From 1db917368e8b018654342edf1a45fd8d888b5d41 Mon Sep 17 00:00:00 2001 From: Sven Vermeulen Date: Thu, 26 Sep 2013 17:28:38 +0000 Subject: Release 2.20130424-r3, fixing bugs #480628, #482196, #475432, #485304, #480870 and #428322 Package-Manager: portage-2.2.1/cvs/Linux x86_64 Manifest-Sign-Key: 0x2EDD52403B68AF47 --- sec-policy/selinux-base/ChangeLog | 9 +- sec-policy/selinux-base/Manifest | 20 ++- .../selinux-base/selinux-base-2.20130424-r3.ebuild | 161 +++++++++++++++++++++ 3 files changed, 185 insertions(+), 5 deletions(-) create mode 100644 sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild (limited to 'sec-policy/selinux-base') diff --git a/sec-policy/selinux-base/ChangeLog b/sec-policy/selinux-base/ChangeLog index e73e174c86e2..b9f16e12622e 100644 --- a/sec-policy/selinux-base/ChangeLog +++ b/sec-policy/selinux-base/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sec-policy/selinux-base # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.35 2013/08/15 09:39:28 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.36 2013/09/26 17:24:45 swift Exp $ + +*selinux-base-2.20130424-r3 (26 Sep 2013) + + 26 Sep 2013; Sven Vermeulen + +selinux-base-2.20130424-r3.ebuild: + Release 2.20130424-r3, fixing bugs #480628, #482196, #475432, #485304, #480870 + and #428322 15 Aug 2013; Sven Vermeulen selinux-base-9999.ebuild: Clean up generated cruft before building base policy - see bug 480628 diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest index e5a1ac4566a8..72fadc1e6296 100644 --- a/sec-policy/selinux-base/Manifest +++ b/sec-policy/selinux-base/Manifest @@ -11,6 +11,7 @@ DIST patchbundle-selinux-base-policy-2.20120725-r8.tar.bz2 335267 SHA256 17e5534 DIST patchbundle-selinux-base-policy-2.20120725-r9.tar.bz2 426009 SHA256 7abc4939838f69ad26100dc5f43358c5d9465db78acb0d343f59d59a02160591 SHA512 819075bb38f5a05f8eb1bb76157f911be5b71bb02d4789369e09b134241a9f776e660d02cea1cd2f5aae7aa93cfbc25cd3abe42fb1f9e4ccd9fdff8e6a45babe WHIRLPOOL 4ba77ea6e18f090d1e8a9d382adf28378d54bc5a6e1477733b46a3eef337b8159d5bdf702264aa54b3cb0881f1756790da906806d6fa5382424de95aeb864cec DIST patchbundle-selinux-base-policy-2.20130424-r1.tar.bz2 249865 SHA256 a2f6d0ed3c02839cf71f7f3b75d52fd2182e1a929107e8c4dced0f5a4e01ddae SHA512 71f99b3f727be56c98c8e5129362dcdc01361cf3471107de79ce26cb908b059f24db23918b03b6ae52f5f7742a2d5f47e13f428fd1eb41e8c42e8e16b57415b6 WHIRLPOOL 39bd60b23eeda705d083ebc60f048fedb49e70b71b6a56173a656608d9c11adb060d47e66439d4fb53ab6670ffd79e1152586fbc0e6e2601b5e5b19fe06e2f83 DIST patchbundle-selinux-base-policy-2.20130424-r2.tar.bz2 250772 SHA256 d7965b0c876a4b217cab35fcc4b709621d0e02ad21d7fed74fb588ea3125f06a SHA512 822f5c7905162e891989a43fd366f947bf1e34926d9eec6b2f2519348fa8430ae1c66914481973cac2ac128411dfa1ca9e3e9336c45bc1121fd8e83e9079ab14 WHIRLPOOL 1d213b77b87ad180da8bbda88aaf3e4bd7da14b397debc5df0696a7b6c28a72fceda600b1a62e17ada8dde8fcbace4e83f36e6b5a4da2cd11e38c92b46fb1a1d +DIST patchbundle-selinux-base-policy-2.20130424-r3.tar.bz2 284619 SHA256 0da814525b159863c7624e932b1c2205526cca645203063fbf55389387ba2ff3 SHA512 a690a0f8c05169eb5298db14d3fef31cab9003c60d4bb426d3d79b59275b2dffe0ab6f8cb2b74c00698603e5baad6252ff922e581a90d7e200df213eb39e01e9 WHIRLPOOL 9c2a2dbe1c4501f25b5591d714952a69d5db5d448b7977c669553f635d3f787dea778b99218b9a5123d72193404760b2d8d6c32d570207781c8ca236efd4f49d DIST refpolicy-2.20120725.tar.bz2 594120 SHA256 7cd46ed908a4001368e6509d93e306ec6c9af2bfa6b70db88c9eaaefe257c635 SHA512 9cbe27fe30460c018da2bb3d94f321d656a259bf4f2e7ce6c2b015d02b5801de8a68c765c154c30ba5abf4f986957c9f303fc95b453f53db4fc4040443512333 WHIRLPOOL 107c10e89e99a3c63f8a806989e869dffd5baca1b9e41e2b02b12067a796d11abc87ac41a9c44a44a61215ed36df127f79e045b00cfb67d3c5318a766ff78b89 DIST refpolicy-2.20130424.tar.bz2 649845 SHA256 6039ba854f244a39dc727cc7db25632f7b933bb271c803772d754d4354f5aef4 SHA512 82ab38bc3425eb4b7d50c42564ebc28603e32e6f3266da164502f0cdc3a2f6bfe457518297824cb78f6f94211f9823fbc7254bb9e1d9df1cc7f284d326299705 WHIRLPOOL ba7539261a072d33e34afb940a1899ccdb2493c3b11eea3b166b9eb565478fd93cf580d09ef016f799a5dd5a4452086a623f9b3f38fbfb9a812e6e31bcd68e25 EBUILD selinux-base-2.20120725-r10.ebuild 4453 SHA256 41d014f4b0434050b18bd6eb174236fd815de9f0ddc0a818099dcfe4919cd102 SHA512 70dadf75b28d77783395f3153e4ea6679a274684a053e7cb2359db94d3d02a62f62e37fb1c239e9d1cd81ede8d66984415aa25af07e53c15c3b382c6856e984e WHIRLPOOL dde22fb3df31b28a1fced3251794e1a769a9db875deb14b0271e431dc1ec61f867c7a410ff4b7dc918e0e6d4e2a76873c95f83dc6734878270993b77fa58c3b8 @@ -22,13 +23,24 @@ EBUILD selinux-base-2.20120725-r8.ebuild 4168 SHA256 56b1379b8849ee4c610aff72746 EBUILD selinux-base-2.20120725-r9.ebuild 4452 SHA256 5bae3574a7be5837858a354c3587ca475bd209ef59e15b48dc2060a4e4194bee SHA512 07aa6e752df0b5c24ade53494b1b04d724011dd5e5c219a31e819bc1b465de6537b4791dd49a16b8b65a84a80b0b2ec567708dd163e27278a7706cfa7584c005 WHIRLPOOL c35df4248120889a6b0ee84bb1eaeed8bac3d7ea4873dc79de5cd31185abf98479cfa96b2ef01c725e26ccede4599b53330c6d35e508630f258b9146b0708a53 EBUILD selinux-base-2.20130424-r1.ebuild 4489 SHA256 9799bbe46cb1bae05e7b67c06aad7659a2eed4c1d27b1277fef47a2a0986f807 SHA512 fabc32275583875881623b5e428b1c12d1534f4b604928443d1f802c5e3a2e3e63b1fbfb2467af6581bfdd80913c28e3e26aee6053d225d54d0538b6439788af WHIRLPOOL f49b11b87e72664faf52d82427488460a3e5991c19636c2f00b876c7df06f17a75e3eb7c68a36d8c07cce4dc272249f2730e6f404765baea89eb014b3c518399 EBUILD selinux-base-2.20130424-r2.ebuild 4489 SHA256 ca7a03e538f30f4e407376e66a2561ea052d4fbbe8ee947ad89ae679a8d7ce9d SHA512 e3d3dc47a98c060cba1ed2eef34defab730237d14fcbc7963059885bcd1f964a0c2f58e932f7b109fa5ffd109be3700930e70af7c3acdcf04e8c3386b9359802 WHIRLPOOL ec19eed32b33f289a0186f0e68b7a55de5a83f2e4e3534f497514d2a787d225a5aed5fc96026d11c58f72a810e1ff7eb1ced2498a5175adfb4e2794aef742dee +EBUILD selinux-base-2.20130424-r3.ebuild 4502 SHA256 96d8c2b6a6ed3d6fac3c02afabca02265b1dea6ec75a64b67c4f2842e1eabdb5 SHA512 be20508336724f1d9f51c26a7a2dea4ff5360e3473f5689a0220974af40766a63d4c9cc04611578a5b7efcba99cc3609355a42973b08c8fe238abb7ec8e1985e WHIRLPOOL 684fec1cfc3c06d8eb5c0b47b87c8617114e73355728e46af12a3318c6968ea259cb51328e2b5d7f4a53b230882025d603b361f62e71ed06165fcb5decf7ac35 EBUILD selinux-base-9999.ebuild 4179 SHA256 2fae8dae1816224ba23c76cf595bb92c61816d9378ced42e187de2a1d2a07f3f SHA512 01621a086577cc7378b66c61a368b3e8df2648ed1ec843e006302aeb50d07a7e69c8f26b1b8243287e05ff32ca208168f0521e07399b11ce5c56d8ec464c2a57 WHIRLPOOL f46949ae06095e8c4dd7e69cd5747c1d16cd1230710308e219a7eeb32bd4303d36be502a55831234491029af9a1d4f80aaf0a4f712050a46d895f93eda3f4d6d -MISC ChangeLog 6034 SHA256 28509d18c5399bae3d7899699bc9fc2fa1d3f6637dba334665bb5a122ace8480 SHA512 946cce8c9a9b2a435204380d4b838f49a7edf88a0c812d904fb7b2085f94b0561e418518f8152af97bc5c5ab48561a27bbd988bdc53698056f3d68ff6885f0cd WHIRLPOOL 4bbd5968da42d52ef3b104858a40fb8d0e56a9f35b4a75589de0712a2c44504a706cd6c2827bbd05fe532417cbf9764913aaf80660ca63a702afcb389231038d +MISC ChangeLog 6260 SHA256 ada976e275d877e921cbd271fe64ef2c2f1175ca29d33f6eb2cdfe57361d3987 SHA512 3e527b43b307179ddd70ed39827a0617b7e06cd7ab2a7e7602897c98efbc62b557ac4e82e1315c8c411f46cd32fed8b59947590e233125487bd9120fff86bb16 WHIRLPOOL 00fcc409b7ed0d2d94a24dd23f716de9746897fbbfdace66e726598a10b098159bd362e392b6b309b2781ba9a1b122de9ab10b0a31784a4411c08bd5282c4d5b MISC metadata.xml 753 SHA256 2542c8e9c994b3b2699d601ba980a8daef2288b5ad199867764f607978ddee67 SHA512 d5e803494fe0831fdddada0f1f464c941d93896afa19d9d1005daa8a4ebea7b20f905e6d0d89dd10ff1aceaee0c7c41c190f16b68bf4466c0f75d3a6110b8df0 WHIRLPOOL cd2535802ffacbdae1ff1787aa203311330202cb08df488dae59b178b102b818766d2320fe62de3cf7710047e8cafa6a41963381655d9fd5fb4c75a232decd52 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) -iEYEAREIAAYFAlIMoY8ACgkQXfqz7M26L9sRYACfdtnZZrAxO9+zuIgnliDjuV+3 -H6YAn2e/i+hVj3HbjxB5FFqJJKZYRmN9 -=TJ8g +iQIcBAEBCAAGBQJSRG4zAAoJEC7dUkA7aK9HpAgP/19vPzRpiQEPLpCChSqOnwyf +XeNwjmnOF35Uy/EvVyPsIPH7pz1681cwFQ7WJrIqdeJa/fzbFPbxlWICM81j8xtr +aZy4uALOF+BE5uzyRyH3S+s4vSHNXG8XZ2QaVvHbPXnVfP5RlPmSf+JzMgJg+bBB +GuEeHr0GGFTOwTDW1APQf0GTVCqPmGruXxZLzpi1xuNoMZC/dGZMINX6wweH0F6o +AIj15DORucbuR739eZhOFDDUEAsNE4dxol6zMcQnivAvaWntmgJp3QmtEmW1jdYp +9mtC5zdF5Q8TCXEKJGtYyKzOhxK4JZYTM7TTnjRxRAuvBG2qDpVEaHhqXalhFtQ9 +dbiyzw8MoMdGSEkKnllTbGQw+zARmSz6h+/wHGmyE8q0qNDzQj9qOIxc75qPlnRr +NCf1OZez93o78GcnC+UoqOkK/WU8Q2Af2+pyjW3stZsswQxtUOJzb5YeZPS5CInP +XLra4M6rIM9OtkXeoX07YsT4m3aE1yA2mxQtydHF8qy4YJ67ocEHF7h+Oe+vBLz4 +CXEZUq8RNgqk+2vy75h/tlPOHwKusmYnguDWPhEKURrmneCUhJx4olUrz1pighwF +grqOmhWU4RSEpq80jxp3dDtWFFBW45bGaV2wUDu/vlo0Oun7dPLXANcvKi2v+527 +rTfaBw6W4lu8oACu5a8g +=sN90 -----END PGP SIGNATURE----- diff --git a/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild b/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild new file mode 100644 index 000000000000..7b83352ca432 --- /dev/null +++ b/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20130424-r3.ebuild,v 1.1 2013/09/26 17:24:45 swift Exp $ +EAPI="4" + +inherit eutils + +IUSE="+peer_perms +open_perms +ubac +unconfined doc" + +DESCRIPTION="Gentoo base policy for SELinux" +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" +SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 + http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" +LICENSE="GPL-2" +SLOT="0" + +KEYWORDS="~amd64 ~x86" + +RDEPEND=">=sys-apps/policycoreutils-2.1.10 + virtual/udev + !<=sec-policy/selinux-base-policy-2.20130424" +DEPEND="${RDEPEND} + sys-devel/m4 + >=sys-apps/checkpolicy-2.1.8" + +S=${WORKDIR}/ + +src_prepare() { + # Apply the gentoo patches to the policy. These patches are only necessary + # for base policies, or for interface changes on modules. + EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ + EPATCH_SUFFIX="patch" \ + EPATCH_SOURCE="${WORKDIR}" \ + EPATCH_FORCE="yes" \ + epatch + + cd "${S}/refpolicy" + make bare + # Fix bug 257111 - Correct the initial sid for cron-started jobs in the + # system_r role + sed -i -e 's:system_crond_t:system_cronjob_t:g' \ + "${S}/refpolicy/config/appconfig-standard/default_contexts" + sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ + "${S}/refpolicy/config/appconfig-mls/default_contexts" + sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ + "${S}/refpolicy/config/appconfig-mcs/default_contexts" + + epatch_user +} + +src_configure() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + # Update the SELinux refpolicy capabilities based on the users' USE flags. + + if ! use peer_perms; then + sed -i -e '/network_peer_controls/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use open_perms; then + sed -i -e '/open_perms/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use ubac; then + sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ + || die "Failed to disable User Based Access Control" + fi + + echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" + + # Prepare initial configuration + cd "${S}/refpolicy"; + make conf || die "Make conf failed" + + # Setup the policies based on the types delivered by the end user. + # These types can be "targeted", "strict", "mcs" and "mls". + for i in ${POLICY_TYPES}; do + cp -a "${S}/refpolicy" "${S}/${i}" + cd "${S}/${i}"; + + #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf" + sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" + + sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ + "${S}/${i}/build.conf" || die "build.conf setup failed." + + if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; + then + # MCS/MLS require additional settings + sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ + || die "failed to set type to mls" + fi + + if [ "${i}" == "targeted" ]; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-standard/seusers" \ + || die "targeted seusers setup failed." + fi + + if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-${i}/seusers" \ + || die "policy seusers setup failed." + fi + done +} + +src_compile() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + make base || die "${i} compile failed" + if use doc; then + make html || die + fi + done +} + +src_install() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + + make DESTDIR="${D}" install \ + || die "${i} install failed." + + make DESTDIR="${D}" install-headers \ + || die "${i} headers install failed." + + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" + + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" + + # libsemanage won't make this on its own + keepdir "/etc/selinux/${i}/policy" + + if use doc; then + dohtml doc/html/*; + fi + + insinto /usr/share/selinux/devel; + doins doc/policy.xml; + + done + + dodoc doc/Makefile.example doc/example.{te,fc,if} + + doman man/man8/*.8; + + insinto /etc/selinux + doins "${FILESDIR}/config" +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-2.20101213-r13" + previous_less_than_r13=$? +} -- cgit v1.2.3-65-gdbad