Release 2.20130424-r3, fixing bugs #480628, #482196, #475432, #485304, #480870 and #428322

Package-Manager: portage-2.2.1/cvs/Linux x86_64 Manifest-Sign-Key: 0x2EDD52403B68AF47
author: Sven Vermeulen <swift@gentoo.org> 2013-09-26 17:28:38 +0000
committer: Sven Vermeulen <swift@gentoo.org> 2013-09-26 17:28:38 +0000
commit: 1db917368e8b018654342edf1a45fd8d888b5d41 (patch)
tree: c870d75519085aed999b1895abb28c15d2762887 /sec-policy/selinux-base
parent: Stable for arm, wrt bug #455464 (diff)
download: historical-1db917368e8b018654342edf1a45fd8d888b5d41.tar.gz
historical-1db917368e8b018654342edf1a45fd8d888b5d41.tar.bz2
historical-1db917368e8b018654342edf1a45fd8d888b5d41.zip
3 files changed, 185 insertions, 5 deletions
diff --git a/sec-policy/selinux-base/ChangeLog b/sec-policy/selinux-base/ChangeLog
index e73e174c86e2..b9f16e12622e 100644
--- a/sec-policy/selinux-base/ChangeLog
+++ b/sec-policy/selinux-base/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sec-policy/selinux-base
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.35 2013/08/15 09:39:28 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.36 2013/09/26 17:24:45 swift Exp $
+
+*selinux-base-2.20130424-r3 (26 Sep 2013)
+
+  26 Sep 2013; Sven Vermeulen <swift@gentoo.org>
+  +selinux-base-2.20130424-r3.ebuild:
+  Release 2.20130424-r3, fixing bugs #480628, #482196, #475432, #485304, #480870
+  and #428322
 
   15 Aug 2013; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
   Clean up generated cruft before building base policy - see bug 480628
diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest
index e5a1ac4566a8..72fadc1e6296 100644
--- a/sec-policy/selinux-base/Manifest
+++ b/sec-policy/selinux-base/Manifest
@@ -11,6 +11,7 @@ DIST patchbundle-selinux-base-policy-2.20120725-r8.tar.bz2 335267 SHA256 17e5534
 DIST patchbundle-selinux-base-policy-2.20120725-r9.tar.bz2 426009 SHA256 7abc4939838f69ad26100dc5f43358c5d9465db78acb0d343f59d59a02160591 SHA512 819075bb38f5a05f8eb1bb76157f911be5b71bb02d4789369e09b134241a9f776e660d02cea1cd2f5aae7aa93cfbc25cd3abe42fb1f9e4ccd9fdff8e6a45babe WHIRLPOOL 4ba77ea6e18f090d1e8a9d382adf28378d54bc5a6e1477733b46a3eef337b8159d5bdf702264aa54b3cb0881f1756790da906806d6fa5382424de95aeb864cec
 DIST patchbundle-selinux-base-policy-2.20130424-r1.tar.bz2 249865 SHA256 a2f6d0ed3c02839cf71f7f3b75d52fd2182e1a929107e8c4dced0f5a4e01ddae SHA512 71f99b3f727be56c98c8e5129362dcdc01361cf3471107de79ce26cb908b059f24db23918b03b6ae52f5f7742a2d5f47e13f428fd1eb41e8c42e8e16b57415b6 WHIRLPOOL 39bd60b23eeda705d083ebc60f048fedb49e70b71b6a56173a656608d9c11adb060d47e66439d4fb53ab6670ffd79e1152586fbc0e6e2601b5e5b19fe06e2f83
 DIST patchbundle-selinux-base-policy-2.20130424-r2.tar.bz2 250772 SHA256 d7965b0c876a4b217cab35fcc4b709621d0e02ad21d7fed74fb588ea3125f06a SHA512 822f5c7905162e891989a43fd366f947bf1e34926d9eec6b2f2519348fa8430ae1c66914481973cac2ac128411dfa1ca9e3e9336c45bc1121fd8e83e9079ab14 WHIRLPOOL 1d213b77b87ad180da8bbda88aaf3e4bd7da14b397debc5df0696a7b6c28a72fceda600b1a62e17ada8dde8fcbace4e83f36e6b5a4da2cd11e38c92b46fb1a1d
+DIST patchbundle-selinux-base-policy-2.20130424-r3.tar.bz2 284619 SHA256 0da814525b159863c7624e932b1c2205526cca645203063fbf55389387ba2ff3 SHA512 a690a0f8c05169eb5298db14d3fef31cab9003c60d4bb426d3d79b59275b2dffe0ab6f8cb2b74c00698603e5baad6252ff922e581a90d7e200df213eb39e01e9 WHIRLPOOL 9c2a2dbe1c4501f25b5591d714952a69d5db5d448b7977c669553f635d3f787dea778b99218b9a5123d72193404760b2d8d6c32d570207781c8ca236efd4f49d
 DIST refpolicy-2.20120725.tar.bz2 594120 SHA256 7cd46ed908a4001368e6509d93e306ec6c9af2bfa6b70db88c9eaaefe257c635 SHA512 9cbe27fe30460c018da2bb3d94f321d656a259bf4f2e7ce6c2b015d02b5801de8a68c765c154c30ba5abf4f986957c9f303fc95b453f53db4fc4040443512333 WHIRLPOOL 107c10e89e99a3c63f8a806989e869dffd5baca1b9e41e2b02b12067a796d11abc87ac41a9c44a44a61215ed36df127f79e045b00cfb67d3c5318a766ff78b89
 DIST refpolicy-2.20130424.tar.bz2 649845 SHA256 6039ba854f244a39dc727cc7db25632f7b933bb271c803772d754d4354f5aef4 SHA512 82ab38bc3425eb4b7d50c42564ebc28603e32e6f3266da164502f0cdc3a2f6bfe457518297824cb78f6f94211f9823fbc7254bb9e1d9df1cc7f284d326299705 WHIRLPOOL ba7539261a072d33e34afb940a1899ccdb2493c3b11eea3b166b9eb565478fd93cf580d09ef016f799a5dd5a4452086a623f9b3f38fbfb9a812e6e31bcd68e25
 EBUILD selinux-base-2.20120725-r10.ebuild 4453 SHA256 41d014f4b0434050b18bd6eb174236fd815de9f0ddc0a818099dcfe4919cd102 SHA512 70dadf75b28d77783395f3153e4ea6679a274684a053e7cb2359db94d3d02a62f62e37fb1c239e9d1cd81ede8d66984415aa25af07e53c15c3b382c6856e984e WHIRLPOOL dde22fb3df31b28a1fced3251794e1a769a9db875deb14b0271e431dc1ec61f867c7a410ff4b7dc918e0e6d4e2a76873c95f83dc6734878270993b77fa58c3b8
@@ -22,13 +23,24 @@ EBUILD selinux-base-2.20120725-r8.ebuild 4168 SHA256 56b1379b8849ee4c610aff72746
 EBUILD selinux-base-2.20120725-r9.ebuild 4452 SHA256 5bae3574a7be5837858a354c3587ca475bd209ef59e15b48dc2060a4e4194bee SHA512 07aa6e752df0b5c24ade53494b1b04d724011dd5e5c219a31e819bc1b465de6537b4791dd49a16b8b65a84a80b0b2ec567708dd163e27278a7706cfa7584c005 WHIRLPOOL c35df4248120889a6b0ee84bb1eaeed8bac3d7ea4873dc79de5cd31185abf98479cfa96b2ef01c725e26ccede4599b53330c6d35e508630f258b9146b0708a53
 EBUILD selinux-base-2.20130424-r1.ebuild 4489 SHA256 9799bbe46cb1bae05e7b67c06aad7659a2eed4c1d27b1277fef47a2a0986f807 SHA512 fabc32275583875881623b5e428b1c12d1534f4b604928443d1f802c5e3a2e3e63b1fbfb2467af6581bfdd80913c28e3e26aee6053d225d54d0538b6439788af WHIRLPOOL f49b11b87e72664faf52d82427488460a3e5991c19636c2f00b876c7df06f17a75e3eb7c68a36d8c07cce4dc272249f2730e6f404765baea89eb014b3c518399
 EBUILD selinux-base-2.20130424-r2.ebuild 4489 SHA256 ca7a03e538f30f4e407376e66a2561ea052d4fbbe8ee947ad89ae679a8d7ce9d SHA512 e3d3dc47a98c060cba1ed2eef34defab730237d14fcbc7963059885bcd1f964a0c2f58e932f7b109fa5ffd109be3700930e70af7c3acdcf04e8c3386b9359802 WHIRLPOOL ec19eed32b33f289a0186f0e68b7a55de5a83f2e4e3534f497514d2a787d225a5aed5fc96026d11c58f72a810e1ff7eb1ced2498a5175adfb4e2794aef742dee
+EBUILD selinux-base-2.20130424-r3.ebuild 4502 SHA256 96d8c2b6a6ed3d6fac3c02afabca02265b1dea6ec75a64b67c4f2842e1eabdb5 SHA512 be20508336724f1d9f51c26a7a2dea4ff5360e3473f5689a0220974af40766a63d4c9cc04611578a5b7efcba99cc3609355a42973b08c8fe238abb7ec8e1985e WHIRLPOOL 684fec1cfc3c06d8eb5c0b47b87c8617114e73355728e46af12a3318c6968ea259cb51328e2b5d7f4a53b230882025d603b361f62e71ed06165fcb5decf7ac35
