From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 0A4C01384C0 for ; Sun, 30 Aug 2015 08:36:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4008B141CD; Sun, 30 Aug 2015 08:36:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BF537141CD for ; Sun, 30 Aug 2015 08:36:31 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C05A2340909 for ; Sun, 30 Aug 2015 08:36:30 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 35142153 for ; Sun, 30 Aug 2015 08:36:28 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1440923664.8f2aa45db35bbf3a74f8db09ece9edac60e79ee4.swift@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: eclass/ X-VCS-Repository: repo/gentoo X-VCS-Files: eclass/selinux-policy-2.eclass X-VCS-Directories: eclass/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 8f2aa45db35bbf3a74f8db09ece9edac60e79ee4 X-VCS-Branch: master Date: Sun, 30 Aug 2015 08:36:28 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 26f98a2c-7e1d-4353-945f-663f19292d6d X-Archives-Hash: e244a3aec0f4c3fb0dd26bd9397c2967 commit: 8f2aa45db35bbf3a74f8db09ece9edac60e79ee4 Author: Sven Vermeulen gentoo org> AuthorDate: Sun Aug 30 08:34:24 2015 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Sun Aug 30 08:34:24 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f2aa45d selinux-policy-2.eclass: Enable CIL support Recent SELinux userspace supports a new intermediate policy language called CIL. This enables using .cil files in our policy ebuilds. Gentoo-Bug: 558958 eclass/selinux-policy-2.eclass | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass index d582b2d..92f2f82 100644 --- a/eclass/selinux-policy-2.eclass +++ b/eclass/selinux-policy-2.eclass @@ -198,6 +198,7 @@ selinux-policy-2_src_prepare() { for i in ${MODS}; do modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.cil) $modfiles" if [ ${add_interfaces} -eq 1 ]; then modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.if) $modfiles" @@ -239,7 +240,7 @@ selinux-policy-2_src_compile() { # @FUNCTION: selinux-policy-2_src_install # @DESCRIPTION: -# Install the built .pp files in the correct subdirectory within +# Install the built .pp (or copied .cil) files in the correct subdirectory within # /usr/share/selinux. selinux-policy-2_src_install() { local BASEDIR="/usr/share/selinux" @@ -248,7 +249,11 @@ selinux-policy-2_src_install() { for j in ${MODS}; do einfo "Installing ${i} ${j} policy package" insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + if [ -f "${S}/${i}/${j}.pp" ] ; then + doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + elif [ -f "${S}/${i}/${j}.cil" ] ; then + doins "${S}"/${i}/${j}.cil || die "Failed to add ${j}.cil to ${i}" + fi if [[ "${POLICY_FILES[@]}" == *"${j}.if"* ]]; then @@ -261,14 +266,11 @@ selinux-policy-2_src_install() { # @FUNCTION: selinux-policy-2_pkg_postinst # @DESCRIPTION: -# Install the built .pp files in the SELinux policy stores, effectively +# Install the built .pp (or copied .cil) files in the SELinux policy stores, effectively # activating the policy on the system. selinux-policy-2_pkg_postinst() { # build up the command in the case of multiple modules local COMMAND - for i in ${MODS}; do - COMMAND="-i ${i}.pp ${COMMAND}" - done for i in ${POLICY_TYPES}; do if [ "${i}" == "strict" ] && [ "${MODS}" = "unconfined" ]; @@ -279,7 +281,14 @@ selinux-policy-2_pkg_postinst() { einfo "Inserting the following modules into the $i module store: ${MODS}" cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" - semodule -s ${i} ${COMMAND} + for j in ${MODS} ; do + if [ -f "${j}.pp" ] ; then + COMMAND="${j}.pp ${COMMAND}" + elif [ -f "${j}.cil" ] ; then + COMMAND="${j}.cil ${COMMAND}" + fi + done + semodule -s ${i} -i ${COMMAND} if [ $? -ne 0 ]; then ewarn "SELinux module load failed. Trying full reload..."; @@ -313,6 +322,7 @@ selinux-policy-2_pkg_postinst() { else einfo "SELinux modules loaded succesfully." fi + COMMAND=""; done # Relabel depending packages