diff options
Diffstat (limited to 'sys-apps')
17 files changed, 964 insertions, 0 deletions
diff --git a/sys-apps/apparmor-modules/Manifest b/sys-apps/apparmor-modules/Manifest new file mode 100644 index 0000000..bbd6bf5 --- /dev/null +++ b/sys-apps/apparmor-modules/Manifest @@ -0,0 +1,16 @@ +AUX apparmor-modules-2.0_2.6.17.9_symbol_export.patch 2976 RMD160 b9232cb4b78bfccd7154f27af554aedc0a01b53f SHA1 19ac2f051379f6733f7760eee2c37dde670bb746 SHA256 f364111249e598379886880d427435474609898dd77df8770112b3594305bd80 +MD5 fb0f6966a5fafacc3ca5cd453973e3f9 files/apparmor-modules-2.0_2.6.17.9_symbol_export.patch 2976 +RMD160 b9232cb4b78bfccd7154f27af554aedc0a01b53f files/apparmor-modules-2.0_2.6.17.9_symbol_export.patch 2976 +SHA256 f364111249e598379886880d427435474609898dd77df8770112b3594305bd80 files/apparmor-modules-2.0_2.6.17.9_symbol_export.patch 2976 +DIST apparmor-external-module.tar.gz 112408 RMD160 b333459588b0ccaaf36c6247555ff560daa3f95c SHA1 fbef407f3611c8c38ca66ce977fc5271e4140eec SHA256 70d66089a46f87f7fbaf504a3e40e4511e21c4a03345f0142315743bb9278d2f +EBUILD apparmor-modules-2.0_p20061013.ebuild 2101 RMD160 7d4763a25cf45f6482b0825ab4b24253f81e7a8e SHA1 8fbba9e272c280969c4c20d36669233876e14c38 SHA256 5248af5d4ba292f14a0e1ce82a60321b94902caabe83aeb103df1dc3524bc9ca +MD5 d49c592873548e7e2445ede86369cd4e apparmor-modules-2.0_p20061013.ebuild 2101 +RMD160 7d4763a25cf45f6482b0825ab4b24253f81e7a8e apparmor-modules-2.0_p20061013.ebuild 2101 +SHA256 5248af5d4ba292f14a0e1ce82a60321b94902caabe83aeb103df1dc3524bc9ca apparmor-modules-2.0_p20061013.ebuild 2101 +MISC metadata.xml 380 RMD160 9e87c8cc3fb3ee2b04080188ddaab74dcd1b291b SHA1 8d1beaea2ad08aa621f45f7e1b86b4b1a4b72575 SHA256 3e262ff06a7f21693b9ad6106a959a04514b35e7d14e25df5e6648a7cf7ee827 +MD5 56ab0ca0dca9b8dd896c9d3bff58f039 metadata.xml 380 +RMD160 9e87c8cc3fb3ee2b04080188ddaab74dcd1b291b metadata.xml 380 +SHA256 3e262ff06a7f21693b9ad6106a959a04514b35e7d14e25df5e6648a7cf7ee827 metadata.xml 380 +MD5 ada15501d8ce59813443b9fb8b7359ef files/digest-apparmor-modules-2.0_p20061013 274 +RMD160 76b75c7fd71ca82c198ecb095af6723f6314188e files/digest-apparmor-modules-2.0_p20061013 274 +SHA256 f382eb61c05a9f0e47d7b5e336bb296846875f76e2fe59261eaab4cf9d42d93c files/digest-apparmor-modules-2.0_p20061013 274 diff --git a/sys-apps/apparmor-modules/apparmor-modules-2.0_p20061013.ebuild b/sys-apps/apparmor-modules/apparmor-modules-2.0_p20061013.ebuild new file mode 100644 index 0000000..01fbc2d --- /dev/null +++ b/sys-apps/apparmor-modules/apparmor-modules-2.0_p20061013.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit linux-mod + +MY_S="${WORKDIR}/apparmor_modules/module" +MONTH="October" + +DESCRIPTION="Kernel modules for AppArmor" +HOMEPAGE="ihttp://forge.novell.com/modules/xfmod/project/?apparmor" +SRC_URI="http://forgeftp.novell.com/apparmor/Development%20-%20${MONTH}%20Snapshot/apparmor-external-module.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~x86 ~amd64" +IUSE="" + +DEPEND="virtual/libc" +RDEPEND="${DEPEND} + sys-apps/apparmor-parser" + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is lt 2 6 16 ; then + eerror "You must have at least a 2.6.16 kernel to use this package." + die "Insufficent kernel version" + fi + + if linux_chkconfig_present CONFIG_SECURITY ; then + eerror "CONFIG_SECURITY must be enabled in your kernel to build ${PN}" + die "Bad kernel config" + fi + + if (grep 'namespace_sem' ${KV_DIR}/include/linux/namespace.h >/dev/null 2>&1 && grep 'AUDIT_SD' ${KV_DIR}/include/linux/audit.h >/dev/null 2>&1 ) + then + einfo "Required Symbol patch seems to have been applied; continuing." + else + eerror "Required symbols do not appear to be exported." + ewarn + ewarn "AppArmor modules requires a patch be applied against the" + ewarn "kernel source to export several symbols." + ewarn + ewarn "Current patches can currently be found in: " + ewarn " ${FILESDIR}" + ewarn "where the clostest matching KERNEL_VER patch:" + ewarn " ${P/_p*/}_[KERNEL_VER]_symbol_export.patch" + ewarn "should apply cleanly." + ewarn + ewarn "After applying this patch and re-compiling," + ewarn "re-emerge this package" + ewarn + die "Missing apparmor symbol export patch" + fi + +} + +src_unpack() { + unpack ${A} + cd "${MY_S}" + + sed -i 's/^all:/modules:/g' Makefile + sed -i 's/mv/#mv/g' Makefile +} + +src_compile() { + cd "${MY_S}" + unset ARCH + CONFIG_SECURITY_APPARMOR=m make +} + +src_install() { + cd "${MY_S}" + + insinto /lib/modules/${KV_FULL}/kernel/security/apparmor + doins apparmor.ko + insinto /lib/modules/${KV_FULL}/kernel/security/apparmor/aamatch + doins aamatch/aamatch_pcre.ko +} diff --git a/sys-apps/apparmor-modules/files/apparmor-modules-2.0_2.6.17.9_symbol_export.patch b/sys-apps/apparmor-modules/files/apparmor-modules-2.0_2.6.17.9_symbol_export.patch new file mode 100644 index 0000000..c0e97bb --- /dev/null +++ b/sys-apps/apparmor-modules/files/apparmor-modules-2.0_2.6.17.9_symbol_export.patch @@ -0,0 +1,83 @@ +From: tonyj@suse.de +Subject: Export namespace semaphore +Patch-mainline: no + +Export global namespace_sem (this used to be a per namespace semaphore). +Alas, this isn't going to win _any_ points for style. +Patch is not in mainline -- pending AppArmor code submission to lkml + +--- +--- linux-2.6.17.9.orig/fs/namespace.c ++++ linux-2.6.17.9/fs/namespace.c +@@ -46,7 +46,8 @@ static int event; + static struct list_head *mount_hashtable __read_mostly; + static int hash_mask __read_mostly, hash_bits __read_mostly; + static kmem_cache_t *mnt_cache __read_mostly; +-static struct rw_semaphore namespace_sem; ++struct rw_semaphore namespace_sem; ++EXPORT_SYMBOL_GPL(namespace_sem); + + /* /sys/fs */ + decl_subsys(fs, NULL, NULL); +--- linux-2.6.17.9.orig/include/linux/namespace.h ++++ linux-2.6.17.9/include/linux/namespace.h +@@ -5,6 +5,9 @@ + #include <linux/mount.h> + #include <linux/sched.h> + ++/* exported for AppArmor (SubDomain) */ ++extern struct rw_semaphore namespace_sem; ++ + struct namespace { + atomic_t count; + struct vfsmount * root; + + +From: tonyj@suse.de +Subject: Export audit subsystem for use by modules +Patch-mainline: no + +Adds necessary export symbols for audit subsystem routines. +Changes audit_log_vformat to be externally visible (analagous to vprintf) +Patch is not in mainline -- pending AppArmor code submission to lkml + +--- linux-2.6.17.9.orig/include/linux/audit.h ++++ linux-2.6.17.9/include/linux/audit.h +@@ -96,6 +96,8 @@ + #define AUDIT_LAST_KERN_ANOM_MSG 1799 + #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ + ++#define AUDIT_SD 1500 /* AppArmor (SubDomain) audit */ ++ + #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ + + /* Rule flags */ +@@ -357,6 +359,9 @@ extern void audit_log(struct audit_ + __attribute__((format(printf,4,5))); + + extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); ++extern void audit_log_vformat(struct audit_buffer *ab, ++ const char *fmt, va_list args) ++ __attribute__((format(printf,2,0))); + extern void audit_log_format(struct audit_buffer *ab, + const char *fmt, ...) + __attribute__((format(printf,2,3))); +--- linux-2.6.17.9.orig/kernel/audit.c ++++ linux-2.6.17.9/kernel/audit.c +@@ -893,8 +893,7 @@ static inline int audit_expand(struct au + * will be called a second time. Currently, we assume that a printk + * can't format message larger than 1024 bytes, so we don't either. + */ +-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, +- va_list args) ++void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args) + { + int len, avail; + struct sk_buff *skb; +@@ -1096,3 +1095,6 @@ EXPORT_SYMBOL(audit_log_start); + EXPORT_SYMBOL(audit_log_end); + EXPORT_SYMBOL(audit_log_format); + EXPORT_SYMBOL(audit_log); ++EXPORT_SYMBOL_GPL(audit_log_vformat); ++EXPORT_SYMBOL_GPL(audit_log_untrustedstring); ++EXPORT_SYMBOL_GPL(audit_log_d_path); diff --git a/sys-apps/apparmor-modules/files/digest-apparmor-modules-2.0_p20061013 b/sys-apps/apparmor-modules/files/digest-apparmor-modules-2.0_p20061013 new file mode 100644 index 0000000..9f05f65 --- /dev/null +++ b/sys-apps/apparmor-modules/files/digest-apparmor-modules-2.0_p20061013 @@ -0,0 +1,3 @@ +MD5 919d64ba6c357a24a3c8e78ea0f94058 apparmor-external-module.tar.gz 112408 +RMD160 b333459588b0ccaaf36c6247555ff560daa3f95c apparmor-external-module.tar.gz 112408 +SHA256 70d66089a46f87f7fbaf504a3e40e4511e21c4a03345f0142315743bb9278d2f apparmor-external-module.tar.gz 112408 diff --git a/sys-apps/apparmor-modules/metadata.xml b/sys-apps/apparmor-modules/metadata.xml