From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QLN1f-0007uh-Ob for garchives@archives.gentoo.org; Sat, 14 May 2011 22:09:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8F1931C0B0; Sat, 14 May 2011 22:09:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 517BF1C0B0 for ; Sat, 14 May 2011 22:09:24 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C3CCE1B4034 for ; Sat, 14 May 2011 22:09:23 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id 42D5245B44 for ; Sat, 14 May 2011 22:09:23 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <69c6c8a85c3abf884d187fe8a4116c327e5ac248.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/ X-VCS-Repository: proj/hardened-dev X-VCS-Files: sec-policy/selinux-base-policy/ChangeLog sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2 sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r15.ebuild X-VCS-Directories: sec-policy/selinux-base-policy/files/ sec-policy/selinux-base-policy/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 69c6c8a85c3abf884d187fe8a4116c327e5ac248 Date: Sat, 14 May 2011 22:09:23 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 8ef2dc4d6e6f74faf9dc561b3965223f commit: 69c6c8a85c3abf884d187fe8a4116c327e5ac248 Author: Sven Vermeulen siphos be> AuthorDate: Sat May 14 22:08:43 2011 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sat May 14 22:08:43 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-dev.= git;a=3Dcommit;h=3D69c6c8a8 Send out -r15 --- sec-policy/selinux-base-policy/ChangeLog | 6 + ...ndle-selinux-base-policy-2.20101213-r15.tar.bz2 | Bin 0 -> 13578 byt= es .../selinux-base-policy-2.20101213-r15.ebuild | 129 ++++++++++++++= ++++++ 3 files changed, 135 insertions(+), 0 deletions(-) diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinu= x-base-policy/ChangeLog index 6d1ef9b..00fe71d 100644 --- a/sec-policy/selinux-base-policy/ChangeLog +++ b/sec-policy/selinux-base-policy/ChangeLog @@ -2,6 +2,12 @@ # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/Change= Log,v 1.72 2011/04/16 13:02:44 blueness Exp $ =20 +*selinux-base-policy-2.20101213-r15 (14 May 2011) + + 14 May 2011; +selinux-base-policy-2.20101213-r15.eb= uild, + +files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2: + Correct file contexts for /lib64 + *selinux-base-policy-2.20101213-r14 (13 May 2011) =20 13 May 2011; -selinux-base-policy-2.20101213-r13.eb= uild, diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-bas= e-policy-2.20101213-r15.tar.bz2 b/sec-policy/selinux-base-policy/files/pa= tchbundle-selinux-base-policy-2.20101213-r15.tar.bz2 new file mode 100644 index 0000000..0279cf1 Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbu= ndle-selinux-base-policy-2.20101213-r15.tar.bz2 differ diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.2010121= 3-r15.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101= 213-r15.ebuild new file mode 100644 index 0000000..713ca62 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r15.e= build @@ -0,0 +1,129 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinu= x-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Ex= p $ + +EAPI=3D"1" +IUSE=3D"+peer_perms +open_perms +ubac" + +inherit eutils + +PATCHBUNDLE=3D"${FILESDIR}/patchbundle-${PF}.tar.bz2" +DESCRIPTION=3D"Gentoo base policy for SELinux" +HOMEPAGE=3D"http://www.gentoo.org/proj/en/hardened/selinux/" +SRC_URI=3D"http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2= " +LICENSE=3D"GPL-2" +SLOT=3D"0" + +KEYWORDS=3D"~amd64 ~x86" + +RDEPEND=3D">=3Dsys-apps/policycoreutils-1.30.30 + >=3Dsys-fs/udev-151" +DEPEND=3D"${RDEPEND} + sys-devel/m4 + >=3Dsys-apps/checkpolicy-1.30.12" + +S=3D${WORKDIR}/ + +src_unpack() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + MOD_CONF_VER=3D"20090730" + + unpack ${A} + + cd "${S}" + epatch "${PATCHBUNDLE}" + cd "${S}/refpolicy" + # Fix bug 257111 + sed -i -e 's:system_crond_t:system_cronjob_t:g' \ + "${S}/refpolicy/config/appconfig-standard/default_contexts" + + if ! use peer_perms; then + sed -i -e '/network_peer_controls/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + if ! use open_perms; then + sed -i -e '/open_perms/d' \ + "${S}/refpolicy/policy/policy_capabilities" + fi + + for i in ${POLICY_TYPES}; do + cp -a "${S}/refpolicy" "${S}/${i}" + + cd "${S}/${i}"; + make conf || die "${i} reconfiguration failed" + + cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \ + "${S}/${i}/policy/modules.conf" \ + || die "failed to set up modules.conf" + sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \ + -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \ + || die "build.conf setup failed." + + if ! use ubac; then + sed -i -e 's:^UBAC =3D y:UBAC =3D n:g' "${S}/${i}/build.conf" + fi + + echo "DISTRO =3D gentoo" >> "${S}/${i}/build.conf" + + if [ "${i}" =3D=3D "targeted" ]; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-standard/seusers" \ + || die "targeted seusers setup failed." + fi + done +} + +src_compile() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + make base || die "${i} compile failed" + done +} + +src_install() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" + + make DESTDIR=3D"${D}" install \ + || die "${i} install failed." + + make DESTDIR=3D"${D}" install-headers \ + || die "${i} headers install failed." + + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" + + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable= _types" + + # libsemanage won't make this on its own + keepdir "/etc/selinux/${i}/policy" + done + + dodoc doc/Makefile.example doc/example.{te,fc,if} + + insinto /etc/selinux + doins "${FILESDIR}/config" +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-2.20101213-r13" + previous_less_than_r13=3D$? +} + +pkg_postinst() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES=3D"strict targeted" + + for i in ${POLICY_TYPES}; do + einfo "Inserting base module into ${i} module store." + + cd "/usr/share/selinux/${i}" + semodule -s "${i}" -b base.pp || die "Could not load in new base polic= y" + done + elog "Updates on policies might require you to relabel files. If you, a= fter" + elog "installing new SELinux policies, get 'permission denied' errors," + elog "relabelling your system using 'rlpkg -a -r' might resolve the iss= ues." +}