blob: 72c82e47b7fe942561e60a34153171d3e6c57074 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r16.ebuild,v 1.3 2011/07/03 00:33:35 blueness Exp $
EAPI="1"
IUSE="+peer_perms +open_perms +ubac"
inherit eutils
#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 x86"
RDEPEND=">=sys-apps/policycoreutils-1.30.30
>=sys-fs/udev-151"
DEPEND="${RDEPEND}
sys-devel/m4
>=sys-apps/checkpolicy-1.30.12"
S=${WORKDIR}/
src_unpack() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
MOD_CONF_VER="20090730"
unpack ${A}
cd "${S}"
epatch "${PATCHBUNDLE}"
cd "${S}/refpolicy"
# Fix bug 257111
sed -i -e 's:system_crond_t:system_cronjob_t:g' \
"${S}/refpolicy/config/appconfig-standard/default_contexts"
if ! use peer_perms; then
sed -i -e '/network_peer_controls/d' \
"${S}/refpolicy/policy/policy_capabilities"
fi
if ! use open_perms; then
sed -i -e '/open_perms/d' \
"${S}/refpolicy/policy/policy_capabilities"
fi
for i in ${POLICY_TYPES}; do
cp -a "${S}/refpolicy" "${S}/${i}"
cd "${S}/${i}";
make conf || die "${i} reconfiguration failed"
cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
"${S}/${i}/policy/modules.conf" \
|| die "failed to set up modules.conf"
sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
|| die "build.conf setup failed."
if ! use ubac; then
sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
fi
echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
if [ "${i}" == "targeted" ]; then
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
"${S}/${i}/config/appconfig-standard/seusers" \
|| die "targeted seusers setup failed."
fi
done
}
src_compile() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
make base || die "${i} compile failed"
done
}
src_install() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
make DESTDIR="${D}" install \
|| die "${i} install failed."
make DESTDIR="${D}" install-headers \
|| die "${i} headers install failed."
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
# libsemanage won't make this on its own
keepdir "/etc/selinux/${i}/policy"
done
dodoc doc/Makefile.example doc/example.{te,fc,if}
insinto /etc/selinux
doins "${FILESDIR}/config"
}
pkg_preinst() {
has_version "<${CATEGORY}/${PN}-2.20101213-r13"
previous_less_than_r13=$?
}
pkg_postinst() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
for i in ${POLICY_TYPES}; do
einfo "Inserting base module into ${i} module store."
cd "/usr/share/selinux/${i}"
semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
done
elog "Updates on policies might require you to relabel files. If you, after"
elog "installing new SELinux policies, get 'permission denied' errors,"
elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
}
|