[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     81fc7f4ea3b70eaf09f92bbf9f2a8430de98d4e6
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Mar  2 17:17:44 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Mar  2 17:17:44 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=81fc7f4e

Fix #356533 and perhaps #355745

---
 sec-policy/selinux-base-policy/ChangeLog           |    8 ++++++++
 ...undle-selinux-base-policy-2.20101213-r8.tar.bz2 |  Bin 8945 -> 0 bytes
 ...undle-selinux-base-policy-2.20101213-r9.tar.bz2 |  Bin 0 -> 9335 bytes
 ...ld => selinux-base-policy-2.20101213-r9.ebuild} |    0
 4 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index 83e70d1..1cb28da 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -2,6 +2,14 @@
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.70 2011/02/05 12:20:41 blueness Exp $
 
+*selinux-base-policy-2.20101213-r9 (02 Mar 2011)
+
+  02 Mar 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r8.ebuild,
+  +selinux-base-policy-2.20101213-r9.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r8.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
+  Fix #356553 and perhaps #355745
+
 *selinux-base-policy-2.20101213-r8 (13 Feb 2011)
 
   13 Feb 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r8.ebuild,

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r8.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r8.tar.bz2
deleted file mode 100644
index 331f32e..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r8.tar.bz2 and /dev/null differ

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2
new file mode 100644
index 0000000..dc76411
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r8.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r9.ebuild
similarity index 100%
rename from sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r8.ebuild
rename to sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r9.ebuild

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     4373a85d84f4066ed245e9ef1b31ed6fa15069bf
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Mon May  2 19:09:15 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon May  2 19:09:15 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=4373a85d

Add r13, make UBAC optional (#257111 and #306393)

---
 sec-policy/selinux-base-policy/ChangeLog           |  482 ++++++++++++++++++++
 sec-policy/selinux-base-policy/files/config        |   12 +
 .../selinux-base-policy/files/modules.conf.strict  |   44 ++
 .../files/modules.conf.strict.20090730             |   49 ++
 .../files/modules.conf.targeted                    |   45 ++
 .../files/modules.conf.targeted.20090730           |   50 ++
 ...ndle-selinux-base-policy-2.20101213-r13.tar.bz2 |  Bin 0 -> 12910 bytes
 sec-policy/selinux-base-policy/metadata.xml        |   13 +
 .../selinux-base-policy-2.20101213-r13.ebuild      |  129 ++++++
 9 files changed, 824 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
new file mode 100644
index 0000000..b68a020
--- /dev/null
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -0,0 +1,482 @@
+# ChangeLog for sec-policy/selinux-base-policy
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.72 2011/04/16 13:02:44 blueness Exp $
+
+*selinux-base-policy-2.20101213-r13 (02 May 2011)
+
+  02 May 2011; <swift@gentoo.org>
+  +selinux-base-policy-2.20101213-r13.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2,
+  +files/config, +files/modules.conf.strict,
+  +files/modules.conf.strict.20090730, +files/modules.conf.targeted,
+  +files/modules.conf.targeted.20090730, +metadata.xml:
+  Make UBAC optional (#257111 and #306393), use portage_srcrepo_t for live
+  ebuilds and match mdadm policy with upstream
+
+*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
+*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
+
+  16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r11.ebuild,
+  +selinux-base-policy-2.20101213-r12.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
+*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
+
+  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r9.ebuild,
+  +selinux-base-policy-2.20101213-r10.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
+  Added patchbundle for base policy 2.20101213.
+
+*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r5.ebuild,
+  +selinux-base-policy-2.20101213-r6.ebuild,
+  +selinux-base-policy-2.20101213-r7.ebuild:
+  New upstream policy.
+
+*selinux-base-policy-2.20091215 (16 Dec 2009)
+
+  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20091215.ebuild:
+  New upstream release.
+
+*selinux-base-policy-20080525-r1 (14 Sep 2009)
+
+  14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525-r1.ebuild:
+  Update old base policy to support ext4.
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20070329.ebuild,
+  -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
+  Mark 20080525 stable, clear old ebuilds.
+
+*selinux-base-policy-2.20090814 (14 Aug 2009)
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090814.ebuild:
+  Git version of refpolicy for misc fixes including some cron problems.
+
+*selinux-base-policy-2.20090730 (03 Aug 2009)
+
+  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090730.ebuild:
+  New upstream release.
+
+  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
+  selinux-base-policy-20080525.ebuild:
+  Drop alpha, mips, ppc, sparc selinux support.
+
+*selinux-base-policy-20080525 (25 May 2008)
+
+  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525.ebuild:
+  New SVN snapshot.
+
+  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20051022-r1.ebuild,
+  -selinux-base-policy-20061114.ebuild:
+  Remove old ebuilds.
+
+  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070928.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20070928 (26 Nov 2007)
+
+  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070928.ebuild:
+  New SVN snapshot.
+
+  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild:
+  Mark stable.
+
+  30 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +files/selinux-base-policy-20070329.diff,
+  selinux-base-policy-20070329.ebuild:
+  Compile fix.
+
+*selinux-base-policy-20070329 (29 Mar 2007)
+
+  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070329.ebuild:
+  New SVN snapshot.
+
+  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
+  Redigest for Manifest2
+
+*selinux-base-policy-20061114 (15 Nov 2006)
+
+  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20061114.ebuild:
+  New SVN snapshot.
+
+  25 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix to have default POLICY_TYPES if it is empty.
+
+  21 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix xml generation failure to die.
+
+*selinux-base-policy-20061015 (15 Oct 2006)
+
+  15 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20061008.ebuild,
+  +selinux-base-policy-20061015.ebuild:
+  Update for testing fixes.
+
+*selinux-base-policy-20061008 (08 Oct 2006)
+
+  08 Oct 2006; Chris PeBenito <pebenito@gentoo.org> -files/semanage.conf,
+  +selinux-base-policy-20061008.ebuild,
+  -selinux-base-policy-99999999.ebuild:
+  First mainstream reference policy testing release.
+
+  29 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-99999999.ebuild:
+  Fix for new SVN location.  Fixes 147781.
+
+  22 Feb 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Alpha stable
+
+*selinux-base-policy-99999999 (02 Feb 2006)
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/config,
+  +files/modules.conf.strict, +files/modules.conf.targeted,
+  +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
+  Add experimental policy for testing reference policy. Requires portage fix
+  from bug #110857.
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20050322.ebuild,
+  -selinux-base-policy-20050618.ebuild,
+  -selinux-base-policy-20050821.ebuild,
+  -selinux-base-policy-20051022.ebuild:
+  Clean out old ebuilds.
+
+  14 Jan 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Added ~alpha
+
+*selinux-base-policy-20051022-r1 (08 Dec 2005)
+
+  08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022-r1.ebuild:
+  Change to use compatability genhomedircon. Newer policycoreutils (1.28)
+  breaks the backwards compatability this policy uses.
+
+*selinux-base-policy-20051022 (22 Oct 2005)
+
+  22 Oct 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022.ebuild:
+  Very trivial fixes.
+
+  08 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050821.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050821 (21 Aug 2005)
+
+  21 Aug 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050821.ebuild:
+  Minor updates for 2.6.12.
+
+  21 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050618.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050618 (18 Jun 2005)
+
+  18 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20041123.ebuild,
+  -selinux-base-policy-20050306.ebuild,
+  +selinux-base-policy-20050618.ebuild:
+  New release to support 2.6.12 features.
+
+  10 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  mips stable
+
+  01 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  Added ~mips.
+
+*selinux-base-policy-20050322 (23 Mar 2005)
+
+  23 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050322.ebuild:
+  New release.
+
+*selinux-base-policy-20050306 (06 Mar 2005)
+
+  06 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050306.ebuild:
+  Fix bad samba_domain dummy macro.  Add policies needed for udev support.
+
+*selinux-base-policy-20050224 (24 Feb 2005)
+
+  24 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050224.ebuild:
+  New release.
+
+  19 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20041123.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20041123 (23 Nov 2004)
+
+  23 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041123.ebuild:
+  New release with 1.18 merge.
+
+*selinux-base-policy-20041023 (23 Oct 2004)
+
+  23 Oct 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041023.ebuild:
+  New release with 1.16 merge. Tcpd and inetd have been deprecated since they
+  are not in the base system anymore, and probably no one uses them anyway.
+
+*selinux-base-policy-20040906 (06 Sep 2004)
+
+  06 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040906.ebuild:
+  New release with 1.14 merge, which has policy 18 (fine-grained netlink)
+  features.
+
+  05 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
+  -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
+  selinux-base-policy-20040702.ebuild:
+  Remove old builds, switch to epause and ebeep in remaining builds.
+
+*selinux-base-policy-20040702 (02 Jul 2004)
+
+  02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040702.ebuild:
+  Same as 20040629, except with updated flask headers, which will come out in
+  2.6.8.
+
+*selinux-base-policy-20040629 (29 Jun 2004)
+
+  29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040629.ebuild:
+  Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
+  ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
+  breakage fixed, put back manual PaX policy for pageexec/segmexec.
+
+  16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040604.ebuild:
+  Mark stable.
+
+  10 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
+  selinux-base-policy-20040604.ebuild:
+  Add src_compile() stub
+
+*selinux-base-policy-20040604 (04 Jun 2004)
+
+  04 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040604.ebuild:
+  New release including 1.12 NSA policy, and experimental sesandbox.
+
+  15 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040509.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040509 (09 May 2004)
+
+  09 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040509.ebuild:
+  A few small cleanups. Make PaX non exec pages macro based on arch. Large
+  portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
+  global_ssp tunable.
+
+*selinux-base-policy-20040418 (18 Apr 2004)
+
+  18 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040418.ebuild:
+  New release for checkpolicy 1.10
+
+*selinux-base-policy-20040414 (14 Apr 2004)
+
+  14 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
+  Minor updates
+
+*selinux-base-policy-20040408 (08 Apr 2004)
+
+  08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040408.ebuild:
+  New update. Users.fc is now deprecated, as the contexts for user directories
+  is now automatically generated. Portage fetching of distfiles now has a
+  subdomain, for dropping priviledges.
+
+  28 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040225 (25 Feb 2004)
+
+  25 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  New support for PaX ACL hooks. Addition of tunable.te for configurable policy
+  options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
+  reenable portage_r by tunable.te. Makefile update from NSA CVS.
+
+*selinux-base-policy-20040209 (09 Feb 2004)
+
+  09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040209.ebuild:
+  Minor revision to add XFS labeling and policy for integrated
+  runscript-run_init.
+
+  07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  Mark x86 stable.
+
+*selinux-base-policy-20040202 (02 Feb 2004)
+
+  02 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  A few misc fixes. Allow portage to update bootloader code, such as in lilo or
+  grub postinst. This requires checkpolicy 1.4-r1.
+
+*selinux-base-policy-20031225 (25 Dec 2003)
+
+  25 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031225.ebuild:
+  New release, with merged NSA 1.4 policy. One critical note, this policy
+  requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
+  and one requirement is in the patch for pam 0.77. If you do not use this pam
+  version or newer, you will be unable to authenticate in enforcing. Since
+  devfs no longer is usable in SELinux, it's policy has been removed. You
+  should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
+  load the policy, and relabel.
+
+  27 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild:
+  Mark stable.  Add build USE flag for stage building.
+
+*selinux-base-policy-20031010-r1 (12 Nov 2003)
+
+  12 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild,
+  files/selinux-base-policy-20031010-cvs.diff:
+  Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
+  work. Also portage update as a side effect of updated setfiles code in
+  portage, from bug 31748.
+
+  28 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  Mark stable
+
+*selinux-base-policy-20031010 (10 Oct 2003)
+
+  10 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  New release for new API.  Massive cleanups all over the place.
+
+*selinux-base-policy-20030817 (17 Aug 2003)
+
+  17 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030817.ebuild:
+  Initial commit of new API policy
+
+  10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030729-r1 (31 Jul 2003)
+
+  31 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  New rev that handles an empty POLICYDIR sanely.
+
+*selinux-base-policy-20030729 (29 Jul 2003)
+
+  29 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729.ebuild:
+  Make the ebuild use POLICYDIR. Important fix so portage can load policy so
+  selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
+  merging baselayout.
+
+*selinux-base-policy-20030720 (20 Jul 2003)
+
+  20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030720.ebuild:
+  Many fixes, including the syslog fix. File contexts have changed, so a relabel
+  is needed. You may encounter problems relabeling /usr/portage, as its file
+  context has changed, as files should not have the same type as a domain.
+  Relabelling in permissive will fix this, or temporarily give portage_t a
+  file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
+  users.fc, since all users with SELinux identities should have their home
+  directories have the correct identity, not the generic identity.
+
+  06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030604 (04 Jun 2003)
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Fix broken 20030603
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Pulling 20030603, as there are problems, 20030604 later today
+
+*selinux-base-policy-20030603 (03 Jun 2003)
+
+  03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
+  as they are not appropriate for the base policy, and untested.
+
+*selinux-base-policy-20030522 (22 May 2003)
+
+  22 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030522.ebuild:
+  The policy is in pretty good shape now. I've been able to run in enforcing mode
+  with little problem. I've also been able to successfully merge and unmerge
+  packages in enforcing mode, with few exceptions (why does mysql need to run ps
+  during configure?).
+
+*selinux-base-policy-20030514 (14 May 2003)
+
+  14 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030514.ebuild:
+  Many improvements in many areas. Of note, rlogind policies were removed. Klogd
+  is being merged into syslogd. The portage policy is much more complete, but
+  still needs work. Its suggested that all changes be merged in, policy
+  reloaded, then relabel.
+
+*selinux-base-policy-20030419 (19 Apr 2003)
+
+  23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030419.ebuild:
+  Marking stable for selinux-small stable usage
+
+  19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
+  selinux-base-policy-20030419.ebuild:
+  Initial commit.  Base policies for SELinux, with Gentoo-specifics
+

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
new file mode 100644
index 0000000..41e6993
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/config
@@ -0,0 +1,12 @@
+# This file controls the state of SELinux on the system on boot.
+
+# SELINUX can take one of these three values:
+#	enforcing - SELinux security policy is enforced.
+#	permissive - SELinux prints warnings instead of enforcing.
+#	disabled - No SELinux policy is loaded.
+SELINUX=permissive
+
+# SELINUXTYPE can take one of these two values:
+#	targeted - Only targeted network daemons are protected.
+#	strict - Full SELinux protection.
+SELINUXTYPE=strict

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict b/sec-policy/selinux-base-policy/files/modules.conf.strict
new file mode 100644
index 0000000..a9c7a9b
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.strict
@@ -0,0 +1,44 @@
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+storage = base
+su = base
+sysnetwork = base
+terminal = base
+udev = base
+userdomain = base
+usermanage = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
new file mode 100644
index 0000000..fcb3fd8
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
@@ -0,0 +1,49 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted b/sec-policy/selinux-base-policy/files/modules.conf.targeted
new file mode 100644
index 0000000..90f9ad3
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted
@@ -0,0 +1,45 @@
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+storage = base
+su = base
+sysnetwork = base
+terminal = base
+udev = base
+unconfined = base
+userdomain = base
+usermanage = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
new file mode 100644
index 0000000..ee8a14c
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
@@ -0,0 +1,50 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+unconfined = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2
new file mode 100644
index 0000000..259e230
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
new file mode 100644
index 0000000..4e26a86
--- /dev/null
+++ b/sec-policy/selinux-base-policy/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>selinux</herd>
+	<longdescription>
+		Gentoo SELinux base policy.  This contains policy for a system at the end of system installation.
+		There is no extra policy in this package.
+	</longdescription>
+	<use>
+		<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
+		<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
+	</use>
+</pkgmetadata>

