diff options
| author |   Jason Zaman <perfinion@gentoo.org> | 2017-11-05 17:00:33 +0800 |
|---|---|---|
| committer | Jason Zaman <perfinion@gentoo.org> | 2017-11-05 21:45:32 +0800 |
| commit | f06dfd0a50ed96423cde92a5aa426aef7efdf99e (patch) | |
| tree | cb76924a92d3266b373a6a9f45ce8f73a38d4a5e /sec-policy/selinux-base-policy | |
| parent | media-gfx/exiv2: Fix exiv2-0.26-tools-optional.patch (diff) | |
| download | gentoo-f06dfd0a50ed96423cde92a5aa426aef7efdf99e.tar.gz gentoo-f06dfd0a50ed96423cde92a5aa426aef7efdf99e.tar.bz2 gentoo-f06dfd0a50ed96423cde92a5aa426aef7efdf99e.zip | |
sec-policy: Release of SELinux policies 2.20170805-r3
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 1 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20170805-r3.ebuild | 121 |
2 files changed, 122 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 26a5696378b6..5b0635f30f95 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -3,5 +3,6 @@ DIST patchbundle-selinux-base-policy-2.20170204-r2.tar.bz2 354083 SHA256 95a77b7 DIST patchbundle-selinux-base-policy-2.20170204-r3.tar.bz2 342266 SHA256 c5d99de3af1a6aec5aced5c4776ee47e15dbf467e116daa9d2df6f69653cf1c9 SHA512 df46b785a17c633d6fcd063b48258a362a0df13fcb71fb699b6c19281f4d647db43639e08e083157fcd49405c5c38c8408534decff99536d28ada64e9192d130 WHIRLPOOL 703c227d4490d9ba291089ac425c1e2924ad28644e5e7fbacbdc43c77eb7df6eaf776bef52b4019316f104ba29f06f90fc6222eb43106f7a9d678cf369eaf807 DIST patchbundle-selinux-base-policy-2.20170204-r4.tar.bz2 373731 SHA256 eaeefe826522eab8d11318ff319e43ed89baa26a1ea21a89555d38119a2e77c9 SHA512 93a0644440064d85db32c56a381478f8ef94824a04531e6fbad26dd79be02dacd939b804759db35d0627908ff653f8107e18c48858df458c80ae785d80374667 WHIRLPOOL f319cf44526cee2ffc9f920da03cd4d2679f0ab979c45160084dd1aa2df16e9a2f8541ab49fd50588c4dd76675feb73dab1b13d5de809c39ba92867567530ddc DIST patchbundle-selinux-base-policy-2.20170805-r2.tar.bz2 314854 SHA256 9bacb18209bfc2fc58f10403dd4c1d0d38fe1be9558234e4d7df664d9096f72d SHA512 1358db158945b82e0e41907e3919a6888564b4f15ad765f0fe2dc7bf284485c18d11c5502d598268e33b2163a6fa0be2a4029a8e9f774abfd4377031ee9afd32 WHIRLPOOL 27d114929e6aff27d9818eb5351242ba57fe8e5b2f661a4ef93903e1afcbff4e34edc95b5c8a3546027769f9d0f6ccdf5878ff8b8d20ac391b29ec34a07a7e63 +DIST patchbundle-selinux-base-policy-2.20170805-r3.tar.bz2 324834 SHA256 15fd073f54df243224ab08018a8c1067281e3db0a0d003750981ad8c3cb6d081 SHA512 62ec2e70397d06d464e95305a4c0699cc07063d879d986a74442955fb8076a00cbe4a4f7a3cda46876cbf2ad38189be06f0c05ce9698aadafa6e9f02a8daf668 WHIRLPOOL 068ca0eca80b5ff09e6566846583eb42b00e895170b55171d60be28c87ed8120618f3f24e0c12f8954aa53284ee8d9b3e74b4be014c7387b6c5aec98c6b30264 DIST refpolicy-2.20170204.tar.bz2 709965 SHA256 5e4daee61d89dfdc8c7bf369f81c99845931e337916dc6401e301c5de57ea336 SHA512 30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f WHIRLPOOL a6b6aa1265f3e7e78c6e8012f0cb8098e0727e77bfcf8165866e876b41c18648711c82d87750c081cc49e89b85be03ef3b420a2df25269e2ce070181af308ec6 DIST refpolicy-2.20170805.tar.bz2 740430 SHA256 045709f5e44199f402149b31c6aab9666bdb1540a5c5ed0312a46c90dedfa52d SHA512 dbb6809b028ae75296ad26d5997cc21d835c49555a0e37957cb39b36b144af6e817320073a29247448eba1876ab9e29d3956ff4456f1542b66ba38af459ec586 WHIRLPOOL 94320a34f0ae6a7a2c67ef335b9fc2007b55fdac282d6b602979571b8f47049535a8d0d1d1310e420f94aefaf95da065c398d4f724a73c74df52e8ef95209219 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20170805-r3.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20170805-r3.ebuild new file mode 100644 index 000000000000..f659283bd427 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20170805-r3.ebuild @@ -0,0 +1,121 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +EAPI="6" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://www.gentoo.org/proj/en/hardened/selinux/" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_setup() { + if use systemd; then + MODS="${MODS} systemd" + fi +} + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i -C "${S}"/${i} || die "${i} compile failed" + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + done + done +} + +pkg_postinst() { + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "<sys-apps/policycoreutils-2.5"; then + COMMAND="-b base.pp" + fi + + for i in ${MODS}; do + COMMAND="${COMMAND} -i ${i}.pp" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" + + semodule -s ${i} ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" + done + + # Relabel depending packages + local PKGSET=""; + if [[ -x /usr/bin/qdepends ]] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [[ -x /usr/bin/equery ]] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [[ -n "${PKGSET}" ]] ; then + rlpkg ${PKGSET}; + fi +} |