diff options
| author |   Sven Vermeulen <swift@gentoo.org> | 2012-04-26 18:38:44 +0000 |
|---|---|---|
| committer | Sven Vermeulen <swift@gentoo.org> | 2012-04-26 18:38:44 +0000 |
| commit | c2cd3e18a46dabdf2228ea6d874775a6bc651ec8 (patch) | |
| tree | 64cfaf335344b42940fc6470fa1e317989c908ec /sec-policy/selinux-base-policy | |
| parent | mask xtrans[doc] (diff) | |
| download | historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.tar.gz historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.tar.bz2 historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.zip | |
Update SELinux policies to rev 8
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/ChangeLog | 7 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 4 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild | 122 |
3 files changed, 131 insertions, 2 deletions
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog index d4009854cfb2..15ea13e9d769 100644 --- a/sec-policy/selinux-base-policy/ChangeLog +++ b/sec-policy/selinux-base-policy/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sec-policy/selinux-base-policy # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.102 2012/04/22 17:37:49 mr_bones_ Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.103 2012/04/26 18:38:44 swift Exp $ + +*selinux-base-policy-2.20120215-r8 (26 Apr 2012) + + 26 Apr 2012; <swift@gentoo.org> +selinux-base-policy-2.20120215-r8.ebuild: + Bump to rev8, fix #411719, #411149 and #411943 22 Apr 2012; Michael Sterrett <mr_bones_@gentoo.org> selinux-base-policy-2.20120215-r7.ebuild: diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 33d07f376f0a..fc07938ed4c0 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -8,6 +8,7 @@ DIST patchbundle-selinux-base-policy-2.20110726-r7.tar.bz2 24545 RMD160 b85b95f4 DIST patchbundle-selinux-base-policy-2.20110726-r8.tar.bz2 26629 RMD160 66d10e4d940c1c21ac429a2976abe5c6d711353c SHA1 e76454db60332fe21556c749b481db18ae609114 SHA256 bed5dd9121aaa984ad4b5c1087a72d0e222b79caeeb6a10b8975b2cbbb92d24e DIST patchbundle-selinux-base-policy-2.20120215-r6.tar.bz2 28970 RMD160 4726fd1dc85b5f6ad78389cf882d69c487a664dc SHA1 53e3acd5ce30582636462ae4d3fe834215b88810 SHA256 2a9e0bde439032a2183aed12ff6c18a7bdc00c05c4e1ce59ba097b0733bc776a DIST patchbundle-selinux-base-policy-2.20120215-r7.tar.bz2 29331 RMD160 d2f25fcc1bfe063392b68706644b5ff90381fc91 SHA1 557f77ac862d28191aabe2b6a18c1bc5beebae69 SHA256 e9ebe825c0f3651fc8fbf8183036fd61007d1c901d613071c6cfec3bec77963a +DIST patchbundle-selinux-base-policy-2.20120215-r8.tar.bz2 29993 RMD160 6d6a03ff3d24951529f32442dd713b1f4982aa7b SHA1 1a2fec3e59f4f440598c52cf28c2eee45ce46d92 SHA256 0d2b6b35007f833d49701f4ea4a71b91d056ee4b86c990aa000aea1c431a8d60 DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f4fdc8d3f SHA1 cc27b06c3f541d8f2c57c52804ab6893afcd9db2 SHA256 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb DIST refpolicy-2.20120215.tar.bz2 589917 RMD160 333960d5fdd5f9a23a024d1782950a06ada4f2d1 SHA1 1fe2dd03ea27e0e6fbde6e11309895efd43916e6 SHA256 6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc EBUILD selinux-base-policy-2.20110726-r11.ebuild 4804 RMD160 e5a49705ce3f3019f6509b134fd2e4caf99219cb SHA1 8bc7e4bf1e0597e339d9b562e89bffc0760a1945 SHA256 0b63879cbd10c4b8bb6ea3562a0fdf927244c7a76b5644a232e73ea9c8b3a4f7 @@ -18,5 +19,6 @@ EBUILD selinux-base-policy-2.20110726-r7.ebuild 4805 RMD160 0f926c26195955ffce1e EBUILD selinux-base-policy-2.20110726-r8.ebuild 4803 RMD160 36ddd64d167c9dbd736c26515131dbce25280923 SHA1 32514704e99e1db122dfb683db9dbbaad7d1fac8 SHA256 6226e5aef96d070934b9d34df89bf86b2fe21f15b769fe770f06a43b5f181ed9 EBUILD selinux-base-policy-2.20120215-r6.ebuild 3827 RMD160 294caff01b84e93d373df53feac9b492ab0bb1cb SHA1 4fed7d5d664b52ef00d535483894fa11441195b8 SHA256 6bd5945b7f0208da2c65a6e138e433e4eddeef06be4490375002f75dcbc3fc5e EBUILD selinux-base-policy-2.20120215-r7.ebuild 3827 RMD160 a92833ac204aab4f45d3a98060cecdc2179a0322 SHA1 8f72a6c9c25e4221bc1c7499a17b8b99e7df43e0 SHA256 87d451d42c8e53795a2522562408ced8109c05a3d095b582803a682989876181 -MISC ChangeLog 24141 RMD160 eacc917b97bc6323d0583dc86fd77e4b91989ff5 SHA1 ccb4d92a7d575badb9f8ae4c9fcbf15d3b189ebd SHA256 1cd73da9ba1024ecb704578fc212f21e5e3733f53762a7580ce9c196409b6d6b +EBUILD selinux-base-policy-2.20120215-r8.ebuild 3804 RMD160 9366b87a2c7e1347cb9c0eb7fa7febc408bb5f99 SHA1 e17f8f1136e0a44bee01b9514180c3cd8c6d70ce SHA256 ff4a109cadff49a3f9534a199ce21176f44b88e457037223cae1cfff716bb616 +MISC ChangeLog 24318 RMD160 57751460010c9b5f85223973d960896a85ed89e5 SHA1 cf1a9f0ba95d81f53488d243c39efe4a1149c6a1 SHA256 0ba10b6abc1de323e63a94877d7bdcb7d3ab30516577f2cced31adf153f8bbbb MISC metadata.xml 671 RMD160 49dd94bb827c4ab2bb8043739ef7564df4cf1c07 SHA1 a92b8a5ef129707a44fe2ae1913060d02badd566 SHA256 c32ccc54ca7df400974a19ad14c093ea7b777f7a40467bdb672f441314122e55 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild new file mode 100644 index 000000000000..6619367b6fbf --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild,v 1.1 2012/04/26 18:38:44 swift Exp $ +EAPI="4" + +inherit eutils + +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" +DESCRIPTION="SELinux policy for core modules" + +IUSE="" +BASEPOL="2.20120215-r8" + +RDEPEND=">=sec-policy/selinux-base-2.20120215-r8" +DEPEND="" +SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 + http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${BASEPOL}.tar.bz2" +KEYWORDS="~amd64 ~x86" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg unconfined" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" +PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +src_prepare() { + local modfiles + + # Patch the sources with the base patchbundle + if [[ -n ${BASEPOL} ]]; + then + cd "${S}" + EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ + EPATCH_SUFFIX="patch" \ + EPATCH_SOURCE="${WORKDIR}" \ + EPATCH_FORCE="yes" \ + epatch + fi + + # Apply the additional patches refered to by the module ebuild. + # But first some magic to differentiate between bash arrays and strings + if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]]; + then + cd "${S}/refpolicy/policy/modules" + for POLPATCH in "${POLICY_PATCH[@]}"; + do + epatch "${POLPATCH}" + done + else + if [[ -n ${POLICY_PATCH} ]]; + then + cd "${S}/refpolicy/policy/modules" + for POLPATCH in ${POLICY_PATCH}; + do + epatch "${POLPATCH}" + done + fi + fi + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + # Parallel builds are broken, so we need to force -j1 here + emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed" + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + done + done +} + +pkg_postinst() { + # Override the command from the eclass, we need to load in base as well here + local COMMAND + for i in ${MODS}; do + COMMAND="-i ${i}.pp ${COMMAND}" + done + + for i in ${POLICY_TYPES}; do + local LOCCOMMAND + local LOCMODS + if [[ "${i}" != "targeted" ]]; then + LOCCOMMAND=$(echo "${COMMAND}" | sed -e 's:-i unconfined.pp::g'); + LOCMODS=$(echo "${MODS}" | sed -e 's: unconfined::g'); + else + LOCCOMMAND="${COMMAND}" + LOCMODS="${MODS}" + fi + einfo "Inserting the following modules, with base, into the $i module store: ${LOCMODS}" + + cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" + + semodule -s ${i} -b base.pp ${LOCCOMMAND} || die "Failed to load in base and modules ${LOCMODS} in the $i policy store" + done +} |