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild
new file mode 100644
index 0000000..ad8f44f
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
+
+EAPI="1"
+IUSE="+peer_perms open_perms ubac"
+
+inherit eutils
+
+PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-1.30.30
+	>=sys-fs/udev-151"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-1.30.12"
+
+S=${WORKDIR}/
+
+src_unpack() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	MOD_CONF_VER="20090730"
+
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${PATCHBUNDLE}"
+	cd "${S}/refpolicy"
+	# Fix bug 257111
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+
+		cd "${S}/${i}";
+		make conf || die "${i} reconfiguration failed"
+
+		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
+			"${S}/${i}/policy/modules.conf" \
+			|| die "failed to set up modules.conf"
+		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
+			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
+			|| die "build.conf setup failed."
+
+		if ! use ubac; then
+			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
+		fi
+
+		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
+
+pkg_postinst() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting base module into ${i} module store."
+
+		cd "/usr/share/selinux/${i}"
+		semodule -s "${i}" -b base.pp
+	done
+	elog "Updates on policies might require you to relabel files. If you, after installing"
+	elog "new SELinux policies, get 'permission denied' errors, relabelling your system"
+	elog "using 'rlpkg -a -r' might resolve the issues."
+}

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     43fde4e805c1a4cb34f38f1846d7094d2cca9d25
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri May 13 19:49:12 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Fri May 13 19:49:12 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=43fde4e8

Add -r14 with support for openrc

---
 sec-policy/selinux-base-policy/ChangeLog           |    8 ++++++++
 ...ndle-selinux-base-policy-2.20101213-r13.tar.bz2 |  Bin 12910 -> 0 bytes
 ...ndle-selinux-base-policy-2.20101213-r14.tar.bz2 |  Bin 0 -> 13211 bytes
 ...d => selinux-base-policy-2.20101213-r14.ebuild} |    4 ++--
 4 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index b68a020..6d1ef9b 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -2,6 +2,14 @@
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.72 2011/04/16 13:02:44 blueness Exp $
 
+*selinux-base-policy-2.20101213-r14 (13 May 2011)
+
+  13 May 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r13.ebuild,
+  +selinux-base-policy-2.20101213-r14.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2:
+  Update with support for openrc
+
 *selinux-base-policy-2.20101213-r13 (02 May 2011)
 
   02 May 2011; <swift@gentoo.org>

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2
deleted file mode 100644
index 259e230..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2 and /dev/null differ

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2
new file mode 100644
index 0000000..178bcfc
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r14.ebuild
similarity index 96%
rename from sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild
rename to sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r14.ebuild
index ad8f44f..c14dceb 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r13.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r14.ebuild
@@ -3,7 +3,7 @@
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
 
 EAPI="1"
-IUSE="+peer_perms open_perms ubac"
+IUSE="+peer_perms +open_perms +ubac"
 
 inherit eutils
 
@@ -121,7 +121,7 @@ pkg_postinst() {
 		einfo "Inserting base module into ${i} module store."
 
 		cd "/usr/share/selinux/${i}"
-		semodule -s "${i}" -b base.pp
+		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
 	done
 	elog "Updates on policies might require you to relabel files. If you, after installing"
 	elog "new SELinux policies, get 'permission denied' errors, relabelling your system"

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     69c6c8a85c3abf884d187fe8a4116c327e5ac248
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat May 14 22:08:43 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sat May 14 22:08:43 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=69c6c8a8

Send out -r15

---
 sec-policy/selinux-base-policy/ChangeLog           |    6 +
 ...ndle-selinux-base-policy-2.20101213-r15.tar.bz2 |  Bin 0 -> 13578 bytes
 .../selinux-base-policy-2.20101213-r15.ebuild      |  129 ++++++++++++++++++++
 3 files changed, 135 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index 6d1ef9b..00fe71d 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -2,6 +2,12 @@
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.72 2011/04/16 13:02:44 blueness Exp $
 
+*selinux-base-policy-2.20101213-r15 (14 May 2011)
+
+  14 May 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r15.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2:
+  Correct file contexts for /lib64
+
 *selinux-base-policy-2.20101213-r14 (13 May 2011)
 
   13 May 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r13.ebuild,

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2
new file mode 100644
index 0000000..0279cf1
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r15.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r15.ebuild
new file mode 100644
index 0000000..713ca62
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r15.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
+
+EAPI="1"
+IUSE="+peer_perms +open_perms +ubac"
+
+inherit eutils
+
+PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-1.30.30
+	>=sys-fs/udev-151"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-1.30.12"
+
+S=${WORKDIR}/
+
+src_unpack() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	MOD_CONF_VER="20090730"
+
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${PATCHBUNDLE}"
+	cd "${S}/refpolicy"
+	# Fix bug 257111
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+
+		cd "${S}/${i}";
+		make conf || die "${i} reconfiguration failed"
+
+		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
+			"${S}/${i}/policy/modules.conf" \
+			|| die "failed to set up modules.conf"
+		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
+			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
+			|| die "build.conf setup failed."
+
+		if ! use ubac; then
+			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
+		fi
+
+		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
+
+pkg_postinst() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting base module into ${i} module store."
+
+		cd "/usr/share/selinux/${i}"
+		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
+	done
+	elog "Updates on policies might require you to relabel files. If you, after"
+	elog "installing new SELinux policies, get 'permission denied' errors,"
+	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
+}

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     e810931e867e0328c9c6aad8a50506879eb0a017
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun May 15 13:27:48 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun May 15 13:27:48 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=e810931e

Updates on openrc support, esp. for rc-update and rc-status

---
 sec-policy/selinux-base-policy/ChangeLog           |   10 ++
 ...ndle-selinux-base-policy-2.20101213-r14.tar.bz2 |  Bin 13211 -> 0 bytes
 ...ndle-selinux-base-policy-2.20101213-r15.tar.bz2 |  Bin 13578 -> 0 bytes
 ...ndle-selinux-base-policy-2.20101213-r16.tar.bz2 |  Bin 0 -> 13853 bytes
 .../selinux-base-policy-2.20101213-r14.ebuild      |  129 --------------------
 ...d => selinux-base-policy-2.20101213-r16.ebuild} |    0
 6 files changed, 10 insertions(+), 129 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index 00fe71d..e5c0771 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -2,6 +2,16 @@
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.72 2011/04/16 13:02:44 blueness Exp $
 
+*selinux-base-policy-2.20101213-r16 (15 May 2011)
+
+  15 May 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r14.ebuild,
+  -selinux-base-policy-2.20101213-r15.ebuild,
+  +selinux-base-policy-2.20101213-r16.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2:
+  Fix openrc support (rc-update, rc-status), drop obsoleted policy builds
+
 *selinux-base-policy-2.20101213-r15 (14 May 2011)
 
   14 May 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r15.ebuild,

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2
deleted file mode 100644
index 178bcfc..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2 and /dev/null differ

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2
deleted file mode 100644
index 0279cf1..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r15.tar.bz2 and /dev/null differ

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2
new file mode 100644
index 0000000..d2969cb
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r14.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r14.ebuild
deleted file mode 100644
index c14dceb..0000000
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r14.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
-
-EAPI="1"
-IUSE="+peer_perms +open_perms +ubac"
-
-inherit eutils
-
-PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
-SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="~amd64 ~x86"
-
-RDEPEND=">=sys-apps/policycoreutils-1.30.30
-	>=sys-fs/udev-151"
-DEPEND="${RDEPEND}
-	sys-devel/m4
-	>=sys-apps/checkpolicy-1.30.12"
-
-S=${WORKDIR}/
-
-src_unpack() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-	MOD_CONF_VER="20090730"
-
-	unpack ${A}
-
-	cd "${S}"
-	epatch "${PATCHBUNDLE}"
-	cd "${S}/refpolicy"
-	# Fix bug 257111
-	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
-		"${S}/refpolicy/config/appconfig-standard/default_contexts"
-
-	if ! use peer_perms; then
-		sed -i -e '/network_peer_controls/d' \
-			"${S}/refpolicy/policy/policy_capabilities"
-	fi
-
-	if ! use open_perms; then
-		sed -i -e '/open_perms/d' \
-			"${S}/refpolicy/policy/policy_capabilities"
-	fi
-
-	for i in ${POLICY_TYPES}; do
-		cp -a "${S}/refpolicy" "${S}/${i}"
-
-		cd "${S}/${i}";
-		make conf || die "${i} reconfiguration failed"
-
-		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
-			"${S}/${i}/policy/modules.conf" \
-			|| die "failed to set up modules.conf"
-		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
-			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
-			|| die "build.conf setup failed."
-
-		if ! use ubac; then
-			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
-		fi
-
-		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
-
-		if [ "${i}" == "targeted" ]; then
-			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
-			"${S}/${i}/config/appconfig-standard/seusers" \
-			|| die "targeted seusers setup failed."
-		fi
-	done
-}
-
-src_compile() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-
-	for i in ${POLICY_TYPES}; do
-		cd "${S}/${i}"
-		make base || die "${i} compile failed"
-	done
-}
-
-src_install() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-
-	for i in ${POLICY_TYPES}; do
-		cd "${S}/${i}"
-
-		make DESTDIR="${D}" install \
-			|| die "${i} install failed."
-
-		make DESTDIR="${D}" install-headers \
-			|| die "${i} headers install failed."
-
-		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
-
-		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
-
-		# libsemanage won't make this on its own
-		keepdir "/etc/selinux/${i}/policy"
-	done
-
-	dodoc doc/Makefile.example doc/example.{te,fc,if}
-
-	insinto /etc/selinux
-	doins "${FILESDIR}/config"
-}
-
-pkg_preinst() {
-	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
-	previous_less_than_r13=$?
-}
-
-pkg_postinst() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-
-	for i in ${POLICY_TYPES}; do
-		einfo "Inserting base module into ${i} module store."
-
-		cd "/usr/share/selinux/${i}"
-		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
-	done
-	elog "Updates on policies might require you to relabel files. If you, after installing"
-	elog "new SELinux policies, get 'permission denied' errors, relabelling your system"
-	elog "using 'rlpkg -a -r' might resolve the issues."
-}

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r15.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r16.ebuild
similarity index 100%
rename from sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r15.ebuild
rename to sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r16.ebuild

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     3af26ee84b983f63e555df803fe1e8d38b605ce7
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Jun 29 12:55:05 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Jun 29 12:55:05 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=3af26ee8

