summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Zaman <perfinion@gentoo.org>2015-11-22 18:35:55 +0800
committerJason Zaman <perfinion@gentoo.org>2015-11-22 18:38:01 +0800
commit1500c659df3a34eecf3194291157d1669107dc00 (patch)
treed23e63c684da46cfb5f3426e007edafd9d5ed49d /sec-policy/selinux-base-policy
parentdev-python/pyflakes: bump -> vn. 1.0.0 (diff)
downloadgentoo-1500c659df3a34eecf3194291157d1669107dc00.tar.gz
gentoo-1500c659df3a34eecf3194291157d1669107dc00.tar.bz2
gentoo-1500c659df3a34eecf3194291157d1669107dc00.zip
sec-policy: Release of SELinux policies 2.20141203-r10
Package-Manager: portage-2.2.20.1
Diffstat (limited to 'sec-policy/selinux-base-policy')
-rw-r--r--sec-policy/selinux-base-policy/Manifest1
-rw-r--r--sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r10.ebuild143
2 files changed, 144 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 91d204b0021a..0d55454c8f8d 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -2,6 +2,7 @@ DIST patchbundle-selinux-base-policy-2.20140311-r5.tar.bz2 274187 SHA256 5ce76d5
DIST patchbundle-selinux-base-policy-2.20140311-r6.tar.bz2 281043 SHA256 7fbfb518731c6bce8a3937e7dbabeaf0d39059423f5930731034363862bf9a25 SHA512 6b8bfbb3ee9e9d229ac0fa7e80905300c24f4934fb2f150ba52f45e76a3f1e8b51c788136ea32a2b044a00c614a96538aad9d3ff7300735dae228861ab5aed6f WHIRLPOOL 9da1fb97b7a1c8f5990748695c1393d0d0c7c6bcd6acbb974653ee83df00d911b70b4f9544a9e4b3014b9f78f69745a17a5c7fa02859985b611ec4636b473981
DIST patchbundle-selinux-base-policy-2.20140311-r7.tar.bz2 285346 SHA256 8e216867cc5ec2c513ae81d04e637021b4eda9bbd0fafab0c7f61f087776c33c SHA512 01d30c38dba876136d61452a890adbbe0301fb990b65b0a15086f1c8f14df4f96faf57bee8fd1328147458e5a7e96f972792c26ef971924c0fc74cf644d4b644 WHIRLPOOL ec03df417b73d52a19809a2e7417b05b11880517e4bc5093725a8172177943f3fa526eb32222f41c3aed5ec5ba3d57fb5af2ed19a32af1c37529864d30afd68b
DIST patchbundle-selinux-base-policy-2.20141203-r1.tar.bz2 264038 SHA256 0fb0ff62bf3abc2294db83d35d22220c5d86384e38332e4458fb38f88ce1538c SHA512 a9ac284c999b15f9f825761a5d59968337cac5990250d9ce46fc79a870ed14534f61b0d454866ea9296d134adb3e38634b02c0e9d70f69a657da4c11b6aeee38 WHIRLPOOL 389d5fd4feecc74c9a231c98a9bf497491e3e5c19a54f5b8ef68d050d95aeca7e6dd0853655212989b7239271be51cf2c4c3e19ac3db54cec229d802df95cbb5
+DIST patchbundle-selinux-base-policy-2.20141203-r10.tar.bz2 311358 SHA256 0b8275a8b1d0b6813d7d4c0cd353d11250bc7c9db8511bbf4697a6e693022f57 SHA512 76a41ea273833fd55cbe911b4d0afb7038948d37bd313939dcb23dc75159b8d494ebd687184f7099b6274c0f8de25d64970695e6cb96e2708049f0f5110d48e0 WHIRLPOOL d1e603009276306c24b9cdab40de81ddbbf6707afb44a08047e1d2f852b1f26ffdbd4551514718ab76462fb8ad87f04bc4b36150b7b32f7f09d60808904dd574
DIST patchbundle-selinux-base-policy-2.20141203-r2.tar.bz2 268395 SHA256 60f5fbb2402f12b4c4aca89b134ee0dd4c88a1812208d765b601b23e025f7cfe SHA512 0a6d7a61ae259f6b4b9210c0b509a2b25581674b0d07e0fa8f2eff151f1e8bf084cae7a8928ede6e4358da661290940b8390a2cb6f5c6ababc021de4f6b445b9 WHIRLPOOL 6341b3c04aa547256f3128826fffe777c4ac2d7f6f916d6e7a7f2e976b18a903786116743a26f43602c707310662c445564ffdaa173b2c2cd9e48f4173c367a1
DIST patchbundle-selinux-base-policy-2.20141203-r3.tar.bz2 269940 SHA256 c1d507c21b02ab510e8fbe1eeb799ad1e9604ad611759c13df6c15ddc9480ed8 SHA512 694a1cf95d4fe5c686e6e8ddae56f591d85fd334f896352b11b2bf24b2e95be8eaf32d6aee9a3410c25e613efa6fe18e485cfe836a2a6dadb5f01c8118b42a45 WHIRLPOOL 8061b6e5dd5f1d0602b66fdf31f2c3c02de02bad73f213ad24d0be8d62a7dc4b8d35cb0780b4a1ee76ecded737d9eed3e41f6d51c24d885d3cac63591930ce96
DIST patchbundle-selinux-base-policy-2.20141203-r4.tar.bz2 271374 SHA256 7229f0f5a299fc31b693f603cb265697ecf02afb843aba74f96d8afb208dd9c9 SHA512 41379568855b820a72a1d8e7fb8114464573974d98b98ae9107649ed625d6fc8c045dc6714ee51d6db72473a76c99511ee23e6d0a9bd56a19ebbaa1fa13e55a8 WHIRLPOOL 563020e4d38817d875d7a8b98f670cff68d86fdfe89945b87943c8b48d106a58d269822a60640fcc76f51bad207b8b61839b2cdbb1405ab5f49332516c9faa1d
