[gentoo-commits] repo/gentoo:master commit in: sec-policy/selinux-base/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sec-policy/selinux-base/
Date: Sat, 21 Dec 2019 14:11:17 +0000 (UTC)	[thread overview]
Message-ID: <1576936844.da8b7c85dee97c773d1595d2f4e41e4426ca8b13.perfinion@gentoo> (raw)

commit:     da8b7c85dee97c773d1595d2f4e41e4426ca8b13
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 16 12:23:23 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Dec 21 14:00:44 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da8b7c85

sec-policy/selinux-base: Add unknown-perms policy capability

Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 sec-policy/selinux-base/metadata.xml             |  1 +
 sec-policy/selinux-base/selinux-base-9999.ebuild | 15 ++++++---------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/sec-policy/selinux-base/metadata.xml b/sec-policy/selinux-base/metadata.xml
index 16f3d9c00e6..cf565be6f04 100644
--- a/sec-policy/selinux-base/metadata.xml
+++ b/sec-policy/selinux-base/metadata.xml
@@ -14,5 +14,6 @@
 		<flag name="open_perms">Enable the open permissions for file object classes (SELinux policy capability).</flag>
 		<flag name="ubac">Enable User Based Access Control (UBAC) in the SELinux policy</flag>
 		<flag name="unconfined">Enable support for the unconfined SELinux module</flag>
+		<flag name="unknown-perms">Default allow unknown classes in kernels newer than the policy (SELinux policy capability).</flag>
 	</use>
 </pkgmetadata>

diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild
index 16ee9f2b2ab..5342853efec 100644
--- a/sec-policy/selinux-base/selinux-base-9999.ebuild
+++ b/sec-policy/selinux-base/selinux-base-9999.ebuild
@@ -16,7 +16,7 @@ else
 	KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
 fi
 
-IUSE="doc +open_perms +peer_perms systemd +ubac +unconfined"
+IUSE="doc +unknown-perms systemd +ubac +unconfined"
 
 DESCRIPTION="Gentoo base policy for SELinux"
 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
@@ -48,14 +48,11 @@ src_configure() {
 
 	# Update the SELinux refpolicy capabilities based on the users' USE flags.
 
-	if ! use peer_perms; then
-		sed -i -e '/network_peer_controls/d' \
-			"${S}/refpolicy/policy/policy_capabilities" || die
-	fi
-
-	if ! use open_perms; then
-		sed -i -e '/open_perms/d' \
-			"${S}/refpolicy/policy/policy_capabilities" || die
+	if use unknown-perms; then
+		sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
+			|| die "Failed to allow Unknown Permissions Handling"
+		sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
+			|| die "Failed to allow Unknown Permissions Handling"
 	fi
 
 	if ! use ubac; then

next             reply	other threads:[~2019-12-21 14:11 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-21 14:11 Jason Zaman [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-07-19 19:50 [gentoo-commits] repo/gentoo:master commit in: sec-policy/selinux-base/ Jakov Smolić
2024-07-08 13:33 Kenton Groombridge
2023-03-31 18:23 Kenton Groombridge
2022-09-07  7:52 Michał Górny
2021-11-02 14:50 Sam James
2020-11-03  5:28 Jason Zaman
2019-04-20  8:24 Jason Zaman
2018-07-12 15:30 Jason Zaman
2018-07-12 15:30 Jason Zaman
2018-02-18 17:16 Patrice Clement
2018-01-18 17:47 Sven Vermeulen
2017-08-27 14:58 Jason Zaman
2016-12-11 20:01 Jason Zaman
2016-06-05  8:48 Sven Vermeulen
2016-03-23 22:37 Jason Zaman
2016-02-18 19:57 Mike Frysinger
2015-10-26  5:52 Jason Zaman
2015-09-09 13:48 Jason Zaman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:16f3d9c00e dfblob:cf565be6f0 dfblob:16ee9f2b2a
dfblob:5342853efe )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: sec-policy/selinux-base/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1576936844.da8b7c85dee97c773d1595d2f4e41e4426ca8b13.perfinion@gentoo \
    --to=perfinion@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox