diff options
| author |   Sven Vermeulen <swift@gentoo.org> | 2014-03-21 19:17:20 +0000 |
|---|---|---|
| committer | Sven Vermeulen <swift@gentoo.org> | 2014-03-21 19:17:20 +0000 |
| commit | bd9731abf24e85df5688ee46ed8b9de40a4334f2 (patch) | |
| tree | 27d580748cce20e8d0b32f86ccf5af401f25a23b /sec-policy/selinux-base | |
| parent | Revision bump to EAPI 5. (diff) | |
| download | historical-bd9731abf24e85df5688ee46ed8b9de40a4334f2.tar.gz historical-bd9731abf24e85df5688ee46ed8b9de40a4334f2.tar.bz2 historical-bd9731abf24e85df5688ee46ed8b9de40a4334f2.zip | |
New upstream refpolicy release
Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0x2EDD52403B68AF47
Diffstat (limited to 'sec-policy/selinux-base')
| -rw-r--r-- | sec-policy/selinux-base/ChangeLog | 8 | ||||
| -rw-r--r-- | sec-policy/selinux-base/Manifest | 31 | ||||
| -rw-r--r-- | sec-policy/selinux-base/selinux-base-2.20140311-r1.ebuild | 161 |
3 files changed, 185 insertions, 15 deletions
diff --git a/sec-policy/selinux-base/ChangeLog b/sec-policy/selinux-base/ChangeLog index 5c35809194cc..9fa4bc8b78c6 100644 --- a/sec-policy/selinux-base/ChangeLog +++ b/sec-policy/selinux-base/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sec-policy/selinux-base # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.38 2014/01/12 20:22:22 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.39 2014/03/21 19:13:35 swift Exp $ + +*selinux-base-2.20140311-r1 (21 Mar 2014) + + 21 Mar 2014; Sven Vermeulen <swift@gentoo.org> + +selinux-base-2.20140311-r1.ebuild: + New upstream refpolicy release 12 Jan 2014; Sven Vermeulen <swift@gentoo.org> selinux-base-2.20130424-r4.ebuild: diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest index 24c643ceef8c..19ea6489e979 100644 --- a/sec-policy/selinux-base/Manifest +++ b/sec-policy/selinux-base/Manifest @@ -13,8 +13,10 @@ DIST patchbundle-selinux-base-policy-2.20130424-r1.tar.bz2 249865 SHA256 a2f6d0e DIST patchbundle-selinux-base-policy-2.20130424-r2.tar.bz2 250772 SHA256 d7965b0c876a4b217cab35fcc4b709621d0e02ad21d7fed74fb588ea3125f06a SHA512 822f5c7905162e891989a43fd366f947bf1e34926d9eec6b2f2519348fa8430ae1c66914481973cac2ac128411dfa1ca9e3e9336c45bc1121fd8e83e9079ab14 WHIRLPOOL 1d213b77b87ad180da8bbda88aaf3e4bd7da14b397debc5df0696a7b6c28a72fceda600b1a62e17ada8dde8fcbace4e83f36e6b5a4da2cd11e38c92b46fb1a1d DIST patchbundle-selinux-base-policy-2.20130424-r3.tar.bz2 284619 SHA256 0da814525b159863c7624e932b1c2205526cca645203063fbf55389387ba2ff3 SHA512 a690a0f8c05169eb5298db14d3fef31cab9003c60d4bb426d3d79b59275b2dffe0ab6f8cb2b74c00698603e5baad6252ff922e581a90d7e200df213eb39e01e9 WHIRLPOOL 9c2a2dbe1c4501f25b5591d714952a69d5db5d448b7977c669553f635d3f787dea778b99218b9a5123d72193404760b2d8d6c32d570207781c8ca236efd4f49d DIST patchbundle-selinux-base-policy-2.20130424-r4.tar.bz2 293227 SHA256 b5b115da4cc69960024cf716ca4c637591230918248976b7d359c03390964fbd SHA512 d766b2691d0a56cbe6786a29f2b2d047c7990d02823848486b48f5774ba1f403f6ff93c05f51ce586842ccf9d6b0e3efb1557c0d2d39689a2d536075e1b0e1dd