[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-apache/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-apache/
@ 2012-04-22  8:32 Sven Vermeulen
  0 siblings, 0 replies; only message in thread
From: Sven Vermeulen @ 2012-04-22  8:32 UTC (permalink / raw
  To: gentoo-commits

commit:     4233933d27181a3953b38923a7a471f3941ae223
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Apr 22 08:31:52 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Apr 22 08:31:52 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=4233933d

Update on apache selinux policies, fix bug #411149

---
 sec-policy/selinux-apache/ChangeLog                |  159 ++++++++++++++++++++
 sec-policy/selinux-apache/metadata.xml             |    6 +
 .../selinux-apache-2.20120215-r1.ebuild            |   43 ++++++
 3 files changed, 208 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-apache/ChangeLog b/sec-policy/selinux-apache/ChangeLog
new file mode 100644
index 0000000..4a953a6
--- /dev/null
+++ b/sec-policy/selinux-apache/ChangeLog
@@ -0,0 +1,159 @@
+# ChangeLog for sec-policy/selinux-apache
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-apache/ChangeLog,v 1.32 2012/03/31 12:29:43 swift Exp $
+
+*selinux-apache-2.20120215-r1 (22 Apr 2012)
+
+  22 Apr 2012; <swift@gentoo.org> +selinux-apache-2.20120215-r1.ebuild,
+  +metadata.xml:
+  Introduce httpd_setrlimit (bug #411149)
+
+*selinux-apache-2.20120215 (31 Mar 2012)
+
+  31 Mar 2012; <swift@gentoo.org> +selinux-apache-2.20120215.ebuild:
+  Bumping to 2.20120215 policies
+
+  23 Feb 2012; <swift@gentoo.org> selinux-apache-2.20110726-r2.ebuild:
+  Stabilizing
+
+*selinux-apache-2.20110726-r2 (14 Jan 2012)
+
+  14 Jan 2012; <swift@gentoo.org> +selinux-apache-2.20110726-r2.ebuild:
+  Adding aggregated types for use by other web server domains
+
+  12 Nov 2011; <swift@gentoo.org> -selinux-apache-2.20101213-r1.ebuild:
+  Removing old policies
+
+  23 Oct 2011; <swift@gentoo.org> selinux-apache-2.20110726-r1.ebuild:
+  Stabilization (tracker #384231)
+
+*selinux-apache-2.20110726-r1 (28 Aug 2011)
+
+  28 Aug 2011; <swift@gentoo.org> +selinux-apache-2.20110726-r1.ebuild:
+  Updating policy builds to refpolicy 20110726
+
+  04 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+  -selinux-apache-2.20090730.ebuild, -selinux-apache-2.20091215.ebuild,
+  -selinux-apache-2.20101213.ebuild, -selinux-apache-20080525.ebuild:
+  Removed deprecated policies
+
+  02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+  selinux-apache-2.20101213-r1.ebuild:
+  Stable amd64 x86
+
+*selinux-apache-2.20101213-r1 (05 Feb 2011)
+*selinux-apache-2.20101213 (05 Feb 2011)
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-apache-2.20101213.ebuild, +selinux-apache-2.20101213-r1.ebuild:
+  New upstream policy.
+
+*selinux-apache-2.20091215 (16 Dec 2009)
+
+  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-2.20091215.ebuild:
+  New upstream release.
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-apache-20070329.ebuild, -selinux-apache-20070928.ebuild,
+  selinux-apache-20080525.ebuild:
+  Mark 20080525 stable, clear old ebuilds.
+
+*selinux-apache-2.20090730 (03 Aug 2009)
+
+  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-2.20090730.ebuild:
+  New upstream release.
+
+  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+  selinux-apache-20070329.ebuild, selinux-apache-20070928.ebuild,
+  selinux-apache-20080525.ebuild:
+  Drop alpha, mips, ppc, sparc selinux support.
+
+*selinux-apache-20080525 (25 May 2008)
+
+  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-20080525.ebuild:
+  New SVN snapshot.
+
+  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-apache-20040925.ebuild, -selinux-apache-20050211.ebuild,
+  -selinux-apache-20061114.ebuild:
+  Remove old ebuilds.
+
+  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
+  selinux-apache-20070928.ebuild:
+  Mark stable.
+
+*selinux-apache-20070928 (26 Nov 2007)
+
+  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-20070928.ebuild:
+  New SVN snapshot.
+
+  29 Aug 2007; Christian Heim <phreak@gentoo.org> metadata.xml:
+  Removing kaiowas from metadata due to his retirement (see #61930 for
+  reference).
+
+  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+  selinux-apache-20070329.ebuild:
+  Mark stable.
+
+*selinux-apache-20070329 (29 Mar 2007)
+
+  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-20070329.ebuild:
+  New SVN snapshot.
+
+  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
+  Redigest for Manifest2
+
+*selinux-apache-20061114 (15 Nov 2006)
+
+  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-20061114.ebuild:
+  New SVN snapshot.
+
+*selinux-apache-20061008 (09 Oct 2006)
+
+  09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-20061008.ebuild:
+  First mainstream reference policy testing release.
+
+  24 Feb 2005; petre rodan <kaiowas@gentoo.org>
+  selinux-apache-20050211.ebuild:
+  mark stable
+
+*selinux-apache-20050211 (11 Feb 2005)
+
+  11 Feb 2005; petre rodan <kaiowas@gentoo.org>
+  -selinux-apache-20040704.ebuild, +selinux-apache-20050211.ebuild:
+  added contexts needed by >=apache-2.0.52-r3 - bug 81365
+
+  23 Nov 2004; petre rodan <kaiowas@gentoo.org>
+  selinux-apache-20040925.ebuild:
+  mark stable
+
+*selinux-apache-20040925 (23 Oct 2004)
+
+  23 Oct 2004; petre rodan <kaiowas@gentoo.org> metadata.xml,
+  +selinux-apache-20040925.ebuild:
+  update needed by base-policy-20041023
+
+*selinux-apache-20040704 (04 Jul 2004)
+
+  04 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-20040704.ebuild:
+  Sysadmfile cleanup, and updates from #52730 and #55006.
+
+*selinux-apache-20040426 (26 Apr 2004)
+
+  26 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-apache-20040426.ebuild:
+  Fix for 2004.1
+
+*selinux-apache-20040103 (03 Jan 2004)
+
+  03 Jan 2004; Chris PeBenito <pebenito@gentoo.org> :
+  Initial commit.
+

diff --git a/sec-policy/selinux-apache/metadata.xml b/sec-policy/selinux-apache/metadata.xml
new file mode 100644
index 0000000..db28936
--- /dev/null
+++ b/sec-policy/selinux-apache/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>selinux</herd>
+	<longdescription>Gentoo SELinux policy for apache</longdescription>
+</pkgmetadata>

diff --git a/sec-policy/selinux-apache/selinux-apache-2.20120215-r1.ebuild b/sec-policy/selinux-apache/selinux-apache-2.20120215-r1.ebuild
new file mode 100644
index 0000000..ac9bd13
--- /dev/null
+++ b/sec-policy/selinux-apache/selinux-apache-2.20120215-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-apache/selinux-apache-2.20120215.ebuild,v 1.1 2012/03/31 12:29:43 swift Exp $
+IUSE="kerberos"
+MODS="apache"
+BASEPOL="2.20120215-r8"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for Apache HTTPD"
+DEPEND="${DEPEND}
+	kerberos? ( sec-policy/selinux-kerberos )"
+RDEPEND="${DEPEND}"
+
+KEYWORDS="~amd64 ~x86"
+S="${WORKDIR}/"
+
+src_unpack() {
+	selinux-policy-2_src_unpack
+	if ! use kerberos ; then
+		[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted mcs mls";
+		for i in ${POLICY_TYPES}; do
+			sed -i -e "/httpd_keytab_t/d" \
+				"${S}/${i}/apache.fc"
+		done
+	fi
+}
+
+pkg_postinst() {
+	selinux-policy-2_pkg_postinst
+	if use kerberos ; then
+		einfo "If you decide to uninstall Kerberos, you should clear the"
+		einfo "kerberos use flag here, and then emerge this module again."
+		einfo "Failure to do so may result in policy compile errors in the"
+		einfo "future."
+	else
+		einfo "If you install Kerberos later, you should set the kerberos"
+		einfo "use flag here, and then emerge this module again in order to"
+		einfo "get all of the relevant policy changes.  Failure to do so may"
+		einfo "result in errors authenticating against kerberos servers by"
+		einfo "Apache."
+	fi
+}



^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2012-04-22  8:32 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-22  8:32 [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-apache/ Sven Vermeulen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox