diff options
| author |   Sven Vermeulen <swift@gentoo.org> | 2015-03-22 13:48:53 +0000 |
|---|---|---|
| committer | Sven Vermeulen <swift@gentoo.org> | 2015-03-22 13:48:53 +0000 |
| commit | 43c40cd63127ef94495ac88bffbd0bcbba5130d1 (patch) | |
| tree | 60689226caf8cc76ea84db17cc054a687b10c8e4 /sec-policy/selinux-base-policy | |
| parent | Extend EAPI=4 whitelist to cover crossdev gdb. (diff) | |
| download | historical-43c40cd63127ef94495ac88bffbd0bcbba5130d1.tar.gz historical-43c40cd63127ef94495ac88bffbd0bcbba5130d1.tar.bz2 historical-43c40cd63127ef94495ac88bffbd0bcbba5130d1.zip | |
Release of 2.20141203-r4
Package-Manager: portage-2.2.14/cvs/Linux x86_64
Manifest-Sign-Key: 0x2EDD52403B68AF47
Diffstat (limited to 'sec-policy/selinux-base-policy')
4 files changed, 169 insertions, 20 deletions
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog index 0021aee25a79..fd9c263d1c99 100644 --- a/sec-policy/selinux-base-policy/ChangeLog +++ b/sec-policy/selinux-base-policy/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sec-policy/selinux-base-policy # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.168 2015/01/29 09:52:10 perfinion Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.169 2015/03/22 13:47:28 swift Exp $ + +*selinux-base-policy-2.20141203-r4 (22 Mar 2015) + + 22 Mar 2015; Sven Vermeulen <swift@gentoo.org> + +selinux-base-policy-2.20141203-r4.ebuild, selinux-base-policy-9999.ebuild: + Release of 2.20141203-r4 *selinux-base-policy-2.20141203-r3 (29 Jan 2015) diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 178ef5bf8932..765d319a7009 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -9,6 +9,7 @@ DIST patchbundle-selinux-base-policy-2.20140311-r7.tar.bz2 285346 SHA256 8e21686 DIST patchbundle-selinux-base-policy-2.20141203-r1.tar.bz2 264038 SHA256 0fb0ff62bf3abc2294db83d35d22220c5d86384e38332e4458fb38f88ce1538c SHA512 a9ac284c999b15f9f825761a5d59968337cac5990250d9ce46fc79a870ed14534f61b0d454866ea9296d134adb3e38634b02c0e9d70f69a657da4c11b6aeee38 WHIRLPOOL 389d5fd4feecc74c9a231c98a9bf497491e3e5c19a54f5b8ef68d050d95aeca7e6dd0853655212989b7239271be51cf2c4c3e19ac3db54cec229d802df95cbb5 DIST patchbundle-selinux-base-policy-2.20141203-r2.tar.bz2 268395 SHA256 60f5fbb2402f12b4c4aca89b134ee0dd4c88a1812208d765b601b23e025f7cfe SHA512 0a6d7a61ae259f6b4b9210c0b509a2b25581674b0d07e0fa8f2eff151f1e8bf084cae7a8928ede6e4358da661290940b8390a2cb6f5c6ababc021de4f6b445b9 WHIRLPOOL 6341b3c04aa547256f3128826fffe777c4ac2d7f6f916d6e7a7f2e976b18a903786116743a26f43602c707310662c445564ffdaa173b2c2cd9e48f4173c367a1 DIST patchbundle-selinux-base-policy-2.20141203-r3.tar.bz2 269940 SHA256 c1d507c21b02ab510e8fbe1eeb799ad1e9604ad611759c13df6c15ddc9480ed8 SHA512 694a1cf95d4fe5c686e6e8ddae56f591d85fd334f896352b11b2bf24b2e95be8eaf32d6aee9a3410c25e613efa6fe18e485cfe836a2a6dadb5f01c8118b42a45 WHIRLPOOL 8061b6e5dd5f1d0602b66fdf31f2c3c02de02bad73f213ad24d0be8d62a7dc4b8d35cb0780b4a1ee76ecded737d9eed3e41f6d51c24d885d3cac63591930ce96 +DIST patchbundle-selinux-base-policy-2.20141203-r4.tar.bz2 271374 SHA256 7229f0f5a299fc31b693f603cb265697ecf02afb843aba74f96d8afb208dd9c9 SHA512 41379568855b820a72a1d8e7fb8114464573974d98b98ae9107649ed625d6fc8c045dc6714ee51d6db72473a76c99511ee23e6d0a9bd56a19ebbaa1fa13e55a8 