From: "Sven Vermeulen (swift)" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base: selinux-base-9999.ebuild ChangeLog metadata.xml
Date: Tue, 4 Dec 2012 20:21:53 +0000 (UTC) [thread overview]
Message-ID: <20121204202153.EEFCF2171D@flycatcher.gentoo.org> (raw)
swift 12/12/04 20:21:53
Modified: selinux-base-9999.ebuild ChangeLog metadata.xml
Log:
Enable support for unconfined USE flag
(Portage version: 2.1.11.31/cvs/Linux x86_64, signed Manifest commit with key 0xCDBA2FDB)
Revision Changes Path
1.2 sec-policy/selinux-base/selinux-base-9999.ebuild
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild?r1=1.1&r2=1.2
Index: selinux-base-9999.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- selinux-base-9999.ebuild 13 Oct 2012 16:30:53 -0000 1.1
+++ selinux-base-9999.ebuild 4 Dec 2012 20:21:53 -0000 1.2
@@ -1,11 +1,11 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild,v 1.1 2012/10/13 16:30:53 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild,v 1.2 2012/12/04 20:21:53 swift Exp $
EAPI="4"
inherit eutils git-2
-IUSE="+peer_perms +open_perms +ubac doc"
+IUSE="+peer_perms +open_perms +ubac unconfined doc"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
@@ -63,13 +63,15 @@
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
+ # Prepare initial configuration
+ cd "${S}/refpolicy";
+ make conf || die "Make conf failed"
+
# Setup the policies based on the types delivered by the end user.
# These types can be "targeted", "strict", "mcs" and "mls".
for i in ${POLICY_TYPES}; do
cp -a "${S}/refpolicy" "${S}/${i}"
-
cd "${S}/${i}";
- make conf || die "Make conf in ${i} failed"
#cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
@@ -89,6 +91,12 @@
"${S}/${i}/config/appconfig-standard/seusers" \
|| die "targeted seusers setup failed."
fi
+
+ if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${i}/config/appconfig-${i}/seusers" \
+ || die "policy seusers setup failed."
+ fi
done
}
1.15 sec-policy/selinux-base/ChangeLog
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?rev=1.15&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?rev=1.15&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?r1=1.14&r2=1.15
Index: ChangeLog
===================================================================
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ChangeLog 3 Dec 2012 08:52:45 -0000 1.14
+++ ChangeLog 4 Dec 2012 20:21:53 -0000 1.15
@@ -1,6 +1,9 @@
# ChangeLog for sec-policy/selinux-base
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.14 2012/12/03 08:52:45 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.15 2012/12/04 20:21:53 swift Exp $
+
+ 04 Dec 2012; <swift@gentoo.org> selinux-base-9999.ebuild, metadata.xml:
+ Add in support for unconfined USE flag and fix #445978
*selinux-base-2.20120725-r8 (03 Dec 2012)
1.2 sec-policy/selinux-base/metadata.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/metadata.xml?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/metadata.xml?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/metadata.xml?r1=1.1&r2=1.2
Index: metadata.xml
===================================================================
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/metadata.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- metadata.xml 31 Mar 2012 12:29:14 -0000 1.1
+++ metadata.xml 4 Dec 2012 20:21:53 -0000 1.2
@@ -10,5 +10,6 @@
<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
<flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
+ <flag name='unconfined'>Enable support for the unconfined SELinux module</flag>
</use>
</pkgmetadata>
reply other threads:[~2012-12-04 20:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121204202153.EEFCF2171D@flycatcher.gentoo.org \
--to=swift@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox