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ - || die "Failed to disable User Based Access Control" - fi - - echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" - - # Setup the policies based on the types delivered by the end user. - # These types can be "targeted", "strict", "mcs" and "mls". - for i in ${POLICY_TYPES}; do - cp -a "${S}/refpolicy" "${S}/${i}" - - cd "${S}/${i}"; - make conf || die "Make conf in ${i} failed" - - # Define what we see as "base" and what we want to remain modular. - cp "${FILESDIR}/modules.conf" \ - "${S}/${i}/policy/modules.conf" \ - || die "failed to set up modules.conf" - # In case of "targeted", we add the "unconfined" to the base policy - if [[ "${i}" == "targeted" ]]; - then - echo "unconfined = base" >> "${S}/${i}/policy/modules.conf" - fi - - sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ - "${S}/${i}/build.conf" || die "build.conf setup failed." - - if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; - then - # MCS/MLS require additional settings - sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ - || die "failed to set type to mls" - fi - - if [ "${i}" == "targeted" ]; then - sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ - "${S}/${i}/config/appconfig-standard/seusers" \ - || die "targeted seusers setup failed." - fi - done -} - -src_compile() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - make base || die "${i} compile failed" - if use doc; then - make html || die - fi - done -} - -src_install() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - cd "${S}/${i}" - - make DESTDIR="${D}" install \ - || die "${i} install failed." - - make DESTDIR="${D}" install-headers \ - || die "${i} headers install failed." - - echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" - - echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" - - # libsemanage won't make this on its own - keepdir "/etc/selinux/${i}/policy" - - if use doc; then - dohtml doc/html/*; - fi - done - - dodoc doc/Makefile.example doc/example.{te,fc,if} - - insinto /etc/selinux - doins "${FILESDIR}/config" -} - -pkg_preinst() { - has_version "<${CATEGORY}/${PN}-2.20101213-r13" - previous_less_than_r13=$? -} - -pkg_postinst() { - [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" - - for i in ${POLICY_TYPES}; do - einfo "Inserting base module into ${i} module store." - - cd "${ROOT}/usr/share/selinux/${i}" - semodule -s "${i}" -b base.pp || die "Could not load in new base policy" - done - elog "Updates on policies might require you to relabel files. If you, after" - elog "installing new SELinux policies, get 'permission denied' errors," - elog "relabelling your system using 'rlpkg -a -r' might resolve the issues." -} |