Update SELinux policies to rev 8

author: Sven Vermeulen <swift@gentoo.org> 2012-04-26 18:38:44 +0000
committer: Sven Vermeulen <swift@gentoo.org> 2012-04-26 18:38:44 +0000
commit: c2cd3e18a46dabdf2228ea6d874775a6bc651ec8 (patch)
tree: 64cfaf335344b42940fc6470fa1e317989c908ec /sec-policy
parent: mask xtrans[doc] (diff)
download: historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.tar.gz
historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.tar.bz2
historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.zip
9 files changed, 341 insertions, 6 deletions
diff --git a/sec-policy/selinux-apache/ChangeLog b/sec-policy/selinux-apache/ChangeLog
index d8014f47e928..18b3d89bc9cf 100644
--- a/sec-policy/selinux-apache/ChangeLog
+++ b/sec-policy/selinux-apache/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sec-policy/selinux-apache
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-apache/ChangeLog,v 1.32 2012/03/31 12:29:43 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-apache/ChangeLog,v 1.33 2012/04/26 18:38:44 swift Exp $
+
+*selinux-apache-2.20120215-r1 (26 Apr 2012)
+
+  26 Apr 2012; <swift@gentoo.org> +selinux-apache-2.20120215-r1.ebuild:
+  Support httpd_setrlimit (bug #411149)
 
 *selinux-apache-2.20120215 (31 Mar 2012)
 
diff --git a/sec-policy/selinux-apache/Manifest b/sec-policy/selinux-apache/Manifest
index 7d8586006cf4..63e67a88c075 100644
--- a/sec-policy/selinux-apache/Manifest
+++ b/sec-policy/selinux-apache/Manifest
@@ -4,6 +4,7 @@ DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f
 DIST refpolicy-2.20120215.tar.bz2 589917 RMD160 333960d5fdd5f9a23a024d1782950a06ada4f2d1 SHA1 1fe2dd03ea27e0e6fbde6e11309895efd43916e6 SHA256 6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc
 EBUILD selinux-apache-2.20110726-r1.ebuild 1327 RMD160 e0d73014f65e1983e09110b541b4df5d134a5c1a SHA1 68ed430e54784c909f7cf39eba434d6d984a1537 SHA256 1b88b8526a2ce22fe64273739eedbc41454a7659a97b412d6c31ce6efdacf2ce
 EBUILD selinux-apache-2.20110726-r2.ebuild 1352 RMD160 49d8b85019c5e0aefacd936b94c5cb798c4d49a7 SHA1 748a0694748ce34a55d5a01ac255b85198e5efe5 SHA256 bfedc5b095eca48123fe15ae99704bde2e4845aff4fc2a1c357529ea59b564f7
+EBUILD selinux-apache-2.20120215-r1.ebuild 1409 RMD160 9dd9569cc25034383de8112544d1b75c75a77c28 SHA1 bbdd08884fa83db6c0c7b1dba98fb7ca85a31c70 SHA256 1b2eaa733b98400aa96a16f478e64e6558a0a0a4259009e0529c1ac9d1c82aab
 EBUILD selinux-apache-2.20120215.ebuild 1350 RMD160 72b5ff2a66758fce1e751c6e76d60c0dea83e751 SHA1 53a366fe118f6bec29d0e0b51af6fb5be76ab19e SHA256 b2972c56e320ba67121f3169e2ef43ce94fa82e82720b92537db2cbffa350a1e
-MISC ChangeLog 4717 RMD160 69a9d7e018c69e152189466b0125a6ffea039731 SHA1 719e65d17bb248ef8a72909a0eb641c49026076a SHA256 aadfcf9c5be640efb2370c5e6511d2566823e75fb69d6f29a46d70ea7351b1d9
+MISC ChangeLog 4875 RMD160 d8976cbd7e520cd722752c7423bb3a348601f0cd SHA1 a0278a69665347bfaaeb7623c606c2c2c7ed7a89 SHA256 105ac8101b020cd1ddc8e45a4f1b527e60a47dc9f436f70645f750b73a3c5101
 MISC metadata.xml 230 RMD160 2c43e0d3618064ae18181da1e75b333cd927852b SHA1 9663117fe3d0e177ecc9046ab6576d9b551d19dc SHA256 39c5a0f1a72cffb8f3e242acf702f2d8d1714382952233044a555b96f5f5b6b2
diff --git a/sec-policy/selinux-apache/selinux-apache-2.20120215-r1.ebuild b/sec-policy/selinux-apache/selinux-apache-2.20120215-r1.ebuild
new file mode 100644
index 000000000000..072c391d06e2
--- /dev/null
+++ b/sec-policy/selinux-apache/selinux-apache-2.20120215-r1.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-apache/selinux-apache-2.20120215-r1.ebuild,v 1.1 2012/04/26 18:38:44 swift Exp $
+EAPI="4"
+
+inherit selinux-policy-2
+
+IUSE="kerberos"
+MODS="apache"
+BASEPOL="2.20120215-r8"
+
+DESCRIPTION="SELinux policy for Apache HTTPD"
+DEPEND="${DEPEND}
+	kerberos? ( sec-policy/selinux-kerberos )"
+RDEPEND="${DEPEND}"
+
+KEYWORDS="~amd64 ~x86"
+S="${WORKDIR}/"
+
+src_unpack() {
+	selinux-policy-2_src_unpack
+}
+
+src_prepare() {
+	selinux-policy-2_src_prepare
+	if ! use kerberos ; then
+		[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted mcs mls";
+		for i in ${POLICY_TYPES}; do
+			sed -i -e "/httpd_keytab_t/d" \
+				"${S}/${i}/apache.fc"
+		done
+	fi
+}
+
+pkg_postinst() {
+	selinux-policy-2_pkg_postinst
+	if use kerberos ; then
+		einfo "If you decide to uninstall Kerberos, you should clear the"
+		einfo "kerberos use flag here, and then emerge this module again."
+		einfo "Failure to do so may result in policy compile errors in the"
+		einfo "future."
+	else
+		einfo "If you install Kerberos later, you should set the kerberos"
+		einfo "use flag here, and then emerge this module again in order to"
+		einfo "get all of the relevant policy changes.  Failure to do so may"
+		einfo "result in errors authenticating against kerberos servers by"
+		einfo "Apache."
+	fi
+}
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index d4009854cfb2..15ea13e9d769 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sec-policy/selinux-base-policy
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.102 2012/04/22 17:37:49 mr_bones_ Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.103 2012/04/26 18:38:44 swift Exp $
+
+*selinux-base-policy-2.20120215-r8 (26 Apr 2012)
+
+  26 Apr 2012; <swift@gentoo.org> +selinux-base-policy-2.20120215-r8.ebuild:
+  Bump to rev8, fix #411719, #411149 and #411943
 
   22 Apr 2012; Michael Sterrett <mr_bones_@gentoo.org>
   selinux-base-policy-2.20120215-r7.ebuild:
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 33d07f376f0a..fc07938ed4c0 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -8,6 +8,7 @@ DIST patchbundle-selinux-base-policy-2.20110726-r7.tar.bz2 24545 RMD160 b85b95f4
 DIST patchbundle-selinux-base-policy-2.20110726-r8.tar.bz2 26629 RMD160 66d10e4d940c1c21ac429a2976abe5c6d711353c SHA1 e76454db60332fe21556c749b481db18ae609114 SHA256 bed5dd9121aaa984ad4b5c1087a72d0e222b79caeeb6a10b8975b2cbbb92d24e
 DIST patchbundle-selinux-base-policy-2.20120215-r6.tar.bz2 28970 RMD160 4726fd1dc85b5f6ad78389cf882d69c487a664dc SHA1 53e3acd5ce30582636462ae4d3fe834215b88810 SHA256 2a9e0bde439032a2183aed12ff6c18a7bdc00c05c4e1ce59ba097b0733bc776a
 DIST patchbundle-selinux-base-policy-2.20120215-r7.tar.bz2 29331 RMD160 d2f25fcc1bfe063392b68706644b5ff90381fc91 SHA1 557f77ac862d28191aabe2b6a18c1bc5beebae69 SHA256 e9ebe825c0f3651fc8fbf8183036fd61007d1c901d613071c6cfec3bec77963a
+DIST patchbundle-selinux-base-policy-2.20120215-r8.tar.bz2 29993 RMD160 6d6a03ff3d24951529f32442dd713b1f4982aa7b SHA1 1a2fec3e59f4f440598c52cf28c2eee45ce46d92 SHA256 0d2b6b35007f833d49701f4ea4a71b91d056ee4b86c990aa000aea1c431a8d60
 DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f4fdc8d3f SHA1 cc27b06c3f541d8f2c57c52804ab6893afcd9db2 SHA256 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb
 DIST refpolicy-2.20120215.tar.bz2 589917 RMD160 333960d5fdd5f9a23a024d1782950a06ada4f2d1 SHA1 1fe2dd03ea27e0e6fbde6e11309895efd43916e6 SHA256 6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc
 EBUILD selinux-base-policy-2.20110726-r11.ebuild 4804 RMD160 e5a49705ce3f3019f6509b134fd2e4caf99219cb SHA1 8bc7e4bf1e0597e339d9b562e89bffc0760a1945 SHA256 0b63879cbd10c4b8bb6ea3562a0fdf927244c7a76b5644a232e73ea9c8b3a4f7
@@ -18,5 +19,6 @@ EBUILD selinux-base-policy-2.20110726-r7.ebuild 4805 RMD160 0f926c26195955ffce1e
 EBUILD selinux-base-policy-2.20110726-r8.ebuild 4803 RMD160 36ddd64d167c9dbd736c26515131dbce25280923 SHA1 32514704e99e1db122dfb683db9dbbaad7d1fac8 SHA256 6226e5aef96d070934b9d34df89bf86b2fe21f15b769fe770f06a43b5f181ed9
 EBUILD selinux-base-policy-2.20120215-r6.ebuild 3827 RMD160 294caff01b84e93d373df53feac9b492ab0bb1cb SHA1 4fed7d5d664b52ef00d535483894fa11441195b8 SHA256 6bd5945b7f0208da2c65a6e138e433e4eddeef06be4490375002f75dcbc3fc5e
 EBUILD selinux-base-policy-2.20120215-r7.ebuild 3827 RMD160 a92833ac204aab4f45d3a98060cecdc2179a0322 SHA1 8f72a6c9c25e4221bc1c7499a17b8b99e7df43e0 SHA256 87d451d42c8e53795a2522562408ced8109c05a3d095b582803a682989876181
-MISC ChangeLog 24141 RMD160 eacc917b97bc6323d0583dc86fd77e4b91989ff5 SHA1 ccb4d92a7d575badb9f8ae4c9fcbf15d3b189ebd SHA256 1cd73da9ba1024ecb704578fc212f21e5e3733f53762a7580ce9c196409b6d6b
+EBUILD selinux-base-policy-2.20120215-r8.ebuild 3804 RMD160 9366b87a2c7e1347cb9c0eb7fa7febc408bb5f99 SHA1 e17f8f1136e0a44bee01b9514180c3cd8c6d70ce SHA256 ff4a109cadff49a3f9534a199ce21176f44b88e457037223cae1cfff716bb616
+MISC ChangeLog 24318 RMD160 57751460010c9b5f85223973d960896a85ed89e5 SHA1 cf1a9f0ba95d81f53488d243c39efe4a1149c6a1 SHA256 0ba10b6abc1de323e63a94877d7bdcb7d3ab30516577f2cced31adf153f8bbbb
 MISC metadata.xml 671 RMD160 49dd94bb827c4ab2bb8043739ef7564df4cf1c07 SHA1 a92b8a5ef129707a44fe2ae1913060d02badd566 SHA256 c32ccc54ca7df400974a19ad14c093ea7b777f7a40467bdb672f441314122e55
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild
new file mode 100644
index 000000000000..6619367b6fbf
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r8.ebuild,v 1.1 2012/04/26 18:38:44 swift Exp $
+EAPI="4"
+
+inherit eutils
+
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+DESCRIPTION="SELinux policy for core modules"
+
+IUSE=""
+BASEPOL="2.20120215-r8"
+
+RDEPEND=">=sec-policy/selinux-base-2.20120215-r8"
+DEPEND=""
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
+		http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${BASEPOL}.tar.bz2"
+KEYWORDS="~amd64 ~x86"
+
+MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg unconfined"
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
+
+# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
+# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
+# added) needs to remain then.
+
+src_prepare() {
+	local modfiles
+
+	# Patch the sources with the base patchbundle
+	if [[ -n ${BASEPOL} ]];
+	then
+		cd "${S}"
+		EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
+		EPATCH_SUFFIX="patch" \
+		EPATCH_SOURCE="${WORKDIR}" \
+		EPATCH_FORCE="yes" \
+		epatch
+	fi
+
+	# Apply the additional patches refered to by the module ebuild.