add zabbix support

---
 sec-policy/selinux-base-policy/ChangeLog           |  505 ++++++++++++++++++++
 sec-policy/selinux-base-policy/files/config        |   12 +
 .../files/modules.conf.strict.20090730             |   49 ++
 .../files/modules.conf.targeted.20090730           |   50 ++
 ...ndle-selinux-base-policy-2.20101213-r17.tar.bz2 |  Bin 0 -> 15055 bytes
 sec-policy/selinux-base-policy/metadata.xml        |   14 +
 .../selinux-base-policy-2.20101213-r17.ebuild      |  129 +++++
 7 files changed, 759 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
new file mode 100644
index 0000000..54c4b50
--- /dev/null
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -0,0 +1,505 @@
+# ChangeLog for sec-policy/selinux-base-policy
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.75 2011/06/02 12:06:45 blueness Exp $
+
+*selinux-base-policy-2.20101213-r17 (29 Jun 2011)
+
+  29 Jun 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r17.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2, +files/config,
+  +files/modules.conf.strict.20090730, +files/modules.conf.targeted.20090730,
+  +metadata.xml:
+  Add support for zabbix interfaces
+
+  02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+  selinux-base-policy-2.20101213-r16.ebuild:
+  Stable amd64 x86
+
+  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
+  -selinux-base-policy-2.20101213-r5.ebuild,
+  -selinux-base-policy-2.20101213-r6.ebuild,
+  -selinux-base-policy-2.20101213-r7.ebuild,
+  -selinux-base-policy-2.20101213-r9.ebuild,
+  -selinux-base-policy-2.20101213-r10.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
+  Removed deprecated revisions of base policy 2.20101213
+
+*selinux-base-policy-2.20101213-r16 (20 May 2011)
+
+  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r16.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml:
+  Drop obsoleted policy builds, add openrc support (rc-update, rc-status),
+  correct file contexts for /lib64, make UBAC optional (#257111 and #306393),
+  use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream
+
+*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
+*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
+
+  16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r11.ebuild,
+  +selinux-base-policy-2.20101213-r12.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
+*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
+
+  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r9.ebuild,
+  +selinux-base-policy-2.20101213-r10.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
+  Added patchbundle for base policy 2.20101213.
+
+*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r5.ebuild,
+  +selinux-base-policy-2.20101213-r6.ebuild,
+  +selinux-base-policy-2.20101213-r7.ebuild:
+  New upstream policy.
+
+*selinux-base-policy-2.20091215 (16 Dec 2009)
+
+  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20091215.ebuild:
+  New upstream release.
+
+*selinux-base-policy-20080525-r1 (14 Sep 2009)
+
+  14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525-r1.ebuild:
+  Update old base policy to support ext4.
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20070329.ebuild,
+  -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
+  Mark 20080525 stable, clear old ebuilds.
+
+*selinux-base-policy-2.20090814 (14 Aug 2009)
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090814.ebuild:
+  Git version of refpolicy for misc fixes including some cron problems.
+
+*selinux-base-policy-2.20090730 (03 Aug 2009)
+
+  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090730.ebuild:
+  New upstream release.
+
+  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
+  selinux-base-policy-20080525.ebuild:
+  Drop alpha, mips, ppc, sparc selinux support.
+
+*selinux-base-policy-20080525 (25 May 2008)
+
+  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525.ebuild:
+  New SVN snapshot.
+
+  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20051022-r1.ebuild,
+  -selinux-base-policy-20061114.ebuild:
+  Remove old ebuilds.
+
+  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070928.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20070928 (26 Nov 2007)
+
+  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070928.ebuild:
+  New SVN snapshot.
+
+  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild:
+  Mark stable.
+
+  30 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +files/selinux-base-policy-20070329.diff,
+  selinux-base-policy-20070329.ebuild:
+  Compile fix.
+
+*selinux-base-policy-20070329 (29 Mar 2007)
+
+  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070329.ebuild:
+  New SVN snapshot.
+
+  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
+  Redigest for Manifest2
+
+*selinux-base-policy-20061114 (15 Nov 2006)
+
+  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20061114.ebuild:
+  New SVN snapshot.
+
+  25 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix to have default POLICY_TYPES if it is empty.
+
+  21 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix xml generation failure to die.
+
+*selinux-base-policy-20061015 (15 Oct 2006)
+
+  15 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20061008.ebuild,
+  +selinux-base-policy-20061015.ebuild:
+  Update for testing fixes.
+
+*selinux-base-policy-20061008 (08 Oct 2006)
+
+  08 Oct 2006; Chris PeBenito <pebenito@gentoo.org> -files/semanage.conf,
+  +selinux-base-policy-20061008.ebuild,
+  -selinux-base-policy-99999999.ebuild:
+  First mainstream reference policy testing release.
+
+  29 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-99999999.ebuild:
+  Fix for new SVN location.  Fixes 147781.
+
+  22 Feb 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Alpha stable
+
+*selinux-base-policy-99999999 (02 Feb 2006)
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/config,
+  +files/modules.conf.strict, +files/modules.conf.targeted,
+  +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
+  Add experimental policy for testing reference policy. Requires portage fix
+  from bug #110857.
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20050322.ebuild,
+  -selinux-base-policy-20050618.ebuild,
+  -selinux-base-policy-20050821.ebuild,
+  -selinux-base-policy-20051022.ebuild:
+  Clean out old ebuilds.
+
+  14 Jan 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Added ~alpha
+
+*selinux-base-policy-20051022-r1 (08 Dec 2005)
+
+  08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022-r1.ebuild:
+  Change to use compatability genhomedircon. Newer policycoreutils (1.28)
+  breaks the backwards compatability this policy uses.
+
+*selinux-base-policy-20051022 (22 Oct 2005)
+
+  22 Oct 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022.ebuild:
+  Very trivial fixes.
+
+  08 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050821.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050821 (21 Aug 2005)
+
+  21 Aug 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050821.ebuild:
+  Minor updates for 2.6.12.
+
+  21 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050618.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050618 (18 Jun 2005)
+
+  18 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20041123.ebuild,
+  -selinux-base-policy-20050306.ebuild,
+  +selinux-base-policy-20050618.ebuild:
+  New release to support 2.6.12 features.
+
+  10 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  mips stable
+
+  01 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  Added ~mips.
+
+*selinux-base-policy-20050322 (23 Mar 2005)
+
+  23 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050322.ebuild:
+  New release.
+
+*selinux-base-policy-20050306 (06 Mar 2005)
+
+  06 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050306.ebuild:
+  Fix bad samba_domain dummy macro.  Add policies needed for udev support.
+
+*selinux-base-policy-20050224 (24 Feb 2005)
+
+  24 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050224.ebuild:
+  New release.
+
+  19 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20041123.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20041123 (23 Nov 2004)
+
+  23 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041123.ebuild:
+  New release with 1.18 merge.
+
+*selinux-base-policy-20041023 (23 Oct 2004)
+
+  23 Oct 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041023.ebuild:
+  New release with 1.16 merge. Tcpd and inetd have been deprecated since they
+  are not in the base system anymore, and probably no one uses them anyway.
+
+*selinux-base-policy-20040906 (06 Sep 2004)
+
+  06 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040906.ebuild:
+  New release with 1.14 merge, which has policy 18 (fine-grained netlink)
+  features.
+
+  05 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
+  -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
+  selinux-base-policy-20040702.ebuild:
+  Remove old builds, switch to epause and ebeep in remaining builds.
+
+*selinux-base-policy-20040702 (02 Jul 2004)
+
+  02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040702.ebuild:
+  Same as 20040629, except with updated flask headers, which will come out in
+  2.6.8.
+
+*selinux-base-policy-20040629 (29 Jun 2004)
+
+  29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040629.ebuild:
+  Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
+  ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
+  breakage fixed, put back manual PaX policy for pageexec/segmexec.
+
+  16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040604.ebuild:
+  Mark stable.
+
+  10 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
+  selinux-base-policy-20040604.ebuild:
+  Add src_compile() stub
+
+*selinux-base-policy-20040604 (04 Jun 2004)
+
+  04 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040604.ebuild:
+  New release including 1.12 NSA policy, and experimental sesandbox.
+
+  15 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040509.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040509 (09 May 2004)
+
+  09 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040509.ebuild:
+  A few small cleanups. Make PaX non exec pages macro based on arch. Large
+  portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
+  global_ssp tunable.
+
+*selinux-base-policy-20040418 (18 Apr 2004)
+
+  18 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040418.ebuild:
+  New release for checkpolicy 1.10
+
+*selinux-base-policy-20040414 (14 Apr 2004)
+
+  14 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
+  Minor updates
+
+*selinux-base-policy-20040408 (08 Apr 2004)
+
+  08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040408.ebuild:
+  New update. Users.fc is now deprecated, as the contexts for user directories
+  is now automatically generated. Portage fetching of distfiles now has a
+  subdomain, for dropping priviledges.
+
+  28 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040225 (25 Feb 2004)
+
+  25 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  New support for PaX ACL hooks. Addition of tunable.te for configurable policy
+  options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
+  reenable portage_r by tunable.te. Makefile update from NSA CVS.
+
+*selinux-base-policy-20040209 (09 Feb 2004)
+
+  09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040209.ebuild:
+  Minor revision to add XFS labeling and policy for integrated
+  runscript-run_init.
+
+  07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  Mark x86 stable.
+
+*selinux-base-policy-20040202 (02 Feb 2004)
+
+  02 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  A few misc fixes. Allow portage to update bootloader code, such as in lilo or
+  grub postinst. This requires checkpolicy 1.4-r1.
+
+*selinux-base-policy-20031225 (25 Dec 2003)
+
+  25 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031225.ebuild:
+  New release, with merged NSA 1.4 policy. One critical note, this policy
+  requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
+  and one requirement is in the patch for pam 0.77. If you do not use this pam
+  version or newer, you will be unable to authenticate in enforcing. Since
+  devfs no longer is usable in SELinux, it's policy has been removed. You
+  should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
+  load the policy, and relabel.
+
+  27 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild:
+  Mark stable.  Add build USE flag for stage building.
+
+*selinux-base-policy-20031010-r1 (12 Nov 2003)
+
+  12 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild,
+  files/selinux-base-policy-20031010-cvs.diff:
+  Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
+  work. Also portage update as a side effect of updated setfiles code in
+  portage, from bug 31748.
+
+  28 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  Mark stable
+
+*selinux-base-policy-20031010 (10 Oct 2003)
+
+  10 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  New release for new API.  Massive cleanups all over the place.
+
+*selinux-base-policy-20030817 (17 Aug 2003)
+
+  17 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030817.ebuild:
+  Initial commit of new API policy
+
+  10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030729-r1 (31 Jul 2003)
+
+  31 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  New rev that handles an empty POLICYDIR sanely.
+
+*selinux-base-policy-20030729 (29 Jul 2003)
+
+  29 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729.ebuild:
+  Make the ebuild use POLICYDIR. Important fix so portage can load policy so
+  selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
+  merging baselayout.
+
+*selinux-base-policy-20030720 (20 Jul 2003)
+
+  20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030720.ebuild:
+  Many fixes, including the syslog fix. File contexts have changed, so a relabel
+  is needed. You may encounter problems relabeling /usr/portage, as its file
+  context has changed, as files should not have the same type as a domain.
+  Relabelling in permissive will fix this, or temporarily give portage_t a
+  file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
+  users.fc, since all users with SELinux identities should have their home
+  directories have the correct identity, not the generic identity.
+
+  06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030604 (04 Jun 2003)
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Fix broken 20030603
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Pulling 20030603, as there are problems, 20030604 later today
+
+*selinux-base-policy-20030603 (03 Jun 2003)
+
+  03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
+  as they are not appropriate for the base policy, and untested.
+
+*selinux-base-policy-20030522 (22 May 2003)
+
+  22 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030522.ebuild:
+  The policy is in pretty good shape now. I've been able to run in enforcing mode
+  with little problem. I've also been able to successfully merge and unmerge
+  packages in enforcing mode, with few exceptions (why does mysql need to run ps
+  during configure?).
+
+*selinux-base-policy-20030514 (14 May 2003)
+
+  14 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030514.ebuild:
+  Many improvements in many areas. Of note, rlogind policies were removed. Klogd
+  is being merged into syslogd. The portage policy is much more complete, but
+  still needs work. Its suggested that all changes be merged in, policy
+  reloaded, then relabel.
+
+*selinux-base-policy-20030419 (19 Apr 2003)
+
+  23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030419.ebuild:
+  Marking stable for selinux-small stable usage
+
+  19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
+  selinux-base-policy-20030419.ebuild:
+  Initial commit.  Base policies for SELinux, with Gentoo-specifics
+

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
new file mode 100644
index 0000000..41e6993
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/config
@@ -0,0 +1,12 @@
+# This file controls the state of SELinux on the system on boot.
+
+# SELINUX can take one of these three values:
+#	enforcing - SELinux security policy is enforced.
+#	permissive - SELinux prints warnings instead of enforcing.
+#	disabled - No SELinux policy is loaded.
+SELINUX=permissive
+
+# SELINUXTYPE can take one of these two values:
+#	targeted - Only targeted network daemons are protected.
+#	strict - Full SELinux protection.
+SELINUXTYPE=strict

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
new file mode 100644
index 0000000..fcb3fd8
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
@@ -0,0 +1,49 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
new file mode 100644
index 0000000..ee8a14c
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
@@ -0,0 +1,50 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+unconfined = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2
new file mode 100644
index 0000000..5cab0d3
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
new file mode 100644
index 0000000..393f3bb
--- /dev/null
+++ b/sec-policy/selinux-base-policy/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>selinux</herd>
+	<longdescription>
+		Gentoo SELinux base policy.  This contains policy for a system at the end of system installation.
+		There is no extra policy in this package.
+	</longdescription>
+	<use>
+		<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
+		<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
+		<flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
+	</use>
+</pkgmetadata>

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild
new file mode 100644
index 0000000..7bc78de
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
+
+EAPI="1"
+IUSE="+peer_perms +open_perms +ubac"
+
+inherit eutils
+
+PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-1.30.30
+	>=sys-fs/udev-151"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-1.30.12"
+
+S=${WORKDIR}/
+
+src_unpack() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	MOD_CONF_VER="20090730"
+
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${PATCHBUNDLE}"
+	cd "${S}/refpolicy"
+	# Fix bug 257111
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+
+		cd "${S}/${i}";
+		make conf || die "Make conf in ${i} failed"
+
+		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
+			"${S}/${i}/policy/modules.conf" \
+			|| die "failed to set up modules.conf"
+		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
+			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
+			|| die "build.conf setup failed."
+
+		if ! use ubac; then
+			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
+		fi
+
+		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
+
+pkg_postinst() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting base module into ${i} module store."
+
+		cd "/usr/share/selinux/${i}"
+		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
+	done
+	elog "Updates on policies might require you to relabel files. If you, after"
+	elog "installing new SELinux policies, get 'permission denied' errors,"
+	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
+}

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Anthony G. Basile]

commit:     6c6fe18612deef41e53b1e008dd3fc90fc209d73
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 10:19:07 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 10:19:07 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=6c6fe186

sec-policy/elinux-base-policy: -r17 moved to the tree

(Portage version: 2.1.9.42/git/Linux x86_64, signed Manifest commit with key 0xD0455535)