WHIRLPOOL 6acdab5db1baeadee838995d92c9cfb2de153c2e1d5512d74aecbd0ae4789b297f433ca83114231f0b7c636fc7122d48245b291d1560fcdd6df6c4a2f542ac37 +DIST patchbundle-selinux-base-policy-2.20140311-r1.tar.bz2 259943 SHA256 0444ad505802b730dcc47daae8341de4f1a2f1cfebf85d90fcfe057cbc7aeb4f SHA512 d660442fdb92227a08d453a6e5678dfa63c1fe16172d05bc04ccc2a3e0860ec494a5747fa7baab794171e3bc6738b507e05b01485d3ed7e32ec2e2bd36fca5dd WHIRLPOOL 262421e7bbd1561e326f0616a36b8f3084a3bee4225526c00b1031a98dd31ca8d7266f3e696069bd8d347327ffebb86c08abe5924e4b917f9cf1128ddd74e4bc DIST refpolicy-2.20120725.tar.bz2 594120 SHA256 7cd46ed908a4001368e6509d93e306ec6c9af2bfa6b70db88c9eaaefe257c635 SHA512 9cbe27fe30460c018da2bb3d94f321d656a259bf4f2e7ce6c2b015d02b5801de8a68c765c154c30ba5abf4f986957c9f303fc95b453f53db4fc4040443512333 WHIRLPOOL 107c10e89e99a3c63f8a806989e869dffd5baca1b9e41e2b02b12067a796d11abc87ac41a9c44a44a61215ed36df127f79e045b00cfb67d3c5318a766ff78b89 DIST refpolicy-2.20130424.tar.bz2 649845 SHA256 6039ba854f244a39dc727cc7db25632f7b933bb271c803772d754d4354f5aef4 SHA512 82ab38bc3425eb4b7d50c42564ebc28603e32e6f3266da164502f0cdc3a2f6bfe457518297824cb78f6f94211f9823fbc7254bb9e1d9df1cc7f284d326299705 WHIRLPOOL ba7539261a072d33e34afb940a1899ccdb2493c3b11eea3b166b9eb565478fd93cf580d09ef016f799a5dd5a4452086a623f9b3f38fbfb9a812e6e31bcd68e25 +DIST refpolicy-2.20140311.tar.bz2 664416 SHA256 f69437db95548c78a5dec44c236397146b144153149009ea554d2e536e5436f7 SHA512 50bacee82ed41ac8b8007ecc33bf51d22303cc2ddd27cfb72cb5520dab5f8e255186e34b89cec492c7a2d4220b200814bdede9b46c19f987a3d3d65a1c9b749a WHIRLPOOL e07480beba6ab1f02ad36b7d0c50c4a71cb39a8ec78bf8d1dc3c82bb9dd1d69d9169d7c937165ea15f60ce1147f256d46644f944107a3a8a800d5bad70d4c255 EBUILD selinux-base-2.20120725-r10.ebuild 4453 SHA256 41d014f4b0434050b18bd6eb174236fd815de9f0ddc0a818099dcfe4919cd102 SHA512 70dadf75b28d77783395f3153e4ea6679a274684a053e7cb2359db94d3d02a62f62e37fb1c239e9d1cd81ede8d66984415aa25af07e53c15c3b382c6856e984e WHIRLPOOL dde22fb3df31b28a1fced3251794e1a769a9db875deb14b0271e431dc1ec61f867c7a410ff4b7dc918e0e6d4e2a76873c95f83dc6734878270993b77fa58c3b8 EBUILD selinux-base-2.20120725-r11.ebuild 4453 SHA256 543ec64ab3798d6627e5f2a8006836476d663606a26f809418f1adcf5027e285 SHA512 b048dc544b84ea5148903121295232e0ad3a0165d99ffc7d21cd042c4b785bfd03b417d2f65d18d0bd560f38eccb9c25e965a27df339c66f5e5db078afaa2e73 WHIRLPOOL ce6d284a7572adf043f5ef984539a61ac7d94c8eecabf60446439ebc18901fd8e6cefafc1ce62b334665c327323e23cf7e77e6904b2fc8991402e797f4be826b EBUILD selinux-base-2.20120725-r12.ebuild 4476 SHA256 e7de5b76e8754e85b554f615a9a9c3a88bf534041cdfd10e68672c5615c611d7 SHA512 4cad1c818270a22bc8f43964f8311cdfc726ac725bd95c1d727df8cca20a91f8a288f1f6e557c9df9360c69ab199175cbc0501ada6b3073ddd4c171053a6d460 WHIRLPOOL 01cfbd471db0c001ce710503c08442c127adce3549faeda521ae85a6fc6d01a73a051c471ab3aa212319f82f3acca260a6a49f69451ba3669cdea695446db9d7 @@ -26,23 +28,24 @@ EBUILD