From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PvYKH-0006Lg-Kw for garchives@archives.gentoo.org; Fri, 04 Mar 2011 16:58:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4381F1C008; Fri, 4 Mar 2011 16:57:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id D2ECB1C008 for ; Fri, 4 Mar 2011 16:57:53 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D4E7D1B423E for ; Fri, 4 Mar 2011 16:57:52 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id 4C1658006A for ; Fri, 4 Mar 2011 16:57:52 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <4f54e3772da70eb99c6d9dd228b0998109d26786.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-sasl/files/, sec-policy/selinux-postfix/files/, ... X-VCS-Repository: proj/hardened-dev X-VCS-Files: sec-policy/selinux-base-policy/ChangeLog sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2 sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r10.ebuild sec-policy/selinux-courier-imap/ChangeLog sec-policy/selinux-courier-imap/metadata.xml sec-policy/selinux-courier-imap/selinux-courier-imap-2.20101213-r1.ebuild sec-policy/selinux-courier/ChangeLog sec-policy/selinux-courier/files/fix-services-courier-r1.patch sec-policy/selinux-courier/metadata.xml sec-policy/selinux-courier/selinux-courier-2.20101213-r1.ebuild sec-policy/selinux-postfix/ChangeLog sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch sec-policy/selinux-postfix/metadata.xml sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebuild sec-policy/selinux-sasl/ChangeLog sec-policy/selinux-sasl/files/fix-services-sasl-r1.patch sec-policy/selinux-sasl/metadata.xml sec-policy/selinux-sasl/selinux-sasl-2.20101213-r1.ebuild X-VCS-Directories: sec-policy/selinux-sasl/files/ sec-policy/selinux-postfix/files/ sec-policy/selinux-courier/ sec-policy/selinux-base-policy/ sec-policy/selinux-sasl/ sec-policy/selinux-courier/files/ sec-policy/selinux-postfix/ sec-policy/selinux-courier-imap/ sec-policy/selinux-base-policy/files/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 4f54e3772da70eb99c6d9dd228b0998109d26786 Date: Fri, 4 Mar 2011 16:57:52 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 245f56c400184af6c45e1ff25b948150 commit: 4f54e3772da70eb99c6d9dd228b0998109d26786 Author: Sven Vermeulen siphos be> AuthorDate: Fri Mar 4 16:57:47 2011 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Fri Mar 4 16:57:47 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-dev.= git;a=3Dcommit;h=3D4f54e377 Add ebuilds for various servers + fixes --- sec-policy/selinux-base-policy/ChangeLog | 7 + ...ndle-selinux-base-policy-2.20101213-r10.tar.bz2 | Bin 0 -> 9480 byte= s .../selinux-base-policy-2.20101213-r10.ebuild | 117 +++++++++++++ sec-policy/selinux-courier-imap/ChangeLog | 173 ++++++++++++++= ++++++ sec-policy/selinux-courier-imap/metadata.xml | 6 + .../selinux-courier-imap-2.20101213-r1.ebuild | 14 ++ sec-policy/selinux-courier/ChangeLog | 173 ++++++++++++++= ++++++ .../files/fix-services-courier-r1.patch | 48 ++++++ sec-policy/selinux-courier/metadata.xml | 6 + .../selinux-courier-2.20101213-r1.ebuild | 17 ++ sec-policy/selinux-postfix/ChangeLog | 173 ++++++++++++++= ++++++ .../files/fix-services-postfix-r1.patch | 63 +++++++ sec-policy/selinux-postfix/metadata.xml | 6 + .../selinux-postfix-2.20101213-r1.ebuild | 14 ++ sec-policy/selinux-sasl/ChangeLog | 16 ++ .../selinux-sasl/files/fix-services-sasl-r1.patch | 9 + sec-policy/selinux-sasl/metadata.xml | 6 + .../selinux-sasl/selinux-sasl-2.20101213-r1.ebuild | 14 ++ 18 files changed, 862 insertions(+), 0 deletions(-) diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinu= x-base-policy/ChangeLog index 1cb28da..fdeefb6 100644 --- a/sec-policy/selinux-base-policy/ChangeLog +++ b/sec-policy/selinux-base-policy/ChangeLog @@ -2,6 +2,13 @@ # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/Change= Log,v 1.70 2011/02/05 12:20:41 blueness Exp $ =20 +*selinux-base-policy-2.20101213-r10 (04 Mar 2011) + + 04 Mar 2011; + +selinux-base-policy-2.20101213-r10.ebuild, + +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2: + Support courier and support python wrapper scripts + *selinux-base-policy-2.20101213-r9 (02 Mar 2011) =20 02 Mar 2011; -selinux-base-policy-2.20101213-r8.ebu= ild, diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-bas= e-policy-2.20101213-r10.tar.bz2 b/sec-policy/selinux-base-policy/files/pa= tchbundle-selinux-base-policy-2.20101213-r10.tar.bz2 new file mode 100644 index 0000000..65f8255 Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbu= ndle-selinux-base-policy-2.20101213-r10.tar.bz2 differ diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.2010121= 3-r10.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101= 213-r10.ebuild new file mode 100644 index 0000000..82bb153 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r10.e= build @@ -0,0 +1,117 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinu= x-base-policy-2.20101213-r7.ebuild,v 1.1 2011/02/05 12:07:06 blueness Exp= $ + +EAPI=3D"1" +IUSE=3D"+peer_perms open_perms" + +inherit eutils + +PATCHBUNDLE=3D"${FILESDIR}/patchbundle-${PF}.tar.bz2" +DESCRIPTION=3D"Gentoo base policy for SELinux" +HOMEPAGE=3D"http://www.gentoo.org/proj/en/hardened/selinux/" +SRC_URI=3D"http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2= " +LICENSE=3D"GPL-2" +SLOT=3D"0" + +KEYWORDS=3D"~amd64 ~x86" + +RDEPEND=3D">=3Dsys-apps/policycoreutils-1.30.30 + >=3Dsys-fs/udev-151" +DEPEND=3D"${RDEPEND} + sys-devel/m4 + >=3Dsys-apps/checkpolicy-1.30.12" + +S=3D${WORKDIR}/ + +src_unpack() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + MOD_CONF_VER=3D"20090730" + + unpack ${A} + + cd "${S}" + epatch "${PATCHBUNDLE}" + cd "${S}/refpolicy" + # Fix bug 257111 + sed -i -e 's:system_crond_t:system_cronjob_t:g' \ + "${S}/refpolicy/config/appconfig-standard/default_contexts" + + if ! use peer_perms; then + sed -i -e '/network_peer_controls/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use open_perms; then + sed -i -e '/open_perms/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + for i in ${POLICY_TYPES}; do + cp -a "${S}/refpolicy" "${S}/${i}" + + cd "${S}/${i}"; + make conf || die "${i} reconfiguration failed" + + cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \ + "${S}/${i}/policy/modules.conf" \ + || die "failed to set up modules.conf" + sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \ + -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \ + || die "build.conf setup failed." + + echo "DISTRO =3D gentoo" >> "${S}/${i}/build.conf" + + if [ "${i}" =3D=3D "targeted" ]; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-standard/seusers" \ + || die "targeted seusers setup failed." + fi + done +} + +src_compile() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + make base || die "${i} compile failed" + done +} + +src_install() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + + make DESTDIR=3D"${D}" install \ + || die "${i} install failed." + + make DESTDIR=3D"${D}" install-headers \ + || die "${i} headers install failed." + + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" + + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable= _types" + + # libsemanage won't make this on its own + keepdir "/etc/selinux/${i}/policy" + done + + dodoc doc/Makefile.example doc/example.{te,fc,if} + + insinto /etc/selinux + doins "${FILESDIR}/config" +} + +pkg_postinst() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + + for i in ${POLICY_TYPES}; do + einfo "Inserting base module into ${i} module store." + + cd "/usr/share/selinux/${i}" + semodule -s "${i}" -b base.pp + done +} diff --git a/sec-policy/selinux-courier-imap/ChangeLog b/sec-policy/selin= ux-courier-imap/ChangeLog new file mode 100644 index 0000000..d060338 --- /dev/null +++ b/sec-policy/selinux-courier-imap/ChangeLog @@ -0,0 +1,173 @@ +# ChangeLog for sec-policy/selinux-courier-imap +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-courier-imap/Chang= eLog,v 1.31 2011/02/05 12:07:11 blueness Exp $ + +*selinux-courier-imap-2.20101213-r1 (04 Mar 2011) + + 04 Mar 2011; + +selinux-courier-imap-2.20101213-r1.ebuild, +metadata.xml: + Migrate towards selinux-courier + +*selinux-courier-imap-2.20101213 (05 Feb 2011) + + 05 Feb 2011; Anthony G. Basile + +selinux-courier-imap-2.20101213.ebuild: + New upstream policy. + +*selinux-courier-imap-2.20091215 (16 Dec 2009) + + 16 Dec 2009; Chris PeBenito + +selinux-courier-imap-2.20091215.ebuild: + New upstream release. + + 14 Aug 2009; Chris PeBenito + -selinux-courier-imap-20070329.ebuild, + -selinux-courier-imap-20070928.ebuild, + selinux-courier-imap-20080525.ebuild: + Mark 20080525 stable, clear old ebuilds. + +*selinux-courier-imap-2.20090730 (03 Aug 2009) + + 03 Aug 2009; Chris PeBenito + +selinux-courier-imap-2.20090730.ebuild: + New upstream release. + + 18 Jul 2009; Chris PeBenito + selinux-courier-imap-20070329.ebuild, + selinux-courier-imap-20070928.ebuild, + selinux-courier-imap-20080525.ebuild: + Drop alpha, mips, ppc, sparc selinux support. + +*selinux-courier-imap-20080525 (25 May 2008) + + 25 May 2008; Chris PeBenito + +selinux-courier-imap-20080525.ebuild: + New SVN snapshot. + + 16 Mar 2008; Chris PeBenito + -selinux-courier-imap-20050417.ebuild, + -selinux-courier-imap-20050607.ebuild, + -selinux-courier-imap-20050628.ebuild, + -selinux-courier-imap-20061114.ebuild: + Remove old ebuilds. + + 03 Feb 2008; Chris PeBenito + selinux-courier-imap-20070928.ebuild: + Mark stable. + +*selinux-courier-imap-20070928 (26 Nov 2007) + + 26 Nov 2007; Chris PeBenito + +selinux-courier-imap-20070928.ebuild: + New SVN snapshot. + + 29 Aug 2007; Christian Heim metadata.xml: + Removing kaiowas from metadata due to his retirement (see #61930 for + reference). + + 04 Jun 2007; Chris PeBenito + selinux-courier-imap-20070329.ebuild: + Mark stable. + +*selinux-courier-imap-20070329 (29 Mar 2007) + + 29 Mar 2007; Chris PeBenito + +selinux-courier-imap-20070329.ebuild: + New SVN snapshot. + + 22 Feb 2007; Markus Ullmann ChangeLog: + Redigest for Manifest2 + +*selinux-courier-imap-20061114 (15 Nov 2006) + + 15 Nov 2006; Chris PeBenito + +selinux-courier-imap-20061114.ebuild: + New SVN snapshot. + +*selinux-courier-imap-20061008 (10 Oct 2006) + + 10 Oct 2006; Chris PeBenito + +selinux-courier-imap-20061008.ebuild: + First mainstream reference policy testing release. + + 29 Jun 2005; petre rodan + selinux-courier-imap-20050628.ebuild: + mark stable + +*selinux-courier-imap-20050628 (28 Jun 2005) + + 28 Jun 2005; petre rodan + +selinux-courier-imap-20050628.ebuild: + fc change needed by policycoreutils-1.24 + + 27 Jun 2005; petre rodan + selinux-courier-imap-20050607.ebuild: + mark stable + +*selinux-courier-imap-20050607 (26 Jun 2005) + + 26 Jun 2005; petre rodan + -selinux-courier-imap-20050219.ebuild, + +selinux-courier-imap-20050607.ebuild: + policy cleanup with no semantic diff + + 23 Apr 2005; petre rodan : + mark stable + +*selinux-courier-imap-20050417 (17 Apr 2005) + + 17 Apr 2005; petre rodan + +selinux-courier-imap-20050417.ebuild: + merge with upstream and fix for bug #89321 + + 23 Mar 2005; petre rodan + selinux-courier-imap-20050219.ebuild: + mark stable + +*selinux-courier-imap-20050219 (25 Feb 2005) + + 25 Feb 2005; petre rodan + -selinux-courier-imap-20040928.ebuild, + +selinux-courier-imap-20050219.ebuild: + removed 3 port defs not present upstream + + 20 Jan 2005; petre rodan + selinux-courier-imap-20050105.ebuild: + mark stable + +*selinux-courier-imap-20050105 (06 Jan 2005) + + 06 Jan 2005; petre rodan + -selinux-courier-imap-20041122.ebuild, + +selinux-courier-imap-20050105.ebuild: + policy that supports courier-authlib and >=3Dcourier-imap-4.0 + +*selinux-courier-imap-20041122 (12 Dec 2004) + + 12 Dec 2004; petre rodan + -selinux-courier-imap-20040406.ebuild, + +selinux-courier-imap-20041122.ebuild: + policy tweaks needed by latest versions of c-i + + 28 Oct 2004; petre rodan + selinux-courier-imap-20040928.ebuild: + mark stable + +*selinux-courier-imap-20040928 (23 Oct 2004) + + 23 Oct 2004; petre rodan metadata.xml, + +selinux-courier-imap-20040928.ebuild: + Fix for courier-imap 3.0.5 + +*selinux-courier-imap-20040406 (06 Apr 2004) + + 06 Apr 2004; Chris PeBenito + selinux-courier-imap-20040406.ebuild: + Fixes for courier-imap 3.0.2, from bug #45917. + +*selinux-courier-imap-20040203 (03 Feb 2004) + + 03 Feb 2004; Chris PeBenito metadata.xml, + selinux-courier-imap-20040203.ebuild: + Initial commit. Submitted by Petre Rodan. + diff --git a/sec-policy/selinux-courier-imap/metadata.xml b/sec-policy/se= linux-courier-imap/metadata.xml new file mode 100644 index 0000000..618a410 --- /dev/null +++ b/sec-policy/selinux-courier-imap/metadata.xml @@ -0,0 +1,6 @@ + + + + selinux + Gentoo SELinux policy for courier-imap + diff --git a/sec-policy/selinux-courier-imap/selinux-courier-imap-2.20101= 213-r1.ebuild b/sec-policy/selinux-courier-imap/selinux-courier-imap-2.20= 101213-r1.ebuild new file mode 100644 index 0000000..f1ff3a7 --- /dev/null +++ b/sec-policy/selinux-courier-imap/selinux-courier-imap-2.20101213-r1.= ebuild @@ -0,0 +1,14 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-courier-imap/selin= ux-courier-imap-2.20101213.ebuild,v 1.1 2011/02/05 12:07:11 blueness Exp = $ + +EAPI=3D3 + +DESCRIPTION=3D"SELinux policy for courier-imap (meta package for selinux= -courier)" +HOMEPAGE=3D"http://hardened.gentoo.org" +SRC_URI=3D"" + +LICENSE=3D"as-is" +SLOT=3D"0" +KEYWORDS=3D"~amd64 ~x86" +RDEPEND=3D">=3Dsec-policy/selinux-courier-2.20101213-r1" diff --git a/sec-policy/selinux-courier/ChangeLog b/sec-policy/selinux-co= urier/ChangeLog new file mode 100644 index 0000000..5493a2f --- /dev/null +++ b/sec-policy/selinux-courier/ChangeLog @@ -0,0 +1,173 @@ +# ChangeLog for sec-policy/selinux-courier +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-courier-imap/Chang= eLog,v 1.31 2011/02/05 12:07:11 blueness Exp $ + +*selinux-courier-2.20101213-r1 (04 Mar 2011) + + 04 Mar 2011; +files/fix-services-courier-r1.patch, + +selinux-courier-2.20101213-r1.ebuild, +metadata.xml: + Fix file contexts + +*selinux-courier-imap-2.20101213 (05 Feb 2011) + + 05 Feb 2011; Anthony G. Basile + +selinux-courier-imap-2.20101213.ebuild: + New upstream policy. + +*selinux-courier-imap-2.20091215 (16 Dec 2009) + + 16 Dec 2009; Chris PeBenito + +selinux-courier-imap-2.20091215.ebuild: + New upstream release. + + 14 Aug 2009; Chris PeBenito + -selinux-courier-imap-20070329.ebuild, + -selinux-courier-imap-20070928.ebuild, + selinux-courier-imap-20080525.ebuild: + Mark 20080525 stable, clear old ebuilds. + +*selinux-courier-imap-2.20090730 (03 Aug 2009) + + 03 Aug 2009; Chris PeBenito + +selinux-courier-imap-2.20090730.ebuild: + New upstream release. + + 18 Jul 2009; Chris PeBenito + selinux-courier-imap-20070329.ebuild, + selinux-courier-imap-20070928.ebuild, + selinux-courier-imap-20080525.ebuild: + Drop alpha, mips, ppc, sparc selinux support. + +*selinux-courier-imap-20080525 (25 May 2008) + + 25 May 2008; Chris PeBenito + +selinux-courier-imap-20080525.ebuild: + New SVN snapshot. + + 16 Mar 2008; Chris PeBenito + -selinux-courier-imap-20050417.ebuild, + -selinux-courier-imap-20050607.ebuild, + -selinux-courier-imap-20050628.ebuild, + -selinux-courier-imap-20061114.ebuild: + Remove old ebuilds. + + 03 Feb 2008; Chris PeBenito + selinux-courier-imap-20070928.ebuild: + Mark stable. + +*selinux-courier-imap-20070928 (26 Nov 2007) + + 26 Nov 2007; Chris PeBenito + +selinux-courier-imap-20070928.ebuild: + New SVN snapshot. + + 29 Aug 2007; Christian Heim metadata.xml: + Removing kaiowas from metadata due to his retirement (see #61930 for + reference). + + 04 Jun 2007; Chris PeBenito + selinux-courier-imap-20070329.ebuild: + Mark stable. + +*selinux-courier-imap-20070329 (29 Mar 2007) + + 29 Mar 2007; Chris PeBenito + +selinux-courier-imap-20070329.ebuild: + New SVN snapshot. + + 22 Feb 2007; Markus Ullmann ChangeLog: + Redigest for Manifest2 + +*selinux-courier-imap-20061114 (15 Nov 2006) + + 15 Nov 2006; Chris PeBenito + +selinux-courier-imap-20061114.ebuild: + New SVN snapshot. + +*selinux-courier-imap-20061008 (10 Oct 2006) + + 10 Oct 2006; Chris PeBenito + +selinux-courier-imap-20061008.ebuild: + First mainstream reference policy testing release. + + 29 Jun 2005; petre rodan + selinux-courier-imap-20050628.ebuild: + mark stable + +*selinux-courier-imap-20050628 (28 Jun 2005) + + 28 Jun 2005; petre rodan + +selinux-courier-imap-20050628.ebuild: + fc change needed by policycoreutils-1.24 + + 27 Jun 2005; petre rodan + selinux-courier-imap-20050607.ebuild: + mark stable + +*selinux-courier-imap-20050607 (26 Jun 2005) + + 26 Jun 2005; petre rodan + -selinux-courier-imap-20050219.ebuild, + +selinux-courier-imap-20050607.ebuild: + policy cleanup with no semantic diff + + 23 Apr 2005; petre rodan : + mark stable + +*selinux-courier-imap-20050417 (17 Apr 2005) + + 17 Apr 2005; petre rodan + +selinux-courier-imap-20050417.ebuild: + merge with upstream and fix for bug #89321 + + 23 Mar 2005; petre rodan + selinux-courier-imap-20050219.ebuild: + mark stable + +*selinux-courier-imap-20050219 (25 Feb 2005) + + 25 Feb 2005; petre rodan + -selinux-courier-imap-20040928.ebuild, + +selinux-courier-imap-20050219.ebuild: + removed 3 port defs not present upstream + + 20 Jan 2005; petre rodan + selinux-courier-imap-20050105.ebuild: + mark stable + +*selinux-courier-imap-20050105 (06 Jan 2005) + + 06 Jan 2005; petre rodan + -selinux-courier-imap-20041122.ebuild, + +selinux-courier-imap-20050105.ebuild: + policy that supports courier-authlib and >=3Dcourier-imap-4.0 + +*selinux-courier-imap-20041122 (12 Dec 2004) + + 12 Dec 2004; petre rodan + -selinux-courier-imap-20040406.ebuild, + +selinux-courier-imap-20041122.ebuild: + policy tweaks needed by latest versions of c-i + + 28 Oct 2004; petre rodan + selinux-courier-imap-20040928.ebuild: + mark stable + +*selinux-courier-imap-20040928 (23 Oct 2004) + + 23 Oct 2004; petre rodan metadata.xml, + +selinux-courier-imap-20040928.ebuild: + Fix for courier-imap 3.0.5 + +*selinux-courier-imap-20040406 (06 Apr 2004) + + 06 Apr 2004; Chris PeBenito + selinux-courier-imap-20040406.ebuild: + Fixes for courier-imap 3.0.2, from bug #45917. + +*selinux-courier-imap-20040203 (03 Feb 2004) + + 03 Feb 2004; Chris PeBenito metadata.xml, + selinux-courier-imap-20040203.ebuild: + Initial commit. Submitted by Petre Rodan. + diff --git a/sec-policy/selinux-courier/files/fix-services-courier-r1.pat= ch b/sec-policy/selinux-courier/files/fix-services-courier-r1.patch new file mode 100644 index 0000000..24745b5 --- /dev/null +++ b/sec-policy/selinux-courier/files/fix-services-courier-r1.patch @@ -0,0 +1,48 @@ +--- services/courier.te 2010-12-13 15:11:02.000000000 +0100 ++++ services/courier.te 2011-03-03 16:27:16.660999997 +0100 +@@ -37,7 +37,7 @@ + # +=20 + allow courier_authdaemon_t self:capability { setuid setgid sys_tty_conf= ig }; +-allow courier_authdaemon_t self:unix_stream_socket connectto; ++allow courier_authdaemon_t self:unix_stream_socket { create_stream_soc= ket_perms connectto }; +=20 + can_exec(courier_authdaemon_t, courier_exec_t) +=20 +@@ -52,7 +52,9 @@ + allow courier_authdaemon_t courier_tcpd_t:tcp_socket rw_stream_socket_p= erms; + allow courier_authdaemon_t courier_tcpd_t:fifo_file rw_file_perms; +=20 ++manage_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_va= r_lib_t) + manage_sock_files_pattern(courier_authdaemon_t, courier_spool_t, courie= r_spool_t) ++manage_sock_files_pattern(courier_authdaemon_t, courier_var_lib_t, cour= ier_var_lib_t) + files_search_spool(courier_authdaemon_t) +=20 + corecmd_search_bin(courier_authdaemon_t) +--- services/courier.fc 2010-08-03 15:11:05.000000000 +0200 ++++ services/courier.fc 2011-03-03 16:36:53.994999997 +0100 +@@ -5,8 +5,10 @@ + /usr/sbin/courierlogger -- gen_context(system_u:object_r:courier_exec= _t,s0) + /usr/sbin/courierldapaliasd -- gen_context(system_u:object_r:courier_e= xec_t,s0) + /usr/sbin/couriertcpd -- gen_context(system_u:object_r:courier_tcpd_e= xec_t,s0) +- +-/usr/lib(64)?/courier/authlib/.* -- gen_context(system_u:object_r:couri= er_authdaemon_exec_t,s0) ++ifdef(`distro_gentoo',` ++/usr/lib(64)?/courier-imap/couriertcpd -- gen_context(system_u:object_r= :courier_tcpd_exec_t,s0) ++') ++/usr/lib(64)?/courier/(courier-)?authlib/.* -- gen_context(system_u:obj= ect_r:courier_authdaemon_exec_t,s0) + /usr/lib(64)?/courier/courier/.* -- gen_context(system_u:object_r:couri= er_exec_t,s0) + /usr/lib(64)?/courier/courier/courierpop.* -- gen_context(system_u:obje= ct_r:courier_pop_exec_t,s0) + /usr/lib(64)?/courier/courier/imaplogin -- gen_context(system_u:object_= r:courier_pop_exec_t,s0) +@@ -16,9 +18,9 @@ + /usr/lib(64)?/courier/rootcerts(/.*)? gen_context(system_u:object_r:co= urier_etc_t,s0) + /usr/lib(64)?/courier/sqwebmail/cleancache\.pl -- gen_context(system_u:= object_r:sqwebmail_cron_exec_t,s0) +=20 +-/var/lib/courier(/.*)? -- gen_context(system_u:object_r:courier_var_l= ib_t,s0) ++/var/lib/courier(/.*)? gen_context(system_u:object_r:courier_var_lib= _t,s0) +=20 +-/var/run/courier(/.*)? -- gen_context(system_u:object_r:courier_var_r= un_t,s0) ++/var/run/courier(/.*)? gen_context(system_u:object_r:courier_var_run= _t,s0) +=20 + /var/spool/authdaemon(/.*)? gen_context(system_u:object_r:courier_spo= ol_t,s0) + /var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_= t,s0) diff --git a/sec-policy/selinux-courier/metadata.xml b/sec-policy/selinux= -courier/metadata.xml new file mode 100644 index 0000000..618a410 --- /dev/null +++ b/sec-policy/selinux-courier/metadata.xml @@ -0,0 +1,6 @@ + + + + selinux + Gentoo SELinux policy for courier-imap + diff --git a/sec-policy/selinux-courier/selinux-courier-2.20101213-r1.ebu= ild b/sec-policy/selinux-courier/selinux-courier-2.20101213-r1.ebuild new file mode 100644 index 0000000..2ac5e20 --- /dev/null +++ b/sec-policy/selinux-courier/selinux-courier-2.20101213-r1.ebuild @@ -0,0 +1,17 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-courier-imap/selin= ux-courier-imap-2.20101213.ebuild,v 1.1 2011/02/05 12:07:11 blueness Exp = $ + +MODS=3D"courier" +IUSE=3D"" + +inherit selinux-policy-2 + +DESCRIPTION=3D"SELinux policy for courier-imap" + +KEYWORDS=3D"~amd64 ~x86" +RDEPEND=3D"!<=3Dsec-policy/selinux-courier-imap-2.20101213 + >=3Dsys-apps/policycoreutils-1.30.30 + >=3Dsec-policy/selinux-base-policy-${PV}" + +POLICY_PATCH=3D"${FILESDIR}/fix-services-courier-r1.patch" diff --git a/sec-policy/selinux-postfix/ChangeLog b/sec-policy/selinux-po= stfix/ChangeLog new file mode 100644 index 0000000..b846d53 --- /dev/null +++ b/sec-policy/selinux-postfix/ChangeLog @@ -0,0 +1,173 @@ +# ChangeLog for sec-policy/selinux-postfix +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/ChangeLog,= v 1.31 2011/02/05 12:07:12 blueness Exp $ + +*selinux-postfix-2.20101213-r1 (04 Mar 2011) + + 04 Mar 2011; +files/fix-services-postfix-r1.patch, + +selinux-postfix-2.20101213-r1.ebuild, +metadata.xml: + Fix filecontexts + +*selinux-postfix-2.20101213 (05 Feb 2011) + + 05 Feb 2011; Anthony G. Basile + +selinux-postfix-2.20101213.ebuild: + New upstream policy. + +*selinux-postfix-2.20091215 (16 Dec 2009) + + 16 Dec 2009; Chris PeBenito + +selinux-postfix-2.20091215.ebuild: + New upstream release. + + 14 Aug 2009; Chris PeBenito + -selinux-postfix-20070329.ebuild, -selinux-postfix-20070928.ebuild, + selinux-postfix-20080525.ebuild: + Mark 20080525 stable, clear old ebuilds. + +*selinux-postfix-2.20090730 (03 Aug 2009) + + 03 Aug 2009; Chris PeBenito + +selinux-postfix-2.20090730.ebuild: + New upstream release. + + 18 Jul 2009; Chris PeBenito + selinux-postfix-20070329.ebuild, selinux-postfix-20070928.ebuild, + selinux-postfix-20080525.ebuild: + Drop alpha, mips, ppc, sparc selinux support. + +*selinux-postfix-20080525 (25 May 2008) + + 25 May 2008; Chris PeBenito + +selinux-postfix-20080525.ebuild: + New SVN snapshot. + + 16 Mar 2008; Chris PeBenito + -selinux-postfix-20050626.ebuild, -selinux-postfix-20050918.ebuild, + -selinux-postfix-20051023.ebuild, -selinux-postfix-20051122.ebuild, + -selinux-postfix-20061114.ebuild: + Remove old ebuilds. + + 03 Feb 2008; Chris PeBenito + selinux-postfix-20070928.ebuild: + Mark stable. + +*selinux-postfix-20070928 (26 Nov 2007) + + 26 Nov 2007; Chris PeBenito + +selinux-postfix-20070928.ebuild: + New SVN snapshot. + + 04 Jun 2007; Chris PeBenito + selinux-postfix-20070329.ebuild: + Mark stable. + +*selinux-postfix-20070329 (29 Mar 2007) + + 29 Mar 2007; Chris PeBenito + +selinux-postfix-20070329.ebuild: + New SVN snapshot. + + 22 Feb 2007; Markus Ullmann ChangeLog: + Redigest for Manifest2 + +*selinux-postfix-20061114 (15 Nov 2006) + + 15 Nov 2006; Chris PeBenito + +selinux-postfix-20061114.ebuild: + New SVN snapshot. + +*selinux-postfix-20061008 (10 Oct 2006) + + 10 Oct 2006; Chris PeBenito + +selinux-postfix-20061008.ebuild: + First mainstream reference policy testing release. + +*selinux-postfix-20051122 (28 Nov 2005) + + 28 Nov 2005; petre rodan + selinux-postfix-20051023.ebuild, +selinux-postfix-20051122.ebuild: + marked stable on amd64 mips ppc sparc x86, merge with upstream + +*selinux-postfix-20051023 (24 Oct 2005) + + 24 Oct 2005; petre rodan + +selinux-postfix-20051023.ebuild: + merge with upstream + + 18 Oct 2005; petre rodan + selinux-postfix-20050918.ebuild: + mark stable + +*selinux-postfix-20050918 (18 Sep 2005) + + 18 Sep 2005; petre rodan + -selinux-postfix-20050417.ebuild, +selinux-postfix-20050918.ebuild: + merge with upstream, added mips arch + + 26 Jun 2005; petre rodan + selinux-postfix-20050626.ebuild: + mark stable + +*selinux-postfix-20050626 (26 Jun 2005) + + 26 Jun 2005; petre rodan + -selinux-postfix-20050219.ebuild, +selinux-postfix-20050626.ebuild: + added name_connect rules + + 23 Apr 2005; petre rodan + -selinux-postfix-20041211.ebuild, selinux-postfix-20050417.ebuild: + mark stable + +*selinux-postfix-20050417 (16 Apr 2005) + + 16 Apr 2005; petre rodan + +selinux-postfix-20050417.ebuild: + fix for bug #89321 + + 23 Mar 2005; petre rodan + selinux-postfix-20050219.ebuild: + mark stable + +*selinux-postfix-20050219 (25 Feb 2005) + + 25 Feb 2005; petre rodan + +selinux-postfix-20050219.ebuild: + merge with upstream policy + +*selinux-postfix-20041211 (12 Dec 2004) + + 12 Dec 2004; petre rodan + -selinux-postfix-20040427.ebuild, -selinux-postfix-20041021.ebuild, + -selinux-postfix-20041109.ebuild, -selinux-postfix-20041120.ebuild, + +selinux-postfix-20041211.ebuild: + removed old builds, small merge with upstream policy + + 23 Nov 2004; petre rodan + selinux-postfix-20041120.ebuild: + mark stable + +*selinux-postfix-20041120 (22 Nov 2004) + + 22 Nov 2004; petre rodan + +selinux-postfix-20041120.ebuild: + merge with nsa policy + +*selinux-postfix-20041109 (13 Nov 2004) + + 13 Nov 2004; petre rodan + +selinux-postfix-20041109.ebuild: + merge with nsa policy + +*selinux-postfix-20041021 (27 Oct 2004) + + 27 Oct 2004; petre rodan + +selinux-postfix-20041021.ebuild: + merge with nsa policy + +*selinux-postfix-20040427 (27 Apr 2004) + + 27 Apr 2004; Chris PeBenito +metadata.xml, + +selinux-postfix-20040427.ebuild: + Initial commit. + diff --git a/sec-policy/selinux-postfix/files/fix-services-postfix-r1.pat= ch b/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch new file mode 100644 index 0000000..da3e0ad --- /dev/null +++ b/sec-policy/selinux-postfix/files/fix-services-postfix-r1.patch @@ -0,0 +1,63 @@ +--- services/postfix.te 2010-08-03 15:11:07.000000000 +0200 ++++ services/postfix.te 2011-03-03 17:48:25.952999995 +0100 +@@ -93,7 +93,7 @@ + # +=20 + # chown is to set the correct ownership of queue dirs +-allow postfix_master_t self:capability { chown dac_override kill setgid= setuid net_bind_service sys_tty_config }; ++allow postfix_master_t self:capability { chown dac_override kill setgid= setuid net_bind_service sys_tty_config dac_read_search }; + allow postfix_master_t self:fifo_file rw_fifo_file_perms; + allow postfix_master_t self:tcp_socket create_stream_socket_perms; + allow postfix_master_t self:udp_socket create_socket_perms; +@@ -589,6 +589,7 @@ + # for OpenSSL certificates + files_read_usr_files(postfix_smtpd_t) + mta_read_aliases(postfix_smtpd_t) ++mta_read_config(postfix_smtpd_t) +=20 + optional_policy(` + dovecot_stream_connect_auth(postfix_smtpd_t) +--- services/postfix.fc 2010-08-03 15:11:07.000000000 +0200 ++++ services/postfix.fc 2011-03-03 15:12:19.081999996 +0100 +@@ -16,24 +16,27 @@ + /usr/libexec/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe= _exec_t,s0) + /usr/libexec/postfix/virtual -- gen_context(system_u:object_r:postfix_v= irtual_exec_t,s0) + ', ` +-/usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0) +-/usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_clean= up_exec_t,s0) +-/usr/lib/postfix/local -- gen_context(system_u:object_r:postfix_local_e= xec_t,s0) +-/usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master= _exec_t,s0) +-/usr/lib/postfix/pickup -- gen_context(system_u:object_r:postfix_pickup= _exec_t,s0) +-/usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr= _exec_t,s0) +-/usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_e= xec_t,s0) +-/usr/lib/postfix/smtp -- gen_context(system_u:object_r:postfix_smtp_exe= c_t,s0) +-/usr/lib/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exe= c_t,s0) +-/usr/lib/postfix/scache -- gen_context(system_u:object_r:postfix_smtp_e= xec_t,s0) +-/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_e= xec_t,s0) +-/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce= _exec_t,s0) +-/usr/lib/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exe= c_t,s0) +-/usr/lib/postfix/virtual -- gen_context(system_u:object_r:postfix_virtu= al_exec_t,s0) ++/usr/lib(64)?/postfix/.* -- gen_context(system_u:object_r:postfix_exec_= t,s0) ++/usr/lib(64)?/postfix/cleanup -- gen_context(system_u:object_r:postfix_= cleanup_exec_t,s0) ++/usr/lib(64)?/postfix/local -- gen_context(system_u:object_r:postfix_lo= cal_exec_t,s0) ++/usr/lib(64)?/postfix/master -- gen_context(system_u:object_r:postfix_m= aster_exec_t,s0) ++/usr/lib(64)?/postfix/pickup -- gen_context(system_u:object_r:postfix_p= ickup_exec_t,s0) ++/usr/lib(64)?