new file mode 100644 index 0000000..5622ad5 --- /dev/null +++ b/sys-apps/apparmor-modules/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>apparmor-modules</herd> +<maintainer> + <email>zeypher@gentoo.org</email> + <name>Matthew Snelham</name> + <description>Primary Maintainer</description> +</maintainer> +<longdescription lang="en">Apparmor kernel modules</longdescription> +</pkgmetadata> diff --git a/sys-apps/apparmor-parser/Manifest b/sys-apps/apparmor-parser/Manifest new file mode 100644 index 0000000..a7bb926 --- /dev/null +++ b/sys-apps/apparmor-parser/Manifest @@ -0,0 +1,28 @@ +AUX aaeventd 824 RMD160 032cce20f81b7b0e1f6f38cb6e1c392d70407ad5 SHA1 8adaa5e21867cab21c5fa907c974fb94cb280f70 SHA256 dbaa7fd1197388146c7a1a9b59553815fdcd0498510f7b7bf752af88f8eb1780 +MD5 379ee71ea946bd90c98e94e362bf9f2c files/aaeventd 824 +RMD160 032cce20f81b7b0e1f6f38cb6e1c392d70407ad5 files/aaeventd 824 +SHA256 dbaa7fd1197388146c7a1a9b59553815fdcd0498510f7b7bf752af88f8eb1780 files/aaeventd 824 +AUX apparmor 1090 RMD160 8d9781974318232731ef26881d7d57fc5991044c SHA1 2acee7585d1329bcb92cb8902ec36e1d0b94f5d6 SHA256 5c7b251473e7bf6a876e0d59d89cff3707bf5a6fcda0d9e95d50a463c8eddc8f +MD5 7771cab70810b82185f0ed211f131018 files/apparmor 1090 +RMD160 8d9781974318232731ef26881d7d57fc5991044c files/apparmor 1090 +SHA256 5c7b251473e7bf6a876e0d59d89cff3707bf5a6fcda0d9e95d50a463c8eddc8f files/apparmor 1090 +AUX rc.apparmor.functions 11898 RMD160 12453790ffd14deed48b062f27d12bf2b2910ee4 SHA1 ec936b69474750dfd0205f451472e7d81b66f41a SHA256 d9cdb82c10bb5aa40c39d0f93c418a11020abc2d6df7154a831a71c816345618 +MD5 2adf748409596598872530ec06ef8717 files/rc.apparmor.functions 11898 +RMD160 12453790ffd14deed48b062f27d12bf2b2910ee4 files/rc.apparmor.functions 11898 +SHA256 d9cdb82c10bb5aa40c39d0f93c418a11020abc2d6df7154a831a71c816345618 files/rc.apparmor.functions 11898 +AUX rc.helper.functions 690 RMD160 d0b3b06a45645be5bc9d30b8ef19d518ac59940a SHA1 a58ba3ca5d59e099a3570ee21a62f5b4a6eb25fa SHA256 d065ac76a66d856716d77dd06b64478ed90c3b487d414cf8e33fc46ea77a723d +MD5 5d9c000b99bd66788b988cb6d14b9b3d files/rc.helper.functions 690 +RMD160 d0b3b06a45645be5bc9d30b8ef19d518ac59940a files/rc.helper.functions 690 +SHA256 d065ac76a66d856716d77dd06b64478ed90c3b487d414cf8e33fc46ea77a723d files/rc.helper.functions 690 +DIST apparmor-parser-2.0-150.tar.gz 189171 RMD160 cf3299716fdf042cf326cf884d93fdcb5089dba6 SHA1 099ae08655ee2fc1d206166a7a4f8622637c02fc SHA256 678027c88cf69b42f8c7a36adfbe917489eb80800bc9eefe3b3f043bf01e6ee6 +EBUILD apparmor-parser-2.0_p150.ebuild 1536 RMD160 79a5cd3fa4d5f1b5c3477082df18069a14c436b9 SHA1 31485b5861a9c2d748b246800bd25698d78c9c6a SHA256 1b8aefcb2f1f3fea538ebb0ac28f27f6dba9bea364742a6758961ae5de7a634e +MD5 f7a906c660203595696da4f7c9cea72d apparmor-parser-2.0_p150.ebuild 1536 +RMD160 79a5cd3fa4d5f1b5c3477082df18069a14c436b9 apparmor-parser-2.0_p150.ebuild 1536 +SHA256 1b8aefcb2f1f3fea538ebb0ac28f27f6dba9bea364742a6758961ae5de7a634e apparmor-parser-2.0_p150.ebuild 1536 +MISC metadata.xml 410 RMD160 f7a2e5bd002b14009087b531ca78a33729d03996 SHA1 da0799e2f50c414a10dc748f96f5ea700531b886 SHA256 eb83d68c65805b04931940b2886a033c3f7a92827a2e65947d1ce174c73f42a2 +MD5 5dd11f6e7b3832577a2cba63652d3ae9 metadata.xml 410 +RMD160 f7a2e5bd002b14009087b531ca78a33729d03996 metadata.xml 410 +SHA256 eb83d68c65805b04931940b2886a033c3f7a92827a2e65947d1ce174c73f42a2 metadata.xml 410 +MD5 f8b11c14f5b9a1945c17a5f94b338d2b files/digest-apparmor-parser-2.0_p150 271 +RMD160 a70e60c1977d77b9b90bca4617758a60e1449115 files/digest-apparmor-parser-2.0_p150 271 +SHA256 0d5798506f6e78b3f6f8bff3f1d8d98d43d040576e2edbe3c893ac8fa164847a files/digest-apparmor-parser-2.0_p150 271 diff --git a/sys-apps/apparmor-parser/apparmor-parser-2.0_p150.ebuild b/sys-apps/apparmor-parser/apparmor-parser-2.0_p150.ebuild new file mode 100644 index 0000000..efb81ed --- /dev/null +++ b/sys-apps/apparmor-parser/apparmor-parser-2.0_p150.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit eutils perl-module toolchain-funcs + +MY_PV="${PV/_p/-}" +MY_P="${PN}-${MY_PV}" +MY_S="${WORKDIR}/${PN}-${PV/_p*/}" +MONTH="October" + +DESCRIPTION="The userspace tools and init scripts to load security profiles into the apparmor kernel security module." +HOMEPAGE="http://forge.novell.com/modules/xfmod/project/?apparmor" +SRC_URI="http://forgeftp.novell.com/apparmor/Development%20-%20${MONTH}%20Snapshot/${MY_P}.tar.gz" + + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86 ~amd64" +IUSE="" + +DEPEND="sys-libs/libapparmor + sys-libs/libcap + dev-libs/libpcre + sys-devel/bison + sys-devel/flex" + +RDEPEND="|| ( sys-kernel/apparmor-sources sys-apps/apparmor-modules )" + +src_unpack() { + unpack ${A} + + ## apparmor-parser + cd ${MY_S} + # the Make.rules isn't needed for Gentoo + sed -i "s/^include Make.rules//g" Makefile + # Un-needed historical artifact, AND ugly non-LSB path + # This is mounted at /sys/kernel/security/subdomain, not /subdomain + sed -i 's/^.*\/subdomain//g' Makefile +} + +src_compile() { + cd ${MY_S} + emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" || die +} + +src_install() { + + ## apparmor-parser + cd ${MY_S} + make DESTDIR=${D} install || die + + ## Init script and addtional files + doinitd ${FILESDIR}/apparmor + doinitd ${FILESDIR}/aaeventd + insopts -m0644 + insinto /lib/apparmor + doins ${FILESDIR}/rc.helper.functions + doins ${FILESDIR}/rc.apparmor.functions + + dodir /etc/apparmor.d/abstractions +} diff --git a/sys-apps/apparmor-parser/files/aaeventd b/sys-apps/apparmor-parser/files/aaeventd new file mode 100755 index 0000000..efe9cc3 --- /dev/null +++ b/sys-apps/apparmor-parser/files/aaeventd @@ -0,0 +1,40 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions +APPARMOR_HELPERS=/lib/apparmor/rc.helper.functions +if [ -f "${APPARMOR_HELPERS}" -a -f "${APPARMOR_FUNCTIONS}" ]; then + source ${APPARMOR_HELPERS} + source ${APPARMOR_FUNCTIONS} +else + eend 1 "Unable to find AppArmor initscript functions" +fi + +depend() { + need apparmor + use logger dns +} + +start() { + ebegin "Starting aaeventd (AppArmor Event Daemon)" + + if [ "${APPARMOR_ENABLE_AAEVENTD}" = "no" ]; then + eend 1 " aaeventd disabled in ${APPARMOR_CONF}." + fi + + start_sd_event + eend $waserror +} + +stop() { + ebegin "Stopping aaeventd (AppArmor Event Daemon)" + stop_sd_event + eend $waserror +} + +restart() { + srv_stop + srv_start +} diff --git a/sys-apps/apparmor-parser/files/apparmor b/sys-apps/apparmor-parser/files/apparmor new file mode 100755 index 0000000..26daeca --- /dev/null +++ b/sys-apps/apparmor-parser/files/apparmor @@ -0,0 +1,55 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ +# +# rc.apparmor.gentoo: contribuited by Matthew Snelham +# /etc/init.d/apparmor + +APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions +APPARMOR_HELPERS=/lib/apparmor/rc.helper.functions +if [ -f "${APPARMOR_HELPERS}" -a -f "${APPARMOR_FUNCTIONS}" ]; then + source ${APPARMOR_HELPERS} + source ${APPARMOR_FUNCTIONS} +else + eend 1 "Unable to find AppArmor initscript functions" +fi + +opts="${opts} reload status" + +depend() { + need localmount + ## AppArmor needs to be loaded before any other + ## (potentially protected) user-space services come up. + #before * +} + +start() { + ebegin "Starting AppArmor" + subdomain_start + einfo "...AppArmor Start" + eend $waserror +} + +stop() { + ebegin "Stopping AppArmor" + subdomain_stop + einfo "...AppArmor Stop" + eend $waserror +} + +restart() { + svc_stop; svc_start +} + +reload() { + ebegin "Restarting AppArmor" + subdomain_restart + eend $? +} + +status() { + ebegin "Checking AppArmor Status" + subdomain_status + eend $? +} diff --git a/sys-apps/apparmor-parser/files/digest-apparmor-parser-2.0_p150 b/sys-apps/apparmor-parser/files/digest-apparmor-parser-2.0_p150 new file mode 100644 index 0000000..1b254d3 --- /dev/null +++ b/sys-apps/apparmor-parser/files/digest-apparmor-parser-2.0_p150 @@ -0,0 +1,3 @@ +MD5 cbb25435e4353b10b5fdd96f80c854b9 apparmor-parser-2.0-150.tar.gz 189171 +RMD160 cf3299716fdf042cf326cf884d93fdcb5089dba6 apparmor-parser-2.0-150.tar.gz 189171 +SHA256 678027c88cf69b42f8c7a36adfbe917489eb80800bc9eefe3b3f043bf01e6ee6 apparmor-parser-2.0-150.tar.gz 189171 diff --git a/sys-apps/apparmor-parser/files/rc.apparmor.functions b/sys-apps/apparmor-parser/files/rc.apparmor.functions new file mode 100644 index 0000000..890f3fb --- /dev/null +++ b/sys-apps/apparmor-parser/files/rc.apparmor.functions @@ -0,0 +1,443 @@ +#!/bin/sh +# +# ---------------------------------------------------------------------- +# Copyright (c) 1999, 2000, 20001, 2004, 2005, NOVELL (All rights reserved) +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, contact Novell, Inc. +# ---------------------------------------------------------------------- +# rc.subdomain.functions by Steve Beattie +# Modified for Gentoo Linux, by Matthew Snelham +# +# Modifications Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + + +# NOTE: rc.subdomain initscripts that source this file need to implement +# the following set of functions: +# sd_action +# sd_log_info_msg +# sd_log_success_msg +# sd_log_warning_msg +# sd_log_failure_msg + + +CONFIG_DIR=/etc/apparmor +MODULE=apparmor +OLD_MODULE=subdomain +if [ -f "${CONFIG_DIR}/${MODULE}.conf" ] ; then + APPARMOR_CONF="${CONFIG_DIR}/${MODULE}.conf" +elif [ -f "${CONFIG_DIR}/${OLD_MODULE}.conf" ] ; then + APPARMOR_CONF="${CONFIG_DIR}/${OLD_MODULE}.conf" +else + sd_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?" +fi + +# Read configuration options from ${APPARMOR_CONF}, default is to +# warn if subdomain won't load. +APPARMOR_MODULE_PANIC="warn" +SUBDOMAIN_ENABLE_OWLSM="no" +APPARMOR_ENABLE_AAEVENTD="no" + +if [ -f "${APPARMOR_CONF}" ] ; then + source "${APPARMOR_CONF}" +fi + +if [ -f /sbin/apparmor_parser ] ; then + PARSER=/sbin/apparmor_parser +else + sd_log_failure_msg "Unable to find apparmor_parser, installation problem?" + exit 1 +fi + +# APPARMOR_DIR might be redefined in ${APPARMOR_CONF} +if [ -d "${APPAMROR_DIR}" ] ; then + PROFILE_DIR=${APPARMOR_DIR} +elif [ -d /etc/apparmor.d ] ; then + PROFILE_DIR=/etc/apparmor.d +fi +ABSTRACTIONS="-I${PROFILE_DIR}" +AA_EV_BIN=/usr/sbin/aa-eventd +AA_EV_PIDFILE=/var/run/aa-eventd.pid +AA_STATUS=/usr/sbin/apparmor_status +SD_EV_BIN=/usr/sbin/sd-event-dispatch.pl +SD_EV_PIDFILE=/var/run/sd-event-dispatch.init.pid +SD_STATUS=/usr/sbin/subdomain_status +if grep -q securityfs /proc/filesystems ; then + SECURITYFS=/sys/kernel/security +fi + +SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab | \ + sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null) + +if [ -d "/var/lib/${MODULE}" ] ; then + APPARMOR_TMPDIR="/var/lib/${MODULE}" +else + APPARMOR_TMPDIR="/tmp" +fi + + +function parse_profiles() { + # get parser arg + case "$1" in + load) + PARSER_ARGS="--add" + PARSER_MSG="Loading AppArmor profiles " + ;; + reload) + PARSER_ARGS="--replace" + PARSER_MSG="Reloading AppArmor profiles " + ;; + *) + exit 1 + ;; + esac + sd_log_info_msg "$PARSER_MSG" + + # run the parser on all of the apparmor profiles + if [ ! -f "$PARSER" ]; then + sd_log_failure_msg "$PARSER_MSG - AppArmor parser not found" + exit 1 + fi + + if [ ! -d "$PROFILE_DIR" ]; then + sd_log_failure_msg "$PARSER_MSG - Profile directory not found" + exit 1 + fi + + if [ "X" == "X$(ls $PROFILE_DIR/)" ]; then + sd_log_warning_msg "$PARSER_MSG - No profiles found" + exit 1 + fi + + for profile in $PROFILE_DIR/*; do + if [ "${profile%.rpmnew}" != "${profile}" -o \ + "${profile%.rpmsave}" != "${profile}" -o \ + "${profile%\~}" != "${profile}" ] + then + sd_log_warning_msg "Skipping profile $profile" + elif [ -f "${profile}" ] ; then + sd_action " Adding profile: `basename ${profile}`" $PARSER $ABSTRACTIONS $PARSER_ARGS ${profile} + if [ $? -ne 0 ]; then + waserror=1 + fi + fi + done +} + +function profiles_names_list() { + # run the parser on all of the apparmor profiles + TMPFILE=$1 + if [ ! -f "$PARSER" ]; then + sd_log_failure_msg "AppArmor parser ($PARSER) not found" + exit 1 + fi + + if [ ! -d "$PROFILE_DIR" ]; then + sd_log_failure_msg "Profile directory ($PROFILE_DIR) not found" + exit 1 + fi + + for profile in $PROFILE_DIR/*; do + if [ "${profile%.rpmnew}" != "${profile}" -o \ + "${profile%.rpmsave}" != "${profile}" -o \ + "${profile%\~}" != "${profile}" ] + then + echo "nop" >/dev/null + elif [ -f "${profile}" ] ; then + LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" | grep -v '\^') + if [ $? -eq 0 ]; then + echo "$LIST_ADD" >>$TMPFILE + fi + fi + done +} + +function is_securityfs_mounted() { + if grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts ; then + if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then + SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}" + return 