WHIRLPOOL 563020e4d38817d875d7a8b98f670cff68d86fdfe89945b87943c8b48d106a58d269822a60640fcc76f51bad207b8b61839b2cdbb1405ab5f49332516c9faa1d DIST refpolicy-2.20140311.tar.bz2 664416 SHA256 f69437db95548c78a5dec44c236397146b144153149009ea554d2e536e5436f7 SHA512 50bacee82ed41ac8b8007ecc33bf51d22303cc2ddd27cfb72cb5520dab5f8e255186e34b89cec492c7a2d4220b200814bdede9b46c19f987a3d3d65a1c9b749a WHIRLPOOL e07480beba6ab1f02ad36b7d0c50c4a71cb39a8ec78bf8d1dc3c82bb9dd1d69d9169d7c937165ea15f60ce1147f256d46644f944107a3a8a800d5bad70d4c255 DIST refpolicy-2.20141203.tar.bz2 680243 SHA256 f438209c430d8a2d4ddcbe4bdd3edb46f6af7dc4913637af0b73c635e40c1522 SHA512 682e4280c5799e4c12ec7594afc1389f67be35055748d2e0dbdc3419159a16c96d4946ca6178daee8370515951f8653b2e452efe8c962b8d7f9bc192f0b15a0c WHIRLPOOL 74bca232534e7af9051bb1ab9f77c1ff6c425781cf4561f781d6e9a40cc5ca0d9add540249ea5493e8782a9372aea296ead6c165c6c440ae1509eb319d151ee5 EBUILD selinux-base-policy-2.20140311-r5.ebuild 4087 SHA256 c3d07b6465aac57899df606a431d819ea3da797ba63d8828a1eacfe1405ef5f9 SHA512 784a2ccc00997c76294a2eeef5f20d7371badc1b1d66d5d3b76d079b678edebc5dcb60e85f8ad00d930b769fdc10bf83a1d5c5906f989d5e8cedfc44a029be13 WHIRLPOOL 4e4837a87b6449d7d2416396f54228ec6ba05cc2d04db7acc90950e238bc782f967ce6a48f366d72a0bdb47e2145530f3842d254d0a815b314220a1b3d9ff733 @@ -17,25 +18,24 @@ EBUILD selinux-base-policy-2.20140311-r7.ebuild 4430 SHA256 be769aeb3f111f6cf88e EBUILD selinux-base-policy-2.20141203-r1.ebuild 4527 SHA256 a65a36dff32835cda3ddae1e0bd9a32b9fea6955de5c63b19735cc8f8746fede SHA512 d6193e4a17f541c9ca9e1845c14625fcc0eba785513abca797ead351221ef94d36389e8fd54974f5d3ef91c4bb4c0c577b72f0038a4de66e88fdd1c293973507 WHIRLPOOL 1a24e8ac692d9fdc1b4c128df7e4f1d99c1755e4897fac0a235498d4fe9cca09c197392846953eb11744c25ab51978aad263e23466ba869105c4096e0a0c214c EBUILD selinux-base-policy-2.20141203-r2.ebuild 4399 SHA256 98795e1375a03729b95a2caf39d3412c49d88a0ea5ccc7134eb5d9de74c498af SHA512 75a86ba90f4fb0e8ee6b79f1df832bc20bbbd985da72b09fa1ee36ee81744d5252dcb61cc40024763e4cfd9719452226c64ebc965349ffba30ba99fb7871f660 WHIRLPOOL ce25ea8bba0ec9a967fddaebf7e93277d83dabc70d3933566d535996816122c9eb8610b74839fa74d2fb01618ea5fd57c3d443cbbc00f13170d3148c0cfd24de EBUILD selinux-base-policy-2.20141203-r3.ebuild 4401 SHA256 a80901fc5af879861a2a40490e4aa6b7d47ae3475cf655f99bbf9100a5d4776d SHA512 538f11b742fca6998460390c55623bd702edb350d6f809c2d3950ba0d1162fd69b507baf90da08bd292e206182b69ca19c247fc481a4d0b41eef710282a4597b WHIRLPOOL 7efc2b59608e6fc74ce0594a4ce3b8e80222cf3ba5c2c40f63f4d1be737e09c5126e1a2d04776323e9f29439ab7a5243861aad15ada68847d08ab6f74d905506 -EBUILD selinux-base-policy-9999.ebuild 4393 SHA256 794fc8c764fc67ca44c0fd750c14f50dceed9715a13c2bebba6f892a5517dbce SHA512 af04aeead7e5047fd5926fce82c7c27b32a9ba1fa471f2dd11114dc9a4ca759cd535a5ae59e2138e8508bd71a1c0828ee1ff80ba381dc0913c145b7f8abc502c WHIRLPOOL c50e3d664c80ce7a0978a7b3bb4efd55b981b7d874a84859c15d90f0f1eeaac8d3781946a42fe1d9d54c7032df23916f29c904b570c3340e857239d6bd11b8b7 -MISC ChangeLog 35858 SHA256 3e0ad4e62476d66754eb911443e3733773f7ee603a3149a71ea196cc33968bd5 SHA512 