diff options
-rw-r--r-- | sec-policy/selinux-base-policy/ChangeLog | 6 | ||||
-rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 12 | ||||
-rw-r--r-- | sec-policy/selinux-base-policy/metadata.xml | 3 | ||||
-rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild | 22 | ||||
-rw-r--r-- | sec-policy/selinux-base/ChangeLog | 5 | ||||
-rw-r--r-- | sec-policy/selinux-base/Manifest | 12 | ||||
-rw-r--r-- | sec-policy/selinux-base/metadata.xml | 1 | ||||
-rw-r--r-- | sec-policy/selinux-base/selinux-base-9999.ebuild | 16 |
8 files changed, 44 insertions, 33 deletions
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog index 510497107fa4..e283d5ef1fe8 100644 --- a/sec-policy/selinux-base-policy/ChangeLog +++ b/sec-policy/selinux-base-policy/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for sec-policy/selinux-base-policy # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.115 2012/12/03 08:52:14 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.116 2012/12/04 20:21:53 swift Exp $ + + 04 Dec 2012; <swift@gentoo.org> selinux-base-policy-9999.ebuild, + metadata.xml: + Add in support for unconfined USE flag *selinux-base-policy-2.20120725-r8 (03 Dec 2012) diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index de8d428ad279..5a08c1c9e173 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -25,13 +25,13 @@ EBUILD selinux-base-policy-2.20120215-r9.ebuild 3823 SHA256 d06e5e77bbd9d16db74a EBUILD selinux-base-policy-2.20120725-r5.ebuild 3821 SHA256 0cf134d0dcebd4139f808bad2627f1c16959ef4199d05a177a31a967bc1e85c9 SHA512 c5609321c8be53cea48b43f34b637dde6a0daaf38a3f87fea71066778c224ffd5d549c7db2d29e01b2dd792aa6b37424b04a2915cda7434e5e5ad9cda89eeb52 WHIRLPOOL 14a72df7dc83b2405b9c8d96e7f48332663d2ace1e851c8bbac7fb76a278f5f2f23ce615b924632135850ac809a1c4dba32e1bfcbe08ba12e8fd7caa478b8820 EBUILD selinux-base-policy-2.20120725-r7.ebuild 3823 SHA256 fb9eb84a21543251a9249e76fe84461381d2d1af00afd6cd1fcf18f4b89dbcbe SHA512 a1d4ec29c1331be33bf451cf2e180aae8f478c7738a6d653c0bda01f7744bc405cb7818deaf3280b040a241cc0fa99bb1386f527592fe664d2d6fef98fb04439 WHIRLPOOL 4e510ef48009684917b90057efae5b6dc2bcad6905b3b629d7679eb7ea94651f5f6efc8810cb13797e6a73a0f814791c2553717790a262b2bd3de45f39a0bd8d EBUILD selinux-base-policy-2.20120725-r8.ebuild 3809 SHA256 e221daf9c41c50c5c662c98eae69ff46cc161e43d4aac209c32c1cf74ba300bd SHA512 a89c9b831d2b04376fd3ae0287a34d0c6ef284b6639a0500f639d13f8069437572a866054982aa3deb91c14babb81bbaee232888696cfbcd40745b5da3dfd6e7 WHIRLPOOL 24f1c9015b7b1001cc10ee2cb51e96117ace2478477d4f63bd296cb95f9b6d2fd1b9b2ec32b405304d78e9b489373ea5f2ad2193b77a274a51e03b8627a97c85 -EBUILD selinux-base-policy-9999.ebuild 3428 SHA256 88e3160b74a59434e54618f923263d9af44c032e4eadcc9dcbed13f6db3ea4fc SHA512 0a9240d7d7a25bc3103e8e53647b9d30e13eacae66a8d0f93eef716ce6fa1377eb799813209325eb90d723daa70346384e2474f5caf025947d2a59bf659575fe WHIRLPOOL 4d1f891f5d7913a8f68232c31dabbcf8c55987f046d35c430a9bb8f01b362e2d2c5b05d9ddca556599f32316986eb87c1ebcd50894fe811b60378916865f25c6 -MISC ChangeLog 26531 SHA256 26367e0ff826995b152b6e2cdd7ddbb4143e69f850674b1cf72a08676e2ede42 SHA512 0b4b2d5b3511775eadd5236e6373c5779624cc2bf850d3b6e2a8047d0a61f33825b395276bd5260e39356f19a545bbd546566fa7f9ab23147315c1a802be54f5 WHIRLPOOL d495554d1b5814652a47ebbb0b81c7a88d1c2e711dd3148d88900cced48f7581ccaf802db514d9f78a7bea234b3135dfd3252a31d51e82dd2ddb1b169919de31 -MISC metadata.xml 344 SHA256 c881a8c264aeaa91cbeda1ef927a354c07e2cf189794a5326c0aa7ee3af3e9f2 