diff options
author | Sven Vermeulen <swift@gentoo.org> | 2014-04-19 14:15:25 +0000 |
---|---|---|
committer | Sven Vermeulen <swift@gentoo.org> | 2014-04-19 14:15:25 +0000 |
commit | a571e9093331ce2ce84f57812829a12f22eadd6d (patch) | |
tree | 01baeb95e3a8fd627e84c5231bfb371432086e22 /sec-policy/selinux-base | |
parent | Add ruby21. Drop ruby18. (diff) | |
download | historical-a571e9093331ce2ce84f57812829a12f22eadd6d.tar.gz historical-a571e9093331ce2ce84f57812829a12f22eadd6d.tar.bz2 historical-a571e9093331ce2ce84f57812829a12f22eadd6d.zip |
Release of 2.20140311-r2
Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64
Manifest-Sign-Key: 0x2EDD52403B68AF47
Diffstat (limited to 'sec-policy/selinux-base')
-rw-r--r-- | sec-policy/selinux-base/ChangeLog | 8 | ||||
-rw-r--r-- | sec-policy/selinux-base/Manifest | 30 | ||||
-rw-r--r-- | sec-policy/selinux-base/selinux-base-2.20140311-r2.ebuild | 161 |
3 files changed, 184 insertions, 15 deletions
diff --git a/sec-policy/selinux-base/ChangeLog b/sec-policy/selinux-base/ChangeLog index a88e94159606..e63f28efa56c 100644 --- a/sec-policy/selinux-base/ChangeLog +++ b/sec-policy/selinux-base/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sec-policy/selinux-base # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.40 2014/03/24 19:44:09 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.41 2014/04/19 14:12:55 swift Exp $ + +*selinux-base-2.20140311-r2 (19 Apr 2014) + + 19 Apr 2014; Sven Vermeulen <swift@gentoo.org> + +selinux-base-2.20140311-r2.ebuild: + Release of 2.20140311-r2 24 Mar 2014; Sven Vermeulen <swift@gentoo.org> -selinux-base-2.20120725-r5.ebuild, -selinux-base-2.20120725-r7.ebuild, diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest index a25ffc97217c..8beb2487e1ff 100644 --- a/sec-policy/selinux-base/Manifest +++ b/sec-policy/selinux-base/Manifest @@ -7,6 +7,7 @@ DIST patchbundle-selinux-base-policy-2.20130424-r2.tar.bz2 250772 SHA256 d7965b0 DIST patchbundle-selinux-base-policy-2.20130424-r3.tar.bz2 284619 SHA256 0da814525b159863c7624e932b1c2205526cca645203063fbf55389387ba2ff3 SHA512 a690a0f8c05169eb5298db14d3fef31cab9003c60d4bb426d3d79b59275b2dffe0ab6f8cb2b74c00698603e5baad6252ff922e581a90d7e200df213eb39e01e9 WHIRLPOOL 9c2a2dbe1c4501f25b5591d714952a69d5db5d448b7977c669553f635d3f787dea778b99218b9a5123d72193404760b2d8d6c32d570207781c8ca236efd4f49d DIST patchbundle-selinux-base-policy-2.20130424-r4.tar.bz2 293227 SHA256 b5b115da4cc69960024cf716ca4c637591230918248976b7d359c03390964fbd SHA512 d766b2691d0a56cbe6786a29f2b2d047c7990d02823848486b48f5774ba1f403f6ff93c05f51ce586842ccf9d6b0e3efb1557c0d2d39689a2d536075e1b0e1dd WHIRLPOOL 6acdab5db1baeadee838995d92c9cfb2de153c2e1d5512d74aecbd0ae4789b297f433ca83114231f0b7c636fc7122d48245b291d1560fcdd6df6c4a2f542ac37 