---
 sec-policy/selinux-base-policy/ChangeLog           |  505 --------------------
 sec-policy/selinux-base-policy/files/config        |   12 -
 .../files/modules.conf.strict.20090730             |   49 --
 .../files/modules.conf.targeted.20090730           |   50 --
 ...ndle-selinux-base-policy-2.20101213-r17.tar.bz2 |  Bin 15055 -> 0 bytes
 sec-policy/selinux-base-policy/metadata.xml        |   14 -
 .../selinux-base-policy-2.20101213-r17.ebuild      |  129 -----
 7 files changed, 0 insertions(+), 759 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
deleted file mode 100644
index 54c4b50..0000000
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ /dev/null
@@ -1,505 +0,0 @@
-# ChangeLog for sec-policy/selinux-base-policy
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.75 2011/06/02 12:06:45 blueness Exp $
-
-*selinux-base-policy-2.20101213-r17 (29 Jun 2011)
-
-  29 Jun 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r17.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2, +files/config,
-  +files/modules.conf.strict.20090730, +files/modules.conf.targeted.20090730,
-  +metadata.xml:
-  Add support for zabbix interfaces
-
-  02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
-  selinux-base-policy-2.20101213-r16.ebuild:
-  Stable amd64 x86
-
-  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
-  -selinux-base-policy-2.20101213-r5.ebuild,
-  -selinux-base-policy-2.20101213-r6.ebuild,
-  -selinux-base-policy-2.20101213-r7.ebuild,
-  -selinux-base-policy-2.20101213-r9.ebuild,
-  -selinux-base-policy-2.20101213-r10.ebuild,
-  -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
-  Removed deprecated revisions of base policy 2.20101213
-
-*selinux-base-policy-2.20101213-r16 (20 May 2011)
-
-  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r16.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml:
-  Drop obsoleted policy builds, add openrc support (rc-update, rc-status),
-  correct file contexts for /lib64, make UBAC optional (#257111 and #306393),
-  use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream
-
-*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
-*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
-
-  16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r11.ebuild,
-  +selinux-base-policy-2.20101213-r12.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
-  Added new patchbundles for rev bumps to base policy 2.20101213
-
-*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
-*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
-
-  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r9.ebuild,
-  +selinux-base-policy-2.20101213-r10.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
-  Added new patchbundles for rev bumps to base policy 2.20101213
-
-  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
-  +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
-  Added patchbundle for base policy 2.20101213.
-
-*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
-*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
-*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
-
-  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r5.ebuild,
-  +selinux-base-policy-2.20101213-r6.ebuild,
-  +selinux-base-policy-2.20101213-r7.ebuild:
-  New upstream policy.
-
-*selinux-base-policy-2.20091215 (16 Dec 2009)
-
-  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-2.20091215.ebuild:
-  New upstream release.
-
-*selinux-base-policy-20080525-r1 (14 Sep 2009)
-
-  14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20080525-r1.ebuild:
-  Update old base policy to support ext4.
-
-  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20070329.ebuild,
-  -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
-  Mark 20080525 stable, clear old ebuilds.
-
-*selinux-base-policy-2.20090814 (14 Aug 2009)
-
-  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-2.20090814.ebuild:
-  Git version of refpolicy for misc fixes including some cron problems.
-
-*selinux-base-policy-2.20090730 (03 Aug 2009)
-
-  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-2.20090730.ebuild:
-  New upstream release.
-
-  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
-  selinux-base-policy-20080525.ebuild:
-  Drop alpha, mips, ppc, sparc selinux support.
-
-*selinux-base-policy-20080525 (25 May 2008)
-
-  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20080525.ebuild:
-  New SVN snapshot.
-
-  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20051022-r1.ebuild,
-  -selinux-base-policy-20061114.ebuild:
-  Remove old ebuilds.
-
-  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20070928.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20070928 (26 Nov 2007)
-
-  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20070928.ebuild:
-  New SVN snapshot.
-
-  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20070329.ebuild:
-  Mark stable.
-
-  30 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
-  +files/selinux-base-policy-20070329.diff,
-  selinux-base-policy-20070329.ebuild:
-  Compile fix.
-
-*selinux-base-policy-20070329 (29 Mar 2007)
-
-  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20070329.ebuild:
-  New SVN snapshot.
-
-  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
-  Redigest for Manifest2
-
-*selinux-base-policy-20061114 (15 Nov 2006)
-
-  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20061114.ebuild:
-  New SVN snapshot.
-
-  25 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20061015.ebuild:
-  Fix to have default POLICY_TYPES if it is empty.
-
-  21 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20061015.ebuild:
-  Fix xml generation failure to die.
-
-*selinux-base-policy-20061015 (15 Oct 2006)
-
-  15 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20061008.ebuild,
-  +selinux-base-policy-20061015.ebuild:
-  Update for testing fixes.
-
-*selinux-base-policy-20061008 (08 Oct 2006)
-
-  08 Oct 2006; Chris PeBenito <pebenito@gentoo.org> -files/semanage.conf,
-  +selinux-base-policy-20061008.ebuild,
-  -selinux-base-policy-99999999.ebuild:
-  First mainstream reference policy testing release.
-
-  29 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-99999999.ebuild:
-  Fix for new SVN location.  Fixes 147781.
-
-  22 Feb 2006; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20051022-r1.ebuild:
-  Alpha stable
-
-*selinux-base-policy-99999999 (02 Feb 2006)
-
-  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/config,
-  +files/modules.conf.strict, +files/modules.conf.targeted,
-  +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
-  Add experimental policy for testing reference policy. Requires portage fix
-  from bug #110857.
-
-  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20050322.ebuild,
-  -selinux-base-policy-20050618.ebuild,
-  -selinux-base-policy-20050821.ebuild,
-  -selinux-base-policy-20051022.ebuild:
-  Clean out old ebuilds.
-
-  14 Jan 2006; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20051022-r1.ebuild:
-  Added ~alpha
-
-*selinux-base-policy-20051022-r1 (08 Dec 2005)
-
-  08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20051022-r1.ebuild:
-  Change to use compatability genhomedircon. Newer policycoreutils (1.28)
-  breaks the backwards compatability this policy uses.
-
-*selinux-base-policy-20051022 (22 Oct 2005)
-
-  22 Oct 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20051022.ebuild:
-  Very trivial fixes.
-
-  08 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20050821.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20050821 (21 Aug 2005)
-
-  21 Aug 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050821.ebuild:
-  Minor updates for 2.6.12.
-
-  21 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20050618.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20050618 (18 Jun 2005)
-
-  18 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20041123.ebuild,
-  -selinux-base-policy-20050306.ebuild,
-  +selinux-base-policy-20050618.ebuild:
-  New release to support 2.6.12 features.
-
-  10 May 2005; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20050322.ebuild:
-  mips stable
-
-  01 May 2005; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20050322.ebuild:
-  Added ~mips.
-
-*selinux-base-policy-20050322 (23 Mar 2005)
-
-  23 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050322.ebuild:
-  New release.
-
-*selinux-base-policy-20050306 (06 Mar 2005)
-
-  06 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050306.ebuild:
-  Fix bad samba_domain dummy macro.  Add policies needed for udev support.
-
-*selinux-base-policy-20050224 (24 Feb 2005)
-
-  24 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050224.ebuild:
-  New release.
-
-  19 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20041123.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20041123 (23 Nov 2004)
-
-  23 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20041123.ebuild:
-  New release with 1.18 merge.
-
-*selinux-base-policy-20041023 (23 Oct 2004)
-
-  23 Oct 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20041023.ebuild:
-  New release with 1.16 merge. Tcpd and inetd have been deprecated since they
-  are not in the base system anymore, and probably no one uses them anyway.
-
-*selinux-base-policy-20040906 (06 Sep 2004)
-
-  06 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040906.ebuild:
-  New release with 1.14 merge, which has policy 18 (fine-grained netlink)
-  features.
-
-  05 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
-  -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
-  selinux-base-policy-20040702.ebuild:
-  Remove old builds, switch to epause and ebeep in remaining builds.
-
-*selinux-base-policy-20040702 (02 Jul 2004)
-
-  02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040702.ebuild:
-  Same as 20040629, except with updated flask headers, which will come out in
-  2.6.8.
-
-*selinux-base-policy-20040629 (29 Jun 2004)
-
-  29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040629.ebuild:
-  Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
-  ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
-  breakage fixed, put back manual PaX policy for pageexec/segmexec.
-
-  16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040604.ebuild:
-  Mark stable.
-
-  10 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
-  selinux-base-policy-20040604.ebuild:
-  Add src_compile() stub
-
-*selinux-base-policy-20040604 (04 Jun 2004)
-
-  04 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040604.ebuild:
-  New release including 1.12 NSA policy, and experimental sesandbox.
-
-  15 May 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040509.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20040509 (09 May 2004)
-
-  09 May 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040509.ebuild:
-  A few small cleanups. Make PaX non exec pages macro based on arch. Large
-  portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
-  global_ssp tunable.
-
-*selinux-base-policy-20040418 (18 Apr 2004)
-
-  18 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040418.ebuild:
-  New release for checkpolicy 1.10
-
-*selinux-base-policy-20040414 (14 Apr 2004)
-
-  14 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
-  Minor updates
-
-*selinux-base-policy-20040408 (08 Apr 2004)
-
-  08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040408.ebuild:
-  New update. Users.fc is now deprecated, as the contexts for user directories
-  is now automatically generated. Portage fetching of distfiles now has a
-  subdomain, for dropping priviledges.
-
-  28 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20040225 (25 Feb 2004)
-
-  25 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild:
-  New support for PaX ACL hooks. Addition of tunable.te for configurable policy
-  options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
-  reenable portage_r by tunable.te. Makefile update from NSA CVS.
-
-*selinux-base-policy-20040209 (09 Feb 2004)
-
-  09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040209.ebuild:
-  Minor revision to add XFS labeling and policy for integrated
-  runscript-run_init.
-
-  07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040202.ebuild:
-  Mark x86 stable.
-
-*selinux-base-policy-20040202 (02 Feb 2004)
-
-  02 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040202.ebuild:
-  A few misc fixes. Allow portage to update bootloader code, such as in lilo or
-  grub postinst. This requires checkpolicy 1.4-r1.
-
-*selinux-base-policy-20031225 (25 Dec 2003)
-
-  25 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031225.ebuild:
-  New release, with merged NSA 1.4 policy. One critical note, this policy
-  requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
-  and one requirement is in the patch for pam 0.77. If you do not use this pam
-  version or newer, you will be unable to authenticate in enforcing. Since
-  devfs no longer is usable in SELinux, it's policy has been removed. You
-  should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
-  load the policy, and relabel.
-
-  27 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010-r1.ebuild:
-  Mark stable.  Add build USE flag for stage building.
-
-*selinux-base-policy-20031010-r1 (12 Nov 2003)
-
-  12 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010-r1.ebuild,
-  files/selinux-base-policy-20031010-cvs.diff:
-  Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
-  work. Also portage update as a side effect of updated setfiles code in
-  portage, from bug 31748.
-
-  28 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010.ebuild:
-  Mark stable
-
-*selinux-base-policy-20031010 (10 Oct 2003)
-
-  10 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010.ebuild:
-  New release for new API.  Massive cleanups all over the place.
-
-*selinux-base-policy-20030817 (17 Aug 2003)
-
-  17 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030817.ebuild:
-  Initial commit of new API policy
-
-  10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030729-r1.ebuild:
-  Mark stable
-
-*selinux-base-policy-20030729-r1 (31 Jul 2003)
-
-  31 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030729-r1.ebuild:
-  New rev that handles an empty POLICYDIR sanely.
-
-*selinux-base-policy-20030729 (29 Jul 2003)
-
-  29 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030729.ebuild:
-  Make the ebuild use POLICYDIR. Important fix so portage can load policy so
-  selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
-  merging baselayout.
-
-*selinux-base-policy-20030720 (20 Jul 2003)
-
-  20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030720.ebuild:
-  Many fixes, including the syslog fix. File contexts have changed, so a relabel
-  is needed. You may encounter problems relabeling /usr/portage, as its file
-  context has changed, as files should not have the same type as a domain.
-  Relabelling in permissive will fix this, or temporarily give portage_t a
-  file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
-  users.fc, since all users with SELinux identities should have their home
-  directories have the correct identity, not the generic identity.
-
-  06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030604.ebuild:
-  Mark stable
-
-*selinux-base-policy-20030604 (04 Jun 2003)
-
-  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030604.ebuild:
-  Fix broken 20030603
-
-  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030603.ebuild:
-  Pulling 20030603, as there are problems, 20030604 later today
-
-*selinux-base-policy-20030603 (03 Jun 2003)
-
-  03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030603.ebuild:
-  Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
-  as they are not appropriate for the base policy, and untested.
-
-*selinux-base-policy-20030522 (22 May 2003)
-
-  22 May 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030522.ebuild:
-  The policy is in pretty good shape now. I've been able to run in enforcing mode
-  with little problem. I've also been able to successfully merge and unmerge
-  packages in enforcing mode, with few exceptions (why does mysql need to run ps
-  during configure?).
-
-*selinux-base-policy-20030514 (14 May 2003)
-
-  14 May 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030514.ebuild:
-  Many improvements in many areas. Of note, rlogind policies were removed. Klogd
-  is being merged into syslogd. The portage policy is much more complete, but
-  still needs work. Its suggested that all changes be merged in, policy
-  reloaded, then relabel.
-
-*selinux-base-policy-20030419 (19 Apr 2003)
-
-  23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030419.ebuild:
-  Marking stable for selinux-small stable usage
-
-  19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
-  selinux-base-policy-20030419.ebuild:
-  Initial commit.  Base policies for SELinux, with Gentoo-specifics
-

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
deleted file mode 100644
index 41e6993..0000000
--- a/sec-policy/selinux-base-policy/files/config
+++ /dev/null
@@ -1,12 +0,0 @@
-# This file controls the state of SELinux on the system on boot.
-
-# SELINUX can take one of these three values:
-#	enforcing - SELinux security policy is enforced.
-#	permissive - SELinux prints warnings instead of enforcing.
-#	disabled - No SELinux policy is loaded.
-SELINUX=permissive
-
-# SELINUXTYPE can take one of these two values:
-#	targeted - Only targeted network daemons are protected.
-#	strict - Full SELinux protection.
-SELINUXTYPE=strict

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
deleted file mode 100644
index fcb3fd8..0000000
--- a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
+++ /dev/null
@@ -1,49 +0,0 @@
-application = base
-authlogin = base
-bootloader = base
-clock = base
-consoletype = base
-corecommands = base
-corenetwork = base
-cron = base
-devices = base
-dmesg = base
-domain = base
-files = base
-filesystem = base
-fstools = base
-getty = base
-hostname = base
-hotplug = base
-init = base
-iptables = base
-kernel = base
-libraries = base
-locallogin = base
-logging = base
-lvm = base
-miscfiles = base
-mcs = base
-mls = base
-modutils = base
-mount = base
-mta = base
-netutils = base
-nscd = base
-portage = base
-raid = base
-rsync = base
-selinux = base
-selinuxutil = base
-ssh = base
-staff = base
-storage = base
-su = base
-sysadm = base
-sysnetwork = base
-terminal = base
-ubac = base
-udev = base
-userdomain = base
-usermanage = base
-unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
deleted file mode 100644
index ee8a14c..0000000
--- a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
+++ /dev/null
@@ -1,50 +0,0 @@
-application = base
-authlogin = base
-bootloader = base
-clock = base
-consoletype = base
-corecommands = base
-corenetwork = base
-cron = base
-devices = base
-dmesg = base
-domain = base
-files = base
-filesystem = base
-fstools = base
-getty = base
-hostname = base
-hotplug = base
-init = base
-iptables = base
-kernel = base
-libraries = base
-locallogin = base
-logging = base
-lvm = base
-miscfiles = base
-mcs = base
-mls = base
-modutils = base
-mount = base
-mta = base
-netutils = base
-nscd = base
-portage = base
-raid = base
-rsync = base
-selinux = base
-selinuxutil = base
-ssh = base
-staff = base
-storage = base
-su = base
-sysadm = base
-sysnetwork = base
-terminal = base
-ubac = base
-udev = base
-unconfined = base
-userdomain = base
-usermanage = base
-unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2
deleted file mode 100644
index 5cab0d3..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2 and /dev/null differ

diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
deleted file mode 100644
index 393f3bb..0000000
--- a/sec-policy/selinux-base-policy/metadata.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-	<herd>selinux</herd>
-	<longdescription>
-		Gentoo SELinux base policy.  This contains policy for a system at the end of system installation.
-		There is no extra policy in this package.
-	</longdescription>
-	<use>
-		<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
-		<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
-		<flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
-	</use>
-</pkgmetadata>

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild
deleted file mode 100644
index 7bc78de..0000000
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
-
-EAPI="1"
-IUSE="+peer_perms +open_perms +ubac"
-
-inherit eutils
-
-PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
-SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="~amd64 ~x86"
-
-RDEPEND=">=sys-apps/policycoreutils-1.30.30
-	>=sys-fs/udev-151"
-DEPEND="${RDEPEND}
-	sys-devel/m4
-	>=sys-apps/checkpolicy-1.30.12"
-
-S=${WORKDIR}/
-
-src_unpack() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-	MOD_CONF_VER="20090730"
-
-	unpack ${A}
-
-	cd "${S}"
-	epatch "${PATCHBUNDLE}"
-	cd "${S}/refpolicy"
-	# Fix bug 257111
-	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
-		"${S}/refpolicy/config/appconfig-standard/default_contexts"
-
-	if ! use peer_perms; then
-		sed -i -e '/network_peer_controls/d' \
-			"${S}/refpolicy/policy/policy_capabilities"
-	fi
-
-	if ! use open_perms; then
-		sed -i -e '/open_perms/d' \
-			"${S}/refpolicy/policy/policy_capabilities"
-	fi
-
-	for i in ${POLICY_TYPES}; do
-		cp -a "${S}/refpolicy" "${S}/${i}"
-
-		cd "${S}/${i}";
-		make conf || die "Make conf in ${i} failed"
-
-		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
-			"${S}/${i}/policy/modules.conf" \
-			|| die "failed to set up modules.conf"
-		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
-			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
-			|| die "build.conf setup failed."
-
-		if ! use ubac; then
-			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
-		fi
-
-		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
-
-		if [ "${i}" == "targeted" ]; then
-			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
-			"${S}/${i}/config/appconfig-standard/seusers" \
-			|| die "targeted seusers setup failed."
-		fi
-	done
-}
-
-src_compile() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-
-	for i in ${POLICY_TYPES}; do
-		cd "${S}/${i}"
-		make base || die "${i} compile failed"
-	done
-}
-
-src_install() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-
-	for i in ${POLICY_TYPES}; do
-		cd "${S}/${i}"
-
-		make DESTDIR="${D}" install \
-			|| die "${i} install failed."
-
-		make DESTDIR="${D}" install-headers \
-			|| die "${i} headers install failed."
-
-		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
-
-		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
-
-		# libsemanage won't make this on its own
-		keepdir "/etc/selinux/${i}/policy"
-	done
-
-	dodoc doc/Makefile.example doc/example.{te,fc,if}
-
-	insinto /etc/selinux
-	doins "${FILESDIR}/config"
-}
-
-pkg_preinst() {
-	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
-	previous_less_than_r13=$?
-}
-
-pkg_postinst() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-
-	for i in ${POLICY_TYPES}; do
-		einfo "Inserting base module into ${i} module store."
-
-		cd "/usr/share/selinux/${i}"
-		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
-	done
-	elog "Updates on policies might require you to relabel files. If you, after"
-	elog "installing new SELinux policies, get 'permission denied' errors,"
-	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
-}

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     c4e79d8346982ef86a09f6f73cd1337d7f3e196f
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jul  7 18:34:10 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jul  7 18:34:10 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=c4e79d83

Update base policy, fixing openrc stuff, allowing portage to work with NFS-mounted locations, fix syslog init startup problem, fix postgresql init startup problem, allow mount context= to work on all file_types rather than just filesystem_type

---
 sec-policy/selinux-base-policy/ChangeLog           |  500 ++++++++++++++++++++
 sec-policy/selinux-base-policy/files/config        |   12 +
 .../selinux-base-policy/files/modules.conf.strict  |   44 ++
 .../files/modules.conf.strict.20090730             |   49 ++
 .../files/modules.conf.targeted                    |   45 ++
 .../files/modules.conf.targeted.20090730           |   50 ++
 ...ndle-selinux-base-policy-2.20101213-r18.tar.bz2 |  Bin 0 -> 15951 bytes
 sec-policy/selinux-base-policy/metadata.xml        |   14 +
 .../selinux-base-policy-2.20101213-r18.ebuild      |  132 +++++
 9 files changed, 846 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
new file mode 100644
index 0000000..ef7c640
--- /dev/null
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -0,0 +1,500 @@
+# ChangeLog for sec-policy/selinux-base-policy
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.72 2011/04/16 13:02:44 blueness Exp $
+
+*selinux-base-policy-2.20101213-r18 (29 Jun 2011)
+
+  29 Jun 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r17.ebuild,
+  +selinux-base-policy-2.20101213-r18.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r18.tar.bz2:
+  Bump to r18, improve support for openrc, allow portage to work with NFS-
+  mounted locations, fix firefox plugin support, fix postgres init script
+  support, fix syslog startup issue
+
+*selinux-base-policy-2.20101213-r14 (13 May 2011)
+
+  13 May 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r13.ebuild,
+  +selinux-base-policy-2.20101213-r14.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r14.tar.bz2:
+  Update with support for openrc
+
+*selinux-base-policy-2.20101213-r13 (02 May 2011)
+
+  02 May 2011; <swift@gentoo.org>
+  +selinux-base-policy-2.20101213-r13.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r13.tar.bz2,
+  +files/config, +files/modules.conf.strict,
+  +files/modules.conf.strict.20090730, +files/modules.conf.targeted,
+  +files/modules.conf.targeted.20090730, +metadata.xml:
+  Make UBAC optional (#257111 and #306393), use portage_srcrepo_t for live
+  ebuilds and match mdadm policy with upstream
+
+*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
+*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
+
+  16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r11.ebuild,
+  +selinux-base-policy-2.20101213-r12.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
+*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
+
+  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r9.ebuild,
+  +selinux-base-policy-2.20101213-r10.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
+  Added patchbundle for base policy 2.20101213.
+
+*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r5.ebuild,
+  +selinux-base-policy-2.20101213-r6.ebuild,
+  +selinux-base-policy-2.20101213-r7.ebuild:
+  New upstream policy.
+
+*selinux-base-policy-2.20091215 (16 Dec 2009)
+
+  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20091215.ebuild:
+  New upstream release.
+
+*selinux-base-policy-20080525-r1 (14 Sep 2009)
+
+  14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525-r1.ebuild:
+  Update old base policy to support ext4.
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20070329.ebuild,
+  -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
+  Mark 20080525 stable, clear old ebuilds.
+
+*selinux-base-policy-2.20090814 (14 Aug 2009)
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090814.ebuild:
+  Git version of refpolicy for misc fixes including some cron problems.
+
+*selinux-base-policy-2.20090730 (03 Aug 2009)
+
+  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090730.ebuild:
+  New upstream release.
+
+  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
+  selinux-base-policy-20080525.ebuild:
+  Drop alpha, mips, ppc, sparc selinux support.
+
+*selinux-base-policy-20080525 (25 May 2008)
+
+  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525.ebuild:
+  New SVN snapshot.
+
+  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20051022-r1.ebuild,
+  -selinux-base-policy-20061114.ebuild:
+  Remove old ebuilds.
+
+  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070928.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20070928 (26 Nov 2007)
+
+  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070928.ebuild:
+  New SVN snapshot.
+
+  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild:
+  Mark stable.
+
+  30 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +files/selinux-base-policy-20070329.diff,
+  selinux-base-policy-20070329.ebuild:
+  Compile fix.
+
+*selinux-base-policy-20070329 (29 Mar 2007)
+
+  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070329.ebuild:
+  New SVN snapshot.
+
+  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
+  Redigest for Manifest2
+
+*selinux-base-policy-20061114 (15 Nov 2006)
+
+  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20061114.ebuild:
+  New SVN snapshot.
+
+  25 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix to have default POLICY_TYPES if it is empty.
+
+  21 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix xml generation failure to die.
+
+*selinux-base-policy-20061015 (15 Oct 2006)
+
+  15 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20061008.ebuild,
+  +selinux-base-policy-20061015.ebuild:
+  Update for testing fixes.
+
+*selinux-base-policy-20061008 (08 Oct 2006)
+
+  08 Oct 2006; Chris PeBenito <pebenito@gentoo.org> -files/semanage.conf,
+  +selinux-base-policy-20061008.ebuild,
+  -selinux-base-policy-99999999.ebuild:
+  First mainstream reference policy testing release.
+
+  29 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-99999999.ebuild:
+  Fix for new SVN location.  Fixes 147781.
+
+  22 Feb 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Alpha stable
+
+*selinux-base-policy-99999999 (02 Feb 2006)
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/config,
+  +files/modules.conf.strict, +files/modules.conf.targeted,
+  +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
+  Add experimental policy for testing reference policy. Requires portage fix
+  from bug #110857.
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20050322.ebuild,
+  -selinux-base-policy-20050618.ebuild,
+  -selinux-base-policy-20050821.ebuild,
+  -selinux-base-policy-20051022.ebuild:
+  Clean out old ebuilds.
+
+  14 Jan 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Added ~alpha
+
+*selinux-base-policy-20051022-r1 (08 Dec 2005)
+
+  08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022-r1.ebuild:
+  Change to use compatability genhomedircon. Newer policycoreutils (1.28)
+  breaks the backwards compatability this policy uses.
+
+*selinux-base-policy-20051022 (22 Oct 2005)
+
+  22 Oct 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022.ebuild:
+  Very trivial fixes.
+
+  08 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050821.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050821 (21 Aug 2005)
+
+  21 Aug 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050821.ebuild:
+  Minor updates for 2.6.12.
+
+  21 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050618.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050618 (18 Jun 2005)
+
+  18 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20041123.ebuild,
+  -selinux-base-policy-20050306.ebuild,
+  +selinux-base-policy-20050618.ebuild:
+  New release to support 2.6.12 features.
+
+  10 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  mips stable
+
+  01 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  Added ~mips.
+
+*selinux-base-policy-20050322 (23 Mar 2005)
+
+  23 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050322.ebuild:
+  New release.
+
+*selinux-base-policy-20050306 (06 Mar 2005)
+
+  06 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050306.ebuild:
+  Fix bad samba_domain dummy macro.  Add policies needed for udev support.
+
+*selinux-base-policy-20050224 (24 Feb 2005)
+
+  24 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050224.ebuild:
+  New release.
+
+  19 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20041123.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20041123 (23 Nov 2004)
+
+  23 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041123.ebuild:
+  New release with 1.18 merge.
+
+*selinux-base-policy-20041023 (23 Oct 2004)
+
+  23 Oct 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041023.ebuild:
+  New release with 1.16 merge. Tcpd and inetd have been deprecated since they
+  are not in the base system anymore, and probably no one uses them anyway.
+
+*selinux-base-policy-20040906 (06 Sep 2004)
+
+  06 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040906.ebuild:
+  New release with 1.14 merge, which has policy 18 (fine-grained netlink)
+  features.
+
+  05 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
+  -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
+  selinux-base-policy-20040702.ebuild:
+  Remove old builds, switch to epause and ebeep in remaining builds.
+
+*selinux-base-policy-20040702 (02 Jul 2004)
+
+  02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040702.ebuild:
+  Same as 20040629, except with updated flask headers, which will come out in
+  2.6.8.
+
+*selinux-base-policy-20040629 (29 Jun 2004)
+
+  29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040629.ebuild:
+  Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
+  ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
+  breakage fixed, put back manual PaX policy for pageexec/segmexec.
+
+  16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040604.ebuild:
+  Mark stable.
+
+  10 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
+  selinux-base-policy-20040604.ebuild:
+  Add src_compile() stub
+
+*selinux-base-policy-20040604 (04 Jun 2004)
+
+  04 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040604.ebuild:
+  New release including 1.12 NSA policy, and experimental sesandbox.
+
+  15 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040509.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040509 (09 May 2004)
+
+  09 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040509.ebuild:
+  A few small cleanups. Make PaX non exec pages macro based on arch. Large
+  portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
+  global_ssp tunable.
+
+*selinux-base-policy-20040418 (18 Apr 2004)
+
+  18 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040418.ebuild:
+  New release for checkpolicy 1.10
+
+*selinux-base-policy-20040414 (14 Apr 2004)
+
+  14 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
+  Minor updates
+
+*selinux-base-policy-20040408 (08 Apr 2004)
+
+  08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040408.ebuild:
+  New update. Users.fc is now deprecated, as the contexts for user directories
+  is now automatically generated. Portage fetching of distfiles now has a
+  subdomain, for dropping priviledges.
+
+  28 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040225 (25 Feb 2004)
+
+  25 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  New support for PaX ACL hooks. Addition of tunable.te for configurable policy
+  options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
+  reenable portage_r by tunable.te. Makefile update from NSA CVS.
+
+*selinux-base-policy-20040209 (09 Feb 2004)
+
+  09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040209.ebuild:
+  Minor revision to add XFS labeling and policy for integrated
+  runscript-run_init.
+
+  07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  Mark x86 stable.
+
+*selinux-base-policy-20040202 (02 Feb 2004)
+
+  02 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  A few misc fixes. Allow portage to update bootloader code, such as in lilo or
+  grub postinst. This requires checkpolicy 1.4-r1.
+
+*selinux-base-policy-20031225 (25 Dec 2003)
+
+  25 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031225.ebuild:
+  New release, with merged NSA 1.4 policy. One critical note, this policy
+  requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
+  and one requirement is in the patch for pam 0.77. If you do not use this pam
+  version or newer, you will be unable to authenticate in enforcing. Since
+  devfs no longer is usable in SELinux, it's policy has been removed. You
+  should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
+  load the policy, and relabel.
+
+  27 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild:
+  Mark stable.  Add build USE flag for stage building.
+
+*selinux-base-policy-20031010-r1 (12 Nov 2003)
+
+  12 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild,
+  files/selinux-base-policy-20031010-cvs.diff:
+  Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
+  work. Also portage update as a side effect of updated setfiles code in
+  portage, from bug 31748.
+
+  28 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  Mark stable
+
+*selinux-base-policy-20031010 (10 Oct 2003)
+
+  10 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  New release for new API.  Massive cleanups all over the place.
+
+*selinux-base-policy-20030817 (17 Aug 2003)
+
+  17 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030817.ebuild:
+  Initial commit of new API policy
+
+  10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030729-r1 (31 Jul 2003)
+
+  31 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  New rev that handles an empty POLICYDIR sanely.
+
+*selinux-base-policy-20030729 (29 Jul 2003)
+
+  29 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729.ebuild:
+  Make the ebuild use POLICYDIR. Important fix so portage can load policy so
+  selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
+  merging baselayout.
+
+*selinux-base-policy-20030720 (20 Jul 2003)
+
+  20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030720.ebuild:
+  Many fixes, including the syslog fix. File contexts have changed, so a relabel
+  is needed. You may encounter problems relabeling /usr/portage, as its file
+  context has changed, as files should not have the same type as a domain.
+  Relabelling in permissive will fix this, or temporarily give portage_t a
+  file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
+  users.fc, since all users with SELinux identities should have their home
+  directories have the correct identity, not the generic identity.
+
+  06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030604 (04 Jun 2003)
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Fix broken 20030603
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Pulling 20030603, as there are problems, 20030604 later today
+
+*selinux-base-policy-20030603 (03 Jun 2003)
+
+  03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
+  as they are not appropriate for the base policy, and untested.
+
+*selinux-base-policy-20030522 (22 May 2003)
+
+  22 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030522.ebuild:
+  The policy is in pretty good shape now. I've been able to run in enforcing mode
+  with little problem. I've also been able to successfully merge and unmerge
+  packages in enforcing mode, with few exceptions (why does mysql need to run ps
+  during configure?).
+
+*selinux-base-policy-20030514 (14 May 2003)
+
+  14 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030514.ebuild:
+  Many improvements in many areas. Of note, rlogind policies were removed. Klogd
+  is being merged into syslogd. The portage policy is much more complete, but
+  still needs work. Its suggested that all changes be merged in, policy
+  reloaded, then relabel.
+
+*selinux-base-policy-20030419 (19 Apr 2003)
+
+  23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030419.ebuild:
+  Marking stable for selinux-small stable usage
+
+  19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
+  selinux-base-policy-20030419.ebuild:
+  Initial commit.  Base policies for SELinux, with Gentoo-specifics
+

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
new file mode 100644
index 0000000..41e6993
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/config
@@ -0,0 +1,12 @@
+# This file controls the state of SELinux on the system on boot.
+
+# SELINUX can take one of these three values:
+#	enforcing - SELinux security policy is enforced.
+#	permissive - SELinux prints warnings instead of enforcing.
+#	disabled - No SELinux policy is loaded.
+SELINUX=permissive
+
+# SELINUXTYPE can take one of these two values:
+#	targeted - Only targeted network daemons are protected.
+#	strict - Full SELinux protection.
+SELINUXTYPE=strict

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict b/sec-policy/selinux-base-policy/files/modules.conf.strict
new file mode 100644
index 0000000..a9c7a9b
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.strict
@@ -0,0 +1,44 @@
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+storage = base
+su = base
+sysnetwork = base
+terminal = base
+udev = base
+userdomain = base
+usermanage = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
new file mode 100644
index 0000000..fcb3fd8
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
@@ -0,0 +1,49 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted b/sec-policy/selinux-base-policy/files/modules.conf.targeted
new file mode 100644
index 0000000..90f9ad3
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted
@@ -0,0 +1,45 @@
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+storage = base
+su = base
+sysnetwork = base
+terminal = base
+udev = base
+unconfined = base
+userdomain = base
+usermanage = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
new file mode 100644
index 0000000..ee8a14c
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
@@ -0,0 +1,50 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+unconfined = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r18.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r18.tar.bz2
new file mode 100644
index 0000000..2277215
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r18.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
new file mode 100644
index 0000000..393f3bb
--- /dev/null
+++ b/sec-policy/selinux-base-policy/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>selinux</herd>
+	<longdescription>
+		Gentoo SELinux base policy.  This contains policy for a system at the end of system installation.
+		There is no extra policy in this package.
+	</longdescription>
+	<use>
+		<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
+		<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
+		<flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
+	</use>
+</pkgmetadata>

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild
new file mode 100644
index 0000000..24b09fe
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild
@@ -0,0 +1,132 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r12.ebuild,v 1.1 2011/04/16 13:02:44 blueness Exp $
+
+EAPI="1"
+IUSE="+peer_perms +open_perms +ubac"
+
+inherit eutils
+
+PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
+#PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
+#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
+#	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-1.30.30
+	>=sys-fs/udev-151"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-1.30.12"
+
+S=${WORKDIR}/
+
+src_unpack() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	MOD_CONF_VER="20090730"
+
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${PATCHBUNDLE}"
+	cd "${S}/refpolicy"
+	# Fix bug 257111
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+
+		cd "${S}/${i}";
+		make conf || die "Make conf in ${i} failed"
+
+		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
+			"${S}/${i}/policy/modules.conf" \
+			|| die "failed to set up modules.conf"
+		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
+			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
+			|| die "build.conf setup failed."
+
+		if ! use ubac; then
+			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
+		fi
+
+		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
+
+pkg_postinst() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting base module into ${i} module store."
+
+		cd "/usr/share/selinux/${i}"
+		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
+	done
+	elog "Updates on policies might require you to relabel files. If you, after"
+	elog "installing new SELinux policies, get 'permission denied' errors,"
+	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
+}

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     dba2bf065f6e53ac244da789d3f78157ba04e935
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Jul 17 18:04:24 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Jul 17 18:04:24 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=dba2bf06

Push base r19

---
 sec-policy/selinux-base-policy/ChangeLog           |  543 ++++++++++++++++++++
 sec-policy/selinux-base-policy/files/config        |   12 +
 .../files/modules.conf.strict.20090730             |   49 ++
 .../files/modules.conf.targeted.20090730           |   50 ++
 ...ndle-selinux-base-policy-2.20101213-r19.tar.bz2 |  Bin 0 -> 18638 bytes
 sec-policy/selinux-base-policy/metadata.xml        |   14 +
 .../selinux-base-policy-2.20101213-r19.ebuild      |  132 +++++
 7 files changed, 800 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
new file mode 100644
index 0000000..cb27670
--- /dev/null
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -0,0 +1,543 @@
+# ChangeLog for sec-policy/selinux-base-policy
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $
+
+*selinux-base-policy-2.20101213-r19 (17 Jul 2011)
+
+  17 Jul 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r19.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2, +files/config,
+  +files/modules.conf.strict.20090730, +files/modules.conf.targeted.20090730,
+  +metadata.xml:
+  Add haveged and nginx, fix support for our notrans state (openrc)
+
+  11 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+  -files/selinux-base-policy-20070329.diff,
+  -selinux-base-policy-20080525.ebuild,
+  -selinux-base-policy-20080525-r1.ebuild, -files/modules.conf.strict,
+  -files/modules.conf.strict.20070928, -files/modules.conf.strict.20080525,
+  -files/modules.conf.targeted, -files/modules.conf.targeted.20070928,
+  -files/modules.conf.targeted.20080525:
+  Removed all pre 2.20xx base policies
+
+*selinux-base-policy-2.20101213-r18 (10 Jul 2011)
+
+  10 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r18.ebuild:
+  Bump to r18, improve support for openrc, allow portage to work with
+  NFS-mounted locations, fix firefox plugin support, fix postgres init
+  script support, fix syslog startup issue
+
+  03 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+  selinux-base-policy-2.20101213-r16.ebuild,
+  selinux-base-policy-2.20101213-r17.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2:
+  Moved patchbundles out of ${FILESDIR}, bug #370927
+
+  30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+  -selinux-base-policy-2.20101213-r11.ebuild,
+  -selinux-base-policy-2.20101213-r12.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
+  Removed deprecated versions
+
+*selinux-base-policy-2.20101213-r17 (30 Jun 2011)
+
+  30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r17.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2:
+  Add support for zabbix
+
+  02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+  selinux-base-policy-2.20101213-r16.ebuild:
+  Stable amd64 x86
+
+  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
+  -selinux-base-policy-2.20101213-r5.ebuild,
+  -selinux-base-policy-2.20101213-r6.ebuild,
+  -selinux-base-policy-2.20101213-r7.ebuild,
+  -selinux-base-policy-2.20101213-r9.ebuild,
+  -selinux-base-policy-2.20101213-r10.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2,
+  -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
+  Removed deprecated revisions of base policy 2.20101213
+
+*selinux-base-policy-2.20101213-r16 (20 May 2011)
+
+  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r16.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml:
+  Drop obsoleted policy builds, add openrc support (rc-update, rc-status),
+  correct file contexts for /lib64, make UBAC optional (#257111 and #306393),
+  use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream
+
+*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
+*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
+
+  16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r11.ebuild,
+  +selinux-base-policy-2.20101213-r12.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
+*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
+
+  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r9.ebuild,
+  +selinux-base-policy-2.20101213-r10.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
+  Added new patchbundles for rev bumps to base policy 2.20101213
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
+  Added patchbundle for base policy 2.20101213.
+
+*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
+*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-base-policy-2.20101213-r5.ebuild,
+  +selinux-base-policy-2.20101213-r6.ebuild,
+  +selinux-base-policy-2.20101213-r7.ebuild:
+  New upstream policy.
+
+*selinux-base-policy-2.20091215 (16 Dec 2009)
+
+  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20091215.ebuild:
+  New upstream release.
+
+*selinux-base-policy-20080525-r1 (14 Sep 2009)
+
+  14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525-r1.ebuild:
+  Update old base policy to support ext4.
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20070329.ebuild,
+  -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
+  Mark 20080525 stable, clear old ebuilds.
+
+*selinux-base-policy-2.20090814 (14 Aug 2009)
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090814.ebuild:
+  Git version of refpolicy for misc fixes including some cron problems.
+
+*selinux-base-policy-2.20090730 (03 Aug 2009)
+
+  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-2.20090730.ebuild:
+  New upstream release.
+
+  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
+  selinux-base-policy-20080525.ebuild:
+  Drop alpha, mips, ppc, sparc selinux support.
+
+*selinux-base-policy-20080525 (25 May 2008)
+
+  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20080525.ebuild:
+  New SVN snapshot.
+
+  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20051022-r1.ebuild,
+  -selinux-base-policy-20061114.ebuild:
+  Remove old ebuilds.
+
+  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070928.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20070928 (26 Nov 2007)
+
+  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070928.ebuild:
+  New SVN snapshot.
+
+  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20070329.ebuild:
+  Mark stable.
+
+  30 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +files/selinux-base-policy-20070329.diff,
+  selinux-base-policy-20070329.ebuild:
+  Compile fix.
+
+*selinux-base-policy-20070329 (29 Mar 2007)
+
+  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20070329.ebuild:
+  New SVN snapshot.
+
+  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
+  Redigest for Manifest2
+
+*selinux-base-policy-20061114 (15 Nov 2006)
+
+  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20061114.ebuild:
+  New SVN snapshot.
+
+  25 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix to have default POLICY_TYPES if it is empty.
+
+  21 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20061015.ebuild:
+  Fix xml generation failure to die.
+
+*selinux-base-policy-20061015 (15 Oct 2006)
+
+  15 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20061008.ebuild,
+  +selinux-base-policy-20061015.ebuild:
+  Update for testing fixes.
+
+*selinux-base-policy-20061008 (08 Oct 2006)
+
+  08 Oct 2006; Chris PeBenito <pebenito@gentoo.org> -files/semanage.conf,
+  +selinux-base-policy-20061008.ebuild,
+  -selinux-base-policy-99999999.ebuild:
+  First mainstream reference policy testing release.
+
+  29 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-99999999.ebuild:
+  Fix for new SVN location.  Fixes 147781.
+
+  22 Feb 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Alpha stable
+
+*selinux-base-policy-99999999 (02 Feb 2006)
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/config,
+  +files/modules.conf.strict, +files/modules.conf.targeted,
+  +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
+  Add experimental policy for testing reference policy. Requires portage fix
+  from bug #110857.
+
+  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20050322.ebuild,
+  -selinux-base-policy-20050618.ebuild,
+  -selinux-base-policy-20050821.ebuild,
+  -selinux-base-policy-20051022.ebuild:
+  Clean out old ebuilds.
+
+  14 Jan 2006; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20051022-r1.ebuild:
+  Added ~alpha
+
+*selinux-base-policy-20051022-r1 (08 Dec 2005)
+
+  08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022-r1.ebuild:
+  Change to use compatability genhomedircon. Newer policycoreutils (1.28)
+  breaks the backwards compatability this policy uses.
+
+*selinux-base-policy-20051022 (22 Oct 2005)
+
+  22 Oct 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20051022.ebuild:
+  Very trivial fixes.
+
+  08 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050821.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050821 (21 Aug 2005)
+
+  21 Aug 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050821.ebuild:
+  Minor updates for 2.6.12.
+
+  21 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20050618.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20050618 (18 Jun 2005)
+
+  18 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20041123.ebuild,
+  -selinux-base-policy-20050306.ebuild,
+  +selinux-base-policy-20050618.ebuild:
+  New release to support 2.6.12 features.
+
+  10 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  mips stable
+
+  01 May 2005; Stephen Bennett <spb@gentoo.org>
+  selinux-base-policy-20050322.ebuild:
+  Added ~mips.
+
+*selinux-base-policy-20050322 (23 Mar 2005)
+
+  23 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050322.ebuild:
+  New release.
+
+*selinux-base-policy-20050306 (06 Mar 2005)
+
+  06 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050306.ebuild:
+  Fix bad samba_domain dummy macro.  Add policies needed for udev support.
+
+*selinux-base-policy-20050224 (24 Feb 2005)
+
+  24 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20050224.ebuild:
+  New release.
+
+  19 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20041123.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20041123 (23 Nov 2004)
+
+  23 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041123.ebuild:
+  New release with 1.18 merge.
+
+*selinux-base-policy-20041023 (23 Oct 2004)
+
+  23 Oct 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20041023.ebuild:
+  New release with 1.16 merge. Tcpd and inetd have been deprecated since they
+  are not in the base system anymore, and probably no one uses them anyway.
+
+*selinux-base-policy-20040906 (06 Sep 2004)
+
+  06 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040906.ebuild:
+  New release with 1.14 merge, which has policy 18 (fine-grained netlink)
+  features.
+
+  05 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
+  -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
+  selinux-base-policy-20040702.ebuild:
+  Remove old builds, switch to epause and ebeep in remaining builds.
+
+*selinux-base-policy-20040702 (02 Jul 2004)
+
+  02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040702.ebuild:
+  Same as 20040629, except with updated flask headers, which will come out in
+  2.6.8.
+
+*selinux-base-policy-20040629 (29 Jun 2004)
+
+  29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040629.ebuild:
+  Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
+  ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
+  breakage fixed, put back manual PaX policy for pageexec/segmexec.
+
+  16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040604.ebuild:
+  Mark stable.
+
+  10 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
+  selinux-base-policy-20040604.ebuild:
+  Add src_compile() stub
+
+*selinux-base-policy-20040604 (04 Jun 2004)
+
+  04 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040604.ebuild:
+  New release including 1.12 NSA policy, and experimental sesandbox.
+
+  15 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040509.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040509 (09 May 2004)
+
+  09 May 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040509.ebuild:
+  A few small cleanups. Make PaX non exec pages macro based on arch. Large
+  portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
+  global_ssp tunable.
+
+*selinux-base-policy-20040418 (18 Apr 2004)
+
+  18 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-base-policy-20040418.ebuild:
+  New release for checkpolicy 1.10
+
+*selinux-base-policy-20040414 (14 Apr 2004)
+
+  14 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
+  Minor updates
+
+*selinux-base-policy-20040408 (08 Apr 2004)
+
+  08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040408.ebuild:
+  New update. Users.fc is now deprecated, as the contexts for user directories
+  is now automatically generated. Portage fetching of distfiles now has a
+  subdomain, for dropping priviledges.
+
+  28 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  Mark stable.
+
+*selinux-base-policy-20040225 (25 Feb 2004)
+
+  25 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040225.ebuild:
+  New support for PaX ACL hooks. Addition of tunable.te for configurable policy
+  options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
+  reenable portage_r by tunable.te. Makefile update from NSA CVS.
+
+*selinux-base-policy-20040209 (09 Feb 2004)
+
+  09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040209.ebuild:
+  Minor revision to add XFS labeling and policy for integrated
+  runscript-run_init.
+
+  07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  Mark x86 stable.
+
+*selinux-base-policy-20040202 (02 Feb 2004)
+
+  02 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20040202.ebuild:
+  A few misc fixes. Allow portage to update bootloader code, such as in lilo or
+  grub postinst. This requires checkpolicy 1.4-r1.
+
+*selinux-base-policy-20031225 (25 Dec 2003)
+
+  25 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031225.ebuild:
+  New release, with merged NSA 1.4 policy. One critical note, this policy
+  requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
+  and one requirement is in the patch for pam 0.77. If you do not use this pam
+  version or newer, you will be unable to authenticate in enforcing. Since
+  devfs no longer is usable in SELinux, it's policy has been removed. You
+  should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
+  load the policy, and relabel.
+
+  27 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild:
+  Mark stable.  Add build USE flag for stage building.
+
+*selinux-base-policy-20031010-r1 (12 Nov 2003)
+
+  12 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010-r1.ebuild,
+  files/selinux-base-policy-20031010-cvs.diff:
+  Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
+  work. Also portage update as a side effect of updated setfiles code in
+  portage, from bug 31748.
+
+  28 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  Mark stable
+
+*selinux-base-policy-20031010 (10 Oct 2003)
+
+  10 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20031010.ebuild:
+  New release for new API.  Massive cleanups all over the place.
+
+*selinux-base-policy-20030817 (17 Aug 2003)
+
+  17 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030817.ebuild:
+  Initial commit of new API policy
+
+  10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030729-r1 (31 Jul 2003)
+
+  31 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729-r1.ebuild:
+  New rev that handles an empty POLICYDIR sanely.
+
+*selinux-base-policy-20030729 (29 Jul 2003)
+
+  29 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030729.ebuild:
+  Make the ebuild use POLICYDIR. Important fix so portage can load policy so
+  selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
+  merging baselayout.
+
+*selinux-base-policy-20030720 (20 Jul 2003)
+
+  20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030720.ebuild:
+  Many fixes, including the syslog fix. File contexts have changed, so a relabel
+  is needed. You may encounter problems relabeling /usr/portage, as its file
+  context has changed, as files should not have the same type as a domain.
+  Relabelling in permissive will fix this, or temporarily give portage_t a
+  file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
+  users.fc, since all users with SELinux identities should have their home
+  directories have the correct identity, not the generic identity.
+
+  06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030604 (04 Jun 2003)
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Fix broken 20030603
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Pulling 20030603, as there are problems, 20030604 later today
+
+*selinux-base-policy-20030603 (03 Jun 2003)
+
+  03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
+  as they are not appropriate for the base policy, and untested.
+
+*selinux-base-policy-20030522 (22 May 2003)
+
+  22 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030522.ebuild:
+  The policy is in pretty good shape now. I've been able to run in enforcing mode
+  with little problem. I've also been able to successfully merge and unmerge
+  packages in enforcing mode, with few exceptions (why does mysql need to run ps
+  during configure?).
+
+*selinux-base-policy-20030514 (14 May 2003)
+
+  14 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030514.ebuild:
+  Many improvements in many areas. Of note, rlogind policies were removed. Klogd
+  is being merged into syslogd. The portage policy is much more complete, but
+  still needs work. Its suggested that all changes be merged in, policy
+  reloaded, then relabel.
+
+*selinux-base-policy-20030419 (19 Apr 2003)
+
+  23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030419.ebuild:
+  Marking stable for selinux-small stable usage
+
+  19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
+  selinux-base-policy-20030419.ebuild:
+  Initial commit.  Base policies for SELinux, with Gentoo-specifics
+

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
new file mode 100644
index 0000000..41e6993
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/config
@@ -0,0 +1,12 @@
+# This file controls the state of SELinux on the system on boot.
+
+# SELINUX can take one of these three values:
+#	enforcing - SELinux security policy is enforced.
+#	permissive - SELinux prints warnings instead of enforcing.
+#	disabled - No SELinux policy is loaded.
+SELINUX=permissive
+
+# SELINUXTYPE can take one of these two values:
+#	targeted - Only targeted network daemons are protected.
+#	strict - Full SELinux protection.
+SELINUXTYPE=strict

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
new file mode 100644
index 0000000..fcb3fd8
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
@@ -0,0 +1,49 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
new file mode 100644
index 0000000..ee8a14c
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
@@ -0,0 +1,50 @@
+application = base
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mcs = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+terminal = base
+ubac = base
+udev = base
+unconfined = base
+userdomain = base
+usermanage = base
+unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2
new file mode 100644
index 0000000..b9c5e11
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
new file mode 100644
index 0000000..393f3bb
--- /dev/null
+++ b/sec-policy/selinux-base-policy/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>selinux</herd>
+	<longdescription>
+		Gentoo SELinux base policy.  This contains policy for a system at the end of system installation.
+		There is no extra policy in this package.
+	</longdescription>
+	<use>
+		<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
+		<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
+		<flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
+	</use>
+</pkgmetadata>

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r19.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r19.ebuild
new file mode 100644
index 0000000..1ff758f
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r19.ebuild
@@ -0,0 +1,132 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild,v 1.1 2011/07/10 02:30:17 blueness Exp $
+
+EAPI="1"
+IUSE="+peer_perms +open_perms +ubac"
+
+inherit eutils
+
+PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
+#PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
+#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
+#	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-1.30.30
+	>=sys-fs/udev-151"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-1.30.12"
+
+S=${WORKDIR}/
+
+src_unpack() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	MOD_CONF_VER="20090730"
+
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${PATCHBUNDLE}"
+	cd "${S}/refpolicy"
+	# Fix bug 257111
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+
+		cd "${S}/${i}";
+		make conf || die "Make conf in ${i} failed"
+
+		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
+			"${S}/${i}/policy/modules.conf" \
+			|| die "failed to set up modules.conf"
+		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
+			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
+			|| die "build.conf setup failed."
+
+		if ! use ubac; then
+			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
+		fi
+
+		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
+
+pkg_postinst() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting base module into ${i} module store."
+
+		cd "/usr/share/selinux/${i}"
+		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
+	done
+	elog "Updates on policies might require you to relabel files. If you, after"
+	elog "installing new SELinux policies, get 'permission denied' errors,"
+	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
+}

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     489cc2cd0de9e535f0c2d2861830d8a3603cae07
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jul 21 19:15:27 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jul 21 19:15:27 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=489cc2cd

Push base r20

---
 sec-policy/selinux-base-policy/ChangeLog           |   12 ++--
 sec-policy/selinux-base-policy/files/config        |    7 ++-
 .../{modules.conf.strict.20090730 => modules.conf} |    0
 .../files/modules.conf.targeted.20090730           |   50 --------------------
 ...ndle-selinux-base-policy-2.20101213-r19.tar.bz2 |  Bin 18638 -> 0 bytes
 ...ndle-selinux-base-policy-2.20101213-r20.tar.bz2 |  Bin 0 -> 18585 bytes
 ...d => selinux-base-policy-2.20101213-r20.ebuild} |   23 +++++++--
 7 files changed, 28 insertions(+), 64 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index cb27670..c2de1a6 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -2,13 +2,13 @@
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $
 
-*selinux-base-policy-2.20101213-r19 (17 Jul 2011)
+*selinux-base-policy-2.20101213-r20 (19 Jul 2011)
 
-  17 Jul 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r19.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2, +files/config,
-  +files/modules.conf.strict.20090730, +files/modules.conf.targeted.20090730,
-  +metadata.xml:
-  Add haveged and nginx, fix support for our notrans state (openrc)
+  19 Jul 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r19.ebuild,
+  +selinux-base-policy-2.20101213-r20.ebuild,
+  -files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2,
+  +files/patchbundle-selinux-base-policy-2.20101213-r20.tar.bz2:
+  Start with -r20 series
 
   11 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
   -files/selinux-base-policy-20070329.diff,

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
index 41e6993..55933ea 100644
--- a/sec-policy/selinux-base-policy/files/config
+++ b/sec-policy/selinux-base-policy/files/config
@@ -6,7 +6,10 @@
 #	disabled - No SELinux policy is loaded.
 SELINUX=permissive
 
-# SELINUXTYPE can take one of these two values:
+# SELINUXTYPE can take one of these four values:
 #	targeted - Only targeted network daemons are protected.
-#	strict - Full SELinux protection.
+#	strict   - Full SELinux protection.
+#	mls      - Full SELinux protection with Multi-Level Security
+#	mcs      - Full SELinux protection with Multi-Category Security 
+#	           (mls, but only one sensitivity level)
 SELINUXTYPE=strict

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict.20090730 b/sec-policy/selinux-base-policy/files/modules.conf
similarity index 100%
rename from sec-policy/selinux-base-policy/files/modules.conf.strict.20090730
rename to sec-policy/selinux-base-policy/files/modules.conf

diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730 b/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
deleted file mode 100644
index ee8a14c..0000000
--- a/sec-policy/selinux-base-policy/files/modules.conf.targeted.20090730
+++ /dev/null
@@ -1,50 +0,0 @@
-application = base
-authlogin = base
-bootloader = base
-clock = base
-consoletype = base
-corecommands = base
-corenetwork = base
-cron = base
-devices = base
-dmesg = base
-domain = base
-files = base
-filesystem = base
-fstools = base
-getty = base
-hostname = base
-hotplug = base
-init = base
-iptables = base
-kernel = base
-libraries = base
-locallogin = base
-logging = base
-lvm = base
-miscfiles = base
-mcs = base
-mls = base
-modutils = base
-mount = base
-mta = base
-netutils = base
-nscd = base
-portage = base
-raid = base
-rsync = base
-selinux = base
-selinuxutil = base
-ssh = base
-staff = base
-storage = base
-su = base
-sysadm = base
-sysnetwork = base
-terminal = base
-ubac = base
-udev = base
-unconfined = base
-userdomain = base
-usermanage = base
-unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2
deleted file mode 100644
index b9c5e11..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2 and /dev/null differ

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r20.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r20.tar.bz2
new file mode 100644
index 0000000..9c2222a
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r20.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r19.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild
similarity index 82%
rename from sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r19.ebuild
rename to sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild
index 1ff758f..7f519a2 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r19.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild
@@ -28,8 +28,7 @@ DEPEND="${RDEPEND}
 S=${WORKDIR}/
 
 src_unpack() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
-	MOD_CONF_VER="20090730"
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
 
 	unpack ${A}
 
@@ -56,13 +55,25 @@ src_unpack() {
 		cd "${S}/${i}";
 		make conf || die "Make conf in ${i} failed"
 
-		cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
+		# Define what we see as "base" and what we want to remain modular
+		cp "${FILESDIR}/modules.conf" \
 			"${S}/${i}/policy/modules.conf" \
 			|| die "failed to set up modules.conf"
+		if [[ "${i}" == "targeted" ]];
+		then
+			echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
+		fi
 		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
 			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
 			|| die "build.conf setup failed."
 
+		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
+		then
+			# MCS/MLS require additional settings
+			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
+				|| die "failed to set type to mls"
+		fi
+
 		if ! use ubac; then
 			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
 		fi
@@ -78,7 +89,7 @@ src_unpack() {
 }
 
 src_compile() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
 
 	for i in ${POLICY_TYPES}; do
 		cd "${S}/${i}"
@@ -87,7 +98,7 @@ src_compile() {
 }
 
 src_install() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
 
 	for i in ${POLICY_TYPES}; do
 		cd "${S}/${i}"
@@ -118,7 +129,7 @@ pkg_preinst() {
 }
 
 pkg_postinst() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
 
 	for i in ${POLICY_TYPES}; do
 		einfo "Inserting base module into ${i} module store."

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     34efaca80a8b3d5b5a9db1727b1f3899f066c255
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Jul 24 11:04:58 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Jul 24 11:04:58 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=34efaca8

Support unattended use of portage and portage related commands.
Fix labeling mismatches for semanage and firefox.
Fix bugs #376005 and #375835

---
 sec-policy/selinux-base-policy/ChangeLog           |   13 ++
 ...ndle-selinux-base-policy-2.20101213-r21.tar.bz2 |  Bin 0 -> 19683 bytes
 .../selinux-base-policy-2.20101213-r21.ebuild      |  147 ++++++++++++++++++++
 3 files changed, 160 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index c2de1a6..8f6db30 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -2,6 +2,19 @@
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $
 
+*selinux-base-policy-2.20101213-r21 (24 Jul 2011)
+
+  24 Jul 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r21.ebuild,
+  +files/patchbundle-selinux-base-policy-2.20101213-r21.tar.bz2:
+  Support unattended use of portage/emerge-webrsync, add layman in its own
+  domain,
+  fix a firefox context mismatch, allow cron to call portage, mark semanage as
+  being
+  an eselect wrapper too (fixes /etc/selinux labeling mismatches).
+
+  Bugs fixed: #376005, #375835 (workaround)
+
+
 *selinux-base-policy-2.20101213-r20 (19 Jul 2011)
 
   19 Jul 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r19.ebuild,

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r21.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r21.tar.bz2
new file mode 100644
index 0000000..6e50d12
Binary files /dev/null and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r21.tar.bz2 differ

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild
new file mode 100644
index 0000000..96d033e
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r21.ebuild
@@ -0,0 +1,147 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild,v 1.1 2011/07/10 02:30:17 blueness Exp $
+
+EAPI="1"
+IUSE="+peer_perms +open_perms +ubac"
+
+inherit eutils
+
+PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
+#PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
+#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
+#	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND=">=sys-apps/policycoreutils-1.30.30
+	>=sys-fs/udev-151"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-1.30.12"
+
+S=${WORKDIR}/
+
+src_unpack() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${PATCHBUNDLE}"
+	cd "${S}/refpolicy"
+	# Fix bug 257111
+	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
+		"${S}/refpolicy/config/appconfig-standard/default_contexts"
+	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+		"${S}/refpolicy/config/appconfig-mls/default_contexts"
+	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
+		"${S}/refpolicy/config/appconfig-mcs/default_contexts"
+
+	if ! use peer_perms; then
+		sed -i -e '/network_peer_controls/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	if ! use open_perms; then
+		sed -i -e '/open_perms/d' \
+			"${S}/refpolicy/policy/policy_capabilities"
+	fi
+
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}"
+
+		cd "${S}/${i}";
+		make conf || die "Make conf in ${i} failed"
+
+		# Define what we see as "base" and what we want to remain modular
+		cp "${FILESDIR}/modules.conf" \
+			"${S}/${i}/policy/modules.conf" \
+			|| die "failed to set up modules.conf"
+		if [[ "${i}" == "targeted" ]];
+		then
+			echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
+		fi
+		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
+			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
+			|| die "build.conf setup failed."
+
+		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
+		then
+			# MCS/MLS require additional settings
+			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
+				|| die "failed to set type to mls"
+		fi
+
+		if ! use ubac; then
+			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
+		fi
+
+		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+		make base || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}"
+
+		make DESTDIR="${D}" install \
+			|| die "${i} install failed."
+
+		make DESTDIR="${D}" install-headers \
+			|| die "${i} headers install failed."
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+	done
+
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
+	previous_less_than_r13=$?
+}
+
+pkg_postinst() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting base module into ${i} module store."
+
+		cd "/usr/share/selinux/${i}"
+		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
+	done
+	elog "Updates on policies might require you to relabel files. If you, after"
+	elog "installing new SELinux policies, get 'permission denied' errors,"
+	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
+}

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Sven Vermeulen]

commit:     0a5db5af9d0a9b7e67279b6f7e30fe1b6e122241
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug  3 08:01:35 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Aug  3 08:01:35 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=0a5db5af

Update patchbundle issue

---
 sec-policy/selinux-base-policy/ChangeLog           |    4 ++++
 ...ndle-selinux-base-policy-2.20101213-r22.tar.bz2 |  Bin 20236 -> 18955 bytes
 2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index bb333fb..cf666ff 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -2,6 +2,10 @@
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $
 
+  03 Aug 2011; <swift@gentoo.org>
+  files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2:
+  Fix patchbundle issue with portage patch
+
 *selinux-base-policy-2.20101213-r22 (02 Aug 2011)
 
   02 Aug 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r22.ebuild,

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2
index c530e0e..2f2e880 100644
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2 and b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2 differ

[gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/

[Anthony G. Basile]

commit:     5ea47f6885807940d516a8004b835611694bcc14
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  7 10:58:47 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Aug  7 10:58:47 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=5ea47f68

sec-policy/selinux-base-policy: moved to tree

---
 sec-policy/selinux-base-policy/ChangeLog           |  554 --------------------
 sec-policy/selinux-base-policy/files/config        |   15 -
 sec-policy/selinux-base-policy/files/modules.conf  |   49 --
 ...ndle-selinux-base-policy-2.20101213-r22.tar.bz2 |  Bin 18955 -> 0 bytes
 sec-policy/selinux-base-policy/metadata.xml        |   14 -
 .../selinux-base-policy-2.20101213-r22.ebuild      |  147 ------
 6 files changed, 0 insertions(+), 779 deletions(-)