0 + fi + fi + return 1 +} + +function mount_securityfs() { + if [ "X" != "X${SECURITYFS}" ]; then + if ! grep -q securityfs /proc/mounts ; then + sd_action "Mounting securityfs on ${SECURITYFS}" \ + mount -t securityfs securityfs "${SECURITYFS}" + rc=$? + if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then + SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}" + else + SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}" + fi + return $rc + fi + fi + return 0 +} + +function unmount_securityfs() { + SUBDOMAINFS=$(grep subdomainfs /proc/mounts | cut -d" " -f2 2> /dev/null) + if [ "X" != "X${SUBDOMAINFS}" ]; then + sd_action "Unmounting securityfs" umount ${SUBDOMAINFS} + fi +} + +function failstop_system() { + level=$(runlevel | cut -d" " -f2) + if [ $level -ne "1" ] ; then + sd_log_failure_msg "Could not start AppArmor. Changing to runlevel 1" + telinit 1; + return -1; + fi + sd_log_failure_msg "Could not start AppArmor." + return -1 +} + +function module_panic() { + # the module failed to load, determine what action should be taken + + case "$APPARMOR_MODULE_PANIC" in + "warn"|"WARN") sd_log_failure_msg "Could not start AppArmor" + return -1 ;; + "panic"|"PANIC") failstop_system + rc=$? + return $rc ;; + *) sd_log_failure_msg "Invalid AppArmor module fail option" + return -1 ;; + esac +} + +function load_module() { + if modinfo -F filename apparmor > /dev/null 2>&1 ; then + MODULE=apparmor + elif modinfo -F filename subdomain > /dev/null 2>&1 ; then + MODULE=subdomain + fi + if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then + sd_action "Loading AppArmor module" /sbin/modprobe $MODULE $1 + rc=$? + if [ $rc -ne 0 ] ; then + # we couldn't find the module + module_panic + rc=$? + if [ $rc -ne 0 ] ; then + exit $rc + fi + fi + fi +} + +function start_sd_event() { + if [ -x "$AA_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then + sd_action "Starting AppArmor Event daemon" startproc -f -p $AA_EV_PIDFILE $AA_EV_BIN -p $AA_EV_PIDFILE + elif [ -x "$SD_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then + sd_action "Starting AppArmor Event daemon" startproc -f -p $SD_EV_PIDFILE $SD_EV_BIN -p $SD_EV_PIDFILE + fi +} + +function stop_sd_event() { + if [ -x "$AA_EV_BIN" -a -f "$AA_EV_PIDFILE" ] ; then + sd_action "Shutting down AppArmor Event daemon" killproc -G -p $AA_EV_PIDFILE -INT $AA_EV_BIN + fi + if [ -f "$SD_EV_PIDFILE" ] ; then + sd_action "Shutting down AppArmor Event daemon" killproc -G -p $SD_EV_PIDFILE -INT $SD_EV_BIN + fi +} + +function subdomain_start() { + if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then + load_module + rc=$? + if [ $rc -ne 0 ] ; then + return $rc + fi + fi + + if ! is_securityfs_mounted ; then + mount_securityfs + rc=$? + if [ $rc -ne 0 ] ; then + return $rc + fi + fi + + if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then + sd_log_failure_msg "Loading AppArmor profiles - failed, Do you have the correct privileges?" + return 1 + fi + + configure_owlsm + + if [ $(wc -l "$SFS_MOUNTPOINT/profiles" | awk '{print $1}') -eq 0 ] ; then + parse_profiles load + else + sd_log_warning_msg "Loading AppArmor profiles - AppArmor already loaded with profiles." + fi +} + +function remove_profiles() { + # removing profiles as we directly read from subdomainfs + # doesn't work, since we are removing entries which screws up + # our position. Lets hope there are never enough profiles to + # overflow the variable + if ! is_securityfs_mounted ; then + sd_log_failure_msg "failed: is securityfs loaded?" + return 1 + fi + + if [ ! -w "$SFS_MOUNTPOINT/.remove" ] ; then + sd_log_failure_msg "failed: Do you have the correct privileges?" + return 1 + fi + + if [ ! -x "${PARSER}" ] ; then + sd_log_failure_msg "failed: unable to execute subdomain parser" + return 1 + fi + + retval=0 + IFS=$'\n' + enforced_profiles=$(sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles") + for profile in $enforced_profiles ; do + sd_action " Removing profile: ${profile}" sh -c "echo \"$profile { }\" | $PARSER -R" + rc=$? + if [ ${rc} -ne 0 ] ; then + retval=${rc} + fi + done + if [ ${retval} -ne 0 ] ; then + waserror=1 + fi +} + +function subdomain_stop() { + stop_sd_event + sd_log_info_msg "Unloading AppArmor