SHA512 bc1dc0dba1af6cedf35e02c93c5e7c51829708a5792c5ab277dbba8f8a530a3ac55690fe083270b3dfe1de4e342bb5f68d65b257e79e804ac2625ac13248216b WHIRLPOOL a4fc490bdcd3de93b646b4abd2023500a3cad93dffda81de9f589a63d14f00f834920dce7061dda39a8ca8c3b94bf3e36924d44004e9f138ed6437148007e84e +EBUILD selinux-base-policy-9999.ebuild 3206 SHA256 409a5385bfd12b6cb93b17030cd50ef20f2d99a3131146abf289c579deec83d6 SHA512 8227694374745fe8c9a5939e94230bace8b16fbb3eba2d3c5d5028fcb3bc1ad1341e997403e7f6657479ba85201ba780157a6d8b23c899beb47fcccec1ac2e98 WHIRLPOOL bffc5e7cf0b9ad9a1bc24560807b445e1857ac327c131fb71780470b4abed80e1a6232c51ef1241b87009e5afe10b88491cc46c4d7cf1421c21c0b9d06dc39b1 +MISC ChangeLog 26656 SHA256 480777bedc555a213fd901f12f6de66cedf3d1006855b1351c9e413eb695219d SHA512 6a953fb7b9d47e26a662f9cc1a1899e9d7b08219ca378d0c753df600d9d465efe47d67a4ecceda33cb4ab8bfdfdfa989376cb32c828e9636349c3f4d5ee9250d WHIRLPOOL fc3e1e5b2b4644914001080649e5797f85091ac958fa8843a415c49991637535817cde45a815812acd62cea0753156bff55346dabf0cfd3b908a0a39fe788001 +MISC metadata.xml 448 SHA256 4babd5e53785136aa79ee0737a89af1fc49c4fc144aba0f6163d6f85215f57e2 SHA512 7e747c9dbae3eaee62a284824a68039961264540e0633e617aaabaeef2e83f4623863d29ee26c2e4738ac706d3824914f530f8e2b990ac7f06aa8f6e4cae9964 WHIRLPOOL 733957f76ca89c6fdd08060a368048276247994db56cf8325e69b896a07dc5e576ca124f3190079b169ec078a2e69156d4b12e6c6cc94328248705779f357bc4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iEYEAREIAAYFAlC8aMIACgkQXfqz7M26L9vnvwCfbbkPM82GEdvQa8aL9BXuDEED -GIYAnRnZM9tTWiB/bsc2UuTGf4dQIhUm -=Y64j +iEYEAREIAAYFAlC+W2UACgkQXfqz7M26L9ug0ACeOe/Ta9/0Eer2RWHrHW6oC8jd +SKMAnRobelyAiGE1IO4qLfb4xbiAe+Wq +=ZCWS -----END PGP SIGNATURE----- diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml index 9f87a21d4a74..4adcb401b0bb 100644 --- a/sec-policy/selinux-base-policy/metadata.xml +++ b/sec-policy/selinux-base-policy/metadata.xml @@ -6,4 +6,7 @@ Gentoo SELinux base policy. This contains policy for a system at the end of system installation. There is no extra policy in this package. </longdescription> + <use> + <flag name='unconfined'>Enable support for the unconfined SELinux policy module</flag> + </use> </pkgmetadata> diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild index de6cc4601c29..728a75a5632a 100644 --- a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild +++ b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild,v 1.1 2012/10/13 16:30:52 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild,v 1.2 2012/12/04 20:21:53 swift Exp $ EAPI="4" inherit eutils git-2 @@ -8,16 +8,17 @@ inherit eutils git-2 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" DESCRIPTION="SELinux policy for core modules" -IUSE="" +IUSE="unconfined" BASEPOL="9999" -RDEPEND="=sec-policy/selinux-base-9999" +RDEPEND="=sec-policy/selinux-base-9999 + unconfined? ( sec-policy/selinux-unconfined )" DEPEND="" EGIT_REPO_URI="git://git.overlays.gentoo.org/proj/hardened-refpolicy.git" EGIT_SOURCEDIR="${WORKDIR}/refpolicy" KEYWORDS="" -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg unconfined" +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg" LICENSE="GPL-2" SLOT="0" S="${WORKDIR}/" @@ -92,19 +93,10 @@ pkg_postinst() { done for i in ${POLICY_TYPES}; do - local LOCCOMMAND - local LOCMODS - if [[ "${i}" != "targeted" ]]; then - LOCCOMMAND=$(echo "${COMMAND}" | sed -e 's:-i unconfined.pp::g'); - LOCMODS=$(echo "${MODS}" | sed -e 's: unconfined::g'); - else - LOCCOMMAND="${COMMAND}" - LOCMODS="${MODS}" - fi - einfo "Inserting the following modules, with base, into the $i module store: ${LOCMODS}" + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" - semodule -s ${i} -b base.pp ${LOCCOMMAND} || die "Failed to load in base and modules ${LOCMODS} in the $i policy store" + semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" done } diff --git a/sec-policy/selinux-base/ChangeLog b/sec-policy/selinux-base/ChangeLog index 4735246f4a7c..514a206d15c6 100644 --- a/sec-policy/selinux-base/ChangeLog +++ b/sec-policy/selinux-base/ChangeLog @@ -1,6 +1,9 @@ # ChangeLog for sec-policy/selinux-base # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.14 2012/12/03 08:52:45 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.15 2012/12/04 20:21:53 swift Exp $ + + 04 Dec 2012; <swift@gentoo.org> selinux-base-9999.ebuild, metadata.xml: + Add in support for unconfined USE flag and fix #445978 *selinux-base-2.20120725-r8 (03 Dec 2012) diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest index fc82c97e94fb..b67a525f9e2d 100644 --- a/sec-policy/selinux-base/Manifest +++ b/sec-policy/selinux-base/Manifest @@ -24,13 +24,13 @@ EBUILD selinux-base-2.20120215-r9.ebuild 4113 SHA256 968ca9bcc48ae94e40918d8b209 EBUILD selinux-base-2.20120725-r5.ebuild 4173 SHA256 02062d7c39a8ed31bdcb1c09c7e33d6936b576a5566bde72d578abf4ad20cc55 SHA512 985ff347466c528f56a7d73448cba0b9387cf0176226138e02dcc0006b009377cfaa2f3af052f2c0fd0451178cc019108c2c077fb87ca01b52674b245010031d WHIRLPOOL 5e72151af6ca890f72febc1b36b4e9c90295c17d8c434936ffcec38b8ce0dc98d972f439f44a0613cc2214c93cc7019e24c24a1ec17dd74cccbd1fd8ed01d9d6 EBUILD selinux-base-2.20120725-r7.ebuild 4175 SHA256 f2bebb81453d9b0d489a88a0f499a535f66d032a7258bb6d7a113b0cbc60fb06 SHA512 5f541fa6efa8f94af37e1729a24d4d3c144636d153c0ebb93827d2d119ae8fe831501c21a442746803916aa50c5db3671a16bd8b760ab6783c84773b09f72b2f WHIRLPOOL 5bb3a9d642b355dda9b5fc6f7659cf52cd8456d90cfebfb20305a044ed27a820d90814346e6601e2a17d7ae99bff94012ef657605b2c22bbf4522eb10a30e969 EBUILD selinux-base-2.20120725-r8.ebuild 4175 SHA256 d51b28c42bf98df0e74809df61d7c2e91fcb67cf154f3c508a924c6fe679d121 SHA512 6e3071e5b4889dd5dd3e73074b6146d009758ab589de00c63b9c9786904c1a13a63b7efd712e14ce3fb20a88f1a2d92001009a6b29a6ffe19efcbf3f14873ded WHIRLPOOL 08f590694c0a9b9837e27d68f760f1e802446ea02b198593b1bb3e93f6d4583daff42701daf782f858b0663d882229b5f0884b526f9d631037500aa8bc898d6f -EBUILD selinux-base-9999.ebuild 3852 SHA256 1b6f245f7f39f156183557ccc627de50ab0bdbd52d9853f5c426825d73b7c19c SHA512 d29b1fd27df8cce02478d2ac2211909e356f957f9db39988fe29dacc9821cbf84bb5398111710272bd4288ce77e53f32167b7b6d3ca14d0fe177a8bd16bb9aeb WHIRLPOOL a497cbc3a807cbc81eab2d071bbd9e98b38e46e7450e0e12c18c7d9d98b0b0af984a4f330bed12a68b4ffac488e6bb0abd1793393feb977c339194940de8f1b7 -MISC ChangeLog 2279 SHA256 48b0494052b8b78d36aa571f2fd7600c58910313c54319187aac36150d113d98 SHA512 2f5f6a300c7160e3801007633160a471337ca68d302d3947b9c584986ec6233d8605401ea334f03749f0e4580bb8afc6f74a3a1b8d55b4f09b190f283e3bdae1 WHIRLPOOL bd8d0f7f6d1668d09690df4a52a8ff073b4c2dcb1a4b3df345fcd5875bb4bb84ea2c1992efcc948055da3bc96a6beaa819212d8e089b8f80fe3d847413163859 -MISC metadata.xml 671 SHA256 c32ccc54ca7df400974a19ad14c093ea7b777f7a40467bdb672f441314122e55 SHA512 0011ad6f22f1fb582a1c5784214582f243dafac874a12f058cd646d6e4916b3e87ff2e80727edf53dffc2bb420f347db6ab9d6592bdf6676f896384259c97d69 WHIRLPOOL 