 EBUILD selinux-base-9999.ebuild 4179 SHA256 2fae8dae1816224ba23c76cf595bb92c61816d9378ced42e187de2a1d2a07f3f SHA512 01621a086577cc7378b66c61a368b3e8df2648ed1ec843e006302aeb50d07a7e69c8f26b1b8243287e05ff32ca208168f0521e07399b11ce5c56d8ec464c2a57 WHIRLPOOL f46949ae06095e8c4dd7e69cd5747c1d16cd1230710308e219a7eeb32bd4303d36be502a55831234491029af9a1d4f80aaf0a4f712050a46d895f93eda3f4d6d
-MISC ChangeLog 6034 SHA256 28509d18c5399bae3d7899699bc9fc2fa1d3f6637dba334665bb5a122ace8480 SHA512 946cce8c9a9b2a435204380d4b838f49a7edf88a0c812d904fb7b2085f94b0561e418518f8152af97bc5c5ab48561a27bbd988bdc53698056f3d68ff6885f0cd WHIRLPOOL 4bbd5968da42d52ef3b104858a40fb8d0e56a9f35b4a75589de0712a2c44504a706cd6c2827bbd05fe532417cbf9764913aaf80660ca63a702afcb389231038d
+MISC ChangeLog 6260 SHA256 ada976e275d877e921cbd271fe64ef2c2f1175ca29d33f6eb2cdfe57361d3987 SHA512 3e527b43b307179ddd70ed39827a0617b7e06cd7ab2a7e7602897c98efbc62b557ac4e82e1315c8c411f46cd32fed8b59947590e233125487bd9120fff86bb16 WHIRLPOOL 00fcc409b7ed0d2d94a24dd23f716de9746897fbbfdace66e726598a10b098159bd362e392b6b309b2781ba9a1b122de9ab10b0a31784a4411c08bd5282c4d5b
 MISC metadata.xml 753 SHA256 2542c8e9c994b3b2699d601ba980a8daef2288b5ad199867764f607978ddee67 SHA512 d5e803494fe0831fdddada0f1f464c941d93896afa19d9d1005daa8a4ebea7b20f905e6d0d89dd10ff1aceaee0c7c41c190f16b68bf4466c0f75d3a6110b8df0 WHIRLPOOL cd2535802ffacbdae1ff1787aa203311330202cb08df488dae59b178b102b818766d2320fe62de3cf7710047e8cafa6a41963381655d9fd5fb4c75a232decd52
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.20 (GNU/Linux)
 
-iEYEAREIAAYFAlIMoY8ACgkQXfqz7M26L9sRYACfdtnZZrAxO9+zuIgnliDjuV+3
-H6YAn2e/i+hVj3HbjxB5FFqJJKZYRmN9
-=TJ8g
+iQIcBAEBCAAGBQJSRG4zAAoJEC7dUkA7aK9HpAgP/19vPzRpiQEPLpCChSqOnwyf
+XeNwjmnOF35Uy/EvVyPsIPH7pz1681cwFQ7WJrIqdeJa/fzbFPbxlWICM81j8xtr
+aZy4uALOF+BE5uzyRyH3S+s4vSHNXG8XZ2QaVvHbPXnVfP5RlPmSf+JzMgJg+bBB
+GuEeHr0GGFTOwTDW1APQf0GTVCqPmGruXxZLzpi1xuNoMZC/dGZMINX6wweH0F6o
+AIj15DORucbuR739eZhOFDDUEAsNE4dxol6zMcQnivAvaWntmgJp3QmtEmW1jdYp
+9mtC5zdF5Q8TCXEKJGtYyKzOhxK4JZYTM7TTnjRxRAuvBG2qDpVEaHhqXalhFtQ9
+dbiyzw8MoMdGSEkKnllTbGQw+zARmSz6h+/wHGmyE8q0qNDzQj9qOIxc75qPlnRr
+NCf1OZez93o78GcnC+UoqOkK/WU8Q2Af2+pyjW3stZsswQxtUOJzb5YeZPS5CInP
+XLra4M6rIM9OtkXeoX07YsT4m3aE1yA2mxQtydHF8qy4YJ67ocEHF7h+Oe+vBLz4
+CXEZUq8RNgqk+2vy75h/tlPOHwKusmYnguDWPhEKURrmneCUhJx4olUrz1pighwF
+grqOmhWU4RSEpq80jxp3dDtWFFBW45bGaV2wUDu/vlo0Oun7dPLXANcvKi2v+527
+rTfaBw6W4lu8oACu5a8g
+=sN90
 -----END PGP SIGNATURE-----
diff --git a/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild b/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild
new file mode 100644
index 000000000000..7b83352ca432
--- /dev/null
+++ b/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild,v 1.1 2013/09/26 17:24:45 swift Exp $
+EAPI="4"
+
+inherit eutils
+
+IUSE="+peer_perms +open_perms +ubac +unconfined doc"
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