2ec3c265c7dd6a4961f21ec6d64e05a2571c6bb39b3eb6984d114630d4362fc5a771e2add4a3adb84621546ef3a7c47688ef56ab48687720d35cbce44663617a WHIRLPOOL d6b55c905bb02012eb4e4d9a2e83d60833fffe1e5ee7be67273f3e503c18ea415882891ea99d00c11f7abe96d873396a83c339ad140f93b77d854584c052721a +EBUILD selinux-base-policy-2.20141203-r4.ebuild 4397 SHA256 0e35e8ec0c5e56b4f442d3b1e379d4a52a455846b138efdbb4b614dfdfe8685f SHA512 c2e1041dcea4ce5f82a7c082af7aed0b479e50f79752947d81b8d08a5d6707d4562b2709c2accfd16ae7238da04eeeb7170ba6f1ec2692bb3bfe08900731ae03 WHIRLPOOL 98a2076b5dc0d51a6fa6c64b2145fd0f30de8bdda6067076bdc9e534f789063816f58d0ed07f5e5e978e10e40d84ac33d8294722175c575b99ec7ffadd1e24bf +EBUILD selinux-base-policy-9999.ebuild 4389 SHA256 62dc1ee2b3ae1723a0d7bd81735e82e0ce5d33c813bc362fbf1e6b0fb2d41408 SHA512 4ea37de3cb6e35e06c353b188ec836bedc1ff59e71089aac32e5945b34d0058e06252707ed30626a25295b3d6a1037c2946d4131098c327de9b70512c6a87766 WHIRLPOOL d2c0a5132f9c571d07e9f67cc39c588262f54bdb1a77e7adce0ca5ef0aa02a5c5684e10946eae27ae74a81b9eefe3014ac1af678884ed1bc06ded573173539f8 +MISC ChangeLog 36059 SHA256 294cbbe8609bd36b9b35e3bd62e24ef2d39f3512ea8a9d5ea48a65f0b8a4ee18 SHA512 7382abce49716e353dd966db29c3ac30de651d5550dff4efee1f6ca4a230669c68253dbb8f724506db3c8ca8e66c58891edba2fa199a282d48526e8922e6e04c WHIRLPOOL 5cdc93005472233e03917f6e343c28369bb13057e2c69a61eea0e83b2251af9b6f419a31039aedc4e4905051a241a7e9d87f9c88884d507a35175da4bd0dfb92 MISC metadata.xml 448 SHA256 4babd5e53785136aa79ee0737a89af1fc49c4fc144aba0f6163d6f85215f57e2 SHA512 7e747c9dbae3eaee62a284824a68039961264540e0633e617aaabaeef2e83f4623863d29ee26c2e4738ac706d3824914f530f8e2b990ac7f06aa8f6e4cae9964 WHIRLPOOL 733957f76ca89c6fdd08060a368048276247994db56cf8325e69b896a07dc5e576ca124f3190079b169ec078a2e69156d4b12e6c6cc94328248705779f357bc4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0 -iQJ8BAEBCABmBQJUygMYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w -ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMTYyREVBRDFDQ0REMTEzRjA0QjNENDky -QkJFRDlDQjFBNjhFRjU1AAoJECu+2csaaO9VKvUP/33ij00gifM1sqoXemAx9MhF -rQYOip11V6uIcSjNDvIVolRVyF8oM3E9AbScmHNnyu02GLp+iqRlaTgiY0lD/15W -Y5uemvboi6Hy1T2TOW3Ax0+qpj6nJduwpzQIDnbYqcjKEZFkzq6aZYEeGi5djOlE -Kka0yEbrleBj1/FD14MTbU1C46tB6jcA9b/KEKcM9s75STs7AuhhagPZUKO4FXtS -yIiNZoK4i8uPkNtlS88Z+2S8r0gtjEAFTpZTmbW6Ep+rky7dTd2Huilcn2e7nrU1 -MOskP6z+ezAhVUZXjQ1uinZDejf7j59LgZu/045Ukeu41r2zIEo7qD/n89JBZh9N -ebtEU6d7P8SSo7uR4MxU4S40EGxXJG+5mYuMIOZzSgxeICcqaM/YjE9LxuEOt4Ti -xM/VkCmJoSEJ+athPVBWeb8n7ioYCb6I6NTPHVBPaFPNMZG/o36fnmt57FTF1+8p -aNge3OfBmfS2/8RnZyPiheVhz7ejrAmwV23NhJIx2KlPxmnEuZNX9+aXm/SR+3SJ -CLgyyjSsWaammPoSEvg5MqwkqtBrRDRjthMzYGYtYWWxa+sBS6WOa0LhoLnDTwc7 -xnpnyTvlvxWpTkLFwqtrZg6ic3BEUhYoKKCWksF6BxTc4MMGkByWrk5oy/KLmD5n -R9i+s9F78/CR3VPQUauC -=qEfY +iQIcBAEBCAAGBQJVDsf9AAoJEC7dUkA7aK9H6ywQAIfTh4BTpCScJgabIPVHzlI+ +l0vIHFjTbXc9ZFNcQIDUMB1HhkKRMc+08/ngeqkWVQkX+Ii0OC2Spq2rU9ikWiO3 +DXH15Ieiu96VeR0rgvvwDu8XBBfpALaMDWOHD87+IAbFdb7FEf51r3E302YDEUp7 +MDgRTYof2aH0wCe7cwUt3iZuhsfip6X4r/I+3xNm3znGub4Wu1iY4L3ajDFg4zR3 +oKKuvZcGD4J7qYq6wvopj8vkIYqVJab6KhI1iRiH2c3wwW7TIrqEOCKar4BbEuaY +Ts1hiZ02b9i3EJyX4hxrAgV11FxqEodi8lRYFK1YCLNofUDqoINdwxML0mafpXRg +0fy6WB07fxPcRBF8q+Z47wBEJa238jm72iJ7v4UzENwYWe4j1tEokIcq2GdnoG7S +uGAq+bHLwc3j9op2FofnvZes7qQ1i9DfmIy+dWTYpUGJdkPvFN6Py0pHvsUjclZp +jXneSQ+GqcZQS910yzBiuVj7NxGcM4cKmxvHTI5FGUpHwLVq0NmcAUFShHiOTfxT +Hm5s5LdV+yqfGNMPozf6hjT4gjR/RQXzbz3xqsul3/yjXp2RTgW2xSSX8sw9srDl +N39g7IPilp0JtVw1+HYXIOjyq82r6k/zhDpVpM0XyoTaVSmM8IywLQojHbVhXquh +RgRav8LbxCNuUS9sPlor +=lmI1 -----END PGP SIGNATURE----- diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r4.