blob: 59bae9a0a5e62ce2448e2d0a780d4c76fe91b9e3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20091215.ebuild,v 1.1 2009/12/16 02:53:36 pebenito Exp $
EAPI="1"
IUSE="+peer_perms open_perms"
inherit eutils
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
RDEPEND=">=sys-apps/policycoreutils-1.30.30"
DEPEND="${RDEPEND}
sys-devel/m4
>=sys-apps/checkpolicy-1.30.12"
S=${WORKDIR}/
src_unpack() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
MOD_CONF_VER="20090730"
unpack ${A}
# cd "${S}/refpolicy"
# epatch ${FILESDIR}/${PN}-${PV}.diff
if ! use peer_perms; then
sed -i -e '/network_peer_controls/d' \
"${S}/refpolicy/policy/policy_capabilities"
fi
if ! use open_perms; then
sed -i -e '/open_perms/d' \
"${S}/refpolicy/policy/policy_capabilities"
fi
for i in ${POLICY_TYPES}; do
cp -a "${S}/refpolicy" "${S}/${i}"
cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
"${S}/${i}/policy/modules.conf" \
|| die "failed to set up modules.conf"
sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
|| die "build.conf setup failed."
echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
if [ "${i}" == "targeted" ]; then
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
"${S}/${i}/config/appconfig-standard/seusers" \
|| die "targeted seusers setup failed."
fi
done
}
src_compile() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
make base || die "${i} compile failed"
done
}
src_install() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
make DESTDIR="${D}" install \
|| die "${i} install failed."
make DESTDIR="${D}" install-headers \
|| die "${i} headers install failed."
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
# libsemanage won't make this on its own
keepdir "/etc/selinux/${i}/policy"
done
dodoc doc/Makefile.example doc/example.{te,fc,if}
insinto /etc/selinux
doins "${FILESDIR}/config"
}
pkg_postinst() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
if has "loadpolicy" $FEATURES ; then
for i in ${POLICY_TYPES}; do
einfo "Inserting base module into ${i} module store."
cd "/usr/share/selinux/${i}"
semodule -s "${i}" -b base.pp
done
else
echo
echo
eerror "Policy has not been loaded. It is strongly suggested"
eerror "that the policy be loaded before continuing!!"
echo
einfo "Automatic policy loading can be enabled by adding"
einfo "\"loadpolicy\" to the FEATURES in make.conf."
echo
echo
ebeep 4
epause 4
fi
}
|