selinux-base-2.20130424-r1.ebuild 4489 SHA256 9799bbe46cb1bae05e7b67c06aa EBUILD selinux-base-2.20130424-r2.ebuild 4489 SHA256 ca7a03e538f30f4e407376e66a2561ea052d4fbbe8ee947ad89ae679a8d7ce9d SHA512 e3d3dc47a98c060cba1ed2eef34defab730237d14fcbc7963059885bcd1f964a0c2f58e932f7b109fa5ffd109be3700930e70af7c3acdcf04e8c3386b9359802 WHIRLPOOL ec19eed32b33f289a0186f0e68b7a55de5a83f2e4e3534f497514d2a787d225a5aed5fc96026d11c58f72a810e1ff7eb1ced2498a5175adfb4e2794aef742dee EBUILD selinux-base-2.20130424-r3.ebuild 4502 SHA256 96d8c2b6a6ed3d6fac3c02afabca02265b1dea6ec75a64b67c4f2842e1eabdb5 SHA512 be20508336724f1d9f51c26a7a2dea4ff5360e3473f5689a0220974af40766a63d4c9cc04611578a5b7efcba99cc3609355a42973b08c8fe238abb7ec8e1985e WHIRLPOOL 684fec1cfc3c06d8eb5c0b47b87c8617114e73355728e46af12a3318c6968ea259cb51328e2b5d7f4a53b230882025d603b361f62e71ed06165fcb5decf7ac35 EBUILD selinux-base-2.20130424-r4.ebuild 4500 SHA256 01356e76ad48d082404afa8fcfd2b391a3d61a0f0db04e0356c5c015c24fd40b SHA512 f4acaceff837b7f8975207fcd51509d906a61fa82f9eb4dfbb89f8911e100281a9240e66203677e97a62d31cf389c1b47e9c32497002fc37e1b8082aaf00a1e2 WHIRLPOOL 7096a1c3d423e287f721c7c879c177a2af0ad6eaa67d965a9af7211b566905d91370bde2e82f66ff7e07729b5a0413026bfcc0191cb0b3f491ea2b08b80038ca +EBUILD selinux-base-2.20140311-r1.ebuild 4502 SHA256 bdba51dc0e2d4c7c2a6965e1d4b45e2a76d10ff0df96744694b17583cb62149f SHA512 f4d7dbdd5054f0182354a308dfda26158ad3e8462395444abcc4b2e855f373cd951d1f900ca6a6540cb0140af553f5b7c51a4277d14069e9a92382dd279a9173 WHIRLPOOL eef8eb62c6db18d378d1bbd59dbb86e681d6d90da8ce6c97a6763681903bb47dea922c2957b4260b2fe90be845f43170da411159cb9c375952380d92b7496d04 EBUILD selinux-base-9999.ebuild 4179 SHA256 2fae8dae1816224ba23c76cf595bb92c61816d9378ced42e187de2a1d2a07f3f SHA512 01621a086577cc7378b66c61a368b3e8df2648ed1ec843e006302aeb50d07a7e69c8f26b1b8243287e05ff32ca208168f0521e07399b11ce5c56d8ec464c2a57 WHIRLPOOL f46949ae06095e8c4dd7e69cd5747c1d16cd1230710308e219a7eeb32bd4303d36be502a55831234491029af9a1d4f80aaf0a4f712050a46d895f93eda3f4d6d -MISC ChangeLog 6531 SHA256 4cbaae38cb0dfd2c16197462dcfffa1ba624fa0523e510bf5446dad5ed57b4e7 SHA512 91cb597394289096dab2fd6af1f25dab0f80d26707c157a2d3d43bf1c982a50dfedd94f955f9f89bf0f7c0f64e417ecab36c68b0eed2719309de1a6c68e096ed WHIRLPOOL 89fcf92c3b81d93ad2db3d3a902b88bb1ca47251a7b75cea2baea1c5143585454da9e31022f40dc2c641c990110d928b6434208f8bd66e3c7791e43d6f7ffd09 +MISC ChangeLog 6695 SHA256 07972f4974d4a4ef4a90f4482f7d38894418a2444d57e3c13eb7624cc2107e0f SHA512 f4b02567077a9f310553b12de8acae5ca5789897918adfe415e367a889a0e295cf4e2adfeeaf48c13ec0223dd6c91dc73488d0eb1b15c4e02cf8d97786f57624 WHIRLPOOL 9a76baaea7179977d5d1deedd30d0a4ba6a3aa2ddf665821f5d58bb8e54955c2ab362282d5e02de5e8dc736e42bd103291afb19ba2296bc41eaef716b6778d4a MISC metadata.xml 753 SHA256 2542c8e9c994b3b2699d601ba980a8daef2288b5ad199867764f607978ddee67 SHA512 d5e803494fe0831fdddada0f1f464c941d93896afa19d9d1005daa8a4ebea7b20f905e6d0d89dd10ff1aceaee0c7c41c190f16b68bf4466c0f75d3a6110b8df0 