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r10.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r10.ebuild
new file mode 100644
index 000000000000..a23b7c25de15
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r10.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+EAPI="5"
+
+inherit eutils
+
+if [[ ${PV} == 9999* ]]; then
+ EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+ EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+ EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+ inherit git-r3
+
+ KEYWORDS=""
+else
+ SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
+ https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
+ KEYWORDS="~amd64 ~x86"
+fi
+
+HOMEPAGE="https://www.gentoo.org/proj/en/hardened/selinux/"
+DESCRIPTION="SELinux policy for core modules"
+
+IUSE="+unconfined"
+
+RDEPEND="=sec-policy/selinux-base-${PVR}"
+PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
+DEPEND=""
+
+MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+
+# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
+# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
+# added) needs to remain then.
+
+pkg_pretend() {
+ for i in ${POLICY_TYPES}; do
+ if [[ "${i}" == "targeted" ]] && ! use unconfined; then
+ die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
+ fi
+ done
+}
+
+src_prepare() {
+ local modfiles
+
+ if [[ ${PV} != 9999* ]]; then
+ # Patch the source with the base patchbundle
+ cd "${S}"
+ EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
+ EPATCH_SUFFIX="patch" \
+ EPATCH_SOURCE="${WORKDIR}" \
+ EPATCH_FORCE="yes" \
+ epatch
+ fi
+
+ # Apply the additional patches refered to by the module ebuild.
+ # But first some magic to differentiate between bash arrays and strings
+ if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
+ then
+ cd "${S}/refpolicy/policy/modules"
+ for POLPATCH in "${POLICY_PATCH[@]}";
+ do
+ epatch "${POLPATCH}"
+ done
+ else
+ if [[ -n ${POLICY_PATCH} ]];
+ then
+ cd "${S}/refpolicy/policy/modules"
+ for POLPATCH in ${POLICY_PATCH};
+ do
+ epatch "${POLPATCH}"
+ done
+ fi
+ fi
+
+ # Calling user patches
+ epatch_user
+
+ # Collect only those files needed for this particular module
+ for i in ${MODS}; do
+ modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
+ modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+ done
+
+ for i in ${POLICY_TYPES}; do
+ mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
+ cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
+ || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
+
+ cp ${modfiles} "${S}"/${i} \
+ || die "Failed to copy the module files to ${S}/${i}"
+ done
+}
+
+src_compile() {
+ for i in ${POLICY_TYPES}; do
+ emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+ done
+}
+
+src_install() {
+ local BASEDIR="/usr/share/selinux"
+
+ for i in ${POLICY_TYPES}; do
+ for j in ${MODS}; do
+ einfo "Installing ${i} ${j} policy package"
+ insinto ${BASEDIR}/${i}
+ doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
+ done
+ done
+}
+
+pkg_postinst() {
+ # Override the command from the eclass, we need to load in base as well here
+ local COMMAND
+ for i in ${MODS}; do
+ COMMAND="-i ${i}.pp ${COMMAND}"
+ done
+
+ for i in ${POLICY_TYPES}; do
+ einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
+
+ cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
+
+ semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
+ done
+
+ # Relabel depending packages
+ local PKGSET="";
+ if [ -x /usr/bin/qdepends ] ; then
+ PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ elif [ -x /usr/bin/equery ] ; then
+ PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ fi
+ if [ -n "${PKGSET}" ] ; then
+ rlpkg ${PKGSET};
+ fi
+}