diff options
author | Kenton Groombridge <concord@gentoo.org> | 2023-11-06 10:24:27 -0500 |
---|---|---|
committer | Kenton Groombridge <concord@gentoo.org> | 2023-11-14 16:47:19 -0500 |
commit | 6dcb139c3b35409146d3f67a1be6329270035cd6 (patch) | |
tree | 0166b286f4af4ae28b01aa37227536464f02e684 /sec-policy/selinux-base-policy | |
parent | sec-policy/*: stabilize SELinux policies 2.20231002-r2 (diff) | |
download | gentoo-6dcb139c3b35409146d3f67a1be6329270035cd6.tar.gz gentoo-6dcb139c3b35409146d3f67a1be6329270035cd6.tar.bz2 gentoo-6dcb139c3b35409146d3f67a1be6329270035cd6.zip |
sec-policy/*: Drop old SELinux policies
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Diffstat (limited to 'sec-policy/selinux-base-policy')
4 files changed, 0 insertions, 427 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 4d610c6a88b3..4effec8926ca 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,6 +1,2 @@ -DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f -DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6 -DIST patchbundle-selinux-base-policy-2.20231002-r1.tar.bz2 434734 BLAKE2B f2f28674ba93cd3a699cf0bc8fd06ab0500995f9518082cc76734c724b9ac82fcbcfa536f383a22b2fe72a9f781f202a78e630b7eb314880a98410badb32edd2 SHA512 30963590525842b7aaafc4bda99ae5297dc9706031431e69766dc90507357e4852ab0647893bfa27e6c6d82dd12f9af9a3fb5b790e2bd9b8311b8d91dafd083d DIST patchbundle-selinux-base-policy-2.20231002-r2.tar.bz2 436443 BLAKE2B f481e661b4afadd15f786a5d69d975d79e5d9a378c7bca279282d59215a02897a9587cbd56f7a2d95fd8152f931c0a8d469927033910e8fe214ee4494f4e6e49 SHA512 8545592130d7d10f7d6411a356e79f9cb2689138a7eb69a5f7bcd630203019c61336f1e3bdbc95dea31efceb41c9bce2e7ff42ced6a51a9b7482e991864fec05 -DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6 DIST refpolicy-2.20231002.tar.bz2 600458 BLAKE2B 254d6d3d6b95f21e1f8e1df5822520ccaeade427053fb172079427cf70bd33f8ced87a9e09e1d36ec5f7b33f0bac8d730020d91996c6d25eafdcec66ebe35bb3 SHA512 029cd2225ce57d96f681720f24828e962320af41832ad2dc95d4d41d00dbde20bb08d91fa8b964b592812a9fedd908c261734b77ad72cccfde2de541b9c2c74d diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r3.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r3.ebuild deleted file mode 100644 index 53278241d091..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r3.ebuild +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -if [[ ${PV} == 9999* ]]; then - EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" - EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" - EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" - - inherit git-r3 -else - SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 - https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~mips x86" -fi - -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" -DESCRIPTION="SELinux policy for core modules" - -IUSE="systemd +unconfined" - -PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" -DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" -RDEPEND="${DEPEND}" -BDEPEND=" - sys-apps/checkpolicy - sys-devel/m4" - -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" -DEL_MODS="hotplug" -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/" - -# Code entirely copied from selinux-eclass (cannot inherit due to dependency on -# itself), when reworked reinclude it. Only postinstall (where -b base.pp is -# added) needs to remain then. - -pkg_pretend() { - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "targeted" ]] && ! use unconfined; then - die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." - fi - done -} - -src_prepare() { - local modfiles - - if [[ ${PV} != 9999* ]]; then - einfo "Applying SELinux policy updates ... " - eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" - fi - - eapply_user - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles" - done - - for i in ${DEL_MODS}; do - [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done -} - -src_compile() { - for i in ${POLICY_TYPES}; do - emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} - done -} - -src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp - done - done -} - -pkg_postinst() { - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ "${ROOT}" != "" ]]; then - root_opts="-p ${ROOT} -n" - fi - - # Override the command from the eclass, we need to load in base as well here - local COMMAND="-i base.pp" - if has_version "<sys-apps/policycoreutils-2.5"; then - COMMAND="-b base.pp" - fi - - for i in ${MODS}; do - COMMAND="${COMMAND} -i ${i}.pp" - done - - for i in ${POLICY_TYPES}; do - einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" - - cd "${ROOT}/usr/share/selinux/${i}" - - semodule ${root_opts} -s ${i} ${COMMAND} - - for mod in ${DEL_MODS}; do - if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then - einfo "Removing obsolete ${i} ${mod} policy package" - semodule ${root_opts} -s ${i} -r ${mod} - fi - done - done - - # Don't relabel when cross compiling - if [[ "${ROOT}" == "" ]]; then - # Relabel depending packages - local PKGSET=""; - if [[ -x /usr/bin/qdepends ]] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - elif [[ -x /usr/bin/equery ]] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - fi - if [[ -n "${PKGSET}" ]] ; then - rlpkg ${PKGSET}; - fi - fi -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild deleted file mode 100644 index 599c89099660..