WHIRLPOOL cd2535802ffacbdae1ff1787aa203311330202cb08df488dae59b178b102b818766d2320fe62de3cf7710047e8cafa6a41963381655d9fd5fb4c75a232decd52 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCAAGBQJS0vnMAAoJEC7dUkA7aK9HnKYP/0mwe1heehgZ6FKuswjaqZQD -9Mry3lcqIzfTGvxniQFcDWMnvnBK8eA4rFMkUCFMbaUHEAnRrjmHkp1WzPrl8wqg -aND7qtBd5Xibh+CDa3voHyYTYQSuU5A7INtE24Tn8IeUT1nrPKksixYk7e6L6UNC -l5rWcFWz51uUB9+gEZpMHXZZx6iJJImF4XdnZkfvoDfCSJWvDMd2bTlhFbyklZXl -zeifD57UmAZjxQClER+LM6nTCrSIisH6W9TitlTj1v8X0/eheokjGI2fA9tAagfo -LjlVUrYAbSjp8NM8/IaS5HBCOI/kZhWD1P4qFvQcFqxe1heN6DayLzHdLpmv5NHh -LF5FekXgXI/FZ9FYId0j+C7epZHEschO3FfK854EefY9kwNirDESagJb60M2ffFG -2v94/tRKs2SOKlciKJXYduPhPkYwIs1+lrH3HE40bhVjcZ774Jw7dbYFQrgp8S2a -qN64Yi1Ed2PBhIIhYfJVd/+dAwUlmxJlc5fKsQA+UbWXITHguj8yBUUzYjIDUWTy -2jV1zJQUhzkxIPbCGYcNl8d2RpiVSepOlke7yC061yXzK5/oHtZVnyitxHP69L/q -HRsk33ndmkNg0Ba5URSj80OrdPc/N61xya8Ppo0ppZ+oISDAR4lRllUtSnu6Qwxe -gzJc89kP66e+lO7fNJ/r -=AFnR +iQIcBAEBCAAGBQJTLI8zAAoJEC7dUkA7aK9HnMQP/A2VnM/xk9a+e4JOIP+s2hy1 +oohw7LUVaxgXQi6EAN8vehvXFu2ElNpgPFAuI6evczRb5BKD5GF37DT4iGb7LJFK +fi1Z6fTCK7bEGKa0BVOfu4GQXb/PrJtvy4l+bgbNURQkfkwcYmR1HBhblj1gNLjO +PWTwmguAtbyz/Ebue4zqkyIvOAroC+gSrJXHETUpigsQIqPML2jGWISuE9R6mYQv +8ELO0L09gNwKz9V0v5HU+iuFGai9qsHdo9EgyFMIYeSsNlx88PPXTx3iPiPZbQzy +g0a2zARAO3/w6UEVBEgFgz4fZEnTvwRMWvDvaIIWFtUndAIBDIWbC24dUmhhJOX4 +3a3QOabrav7lFsxmafoBu2rkKBTK1/d4hCsS+nN1y7zcDvQa04teRKtF7Lldrb3U +4CgG73I8ZhZ1ltClGjqkdpxN1s9cSnCMeXloRh3wBe2Ze5EWCANqkAP4WNaIEEWj +TDvhiRq5LR6x64Vmykvm59ak7YtqptHULMBtM3tWtgbkqpKZOaiY1OQjeW+uAtV3 +XcLAQoWVKq38VYNoY4U2rS9jV2gCNWGoEBFuKmfSp+0lP+lf0eDaaGVx2KrYyofl +8RS+JFQV6tmrU83iX/NINNwMoN9V4AoGRmraQ/KtvxLgt6A8MoDbrVaudwCZ45y/ +RI7f/EDL/fI/ud31BiuC +=3aNm -----END PGP SIGNATURE----- diff --git a/sec-policy/selinux-base/selinux-base-2.20140311-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20140311-r1.ebuild new file mode 100644 index 000000000000..402d8facc7ab --- /dev/null +++ b/sec-policy/selinux-base/selinux-base-2.20140311-r1.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r1.ebuild,v 1.1 2014/03/21 19:13:35 swift Exp $ +EAPI="4" + +inherit eutils + +IUSE="+peer_perms +open_perms +ubac +unconfined doc" + +DESCRIPTION="Gentoo base policy for SELinux" +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" +SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 + http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" +LICENSE="GPL-2" +SLOT="0" + +KEYWORDS="~amd64 ~x86" + +RDEPEND=">=sys-apps/policycoreutils-2.1.10 + virtual/udev + !<=sec-policy/selinux-base-policy-2.20130424" +DEPEND="${RDEPEND} + sys-devel/m4 + >=sys-apps/checkpolicy-2.1.8" + +S=${WORKDIR}/ + +src_prepare() { + # Apply the gentoo patches to the policy. These patches are only necessary + # for base policies, or for interface changes on modules. + EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ + EPATCH_SUFFIX="patch" \ + EPATCH_SOURCE="${WORKDIR}" \ + EPATCH_FORCE="yes" \ + epatch + + cd "${S}/refpolicy" + make bare + # Fix bug 257111 - Correct the initial sid for cron-started jobs in the + # system_r role + sed -i -e 's:system_crond_t:system_cronjob_t:g' \ + "${S}/refpolicy/config/appconfig-standard/default_contexts" + sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ + "${S}/refpolicy/config/appconfig-mls/default_contexts" + sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ + "${S}/refpolicy/config/appconfig-mcs/default_contexts" + + epatch_user +} + +src_configure() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + # Update the SELinux refpolicy capabilities based on the users' USE flags. + + if ! use peer_perms; then + sed -i -e '/network_peer_controls/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use open_perms; then + sed -i -e '/open_perms/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use ubac; then + sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ + || die "Failed to disable User Based Access Control" + fi + + echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" + + # Prepare initial configuration + cd "${S}/refpolicy"; + make conf || die "Make conf failed" + + # Setup the policies based on the types delivered by the end user. + # These types can be "targeted", "strict", "mcs" and "mls". + for i in ${POLICY_TYPES}; do + cp -a "${S}/refpolicy" "${S}/${i}" + cd "${S}/${i}"; + + #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf" + sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" + + sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ + "${S}/${i}/build.conf" || die "build.conf setup failed." + + if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; + then + # MCS/MLS require additional settings + sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ + || die "failed to set type to mls" + fi + + if [ "${i}" == "targeted" ]; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-standard/seusers" \ + || die "targeted seusers setup failed." + fi + + if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-${i}/seusers" \ + || die "policy seusers setup failed." + fi + done +} + +src_compile() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + make base || die "${i} compile failed" + if use doc; then + make html || die + fi + done +} + +src_install() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + + make DESTDIR="${D}" install \ + || die "${i} install failed." + + make DESTDIR="${D}" install-headers \ + || die "${i} headers install failed." + + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" + + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" + + # libsemanage won't make this on its own + keepdir "/etc/selinux/${i}/policy" + + if use doc; then + dohtml doc/html/*; + fi + + insinto /usr/share/selinux/devel; + doins doc/policy.xml; + + done + + dodoc doc/Makefile.example doc/example.{te,fc,if} + + doman man/man8/*.8; + + insinto /etc/selinux + doins "${FILESDIR}/config" +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-2.20101213-r13" + previous_less_than_r13=$? +} |