DIST patchbundle-selinux-base-policy-2.20140311-r1.tar.bz2 259943 SHA256 0444ad505802b730dcc47daae8341de4f1a2f1cfebf85d90fcfe057cbc7aeb4f SHA512 d660442fdb92227a08d453a6e5678dfa63c1fe16172d05bc04ccc2a3e0860ec494a5747fa7baab794171e3bc6738b507e05b01485d3ed7e32ec2e2bd36fca5dd WHIRLPOOL 262421e7bbd1561e326f0616a36b8f3084a3bee4225526c00b1031a98dd31ca8d7266f3e696069bd8d347327ffebb86c08abe5924e4b917f9cf1128ddd74e4bc +DIST patchbundle-selinux-base-policy-2.20140311-r2.tar.bz2 265878 SHA256 344e9c6c9f4466cbe39c067f4af902c25bb17d20431e0e19521490a92f41d80f SHA512 54b5092791038f97f7fd7dfe0d6becc3070171b2b114ecaff38c904c1392885756ce201663004bf4e6621236a77045828229fe2c5de317ba63da59786a99f312 WHIRLPOOL 27cd3eb4a15098d156af22c9f61ba02f0784a2eab49992b3a27777b5d60a76b6bc04e2cca81729176b779628886ca1ce13d89f865de3aa7380f1c9ef7682d3ce DIST refpolicy-2.20130424.tar.bz2 649845 SHA256 6039ba854f244a39dc727cc7db25632f7b933bb271c803772d754d4354f5aef4 SHA512 82ab38bc3425eb4b7d50c42564ebc28603e32e6f3266da164502f0cdc3a2f6bfe457518297824cb78f6f94211f9823fbc7254bb9e1d9df1cc7f284d326299705 WHIRLPOOL ba7539261a072d33e34afb940a1899ccdb2493c3b11eea3b166b9eb565478fd93cf580d09ef016f799a5dd5a4452086a623f9b3f38fbfb9a812e6e31bcd68e25 DIST refpolicy-2.20140311.tar.bz2 664416 SHA256 f69437db95548c78a5dec44c236397146b144153149009ea554d2e536e5436f7 SHA512 50bacee82ed41ac8b8007ecc33bf51d22303cc2ddd27cfb72cb5520dab5f8e255186e34b89cec492c7a2d4220b200814bdede9b46c19f987a3d3d65a1c9b749a WHIRLPOOL e07480beba6ab1f02ad36b7d0c50c4a71cb39a8ec78bf8d1dc3c82bb9dd1d69d9169d7c937165ea15f60ce1147f256d46644f944107a3a8a800d5bad70d4c255 EBUILD selinux-base-2.20130424-r1.ebuild 4489 SHA256 9799bbe46cb1bae05e7b67c06aad7659a2eed4c1d27b1277fef47a2a0986f807 SHA512 fabc32275583875881623b5e428b1c12d1534f4b604928443d1f802c5e3a2e3e63b1fbfb2467af6581bfdd80913c28e3e26aee6053d225d54d0538b6439788af WHIRLPOOL f49b11b87e72664faf52d82427488460a3e5991c19636c2f00b876c7df06f17a75e3eb7c68a36d8c07cce4dc272249f2730e6f404765baea89eb014b3c518399 @@ -14,23 +15,24 @@ EBUILD selinux-base-2.20130424-r2.ebuild 4489 SHA256 ca7a03e538f30f4e407376e66a2 EBUILD selinux-base-2.20130424-r3.ebuild 4502 SHA256 96d8c2b6a6ed3d6fac3c02afabca02265b1dea6ec75a64b67c4f2842e1eabdb5 SHA512 be20508336724f1d9f51c26a7a2dea4ff5360e3473f5689a0220974af40766a63d4c9cc04611578a5b7efcba99cc3609355a42973b08c8fe238abb7ec8e1985e WHIRLPOOL 684fec1cfc3c06d8eb5c0b47b87c8617114e73355728e46af12a3318c6968ea259cb51328e2b5d7f4a53b230882025d603b361f62e71ed06165fcb5decf7ac35 EBUILD selinux-base-2.20130424-r4.ebuild 4500 SHA256 01356e76ad48d082404afa8fcfd2b391a3d61a0f0db04e0356c5c015c24fd40b SHA512 f4acaceff837b7f8975207fcd51509d906a61fa82f9eb4dfbb89f8911e100281a9240e66203677e97a62d31cf389c1b47e9c32497002fc37e1b8082aaf00a1e2 