profiles" + remove_profiles +} + +function subdomain_kill() { + stop_sd_event + unmount_securityfs + if grep -qE "^apparmor[[:space:]]" /proc/modules ; then + MODULE=apparmor + elif grep -qE "^subdomain[[:space:]]" /proc/modules ; then + MODULE=subdomain + else + MODULE=apparmor + fi + sd_action "Unloading AppArmor modules" /sbin/modprobe -r $MODULE +} + +function __subdomain_restart() { + if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then + sd_log_failure_msg "Loading AppArmor profiles - failed, Do you have the correct privileges?" + return 4 + fi + + configure_owlsm + parse_profiles reload + PNAMES_LIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX) + profiles_names_list ${PNAMES_LIST} + MODULE_PLIST=$(mktemp ${APPARMOR_TMPDIR}/tmp.XXXXXXXX) + sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | sort >"$MODULE_PLIST" + #profiles=$(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -) + #for profile in $profiles ; do + IFS=$'\n' && for profile in $(cat $PNAMES_LIST | sort | comm -2 -3 "$MODULE_PLIST" -) ; do + echo "\"$profile\" {}" | $PARSER -R >/dev/null + done + rm "$MODULE_PLIST" + rm "$PNAMES_LIST" + return 0 +} + +function subdomain_restart() { + if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then + subdomain_start + rc=$? + return $rc + fi + + if ! is_securityfs_mounted ; then + mount_securityfs + rc=$? + if [ $rc -ne 0 ] ; then + return $rc + fi + fi + + __subdomain_restart + rc=$? + return $rc +} + +function subdomain_try_restart() { + if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then + return 1 + fi + + if ! is_securityfs_mounted ; then + return 1 + fi + + __subdomain_restart + rc=$? + return $rc +} + +function subdomain_debug() { + subdomain_kill + load_module "subdomain_debug=1" + mount_securityfs + configure_owlsm + parse_profiles load +} + +function configure_owlsm () { + if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then + # Sigh, the "sh -c" is necessary for the SuSE sd_action + # and it can't be abstracted out as a seperate function, as + # that breaks under RedHat's action, which needs a + # binary to invoke. + sd_action "Enabling OWLSM extension" sh -c "echo -n \"1\" > \"${SFS_MOUNTPOINT}/control/owlsm\"" + elif [ -f "${SFS_MOUNTPOINT}/control/owlsm" ] ; then + sd_action "Disabling OWLSM extension" sh -c "echo -n \"0\" > \"${SFS_MOUNTPOINT}/control/owlsm\"" + fi +} + +function subdomain_status () { + if test -x ${AA_STATUS} ; then + ${AA_STATUS} --verbose + return $? + fi + if test -x ${SD_STATUS} ; then + ${SD_STATUS} --verbose + return $? + fi + if ! grep -qE "^(subdomain|apparmor)[[:space:]]" /proc/modules ; then + sd_log_failure_msg "AppArmor not loaded." + rc=1 + else + sd_log_success_msg "AppArmor module enabled." + rc=0 + fi + sd_log_warning_msg "Install the apparmor-utils package to receive more detailed" + sd_log_warning_msg "status information here (or examine ${SFS_MOUNTPOINT} directly)." + + return $rc +} diff --git a/sys-apps/apparmor-parser/files/rc.helper.functions b/sys-apps/apparmor-parser/files/rc.helper.functions new file mode 100644 index 0000000..692414e --- /dev/null +++ b/sys-apps/apparmor-parser/files/rc.helper.functions @@ -0,0 +1,47 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +waserror=0 + +function sd_action() { + MSG=$1 + shift + #echo "ACTION: $*" + $* > /dev/null + rc=$? + if [ $rc -ne 0 ] ; then + sd_log_failure_msg $"$MSG" + else + sd_log_success_msg $"$MSG" + fi + return $rc +} + +function sd_log_info_msg() { + einfo " $*" +} + +function sd_log_warning_msg() { + ewarn " $*" +} + +function sd_log_success_msg() { + einfo " $*" + eend 0 +} + +function sd_log_failure_msg() { + waserror=1 + einfo " $*" + eend 1 +} + +function startproc() { + /sbin/start-stop-daemon --start -p $3 --exec $4 -- -p $3 +} + +function killproc() { + /sbin/start-stop-daemon --stop -p $3 +} + diff --git a/sys-apps/apparmor-parser/metadata.xml b/sys-apps/apparmor-parser/metadata.xml new file mode 100644 index 0000000..865f70e --- /dev/null +++ b/sys-apps/apparmor-parser/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>apparmor</herd> +<maintainer> + <email>zeypher@gentoo.org</email> + <name>Matthew Snelham</name> + <description>Primary Maintainer</description> +</maintainer> +<longdescription lang="en">Core Apparmor package containing the userspace policy parser.</longdescription> +</pkgmetadata> diff --git a/sys-apps/apparmor-utils/Manifest b/sys-apps/apparmor-utils/Manifest new file mode 100644 index 0000000..c0c2991 --- /dev/null +++ b/sys-apps/apparmor-utils/Manifest @@ -0,0 +1,12 @@ +DIST apparmor-utils-2.0-142.tar.gz 87393 RMD160 306371feded05fd6fc0daeb418aa85ed0a07f95b SHA1 7686dbc1e5a1df0f7fba9fff95d6d692372e3360 SHA256 27e1d9716bcfa82ebb12163e59734b1ce3a8598b9af3031b04498142e872c6b8 +EBUILD apparmor-utils-2.0_p142-r1.ebuild 1260 RMD160 631ac93e3646d66983062d4d6b1eb1a163a7baeb SHA1 beaf3437248fd7a0f674660c41918cbc39fc0f0e SHA256 d4cd1d0b40bac3228c7b4cf228cb77dafaf382da42df9e80f90512a4a503c360 +MD5 e2195719cfea1c67110253ec4bbee803 apparmor-utils-2.0_p142-r1.ebuild 1260 +RMD160 631ac93e3646d66983062d4d6b1eb1a163a7baeb apparmor-utils-2.0_p142-r1.ebuild 1260 +SHA256 d4cd1d0b40bac3228c7b4cf228cb77dafaf382da42df9e80f90512a4a503c360 apparmor-utils-2.0_p142-r1.ebuild 1260 +MISC metadata.xml 412 RMD160 172fbf1951b2a2bd7a308b24f1241e5f816efcbe SHA1 710f9d726e2f9e0b8e3be497fb2ddae2ea81c6f9 SHA256 9504a74c434840a7f233f71cd6cd679aef3a9d709f7b7580b6d92a7ea905610c +MD5 2ba9587ad445b45a9443eee7cb2f1f8f metadata.xml 412 +RMD160 172fbf1951b2a2bd7a308b24f1241e5f816efcbe metadata.xml 412 +SHA256 9504a74c434840a7f233f71cd6cd679aef3a9d709f7b7580b6d92a7ea905610c metadata.xml 412 +MD5 fa93f53f0da00233ecf5f96ca3205461 files/digest-apparmor-utils-2.0_p142-r1 265 +RMD160 fb95c24dd19ede19556c35a65085736241a5a868 files/digest-apparmor-utils-2.0_p142-r1 265 +SHA256 9e4f3666c0beaa61748c798a3937b529cc8110901f5405bdc498f4668c8d6eb9 files/digest-apparmor-utils-2.0_p142-r1 265 diff --git a/sys-apps/apparmor-utils/apparmor-utils-2.0_p142-r1.ebuild b/sys-apps/apparmor-utils/apparmor-utils-2.0_p142-r1.ebuild new file mode 100644 index 0000000..711cee7 --- /dev/null +++ b/sys-apps/apparmor-utils/apparmor-utils-2.0_p142-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit eutils perl-module toolchain-funcs + +#MY_PN="apparmor-utils" +MY_PV="${PV/_p/-}" +MY_P="${PN}-${MY_PV}" +MY_S="${WORKDIR}/${PN}-${PV/_p*/}" +MONTH="October" + +DESCRIPTION="AppArmor utilities for profile creation and management." +HOMEPAGE="http://forge.novell.com/modules/xfmod/project/?apparmor" +SRC_URI="http://forgeftp.novell.com/apparmor/Development%20-%20${MONTH}%20Snapshot/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86 ~amd64" +IUSE="vim-syntax" + +DEPEND="sys-libs/libapparmor + sys-apps/apparmor-parser + sys-libs/libcap + dev-libs/libpcre + dev-lang/perl + perl-core/Test-Harness + perl-core/Getopt-Long + dev-perl/DBI + dev-perl/DBD-SQLite + dev-perl/TimeDate + dev-perl/File-Tail + dev-perl/Locale-gettext" +RDEPEND="${DEPEND} + app-doc/apparmor-docs + vim-syntax? (app-vim/apparmor-syntax)" + + +src_unpack() { + unpack ${A} + cd ${MY_S} + + # Correct path for logger + sed -i "s/\/bin\/logger/\/usr\/bin\/logger/g" genprof +} + +src_compile() { + cd ${MY_S} + emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" || die +} + +src_install() { + cd ${MY_S} + perlinfo + make DESTDIR=${D} PERLDIR="${D}/${VENDOR_LIB}/Immunix" install || die +} diff --git a/sys-apps/apparmor-utils/files/digest-apparmor-utils-2.0_p142-r1 b/sys-apps/apparmor-utils/files/digest-apparmor-utils-2.0_p142-r1 new file mode 100644 index 0000000..3829459 --- /dev/null +++ b/sys-apps/apparmor-utils/files/digest-apparmor-utils-2.0_p142-r1 @@ -0,0 +1,3 @@ +MD5 b2447c84edc2df843b7bc4baa8a1eb2c apparmor-utils-2.0-142.tar.gz 87393 +RMD160 306371feded05fd6fc0daeb418aa85ed0a07f95b apparmor-utils-2.0-142.tar.gz 87393 +SHA256 27e1d9716bcfa82ebb12163e59734b1ce3a8598b9af3031b04498142e872c6b8 apparmor-utils-2.0-142.tar.gz 87393 diff --git a/sys-apps/apparmor-utils/metadata.xml b/sys-apps/apparmor-utils/metadata.xml new file mode 100644 index 0000000..c36bb1b --- /dev/null +++ b/sys-apps/apparmor-utils/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>apparmor</herd> +<maintainer> + <email>zeypher@gentoo.org</email> + <name>Matthew Snelham</name> + <description>Primary Maintainer</description> +</maintainer> +<longdescription lang="en">Apparmor utilities allowing for profile creation and mangement.</longdescription> +</pkgmetadata> |