Original package import of realtime-lsm: Linux security module used to authorize realtime capabilties without kernel hackery; requires SELinux configuration in kernel.

6 files changed, 176 insertions, 0 deletions

diff --git a/sys-apps/realtime-lsm/ChangeLog b/sys-apps/realtime-lsm/ChangeLog
new file mode 100644
index 000000000000..3d14a4b3b324
--- /dev/null
+++ b/sys-apps/realtime-lsm/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for sys-apps/realtime-lsm
+# Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/realtime-lsm/ChangeLog,v 1.1 2004/10/23 05:31:00 fafhrd Exp $
+
+*realtime-lsm-0.8.2_pre20041022 (23 Oct 2004)
+
+  23 Oct 2004; Armando Di Cianno <fafhrd@gentoo.org> +metadata.xml,
+  +files/kmisc.patch-0.8.2_pre20041022,
+  +realtime-lsm-0.8.2_pre20041022.ebuild:
+  Original package import; keyworded for ~ppc
+
diff --git a/sys-apps/realtime-lsm/Manifest b/sys-apps/realtime-lsm/Manifest
new file mode 100644
index 000000000000..3e7e44b405b2
--- /dev/null
+++ b/sys-apps/realtime-lsm/Manifest
@@ -0,0 +1,5 @@
+MD5 2ee1e4440f908a653e66d6b9f49adb6d metadata.xml 1672
+MD5 3bc985e464aabe43756fc033207c77d5 ChangeLog 459
+MD5 80eb7d905257072d24ed8ffb952b6b3c realtime-lsm-0.8.2_pre20041022.ebuild 2304
+MD5 c2a4f8c235326082b353136c6393b4f0 files/digest-realtime-lsm-0.8.2_pre20041022 81
+MD5 bd10dcd7b669d837d013107c02b4d17d files/kmisc.patch-0.8.2_pre20041022 679
diff --git a/sys-apps/realtime-lsm/files/digest-realtime-lsm-0.8.2_pre20041022 b/sys-apps/realtime-lsm/files/digest-realtime-lsm-0.8.2_pre20041022
new file mode 100644
index 000000000000..a8ac2e3dbdc4
--- /dev/null
+++ b/sys-apps/realtime-lsm/files/digest-realtime-lsm-0.8.2_pre20041022
@@ -0,0 +1 @@
+MD5 9c578e8adfa9238db3a905e75c50f6d6 realtime-lsm-0.8.2_pre20041022.tar.gz 12421
diff --git a/sys-apps/realtime-lsm/files/kmisc.patch-0.8.2_pre20041022 b/sys-apps/realtime-lsm/files/kmisc.patch-0.8.2_pre20041022
new file mode 100644
index 000000000000..5296b9703faf
--- /dev/null
+++ b/sys-apps/realtime-lsm/files/kmisc.patch-0.8.2_pre20041022
@@ -0,0 +1,23 @@
+--- Makefile	2004-10-23 00:06:37.122661480 -0400
++++ Makefile	2004-10-23 00:08:09.975545696 -0400
+@@ -17,7 +17,8 @@
+ ifndef KERNELRELEASE
+ 
+ all:	$(SOURCES) config
+-	$(MAKE) modules -C $(KERNEL_DIR) SUBDIRS=$(shell pwd)
++#	$(MAKE) modules -C $(KERNEL_DIR) SUBDIRS=$(shell pwd)
++	$(MAKE) modules -C $(KSRC) SUBDIRS=$(shell pwd)
+ 
+ config:
+ 	@if grep CONFIG_SECURITY_CAPABILITIES=m $(KERNEL_DIR)/.config; \
+@@ -33,7 +34,9 @@
+ 	fi
+ 
+ install:
+-	$(MAKE) modules_install -C $(KERNEL_DIR) SUBDIRS=$(shell pwd)
++#	$(MAKE) modules_install -C $(KERNEL_DIR) SUBDIRS=$(shell pwd)
++	install -d $(KMISC)
++	install -m 644 realtime.ko $(KMISC)
+ 
+ clean:
+ 	-rm -f *.ko *.o $(COMMONCAP) config.h
diff --git a/sys-apps/realtime-lsm/metadata.xml b/sys-apps/realtime-lsm/metadata.xml
new file mode 100644
index 000000000000..82797fcc0da4
--- /dev/null
+++ b/sys-apps/realtime-lsm/metadata.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<maintainer>
+  <email>fafhrd@gentoo.org</email>
+  <description>My main herd is gnustep, and I'm developing audio backends for that; I use jack-audio-connection-kit heavily, and this module makes its realtime capability use quite straight-forward w/o kernel hackery.</description>
+</maintainer>
+<longdescription>
+Realtime Linux Security Module
+
+This Linux Security Module (LSM) enables realtime capabilities.