WHIRLPOOL 7096a1c3d423e287f721c7c879c177a2af0ad6eaa67d965a9af7211b566905d91370bde2e82f66ff7e07729b5a0413026bfcc0191cb0b3f491ea2b08b80038ca EBUILD selinux-base-2.20140311-r1.ebuild 4502 SHA256 bdba51dc0e2d4c7c2a6965e1d4b45e2a76d10ff0df96744694b17583cb62149f SHA512 f4d7dbdd5054f0182354a308dfda26158ad3e8462395444abcc4b2e855f373cd951d1f900ca6a6540cb0140af553f5b7c51a4277d14069e9a92382dd279a9173 WHIRLPOOL eef8eb62c6db18d378d1bbd59dbb86e681d6d90da8ce6c97a6763681903bb47dea922c2957b4260b2fe90be845f43170da411159cb9c375952380d92b7496d04 +EBUILD selinux-base-2.20140311-r2.ebuild 4502 SHA256 62cd1e0473164617f20437421c948ba2dd8a56478fceb8826e245688ef7e632c SHA512 4923431a6a79355dffe238ff64f074bd28794835c435ba0ed8e7a17547a5023b39a8ee86170c0e8ba7e2febafb16df50919bcee8c662ebd3450825d7d7bf96a0 WHIRLPOOL 527a4047c4a42d6e383f9c3d4bae881c4ee9d6cd7146972eadd059a47fb75d24df7dee0c8fd16b06ecda9467f1ca0bad9dc64007626faed547dd0431cead709e EBUILD selinux-base-9999.ebuild 4179 SHA256 2fae8dae1816224ba23c76cf595bb92c61816d9378ced42e187de2a1d2a07f3f SHA512 01621a086577cc7378b66c61a368b3e8df2648ed1ec843e006302aeb50d07a7e69c8f26b1b8243287e05ff32ca208168f0521e07399b11ce5c56d8ec464c2a57 WHIRLPOOL f46949ae06095e8c4dd7e69cd5747c1d16cd1230710308e219a7eeb32bd4303d36be502a55831234491029af9a1d4f80aaf0a4f712050a46d895f93eda3f4d6d -MISC ChangeLog 7042 SHA256 15a5bb68302589f56fffcd867e1f3a247e5e1d2368d8a3b06b407821be32de60 SHA512 cf31067b170f262857a3be96f3b7a2eac6c1cd0fd12ed3b6b2ad30cd900072b9cabe5acce82b57db1c33d2d60a6b5295f03004a1b9899e62468969f1375519d1 WHIRLPOOL 15fba0fffd2e0dbd796a2d00eb16be2827adef8ba86f4a9e7a4542870875a5e23d6f6e9d368d5b35f2bc985e5dae3c26712eb06f32e03109ba5bd6050e4954e3 +MISC ChangeLog 7200 SHA256 0163ca60ab491646ba2c6faa1ece8135c44a6f3cb79b65b32c9c7cbd20e1fed2 SHA512 d60a29ea0e26a35022173cef7df934da0d72247f6f1eef303a4d5f186131b6122d45facbfabb3b51eb37bc6309f5fac262c7092aacc8f980aacceb5acbe89be6 WHIRLPOOL 828e1f29de0b86819db94a5420013eed5b564822bdcb8ccb7644d4499ed0b58f32cde791c48121e29d52438ffcf67ea5b3fef163cf277873a16b3a600323de1f MISC metadata.xml 753 SHA256 2542c8e9c994b3b2699d601ba980a8daef2288b5ad199867764f607978ddee67 SHA512 d5e803494fe0831fdddada0f1f464c941d93896afa19d9d1005daa8a4ebea7b20f905e6d0d89dd10ff1aceaee0c7c41c190f16b68bf4466c0f75d3a6110b8df0 WHIRLPOOL cd2535802ffacbdae1ff1787aa203311330202cb08df488dae59b178b102b818766d2320fe62de3cf7710047e8cafa6a41963381655d9fd5fb4c75a232decd52 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCAAGBQJTMIrIAAoJEC7dUkA7aK9HphoP/j1YD49ZrCgj5o8BM6IH5OBE -McV31Bb1OjRTZdNQsCIwsIZ60OIgTwBvy3myI6sEKA3gSY9McoQxxscW/4Xgxbft -T0aidgIqT9mr4iyl4XhVZJPiFKtK7gb9ci1BOsIBBt5jDm+Zal8JLKAoR+CCsFYB -UDXbZyo9lH5xlMfEGRAvuI/63xTHN5BwFUnMayo5XKoutNpvJjBfcHXGBsVF6W46 -tW75Y3VkSoQNkfbB2say1ZueTGKb1MubBaKxoQXSc+F8est7HSIcyUv4de86x+Z3 -IJKqhEIervwQMtvLsOIGIl+9A57MqA1VPD2moAIC0GTztEmrQlnAnmvybNB+FeNP -eWVFe1m4kkmU9aQr2tIcNR3Rat18EeUUrN9JcyIP+7ciCk9vWSZtCLyVBlzEYqJe -4k5qrj9QxFIfWzTFXgBf719exRUqPowL113C0ZpZ2TGZGGkNhX66miWGXINJ5yPH -fz97T65iB3Wb7sC97n1DrhVq6BZdvFOIBmh+8Hl81csrpoimSU7XMRZQaZWmoDRN -5JNEBI4i89vyx7x01MQhIvWkYjz0kBlGbNTcLvBmWwTPiqr2OEE5O0fGWAy0HhzY -xAvO/82c2mU3jfqtic3D1ywZyyfAdmizpUE7s5ANVdzb4qz7HUUSHUY/bF3QZ4l/ -nZEa6WLo/ynlNmzyIMiF -=+6en +iQIcBAEBCAAGBQJTUoSgAAoJEC7dUkA7aK9HLaMP+wbO0mW73nS3Q6BoGtq6CpNj +Yez/zXtx2fT7TEBK+TGgbKhgUFzY0dtDbM6CfbWXFkxdFPSlUUx5wen3xqe/8kzG +dcVqAzdykBtL6pKU0z9kOudv6eowmHBC+aCO7CHBBPUd7rSA0qn9TLfKd6SguIXR +ulP6mTfSY4hd2tZp8kB0NsDB1/lezn+icHYQhYbZe84j6/WtHrZxbbMmpXCYOaVR +y5OAcs4W9X4+YtAPbpgH11B60r2ABuhPJgLo0OmSV4zcbXXruEeB7NFWpsVp91YB +K+SGBnwnq9qoWkHNoHJxWXdBowETW6aWZ2keqCt8DdPR+yJenltJiNs+NwbcmtnE +5NIrZJRW7fRGX1n4TIyd29rRVyiQ1ZbnyAGm0WY5c7Iq2aLZulXMjiSrD/xBIwmn +9E5fGiqnwHOn+5e7qIy1qRY7F0qyFb8r4LjKY7CKOEvl0BDL5dCFdfAWN3U4dp/7 +Sh1r3wyLT399ieSnzUYdpsGlzK13N7udSfoVw6U1MsgY5/3IC8/akm5xwgO+ycXF +cwAwVWmG9YoYophLR0s2HTOacGuvtwr/1tBCp+JvgYrFVSzN535sDjlYjpuzE8Ui +hbI47ViPJjkUN3/KaUniFhxDdSPPicbgKpqn8/JlnJ8zDQda3NhJ30nOEsZ7ciph +KKBS+TW7epbUb/YgNobp +=1b1a -----END PGP SIGNATURE----- diff --git a/sec-policy/selinux-base/selinux-base-2.20140311-r2.ebuild b/sec-policy/selinux-base/selinux-base-2.20140311-r2.ebuild new file mode 100644 index 000000000000..07edac4da4a6 --- /dev/null +++ b/sec-policy/selinux-base/selinux-base-2.20140311-r2.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r2.ebuild,v 1.1 2014/04/19 14:12:55 swift Exp $ +EAPI="4" + +inherit eutils + +IUSE="+peer_perms +open_perms +ubac +unconfined doc" + +DESCRIPTION="Gentoo base policy for SELinux" +HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" +SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 + http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" +LICENSE="GPL-2" +SLOT="0" + +KEYWORDS="~amd64 ~x86" + +RDEPEND=">=sys-apps/policycoreutils-2.1.10 + virtual/udev + !<=sec-policy/selinux-base-policy-2.20130424" +DEPEND="${RDEPEND} + sys-devel/m4 + >=sys-apps/checkpolicy-2.1.8" + +S=${WORKDIR}/ + +src_prepare() { + # Apply the gentoo patches to the policy. These patches are only necessary + # for base policies, or for interface changes on modules. + EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ + EPATCH_SUFFIX="patch" \ + EPATCH_SOURCE="${WORKDIR}" \ + EPATCH_FORCE="yes" \ + epatch + + cd "${S}/refpolicy" + make bare + # Fix bug 257111 - Correct the initial sid for cron-started jobs in the + # system_r role + sed -i -e 's:system_crond_t:system_cronjob_t:g' \ + "${S}/refpolicy/config/appconfig-standard/default_contexts" + sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ + "${S}/refpolicy/config/appconfig-mls/default_contexts" + sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \ + "${S}/refpolicy/config/appconfig-mcs/default_contexts" + + epatch_user +} + +src_configure() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + # Update the SELinux refpolicy capabilities based on the users' USE flags. + + if ! use peer_perms; then + sed -i -e '/network_peer_controls/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use open_perms; then + sed -i -e '/open_perms/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use ubac; then + sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ + || die "Failed to disable User Based Access Control" + fi + + echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" + + # Prepare initial configuration + cd "${S}/refpolicy"; + make conf || die "Make conf failed" + + # Setup the policies based on the types delivered by the end user. + # These types can be "targeted", "strict", "mcs" and "mls". + for i in ${POLICY_TYPES}; do + cp -a "${S}/refpolicy" "${S}/${i}" + cd "${S}/${i}"; + + #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf" + sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" + + sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ + "${S}/${i}/build.conf" || die "build.conf setup failed." + + if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; + then + # MCS/MLS require additional settings + sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ + || die "failed to set type to mls" + fi + + if [ "${i}" == "targeted" ]; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-standard/seusers" \ + || die "targeted seusers setup failed." + fi + + if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-${i}/seusers" \ + || die "policy seusers setup failed." + fi + done +} + +src_compile() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + make base || die "${i} compile failed" + if use doc; then + make html || die + fi + done +} + +src_install() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + + make DESTDIR="${D}" install \ + || die "${i} install failed." + + make DESTDIR="${D}" install-headers \ + || die "${i} headers install failed." + + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" + + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" + + # libsemanage won't make this on its own + keepdir "/etc/selinux/${i}/policy" + + if use doc; then + dohtml doc/html/*; + fi + + insinto /usr/share/selinux/devel; + doins doc/policy.xml; + + done + + dodoc doc/Makefile.example doc/example.{te,fc,if} + + doman man/man8/*.8; + + insinto /etc/selinux + doins "${FILESDIR}/config" +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-2.20101213-r13" + previous_less_than_r13=$? +} |