sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/selinux-small-2003040709-r4.ebuild,v 1.5 2003/07/28 19:47:38 pebenito Exp $

DESCRIPTION="SELinux libraries and policy compiler"
HOMEPAGE="http://www.nsa.gov/selinux"
SRC_URI="http://www.nsa.gov/selinux/archives/${P}.tgz"

LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/selinux"

KEYWORDS="~x86 ~amd64 ~ppc ~alpha ~sparc"
IUSE="selinux static"
DEPEND="sys-devel/flex
	sys-libs/pam
        || (
                >=sys-kernel/selinux-sources-2.4.20-r1
                >=sys-kernel/hardened-sources-2.4.20-r1
           )"

RDEPEND="${DEPEND}
	>=dev-python/pexpect-0.97
	>=sec-policy/selinux-base-policy-20030522"

use static && LDFLAGS="-static"

pkg_setup() {
	if [ -z "`use selinux`" ]; then
		eerror "selinux is missing from your USE.  You seem to be using the"
		eerror "incorrect profile.  SELinux has a different profile than"
		eerror "mainline Gentoo.  Make sure the /etc/make.profile symbolic"
		eend 1 "link is pointing to /usr/portage/profiles/selinux-x86-1.4/"
	fi

	if [ ! -f /usr/src/linux/security/selinux/ss/ebitmap.c ]; then
		eerror "The /usr/src/linux symbolic link appears to be incorrect.  It"
		eerror "must be pointing to a selinux-sources or hardened-sources kernel"
		eerror "for selinux-small to compile.  If the link is correct, the"
		eerror "kernel sources may be damaged or incomplete, and will need to"
		eend 1 "be remerged.  Please fix and retry."
	fi

	if [ -z "`use pam`" ]; then
		eerror "pam is missing from your USE.  Currently selinux requires pam."
		eerror "Please add pam, so all programs work correctly.  A pam-less"
		eend 1 "install will probably be supported in the future."
	fi
}

src_unpack() {
	unpack ${A}
	cd ${S}

	epatch ${FILESDIR}/${P}-gentoo.diff
	has_version '>=sys-libs/glibc-2.3.2' && epatch ${FILESDIR}/${P}-newstat.diff
	epatch ${FILESDIR}/${P}-newrole.diff

	ln -s /usr/src/linux ${WORKDIR}/lsm-2.4
}

src_compile() {

	einfo "Compiling checkpolicy"
	cd ${S}/module
		make LSMVER=-2.4 LDFLAGS=${LDFLAGS} all \
			|| die "Checkpolicy compilation failed"

	einfo "Compiling libsecure"
	cd ${S}/libsecure
		make SE_INC=/usr/include/linux/flask EXTRA_CFLAGS="${CFLAGS}" \
			EXTRA_LDFLAGS="${LDFLAGS}" \
			|| die "libsecure compile failed."

	# now set up paths, since the next compiles need libsecure
	LDFLAGS="-L${S}/libsecure/src ${LDFLAGS}"
	LIBSECURE="-I${S}/libsecure/include ${LDFLAGS} -DUSE_PAM"

	einfo "Compiling devfsd module"
	cd ${S}/devfsd
		mv devfsd-conflet selinux-small
		make CFLAGS="${CFLAGS}" LDFLAGS="${LIBSECURE/-static}" \
			|| die "devfsd compile failed."

	einfo "Compiling setfiles"
	cd ${S}/setfiles
		make CFLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS}" setfiles \
			|| die "setfiles compile failed."

	einfo "Compiling newrole"
	cd ${S}/utils/newrole
		make CFLAGS="${CFLAGS} ${LIBSECURE/-static} -lcrypt" \
			|| die "newrole compile failed."

	einfo "Compiling run_init"
	cd ${S}/utils/run_init
		make CFLAGS="${CFLAGS} ${LIBSECURE/-static} -lcrypt" \
			|| die "run_init compile failed."

	einfo "Compiling s-wrappers"
	cd ${S}/utils/spasswd
		make CFLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS} -lcrypt -static" \
			|| die "s-wrappers compile failed."

	einfo "Compiling selopt"
	cd ${S}/selopt
		make COPT_FLAGS="${CFLAGS} ${LIBSECURE}" LDFLAGS="${LDFLAGS}" \
			|| die "selopt compile failed."
}

src_install() {
	# install policy stuff
	dosbin ${S}/module/checkpolicy/checkpolicy
	dosbin ${S}/setfiles/setfiles

	insinto /usr/include
	doins ${S}/libsecure/include/*.h

	insinto /etc/devfs.d
	doins ${S}/devfsd/selinux-small

	dolib.a ${S}/libsecure/src/libsecure.a
	dobin ${S}/libsecure/test/{avc_enforcing,avc_toggle,context_to_sid,sid_to_context,list_sids,chsid,lchsid,chsidfs,get_user_sids}
	dosbin ${S}/libsecure/test/load_policy
	dobin ${S}/utils/spasswd/{sadminpasswd,schfn,schsh,spasswd,suseradd,suserdel,svipw}
	dobin ${S}/utils/run_init/run_init
	dobin ${S}/utils/newrole/newrole
	dosbin ${FILESDIR}/{rlpkg,open_init_pty}

	doman ${S}/setfiles/setfiles.8
	doman ${S}/libsecure/man/man[12]/*
	doman ${S}/utils/newrole/newrole.1
	doman ${S}/utils/run_init/run_init.8

	dobin ${S}/selopt/utils/flmon
	dosbin ${S}/selopt/utils/{ct,pt,qt}
	dosbin ${S}/selopt/scmpd/scmpd
	dodoc ${S}/selopt/doc/*

	exeinto /etc/init.d
	doexe ${FILESDIR}/scmpd

	exeinto /lib/devfsd
	doexe ${S}/devfsd/devfsd-se.so

	# install pam stuff
	insinto /etc/pam.d
	doins ${FILESDIR}/{newrole,run_init}
}

pkg_postinst() {
	einfo
	einfo "To recompile the policy and relabel the filesystem simply run:"
	einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config"
	einfo

	# Stop devfsd from restoring /dev/log, it causes denials.
	# The syslog will create it when it starts.  Recent stock
	# gentoo devfsd.conf's stopped saving /dev/log into dev-state.
	[ -f /lib/dev-state/log ] && rm -f /lib/dev-state/log
}

pkg_config() {
	cd /etc/security/selinux/src/policy

	einfo "Compiling policy"
	make policy || die "Policy compile failed (see above error messages)"

	einfo "Installing policy"
	make install || die "Policy install failed (see above error messages)"

	einfo "Loading policy"
	make load || die "Policy loading failed (see above error messages)"

	einfo "Relabeling filesystems -- This will take a very long time!"
	make relabel || die "Relabeling failed (see above error messages)"
}