blob: 39ad67ac622b7ec26b3036f69df90f701f80f133 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy.eclass,v 1.17 2009/08/02 02:58:25 pebenito Exp $
# Eclass for installing SELinux policy, and optionally
# reloading the policy
inherit eutils
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
SRC_URI="mirror://gentoo/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/${PN/selinux-}"
IUSE=""
RDEPEND=">=sec-policy/selinux-base-policy-20030729"
selinux-policy_src_compile() {
cd "${S}"
[ -z "${POLICYDIR}" ] && POLICYDIR="/etc/security/selinux/src/policy"
SAVENAME="`date +%Y%m%d%H%M`-${PN}.tar.bz2"
SAVEDIR="`echo "${POLICYDIR}" | cut -d/ -f6`"
einfo "Backup of policy source is \"${SAVENAME}\"."
debug-print "POLICYDIR is \"${POLICYDIR}\""
debug-print "SAVEDIR is \"${SAVEDIR}\""
# create a backup of the current policy
tar -C /etc/security/selinux/src --exclude tmp \
--exclude policy.conf -jcf ${SAVENAME} ${SAVEDIR}/
}
selinux-policy_src_install() {
cd "${S}"
insinto /etc/security/selinux/src/policy-backup
doins *-${PN}.tar.bz2
if [ -n "${TEFILES}" ]; then
debug-print "TEFILES is \"${TEFILES}\""
insinto ${POLICYDIR}/domains/program
doins ${TEFILES} || die
fi
if [ -n "${TEMISC}" ]; then
debug-print "TEMISC is \"${TEMISC}\""
insinto ${POLICYDIR}/domains/misc
doins ${TEMISC} || die
fi
if [ -n "${FCFILES}" ]; then
debug-print "FCFILES is \"${FCFILES}\""
insinto ${POLICYDIR}/file_contexts/program
doins ${FCFILES} || die
fi
if [ -n "${FCMISC}" ]; then
debug-print "FCMISC is \"${FCMISC}\""
insinto ${POLICYDIR}/file_contexts/misc
doins ${FCMISC} || die
fi
if [ -n "${MACROS}" ]; then
debug-print "MACROS is \"${MACROS}\""
insinto ${POLICYDIR}/macros/program
doins ${MACROS} || die
fi
}
selinux-policy_pkg_postinst() {
if has "loadpolicy" $FEATURES ; then
if [ -x /usr/bin/checkpolicy -a -x /usr/sbin/load_policy -a -x /usr/sbin/setfiles ]; then
# only do this if all tools are installed
ebegin "Automatically loading policy"
make -C ${POLICYDIR} load
eend $?
ebegin "Regenerating file contexts"
[ -f ${POLICYDIR}/file_contexts/file_contexts ] && \
rm -f ${POLICYDIR}/file_contexts/file_contexts
make -C ${POLICYDIR} file_contexts/file_contexts &> /dev/null
# do a test relabel to make sure file
# contexts work (doesnt change any labels)
echo "/etc/passwd" | /usr/sbin/setfiles \
${POLICYDIR}/file_contexts/file_contexts -sqn
eend $?
fi
else
echo
echo
eerror "Policy has not been loaded. It is strongly suggested"
eerror "that the policy be loaded before continuing!!"
echo
einfo "Automatic policy loading can be enabled by adding"
einfo "\"loadpolicy\" to the FEATURES in make.conf."
echo
echo
ebeep 4
epause 4
fi
}
EXPORT_FUNCTIONS src_compile src_install pkg_postinst
|