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r4.ebuild new file mode 100644 index 000000000000..2cb1833cad0a --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r4.ebuild @@ -0,0 +1,143 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r4.ebuild,v 1.1 2015/03/22 13:47:28 swift Exp $ +EAPI="5" + +inherit eutils + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://git.overlays.gentoo.org/proj/hardened-refpolicy.git https://git.overlays.gentoo.org/gitroot/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_SOURCEDIR="${WORKDIR}/refpolicy" + + inherit git-2 + + KEYWORDS="" +else + SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 + http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 ~x86" +fi + +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" +DESCRIPTION="SELinux policy for core modules" + +IUSE="+unconfined" + +RDEPEND="=sec-policy/selinux-base-${PVR}" +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + # Patch the source with the base patchbundle + cd "${S}" + EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ + EPATCH_SUFFIX="patch" \ + EPATCH_SOURCE="${WORKDIR}" \ + EPATCH_FORCE="yes" \ + epatch + fi + + # Apply the additional patches refered to by the module ebuild. + # But first some magic to differentiate between bash arrays and strings + if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]]; + then + cd "${S}/refpolicy/policy/modules" + for POLPATCH in "${POLICY_PATCH[@]}"; + do + epatch "${POLPATCH}" + done + else + if [[ -n ${POLICY_PATCH} ]]; + then + cd "${S}/refpolicy/policy/modules" + for POLPATCH in ${POLICY_PATCH}; + do + epatch "${POLPATCH}" + done + fi + fi + + # Calling user patches + epatch_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i -C "${S}"/${i} || die "${i} compile failed" + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + done + done +} + +pkg_postinst() { + # Override the command from the eclass, we need to load in base as well here + local COMMAND + for i in ${MODS}; do + COMMAND="-i ${i}.pp ${COMMAND}" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" + + semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" + done + + # Relabel depending packages + local PKGSET=""; + if [ -x /usr/bin/qdepends ] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [ -x /usr/bin/equery ] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [ -n "${PKGSET}" ] ; then + rlpkg ${PKGSET}; + fi +} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild index eeec254d2760..0cba37fecc85 100644 --- a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild +++ b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild,v 1.21 2014/12/07 13:21:06 perfinion Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild,v 1.22 2015/03/22 13:47:28 swift Exp $ EAPI="5" inherit eutils |