new release

4 files changed, 105 insertions, 5 deletions

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index 39ab5630d264..06960dffbb54 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sec-policy/selinux-base-policy
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.26 2004/06/28 00:10:36 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.27 2004/06/30 00:28:52 pebenito Exp $
+
+*selinux-base-policy-20040629 (29 Jun 2004)
+
+  29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040629.ebuild:
+  Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
+  ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
+  breakage fixed, put back manual PaX policy for pageexec/segmexec.
 
   16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
   selinux-base-policy-20040604.ebuild:
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 0599b5d23b53..7385e45530a5 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -3,16 +3,18 @@ Hash: SHA1
 
 MD5 3552d68f16615f11fa6fd0afbdc871be selinux-base-policy-20040604.ebuild 2673
 MD5 2e73809684fe415f46227077effb292a selinux-base-policy-20040225.ebuild 2217
-MD5 0f81d95b55b5ae6e975a337aa9c0a7ac ChangeLog 7688
+MD5 674034903cf497b7f46d20ed62479e1f selinux-base-policy-20040629.ebuild 2676
+MD5 f46fe24a0972386c043945f7391c4ee2 ChangeLog 8051
 MD5 1ec05b5603cc44bc8b406af4f6efd260 selinux-base-policy-20040509.ebuild 2673
 MD5 808b5f7f5d6654666e9193672d463229 metadata.xml 473
 MD5 7afea4eea1a3c5611ca773551fbd1bb5 files/digest-selinux-base-policy-20040225 80
 MD5 0c51e2c101c04d1a58f6da20add86a86 files/digest-selinux-base-policy-20040604 80
+MD5 b04dbcde2eb7e0f4177e3076075fe6ca files/digest-selinux-base-policy-20040629 80
 MD5 0671869ee0d92a38cfabe4491da88e1c files/digest-selinux-base-policy-20040509 80
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.4 (GNU/Linux)
 
-iD8DBQFA32JgGFJQsIJWJy4RAhvxAJ41SOCLik/xWWXSbx7r34Rb42M6dACePxBv
-qbfpjcOB0bbEIeUTd8m+Kho=
-=4hek
+iD8DBQFA4glQGFJQsIJWJy4RAop3AJ99WlaWmcB2Y2jT+hKVGH2ZJ4gBGgCeL/1t
+dX3ZvBpKRGDnI/FDhZXq3c8=
+=xNLz
 -----END PGP SIGNATURE-----
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040629 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040629
new file mode 100644
index 000000000000..d7060dfe3e2a
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040629
@@ -0,0 +1 @@
+MD5 fc887edb668623ab77c0696b99c7c0c2 selinux-base-policy-20040629.tar.bz2 69301
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-20040629.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-20040629.ebuild
new file mode 100644
index 000000000000..5464fe3a04ae
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-20040629.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-20040629.ebuild,v 1.1 2004/06/30 00:28:52 pebenito Exp $
+
+IUSE="build"
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="mirror://gentoo/${P}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc"
+DEPEND="build? ( sys-devel/make
+		 sys-devel/m4 )"
+RDEPEND="sys-devel/m4
+	 sys-devel/make"
+
+S=${WORKDIR}/base-policy
+
+[ -z ${POLICYDIR} ] && POLICYDIR="/etc/security/selinux/src/policy"
+
+# deprecated policies:
+DEPRECATED="domains/program/devfsd.te domains/program/opt.te
+	file_contexts/program/devfsd.fc file_contexts/program/opt.fc
+	file_contexts/users.fc"
+
+src_compile() {
+	return
+}
+
+src_install() {
+	if use build; then
+		# generate a file_contexts
+		dodir ${POLICYDIR}/file_contexts
+		einfo "Ignore the checkpolicy error on the next line."
+		make -C ${S} \
+			FC=${D}/${POLICYDIR}/file_contexts/file_contexts \
+			${D}/${POLICYDIR}/file_contexts/file_contexts
+
+		[ ! -f ${D}/${POLICYDIR}/file_contexts/file_contexts ] && \
+			die "file_contexts was not generated."
+	else
+		# install full policy
+		dodir /etc/security/selinux/src
+
+		insinto /etc/security
+		doins ${S}/appconfig/*
+
+		cp -a ${S} ${D}/${POLICYDIR}
+		rm -fR ${D}/${POLICYDIR}/appconfig
+	fi
+}
+
+pkg_postinst() {
+	local isdeprecated
+	echo
+	einfo "This is the base policy for SELinux on Gentoo.  This policy"
+	einfo "package only covers the applications in the system profile."
+	einfo "More policy may need to be added according to your requirements."
+	echo
+	eerror "It is STRONGLY suggested that you evaluate and merge the"
+	eerror "policy changes.  If any of the file contexts (*.fc) have"
+	eerror "changed, you should also relabel."
+	echo
+	ewarn "Please check the Changelog, there may be important information."
+	echo
+	echo
+
+	einfo "Checking for deprecated policy..."
+	for i in $DEPRECATED; do
+		if [ -f "${POLICYDIR}/${i}" ]; then
+			eerror "${POLICYDIR}/${i}"
+			isdeprecated="y"
+		fi
+	done
+	[ "${isdeprecated}" ] && \
+		eerror "The above policy file(s) should be removed if possible." || \
+		einfo "None found."
+
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	sleep 4
+}