/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix= _qmgr_exec_t,s0) ++/usr/lib(64)?/postfix/showq -- gen_context(system_u:object_r:postfix_sh= owq_exec_t,s0) ++/usr/lib(64)?/postfix/smtp -- gen_context(system_u:object_r:postfix_smt= p_exec_t,s0) ++/usr/lib(64)?/postfix/lmtp -- gen_context(system_u:object_r:postfix_smt= p_exec_t,s0) ++/usr/lib(64)?/postfix/scache -- gen_context(system_u:object_r:postfix_s= mtp_exec_t,s0) ++/usr/lib(64)?/postfix/smtpd -- gen_context(system_u:object_r:postfix_sm= tpd_exec_t,s0) ++/usr/lib(64)?/postfix/bounce -- gen_context(system_u:object_r:postfix_b= ounce_exec_t,s0) ++/usr/lib(64)?/postfix/pipe -- gen_context(system_u:object_r:postfix_pip= e_exec_t,s0) ++/usr/lib(64)?/postfix/virtual -- gen_context(system_u:object_r:postfix_= virtual_exec_t,s0) ++/usr/lib(64)?/postfix/postfix-script.* -- gen_context(system_u:object_r= :postfix_exec_t,s0) + ') + /etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_= exec_t,s0) + /etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,= s0) ++ifndef(`distro_gentoo',` + /usr/sbin/postalias -- gen_context(system_u:object_r:postfix_master_exe= c_t,s0) ++') + /usr/sbin/postcat -- gen_context(system_u:object_r:postfix_master_exec_= t,s0) + /usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_ex= ec_t,s0) + /usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_= t,s0) diff --git a/sec-policy/selinux-postfix/metadata.xml b/sec-policy/selinux= -postfix/metadata.xml new file mode 100644 index 0000000..6cad3d5 --- /dev/null +++ b/sec-policy/selinux-postfix/metadata.xml @@ -0,0 +1,6 @@ + + + + selinux + Gentoo SELinux policy for postfix + diff --git a/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebu= ild b/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebuild new file mode 100644 index 0000000..7c32ba5 --- /dev/null +++ b/sec-policy/selinux-postfix/selinux-postfix-2.20101213-r1.ebuild @@ -0,0 +1,14 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/selinux-po= stfix-2.20101213.ebuild,v 1.1 2011/02/05 12:07:12 blueness Exp $ + +MODS=3D"postfix" +IUSE=3D"" + +inherit selinux-policy-2 + +DESCRIPTION=3D"SELinux policy for postfix" + +KEYWORDS=3D"~amd64 ~x86" + +POLICY_PATCH=3D"${FILESDIR}/fix-services-postfix-r1.patch" diff --git a/sec-policy/selinux-sasl/ChangeLog b/sec-policy/selinux-sasl/= ChangeLog new file mode 100644 index 0000000..f80b37f --- /dev/null +++ b/sec-policy/selinux-sasl/ChangeLog @@ -0,0 +1,16 @@ +# ChangeLog for sec-policy/selinux-sasl +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: $ + +*selinux-sasl-2.20101213-r1 (04 Mar 2011) + + 04 Mar 2011; +files/fix-services-sasl-r1.patch, + +selinux-sasl-2.20101213-r1.ebuild, +metadata.xml: + Add sasl module, fix file contexts + +*selinux-sasl-2.20101213 (03 Mar 2011) + + 03 Mar 2011; +selinux-sasl-2.20101213.ebuild, + +metadata.xml: + New ebuild + diff --git a/sec-policy/selinux-sasl/files/fix-services-sasl-r1.patch b/s= ec-policy/selinux-sasl/files/fix-services-sasl-r1.patch new file mode 100644 index 0000000..6e131fd --- /dev/null +++ b/sec-policy/selinux-sasl/files/fix-services-sasl-r1.patch @@ -0,0 +1,9 @@ +--- services/sasl.fc 2010-08-03 15:11:08.000000000 +0200 ++++ services/sasl.fc 2011-03-03 17:11:02.896999997 +0100 +@@ -9,3 +9,6 @@ + # /var + # + /var/run/saslauthd(/.*)? gen_context(system_u:object_r:saslauthd_var_ru= n_t,s0) ++ifdef(`distro_gentoo',` ++/var/lib/sasl2(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t= ,s0) ++') diff --git a/sec-policy/selinux-sasl/metadata.xml b/sec-policy/selinux-sa= sl/metadata.xml new file mode 100644 index 0000000..ab2a750 --- /dev/null +++ b/sec-policy/selinux-sasl/metadata.xml @@ -0,0 +1,6 @@ + + + + selinux + Gentoo SELinux policy for sasl + diff --git a/sec-policy/selinux-sasl/selinux-sasl-2.20101213-r1.ebuild b/= sec-policy/selinux-sasl/selinux-sasl-2.20101213-r1.ebuild new file mode 100644 index 0000000..9590078 --- /dev/null +++ b/sec-policy/selinux-sasl/selinux-sasl-2.20101213-r1.ebuild @@ -0,0 +1,14 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postfix/selinux-po= stfix-2.20101213.ebuild,v 1.1 2011/02/05 12:07:12 blueness Exp $ + +MODS=3D"sasl" +IUSE=3D"" + +inherit selinux-policy-2 + +DESCRIPTION=3D"SELinux policy for sasl" + +KEYWORDS=3D"~amd64 ~x86" + +POLICY_PATCH=3D"${FILESDIR}/fix-services-sasl-r1.patch"