+
+Options:
+
+# modprobe realtime any=1
+
+Any program can request realtime privileges.  This allows any local
+user to crash the system by hogging the CPU in a tight loop or
+locking down too much memory.  But, it is simple to administer.  :-)
+
+# modprobe realtime gid=29
+
+All users belonging to group 29 and programs that are setgid to that
+group have realtime privileges.  Use any group number you like.
+
+# modprobe realtime mlock=0
+
+Grants realtime scheduling privileges without the ability to lock
+memory using mlock() or mlockall() system calls.  This option can be
+used in conjunction with any of the other options.
+
+# modprobe realtime allcaps=1
+
+Enables all capabilities, including CAP_SETPCAP.  This is equivalent
+to the 2.4 kernel capabilities patch.  It is needed for root
+programs to assign realtime capabilities to other processes.  This
+option can be used in conjunction with any of the other options.
+
+The JACK Audio Connection Kit (jackit.sourceforge.net) includes a
+jackstart program which uses CAP_SETPCAP to run the JACK daemon
+and its clients with realtime capabilities.
+</longdescription>
+</pkgmetadata>
diff --git a/sys-apps/realtime-lsm/realtime-lsm-0.8.2_pre20041022.ebuild b/sys-apps/realtime-lsm/realtime-lsm-0.8.2_pre20041022.ebuild
new file mode 100644
index 000000000000..d1dfd420eda6
--- /dev/null
+++ b/sys-apps/realtime-lsm/realtime-lsm-0.8.2_pre20041022.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/realtime-lsm/realtime-lsm-0.8.2_pre20041022.ebuild,v 1.1 2004/10/23 05:31:00 fafhrd Exp $
+
+inherit kernel-mod eutils
+
+DESCRIPTION="Enable realtime capabilties via a security module."
+
+HOMEPAGE="http://www.sourceforge.net/projects/realtime-lsm/"
+SRC_URI="mirror://gentoo/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~ppc"
+
+IUSE=""
+DEPEND="virtual/linux-sources
+	sys-apps/module-init-tools"
+RDEPEND="
+	sys-apps/module-init-tools"
+
+src_unpack() {
+	if ! kernel-mod_configoption_present MODULES
+	then
+		eerror ""
+		eerror "${PN} requires support for modules in your kernel."
+		eerror ""
+		die "Module support not detected."
+	fi
+
+	if ! kernel-mod_configoption_present SECURITY
+	then
+		eerror ""
+		eerror "${PN} requires you to compile in the 'different security models option."
+		eerror ""
+		die "Security support not detected."
+	fi
+
+	if ! kernel-mod_configoption_module SECURITY_CAPABILITIES
+	then
+		eerror ""
+		eerror "${PN} requires that 'Default Linux Capabilities' be compiled as a module."
+		eerror ""
+		die "Default Linux capabilities (security) not detected."
+	fi
+
+	if ! kernel-mod_configoption_present SECURITY_SELINUX
+	then
+		eerror ""
+		eerror "${PN} requires that 'NSA SELinux Support' be compiled into your kernel."
+		eerror ""
+		die "NSA SELinux support not detected."
+	fi
+
+	unpack ${A}
+
+	kernel-mod_getversion
+
+	if ! kernel-mod_is_2_6_kernel
+	then
+		die "A Linux kernel of version 2.6 is required."
+	fi
+
+	cd ${S}
+	epatch ${FILESDIR}/kmisc.patch-${PV}
+}
+
+src_compile() {
+	set_arch_to_kernel
+
+	if [ "${ARCH}" == "ppc" ]; then
+		emake KSRC=${ROOT}/usr/src/linux all TOUT=${TMP}/tmp-gas-check || die "compilation stage failed"
+	else
+		# non ppc arches shouldn't need the TOUT weirdness
+		emake KSRC=${ROOT}/usr/src/linux all || die "compilation stage failed"
+	fi
+}
+
+src_install() {
+	set_arch_to_kernel
+
+	emake KSRC=${ROOT}/usr/src/linux KMISC=${D}/lib/modules/${KV}/extra install || die "module installation has failed."
+
+	dodoc AUTHORS ChangeLog README
+}
+
+pkg_postinst() {
+	einfo "Checking kernel module dependencies"
+	test -r "${ROOT}/usr/src/linux/System.map" && \
+		depmod -ae -F "${ROOT}/usr/src/linux/System.map" -b "${ROOT}" -r ${KV}
+}
+