+	http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-2.1.10
+	virtual/udev
+	!<=sec-policy/selinux-base-policy-2.20130424"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-2.1.8"
+
+S=${WORKDIR}/
+
+src_prepare() {
+	# Apply the gentoo patches to the policy. These patches are only necessary
+	# for base policies, or for interface changes on modules.
+	EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
+	EPATCH_SUFFIX="patch" \
+	EPATCH_SOURCE="${WORKDIR}" \
+	EPATCH_FORCE="yes" \
+	epatch
+
+	cd "${S}/refpolicy"
+	make bare
+	# Fix bug 257111 - Correct the initial sid for cron-started jobs in the
+	# system_r role
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+		"${S}/refpolicy/config/appconfig-mls/default_contexts"
+	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+		"${S}/refpolicy/config/appconfig-mcs/default_contexts"
+
+	epatch_user
+}
+
+src_configure() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	# Update the SELinux refpolicy capabilities based on the users' USE flags.
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use ubac; then
+		sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
+			|| die "Failed to disable User Based Access Control"
+	fi
+
+	echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
+
+	# Prepare initial configuration
+	cd "${S}/refpolicy";
+	make conf || die "Make conf failed"
+
+	# Setup the policies based on the types delivered by the end user.
+	# These types can be "targeted", "strict", "mcs" and "mls".
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+		cd "${S}/${i}";
+
+		#cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
+		sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
+
+		sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
+			"${S}/${i}/build.conf" || die "build.conf setup failed."
+
+		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
+		then
+			# MCS/MLS require additional settings
+			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
+				|| die "failed to set type to mls"
+		fi
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+
+		if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-${i}/seusers" \
+			|| die "policy seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+		if use doc; then
+			make html || die
+		fi
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+
+		if use doc; then
+			dohtml doc/html/*;
+		fi
+
+		insinto /usr/share/selinux/devel;
+		doins doc/policy.xml;
+
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	doman man/man8/*.8;
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
author	Sven Vermeulen <swift@gentoo.org>	2013-09-26 17:28:38 +0000
committer	Sven Vermeulen <swift@gentoo.org>	2013-09-26 17:28:38 +0000
commit	1db917368e8b018654342edf1a45fd8d888b5d41 (patch)
tree	c870d75519085aed999b1895abb28c15d2762887 /sec-policy/selinux-base
parent	Stable for arm, wrt bug #455464 (diff)
download	historical-1db917368e8b018654342edf1a45fd8d888b5d41.tar.gz historical-1db917368e8b018654342edf1a45fd8d888b5d41.tar.bz2 historical-1db917368e8b018654342edf1a45fd8d888b5d41.zip