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
deleted file mode 100644
index cf666ff..0000000
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ /dev/null
@@ -1,554 +0,0 @@
-# ChangeLog for sec-policy/selinux-base-policy
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $
-
-  03 Aug 2011; <swift@gentoo.org>
-  files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2:
-  Fix patchbundle issue with portage patch
-
-*selinux-base-policy-2.20101213-r22 (02 Aug 2011)
-
-  02 Aug 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r22.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2, +files/config,
-  +files/modules.conf, +metadata.xml:
-  Support cron-triggered portage administration tasks, add pan policy
-
-*selinux-base-policy-2.20101213-r20 (19 Jul 2011)
-
-  19 Jul 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r19.ebuild,
-  +selinux-base-policy-2.20101213-r20.ebuild,
-  -files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r20.tar.bz2:
-  Start with -r20 series
-
-  11 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
-  -files/selinux-base-policy-20070329.diff,
-  -selinux-base-policy-20080525.ebuild,
-  -selinux-base-policy-20080525-r1.ebuild, -files/modules.conf.strict,
-  -files/modules.conf.strict.20070928, -files/modules.conf.strict.20080525,
-  -files/modules.conf.targeted, -files/modules.conf.targeted.20070928,
-  -files/modules.conf.targeted.20080525:
-  Removed all pre 2.20xx base policies
-
-*selinux-base-policy-2.20101213-r18 (10 Jul 2011)
-
-  10 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r18.ebuild:
-  Bump to r18, improve support for openrc, allow portage to work with
-  NFS-mounted locations, fix firefox plugin support, fix postgres init
-  script support, fix syslog startup issue
-
-  03 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
-  selinux-base-policy-2.20101213-r16.ebuild,
-  selinux-base-policy-2.20101213-r17.ebuild,
-  -files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2:
-  Moved patchbundles out of ${FILESDIR}, bug #370927
-
-  30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
-  -selinux-base-policy-2.20101213-r11.ebuild,
-  -selinux-base-policy-2.20101213-r12.ebuild,
-  -files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
-  Removed deprecated versions
-
-*selinux-base-policy-2.20101213-r17 (30 Jun 2011)
-
-  30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r17.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2:
-  Add support for zabbix
-
-  02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
-  selinux-base-policy-2.20101213-r16.ebuild:
-  Stable amd64 x86
-
-  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
-  -selinux-base-policy-2.20101213-r5.ebuild,
-  -selinux-base-policy-2.20101213-r6.ebuild,
-  -selinux-base-policy-2.20101213-r7.ebuild,
-  -selinux-base-policy-2.20101213-r9.ebuild,
-  -selinux-base-policy-2.20101213-r10.ebuild,
-  -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2,
-  -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
-  Removed deprecated revisions of base policy 2.20101213
-
-*selinux-base-policy-2.20101213-r16 (20 May 2011)
-
-  20 May 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r16.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml:
-  Drop obsoleted policy builds, add openrc support (rc-update, rc-status),
-  correct file contexts for /lib64, make UBAC optional (#257111 and #306393),
-  use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream
-
-*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
-*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
-
-  16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r11.ebuild,
-  +selinux-base-policy-2.20101213-r12.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
-  Added new patchbundles for rev bumps to base policy 2.20101213
-
-*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
-*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
-
-  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r9.ebuild,
-  +selinux-base-policy-2.20101213-r10.ebuild,
-  +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
-  Added new patchbundles for rev bumps to base policy 2.20101213
-
-  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
-  +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
-  +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
-  Added patchbundle for base policy 2.20101213.
-
-*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
-*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
-*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
-
-  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
-  +selinux-base-policy-2.20101213-r5.ebuild,
-  +selinux-base-policy-2.20101213-r6.ebuild,
-  +selinux-base-policy-2.20101213-r7.ebuild:
-  New upstream policy.
-
-*selinux-base-policy-2.20091215 (16 Dec 2009)
-
-  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-2.20091215.ebuild:
-  New upstream release.
-
-*selinux-base-policy-20080525-r1 (14 Sep 2009)
-
-  14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20080525-r1.ebuild:
-  Update old base policy to support ext4.
-
-  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20070329.ebuild,
-  -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
-  Mark 20080525 stable, clear old ebuilds.
-
-*selinux-base-policy-2.20090814 (14 Aug 2009)
-
-  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-2.20090814.ebuild:
-  Git version of refpolicy for misc fixes including some cron problems.
-
-*selinux-base-policy-2.20090730 (03 Aug 2009)
-
-  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-2.20090730.ebuild:
-  New upstream release.
-
-  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
-  selinux-base-policy-20080525.ebuild:
-  Drop alpha, mips, ppc, sparc selinux support.
-
-*selinux-base-policy-20080525 (25 May 2008)
-
-  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20080525.ebuild:
-  New SVN snapshot.
-
-  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20051022-r1.ebuild,
-  -selinux-base-policy-20061114.ebuild:
-  Remove old ebuilds.
-
-  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20070928.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20070928 (26 Nov 2007)
-
-  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20070928.ebuild:
-  New SVN snapshot.
-
-  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20070329.ebuild:
-  Mark stable.
-
-  30 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
-  +files/selinux-base-policy-20070329.diff,
-  selinux-base-policy-20070329.ebuild:
-  Compile fix.
-
-*selinux-base-policy-20070329 (29 Mar 2007)
-
-  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20070329.ebuild:
-  New SVN snapshot.
-
-  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
-  Redigest for Manifest2
-
-*selinux-base-policy-20061114 (15 Nov 2006)
-
-  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20061114.ebuild:
-  New SVN snapshot.
-
-  25 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20061015.ebuild:
-  Fix to have default POLICY_TYPES if it is empty.
-
-  21 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20061015.ebuild:
-  Fix xml generation failure to die.
-
-*selinux-base-policy-20061015 (15 Oct 2006)
-
-  15 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20061008.ebuild,
-  +selinux-base-policy-20061015.ebuild:
-  Update for testing fixes.
-
-*selinux-base-policy-20061008 (08 Oct 2006)
-
-  08 Oct 2006; Chris PeBenito <pebenito@gentoo.org> -files/semanage.conf,
-  +selinux-base-policy-20061008.ebuild,
-  -selinux-base-policy-99999999.ebuild:
-  First mainstream reference policy testing release.
-
-  29 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-99999999.ebuild:
-  Fix for new SVN location.  Fixes 147781.
-
-  22 Feb 2006; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20051022-r1.ebuild:
-  Alpha stable
-
-*selinux-base-policy-99999999 (02 Feb 2006)
-
-  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/config,
-  +files/modules.conf.strict, +files/modules.conf.targeted,
-  +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
-  Add experimental policy for testing reference policy. Requires portage fix
-  from bug #110857.
-
-  02 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20050322.ebuild,
-  -selinux-base-policy-20050618.ebuild,
-  -selinux-base-policy-20050821.ebuild,
-  -selinux-base-policy-20051022.ebuild:
-  Clean out old ebuilds.
-
-  14 Jan 2006; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20051022-r1.ebuild:
-  Added ~alpha
-
-*selinux-base-policy-20051022-r1 (08 Dec 2005)
-
-  08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20051022-r1.ebuild:
-  Change to use compatability genhomedircon. Newer policycoreutils (1.28)
-  breaks the backwards compatability this policy uses.
-
-*selinux-base-policy-20051022 (22 Oct 2005)
-
-  22 Oct 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20051022.ebuild:
-  Very trivial fixes.
-
-  08 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20050821.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20050821 (21 Aug 2005)
-
-  21 Aug 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050821.ebuild:
-  Minor updates for 2.6.12.
-
-  21 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20050618.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20050618 (18 Jun 2005)
-
-  18 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20041123.ebuild,
-  -selinux-base-policy-20050306.ebuild,
-  +selinux-base-policy-20050618.ebuild:
-  New release to support 2.6.12 features.
-
-  10 May 2005; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20050322.ebuild:
-  mips stable
-
-  01 May 2005; Stephen Bennett <spb@gentoo.org>
-  selinux-base-policy-20050322.ebuild:
-  Added ~mips.
-
-*selinux-base-policy-20050322 (23 Mar 2005)
-
-  23 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050322.ebuild:
-  New release.
-
-*selinux-base-policy-20050306 (06 Mar 2005)
-
-  06 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050306.ebuild:
-  Fix bad samba_domain dummy macro.  Add policies needed for udev support.
-
-*selinux-base-policy-20050224 (24 Feb 2005)
-
-  24 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20050224.ebuild:
-  New release.
-
-  19 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20041123.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20041123 (23 Nov 2004)
-
-  23 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20041123.ebuild:
-  New release with 1.18 merge.
-
-*selinux-base-policy-20041023 (23 Oct 2004)
-
-  23 Oct 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20041023.ebuild:
-  New release with 1.16 merge. Tcpd and inetd have been deprecated since they
-  are not in the base system anymore, and probably no one uses them anyway.
-
-*selinux-base-policy-20040906 (06 Sep 2004)
-
-  06 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040906.ebuild:
-  New release with 1.14 merge, which has policy 18 (fine-grained netlink)
-  features.
-
-  05 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
-  -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
-  selinux-base-policy-20040702.ebuild:
-  Remove old builds, switch to epause and ebeep in remaining builds.
-
-*selinux-base-policy-20040702 (02 Jul 2004)
-
-  02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040702.ebuild:
-  Same as 20040629, except with updated flask headers, which will come out in
-  2.6.8.
-
-*selinux-base-policy-20040629 (29 Jun 2004)
-
-  29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040629.ebuild:
-  Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
-  ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
-  breakage fixed, put back manual PaX policy for pageexec/segmexec.
-
-  16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040604.ebuild:
-  Mark stable.
-
-  10 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
-  selinux-base-policy-20040604.ebuild:
-  Add src_compile() stub
-
-*selinux-base-policy-20040604 (04 Jun 2004)
-
-  04 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040604.ebuild:
-  New release including 1.12 NSA policy, and experimental sesandbox.
-
-  15 May 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040509.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20040509 (09 May 2004)
-
-  09 May 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040509.ebuild:
-  A few small cleanups. Make PaX non exec pages macro based on arch. Large
-  portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
-  global_ssp tunable.
-
-*selinux-base-policy-20040418 (18 Apr 2004)
-
-  18 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
-  +selinux-base-policy-20040418.ebuild:
-  New release for checkpolicy 1.10
-
-*selinux-base-policy-20040414 (14 Apr 2004)
-
-  14 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
-  -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
-  Minor updates
-
-*selinux-base-policy-20040408 (08 Apr 2004)
-
-  08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040408.ebuild:
-  New update. Users.fc is now deprecated, as the contexts for user directories
-  is now automatically generated. Portage fetching of distfiles now has a
-  subdomain, for dropping priviledges.
-
-  28 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild:
-  Mark stable.
-
-*selinux-base-policy-20040225 (25 Feb 2004)
-
-  25 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040225.ebuild:
-  New support for PaX ACL hooks. Addition of tunable.te for configurable policy
-  options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
-  reenable portage_r by tunable.te. Makefile update from NSA CVS.
-
-*selinux-base-policy-20040209 (09 Feb 2004)
-
-  09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040209.ebuild:
-  Minor revision to add XFS labeling and policy for integrated
-  runscript-run_init.
-
-  07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040202.ebuild:
-  Mark x86 stable.
-
-*selinux-base-policy-20040202 (02 Feb 2004)
-
-  02 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20040202.ebuild:
-  A few misc fixes. Allow portage to update bootloader code, such as in lilo or
-  grub postinst. This requires checkpolicy 1.4-r1.
-
-*selinux-base-policy-20031225 (25 Dec 2003)
-
-  25 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031225.ebuild:
-  New release, with merged NSA 1.4 policy. One critical note, this policy
-  requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
-  and one requirement is in the patch for pam 0.77. If you do not use this pam
-  version or newer, you will be unable to authenticate in enforcing. Since
-  devfs no longer is usable in SELinux, it's policy has been removed. You
-  should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
-  load the policy, and relabel.
-
-  27 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010-r1.ebuild:
-  Mark stable.  Add build USE flag for stage building.
-
-*selinux-base-policy-20031010-r1 (12 Nov 2003)
-
-  12 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010-r1.ebuild,
-  files/selinux-base-policy-20031010-cvs.diff:
-  Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
-  work. Also portage update as a side effect of updated setfiles code in
-  portage, from bug 31748.
-
-  28 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010.ebuild:
-  Mark stable
-
-*selinux-base-policy-20031010 (10 Oct 2003)
-
-  10 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20031010.ebuild:
-  New release for new API.  Massive cleanups all over the place.
-
-*selinux-base-policy-20030817 (17 Aug 2003)
-
-  17 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030817.ebuild:
-  Initial commit of new API policy
-
-  10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030729-r1.ebuild:
-  Mark stable
-
-*selinux-base-policy-20030729-r1 (31 Jul 2003)
-
-  31 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030729-r1.ebuild:
-  New rev that handles an empty POLICYDIR sanely.
-
-*selinux-base-policy-20030729 (29 Jul 2003)
-
-  29 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030729.ebuild:
-  Make the ebuild use POLICYDIR. Important fix so portage can load policy so
-  selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
-  merging baselayout.
-
-*selinux-base-policy-20030720 (20 Jul 2003)
-
-  20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030720.ebuild:
-  Many fixes, including the syslog fix. File contexts have changed, so a relabel
-  is needed. You may encounter problems relabeling /usr/portage, as its file
-  context has changed, as files should not have the same type as a domain.
-  Relabelling in permissive will fix this, or temporarily give portage_t a
-  file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
-  users.fc, since all users with SELinux identities should have their home
-  directories have the correct identity, not the generic identity.
-
-  06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030604.ebuild:
-  Mark stable
-
-*selinux-base-policy-20030604 (04 Jun 2003)
-
-  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030604.ebuild:
-  Fix broken 20030603
-
-  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030603.ebuild:
-  Pulling 20030603, as there are problems, 20030604 later today
-
-*selinux-base-policy-20030603 (03 Jun 2003)
-
-  03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030603.ebuild:
-  Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
-  as they are not appropriate for the base policy, and untested.
-
-*selinux-base-policy-20030522 (22 May 2003)
-
-  22 May 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030522.ebuild:
-  The policy is in pretty good shape now. I've been able to run in enforcing mode
-  with little problem. I've also been able to successfully merge and unmerge
-  packages in enforcing mode, with few exceptions (why does mysql need to run ps
-  during configure?).
-
-*selinux-base-policy-20030514 (14 May 2003)
-
-  14 May 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030514.ebuild:
-  Many improvements in many areas. Of note, rlogind policies were removed. Klogd
-  is being merged into syslogd. The portage policy is much more complete, but
-  still needs work. Its suggested that all changes be merged in, policy
-  reloaded, then relabel.
-
-*selinux-base-policy-20030419 (19 Apr 2003)
-
-  23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
-  selinux-base-policy-20030419.ebuild:
-  Marking stable for selinux-small stable usage
-
-  19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
-  selinux-base-policy-20030419.ebuild:
-  Initial commit.  Base policies for SELinux, with Gentoo-specifics
-

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
deleted file mode 100644
index 55933ea..0000000
--- a/sec-policy/selinux-base-policy/files/config
+++ /dev/null
@@ -1,15 +0,0 @@
-# This file controls the state of SELinux on the system on boot.
-
-# SELINUX can take one of these three values:
-#	enforcing - SELinux security policy is enforced.
-#	permissive - SELinux prints warnings instead of enforcing.
-#	disabled - No SELinux policy is loaded.
-SELINUX=permissive
-
-# SELINUXTYPE can take one of these four values:
-#	targeted - Only targeted network daemons are protected.
-#	strict   - Full SELinux protection.
-#	mls      - Full SELinux protection with Multi-Level Security
-#	mcs      - Full SELinux protection with Multi-Category Security 
-#	           (mls, but only one sensitivity level)
-SELINUXTYPE=strict

diff --git a/sec-policy/selinux-base-policy/files/modules.conf b/sec-policy/selinux-base-policy/files/modules.conf
deleted file mode 100644
index fcb3fd8..0000000
--- a/sec-policy/selinux-base-policy/files/modules.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-application = base
-authlogin = base
-bootloader = base
-clock = base
-consoletype = base
-corecommands = base
-corenetwork = base
-cron = base
-devices = base
-dmesg = base
-domain = base
-files = base
-filesystem = base
-fstools = base
-getty = base
-hostname = base
-hotplug = base
-init = base
-iptables = base
-kernel = base
-libraries = base
-locallogin = base
-logging = base
-lvm = base
-miscfiles = base
-mcs = base
-mls = base
-modutils = base
-mount = base
-mta = base
-netutils = base
-nscd = base
-portage = base
-raid = base
-rsync = base
-selinux = base
-selinuxutil = base
-ssh = base
-staff = base
-storage = base
-su = base
-sysadm = base
-sysnetwork = base
-terminal = base
-ubac = base
-udev = base
-userdomain = base
-usermanage = base
-unprivuser = base

diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2
deleted file mode 100644
index 2f2e880..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2 and /dev/null differ

diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
deleted file mode 100644
index 393f3bb..0000000
--- a/sec-policy/selinux-base-policy/metadata.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-	<herd>selinux</herd>
-	<longdescription>
-		Gentoo SELinux base policy.  This contains policy for a system at the end of system installation.
-		There is no extra policy in this package.
-	</longdescription>
-	<use>
-		<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
-		<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
-		<flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
-	</use>
-</pkgmetadata>

diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild
deleted file mode 100644
index 96d033e..0000000
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild
+++ /dev/null
@@ -1,147 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild,v 1.1 2011/07/10 02:30:17 blueness Exp $
-
-EAPI="1"
-IUSE="+peer_perms +open_perms +ubac"
-
-inherit eutils
-
-PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
-#PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
-SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
-#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
-#	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="~amd64 ~x86"
-
-RDEPEND=">=sys-apps/policycoreutils-1.30.30
-	>=sys-fs/udev-151"
-DEPEND="${RDEPEND}
-	sys-devel/m4
-	>=sys-apps/checkpolicy-1.30.12"
-
-S=${WORKDIR}/
-
-src_unpack() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
-	unpack ${A}
-
-	cd "${S}"
-	epatch "${PATCHBUNDLE}"
-	cd "${S}/refpolicy"
-	# Fix bug 257111
-	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
-		"${S}/refpolicy/config/appconfig-standard/default_contexts"
-	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
-		"${S}/refpolicy/config/appconfig-mls/default_contexts"
-	sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
-		"${S}/refpolicy/config/appconfig-mcs/default_contexts"
-
-	if ! use peer_perms; then
-		sed -i -e '/network_peer_controls/d' \
-			"${S}/refpolicy/policy/policy_capabilities"
-	fi
-
-	if ! use open_perms; then
-		sed -i -e '/open_perms/d' \
-			"${S}/refpolicy/policy/policy_capabilities"
-	fi
-
-	for i in ${POLICY_TYPES}; do
-		cp -a "${S}/refpolicy" "${S}/${i}"
-
-		cd "${S}/${i}";
-		make conf || die "Make conf in ${i} failed"
-
-		# Define what we see as "base" and what we want to remain modular
-		cp "${FILESDIR}/modules.conf" \
-			"${S}/${i}/policy/modules.conf" \
-			|| die "failed to set up modules.conf"
-		if [[ "${i}" == "targeted" ]];
-		then
-			echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
-		fi
-		sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
-			-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
-			|| die "build.conf setup failed."
-
-		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
-		then
-			# MCS/MLS require additional settings
-			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
-				|| die "failed to set type to mls"
-		fi
-
-		if ! use ubac; then
-			sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
-		fi
-
-		echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
-
-		if [ "${i}" == "targeted" ]; then
-			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
-			"${S}/${i}/config/appconfig-standard/seusers" \
-			|| die "targeted seusers setup failed."
-		fi
-	done
-}
-
-src_compile() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
-	for i in ${POLICY_TYPES}; do
-		cd "${S}/${i}"
-		make base || die "${i} compile failed"
-	done
-}
-
-src_install() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
-	for i in ${POLICY_TYPES}; do
-		cd "${S}/${i}"
-
-		make DESTDIR="${D}" install \
-			|| die "${i} install failed."
-
-		make DESTDIR="${D}" install-headers \
-			|| die "${i} headers install failed."
-
-		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
-
-		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
-
-		# libsemanage won't make this on its own
-		keepdir "/etc/selinux/${i}/policy"
-	done
-
-	dodoc doc/Makefile.example doc/example.{te,fc,if}
-
-	insinto /etc/selinux
-	doins "${FILESDIR}/config"
-}
-
-pkg_preinst() {
-	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
-	previous_less_than_r13=$?
-}
-
-pkg_postinst() {
-	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
-	for i in ${POLICY_TYPES}; do
-		einfo "Inserting base module into ${i} module store."
-
-		cd "/usr/share/selinux/${i}"
-		semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
-	done
-	elog "Updates on policies might require you to relabel files. If you, after"
-	elog "installing new SELinux policies, get 'permission denied' errors,"
-	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
-}