+	# But first some magic to differentiate between bash arrays and strings
+	if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
+	then
+		cd "${S}/refpolicy/policy/modules"
+		for POLPATCH in "${POLICY_PATCH[@]}";
+		do
+			epatch "${POLPATCH}"
+		done
+	else
+		if [[ -n ${POLICY_PATCH} ]];
+		then
+			cd "${S}/refpolicy/policy/modules"
+			for POLPATCH in ${POLICY_PATCH};
+			do
+				epatch "${POLPATCH}"
+			done
+		fi
+	fi
+
+	# Collect only those files needed for this particular module
+	for i in ${MODS}; do
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
+		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
+			|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
+
+		cp ${modfiles} "${S}"/${i} \
+			|| die "Failed to copy the module files to ${S}/${i}"
+	done
+}
+
+src_compile() {
+	for i in ${POLICY_TYPES}; do
+		# Parallel builds are broken, so we need to force -j1 here
+		emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	local BASEDIR="/usr/share/selinux"
+
+	for i in ${POLICY_TYPES}; do
+		for j in ${MODS}; do
+			einfo "Installing ${i} ${j} policy package"
+			insinto ${BASEDIR}/${i}
+			doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
+		done
+	done
+}
+
+pkg_postinst() {
+	# Override the command from the eclass, we need to load in base as well here
+	local COMMAND
+	for i in ${MODS}; do
+		COMMAND="-i ${i}.pp ${COMMAND}"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		local LOCCOMMAND
+		local LOCMODS
+		if [[ "${i}" != "targeted" ]]; then
+			LOCCOMMAND=$(echo "${COMMAND}" | sed -e 's:-i unconfined.pp::g');
+			LOCMODS=$(echo "${MODS}" | sed -e 's: unconfined::g');
+		else
+			LOCCOMMAND="${COMMAND}"
+			LOCMODS="${MODS}"
+		fi
+		einfo "Inserting the following modules, with base, into the $i module store: ${LOCMODS}"
+
+		cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
+
+		semodule -s ${i} -b base.pp ${LOCCOMMAND} || die "Failed to load in base and modules ${LOCMODS} in the $i policy store"
+	done
+}
diff --git a/sec-policy/selinux-base/ChangeLog b/sec-policy/selinux-base/ChangeLog
index 6ffdf0e0da4e..4ee149aaa562 100644
--- a/sec-policy/selinux-base/ChangeLog
+++ b/sec-policy/selinux-base/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sec-policy/selinux-base
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.2 2012/04/22 08:46:05 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.3 2012/04/26 18:38:44 swift Exp $
+
+*selinux-base-2.20120215-r8 (26 Apr 2012)
+
+  26 Apr 2012; <swift@gentoo.org> +selinux-base-2.20120215-r8.ebuild:
+  Bump to rev8, fix #411719, #411149 and #411943
 
 *selinux-base-2.20120215-r7 (22 Apr 2012)
 
diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest
index a9f2c7d877b5..62002bc63626 100644
--- a/sec-policy/selinux-base/Manifest
+++ b/sec-policy/selinux-base/Manifest
@@ -1,8 +1,10 @@
 AUX config 631 RMD160 076ae6441a3a29ead502c8bc4b646546095ad95a SHA1 022e0457876cea7068b46c4f14601278215b1056 SHA256 891ddc7cfd577a8591d65f6cb3398863ec338209b347ce9bfc125817b841860e
 DIST patchbundle-selinux-base-policy-2.20120215-r6.tar.bz2 28970 RMD160 4726fd1dc85b5f6ad78389cf882d69c487a664dc SHA1 53e3acd5ce30582636462ae4d3fe834215b88810 SHA256 2a9e0bde439032a2183aed12ff6c18a7bdc00c05c4e1ce59ba097b0733bc776a
 DIST patchbundle-selinux-base-policy-2.20120215-r7.tar.bz2 29331 RMD160 d2f25fcc1bfe063392b68706644b5ff90381fc91 SHA1 557f77ac862d28191aabe2b6a18c1bc5beebae69 SHA256 e9ebe825c0f3651fc8fbf8183036fd61007d1c901d613071c6cfec3bec77963a
+DIST patchbundle-selinux-base-policy-2.20120215-r8.tar.bz2 29993 RMD160 6d6a03ff3d24951529f32442dd713b1f4982aa7b SHA1 1a2fec3e59f4f440598c52cf28c2eee45ce46d92 SHA256 0d2b6b35007f833d49701f4ea4a71b91d056ee4b86c990aa000aea1c431a8d60
 DIST refpolicy-2.20120215.tar.bz2 589917 RMD160 333960d5fdd5f9a23a024d1782950a06ada4f2d1 SHA1 1fe2dd03ea27e0e6fbde6e11309895efd43916e6 SHA256 6df77faf62f73bd1f6e3bfca3fa2f77cdfd2cada94a7dcc4816ed9bbcf3545dc
 EBUILD selinux-base-2.20120215-r6.ebuild 4113 RMD160 9bba272c1d2d7912a8852aab1a8264d10e4c6c21 SHA1 f77672a526754474399f2ce34c4ad1e6a20bdf41 SHA256 85738c8e52b5fb5fea1a16f2f823d076767c4b41de2d6d21ba0bea59fdf9c66c
 EBUILD selinux-base-2.20120215-r7.ebuild 4113 RMD160 913f4802ef1d1b34ee0a5d7f2c9de9e031571bb4 SHA1 58a3ec70f0a3ab1c9d9331e1ef56002104ef17b0 SHA256 dd2f1f828c07faf295a13e23e41302fd1ade4608152d8dd895c8bcad69e0cef5
-MISC ChangeLog 734 RMD160 e1b4854dbac711390b012b5cc09149daff2ce8d8 SHA1 a2aef84b31b32aaf5b3935cbd522d34baaa8065d SHA256 a5e8c1ec5f4384724d4ef0f9ff21c7107f56bf2c65cd8dec90ebc1a37c5e6c72
+EBUILD selinux-base-2.20120215-r8.ebuild 4128 RMD160 c16f99dc5a73b4b448b9430d6eb25a96efbba988 SHA1 8233d8baa94be32a75c416e1bc1b167afebfaaf9 SHA256 ef0490372be08cdb82e4137c80218437ad31297a1e158e95397f9c84297c9657
+MISC ChangeLog 897 RMD160 591f62f798a1869b3e4d46882d4d555d2f8796a8 SHA1 dd7f46b50d44211d748b424ea36c1a4829bec596 SHA256 f333f0619fa3783f959dc84fecf1b41746164738923579fdf3eaa2f5de327baf
 MISC metadata.xml 671 RMD160 49dd94bb827c4ab2bb8043739ef7564df4cf1c07 SHA1 a92b8a5ef129707a44fe2ae1913060d02badd566 SHA256 c32ccc54ca7df400974a19ad14c093ea7b777f7a40467bdb672f441314122e55
diff --git a/sec-policy/selinux-base/selinux-base-2.20120215-r8.ebuild b/sec-policy/selinux-base/selinux-base-2.20120215-r8.ebuild
new file mode 100644
index 000000000000..abaea4e64b8c
--- /dev/null
+++ b/sec-policy/selinux-base/selinux-base-2.20120215-r8.ebuild
@@ -0,0 +1,144 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20120215-r8.ebuild,v 1.1 2012/04/26 18:38:44 swift Exp $
+EAPI="4"
+
+inherit eutils
+
+IUSE="+peer_perms +open_perms +ubac doc"
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
+	http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-2.1.10
+	>=sys-fs/udev-151
+	!<=sec-policy/selinux-base-policy-2.20120215"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-2.1.8"
+
+S=${WORKDIR}/
+
+src_prepare() {
+	# Apply the gentoo patches to the policy. These patches are only necessary
+	# for base policies, or for interface changes on modules.
+	EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
+	EPATCH_SUFFIX="patch" \
+	EPATCH_SOURCE="${WORKDIR}" \
+	EPATCH_FORCE="yes" \
+	epatch
+
+	cd "${S}/refpolicy"
+	# Fix bug 257111 - Correct the initial sid for cron-started jobs in the
+	# system_r role
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+		"${S}/refpolicy/config/appconfig-mls/default_contexts"
+	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+		"${S}/refpolicy/config/appconfig-mcs/default_contexts"
+}
+
+src_configure() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	# Update the SELinux refpolicy capabilities based on the users' USE flags.
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use ubac; then
+		sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
+			|| die "Failed to disable User Based Access Control"
+	fi
+
+	echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
+
+	# Setup the policies based on the types delivered by the end user.
+	# These types can be "targeted", "strict", "mcs" and "mls".
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+
+		cd "${S}/${i}";
+		make conf || die "Make conf in ${i} failed"
+
+		#cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
+		sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
+
+		sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
+			"${S}/${i}/build.conf" || die "build.conf setup failed."
+
+		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
+		then
+			# MCS/MLS require additional settings
+			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
+				|| die "failed to set type to mls"
+		fi
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+		if use doc; then
+			make html || die
+		fi
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+
+		if use doc; then
+			dohtml doc/html/*;
+		fi
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
author	Sven Vermeulen <swift@gentoo.org>	2012-04-26 18:38:44 +0000
committer	Sven Vermeulen <swift@gentoo.org>	2012-04-26 18:38:44 +0000
commit	c2cd3e18a46dabdf2228ea6d874775a6bc651ec8 (patch)
tree	64cfaf335344b42940fc6470fa1e317989c908ec /sec-policy
parent	mask xtrans[doc] (diff)
download	historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.tar.gz historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.tar.bz2 historical-c2cd3e18a46dabdf2228ea6d874775a6bc651ec8.zip