47e9b391a3d23ec58b9a1f748dc51b8ec5c34843560ae6f70c827889c5d1341f95f07f2c4d0ed9c4c91137d77f164e8e509aca5f3f79dc9509fc6bbc5ab4130e +EBUILD selinux-base-9999.ebuild 4136 SHA256 e28d436b00d63115602a419e6741b50e26404a1b9337f7de0dd55861dbceaec2 SHA512 773f17b92e722c67612283a9528993dc107d9b734bbed681f694c036e339d768e0c579ffad32cc367cdb86896d120ac070f9e5dda7ca20133e6b18a2d09d88e1 WHIRLPOOL 5bb091846853111ad5e054099e9cada592704383fed86e067118749f93751912d24f115f633b0da5337f980c4225c331cb0ac479f15f01bdbee4ba6195d3faae +MISC ChangeLog 2411 SHA256 136f8cf8895958913b211119506014c18210b7cec2f3c157adb80d4a193bbee2 SHA512 2cb13ee19ac4df8cc5588a39434ad4138c4d2274147673f8c3b3f7f1ae14af75257f62b4b1959f5f30f0544660b032567c216479921ed99600988f9e525aa0e1 WHIRLPOOL e7b6df497f431bcf01e52c04b2482c714d85325942fee0efd6786ef77709ea952597cc2fe17aa111282b5b0e443f37ff0087edc48af8f79faac14511f8d35794 +MISC metadata.xml 753 SHA256 2542c8e9c994b3b2699d601ba980a8daef2288b5ad199867764f607978ddee67 SHA512 d5e803494fe0831fdddada0f1f464c941d93896afa19d9d1005daa8a4ebea7b20f905e6d0d89dd10ff1aceaee0c7c41c190f16b68bf4466c0f75d3a6110b8df0 WHIRLPOOL cd2535802ffacbdae1ff1787aa203311330202cb08df488dae59b178b102b818766d2320fe62de3cf7710047e8cafa6a41963381655d9fd5fb4c75a232decd52 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iEYEAREIAAYFAlC8aMIACgkQXfqz7M26L9vPnwCcDPP301fYwcGEW0wkt/VESl2J -FZEAnRXMJSnRhLQG+6/q7vy2Nup1wYrr -=3IuG +iEYEAREIAAYFAlC+W2UACgkQXfqz7M26L9vmLwCfcFdMQr/TuMPWQ+r3VsyVmw0K +Wq4AniYgrZUbAkmJaSIQhIlCsmbdtLPe +=KY45 -----END PGP SIGNATURE----- diff --git a/sec-policy/selinux-base/metadata.xml b/sec-policy/selinux-base/metadata.xml index 393f3bb02965..39f241587154 100644 --- a/sec-policy/selinux-base/metadata.xml +++ b/sec-policy/selinux-base/metadata.xml @@ -10,5 +10,6 @@ <flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag> <flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag> <flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag> + <flag name='unconfined'>Enable support for the unconfined SELinux module</flag> </use> </pkgmetadata> diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild index c2c7084df1e9..d760869d5258 100644 --- a/sec-policy/selinux-base/selinux-base-9999.ebuild +++ b/sec-policy/selinux-base/selinux-base-9999.ebuild @@ -1,11 +1,11 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild,v 1.1 2012/10/13 16:30:53 swift Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild,v 1.2 2012/12/04 20:21:53 swift Exp $ EAPI="4" inherit eutils git-2 -IUSE="+peer_perms +open_perms +ubac doc" +IUSE="+peer_perms +open_perms +ubac unconfined doc" DESCRIPTION="Gentoo base policy for SELinux" HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" @@ -63,13 +63,15 @@ src_configure() { echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" + # Prepare initial configuration + cd "${S}/refpolicy"; + make conf || die "Make conf failed" + # Setup the policies based on the types delivered by the end user. # These types can be "targeted", "strict", "mcs" and "mls". for i in ${POLICY_TYPES}; do cp -a "${S}/refpolicy" "${S}/${i}" - cd "${S}/${i}"; - make conf || die "Make conf in ${i} failed" #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf" sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" @@ -89,6 +91,12 @@ src_configure() { "${S}/${i}/config/appconfig-standard/seusers" \ || die "targeted seusers setup failed." fi + + if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-${i}/seusers" \ + || die "policy seusers setup failed." + fi done } |