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -if [[ ${PV} == 9999* ]]; then - EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" - EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" - EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" - - inherit git-r3 -else - SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 - https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~mips x86" -fi - -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" -DESCRIPTION="SELinux policy for core modules" - -IUSE="systemd +unconfined" - -PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" -DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" -RDEPEND="${DEPEND}" -BDEPEND=" - sys-apps/checkpolicy - sys-devel/m4" - -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" -DEL_MODS="hotplug" -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/" - -# Code entirely copied from selinux-eclass (cannot inherit due to dependency on -# itself), when reworked reinclude it. Only postinstall (where -b base.pp is -# added) needs to remain then. - -pkg_pretend() { - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "targeted" ]] && ! use unconfined; then - die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." - fi - done -} - -src_prepare() { - local modfiles - - if [[ ${PV} != 9999* ]]; then - einfo "Applying SELinux policy updates ... " - eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" - fi - - eapply_user - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles" - done - - for i in ${DEL_MODS}; do - [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done -} - -src_compile() { - for i in ${POLICY_TYPES}; do - emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} - done -} - -src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp - done - done -} - -pkg_postinst() { - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ "${ROOT}" != "" ]]; then - root_opts="-p ${ROOT} -n" - fi - - # Override the command from the eclass, we need to load in base as well here - local COMMAND="-i base.pp" - if has_version "<sys-apps/policycoreutils-2.5"; then - COMMAND="-b base.pp" - fi - - for i in ${MODS}; do - COMMAND="${COMMAND} -i ${i}.pp" - done - - for i in ${POLICY_TYPES}; do - einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" - - cd "${ROOT}/usr/share/selinux/${i}" - - semodule ${root_opts} -s ${i} ${COMMAND} - - for mod in ${DEL_MODS}; do - if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then - einfo "Removing obsolete ${i} ${mod} policy package" - semodule ${root_opts} -s ${i} -r ${mod} - fi - done - done - - # Don't relabel when cross compiling - if [[ "${ROOT}" == "" ]]; then - # Relabel depending packages - local PKGSET=""; - if [[ -x /usr/bin/qdepends ]] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - elif [[ -x /usr/bin/equery ]] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - fi - if [[ -n "${PKGSET}" ]] ; then - rlpkg ${PKGSET}; - fi - fi -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r1.ebuild deleted file mode 100644 index aaff2143be85..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r1.ebuild +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -if [[ ${PV} == 9999* ]]; then - EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" - EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" - EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" - - inherit git-r3 -else - SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 - https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" - KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" -fi - -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" -DESCRIPTION="SELinux policy for core modules" - -IUSE="systemd +unconfined" - -PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" -DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" -RDEPEND="${DEPEND}" -BDEPEND=" - sys-apps/checkpolicy - sys-devel/m4" - -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" -DEL_MODS="hotplug" -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/" - -# Code entirely copied from selinux-eclass (cannot inherit due to dependency on -# itself), when reworked reinclude it. Only postinstall (where -b base.pp is -# added) needs to remain then. - -pkg_pretend() { - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "targeted" ]] && ! use unconfined; then - die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." - fi - done -} - -src_prepare() { - local modfiles - - if [[ ${PV} != 9999* ]]; then - einfo "Applying SELinux policy updates ... " - eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" - fi - - eapply_user - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles" - done - - for i in ${DEL_MODS}; do - [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done -} - -src_compile() { - for i in ${POLICY_TYPES}; do - emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} - done -} - -src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp - done - done -} - -pkg_postinst() { - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ "${ROOT}" != "" ]]; then - root_opts="-p ${ROOT} -n" - fi - - # Override the command from the eclass, we need to load in base as well here - local COMMAND="-i base.pp" - if has_version "<sys-apps/policycoreutils-2.5"; then - COMMAND="-b base.pp" - fi - - for i in ${MODS}; do - COMMAND="${COMMAND} -i ${i}.pp" - done - - for i in ${POLICY_TYPES}; do - einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" - - cd "${ROOT}/usr/share/selinux/${i}" - - semodule ${root_opts} -s ${i} ${COMMAND} - - for mod in ${DEL_MODS}; do - if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then - einfo "Removing obsolete ${i} ${mod} policy package" - semodule ${root_opts} -s ${i} -r ${mod} - fi - done - done - - # Don't relabel when cross compiling - if [[ "${ROOT}" == "" ]]; then - # Relabel depending packages - local PKGSET=""; - if [[ -x /usr/bin/qdepends ]] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - elif [[ -x /usr/bin/equery ]] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - fi - if [[ -n "${PKGSET}" ]] ; then - rlpkg ${PKGSET}; - fi - fi -} |