diff options
| author |   Sven Vermeulen <swift@gentoo.org> | 2018-01-18 19:21:34 +0100 |
|---|---|---|
| committer | Sven Vermeulen <swift@gentoo.org> | 2018-01-18 19:24:35 +0100 |
| commit | a28359157bf468a2f82bdb24bebeea1f69c34ed0 (patch) | |
| tree | 3159a454adff36bd6d9480bbde24bfb3b5db918c /sec-policy/selinux-base-policy | |
| parent | sys-fs/udisks: Add ~alpha keyword wrt bug #641308 (diff) | |
| download | gentoo-a28359157bf468a2f82bdb24bebeea1f69c34ed0.tar.gz gentoo-a28359157bf468a2f82bdb24bebeea1f69c34ed0.tar.bz2 gentoo-a28359157bf468a2f82bdb24bebeea1f69c34ed0.zip | |
sec-policy: Release of SELinux policies 2.20180114-r1
Package-Manager: Portage-2.3.19, Repoman-2.3.6
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 2 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r1.ebuild | 122 |
2 files changed, 124 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 22f7289e7b46..6f9a46647a9c 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -5,5 +5,7 @@ DIST patchbundle-selinux-base-policy-2.20170204-r4.tar.bz2 373731 BLAKE2B cb291e DIST patchbundle-selinux-base-policy-2.20170805-r2.tar.bz2 314854 BLAKE2B 483d04f364195eb8627153647118eb23812a610db63a40d50819b42c19fc20ffd0a36cd5c1959a764eab2109bd2e5317f74fd3a5cc1c7ddd17d8c85be05579a5 SHA512 1358db158945b82e0e41907e3919a6888564b4f15ad765f0fe2dc7bf284485c18d11c5502d598268e33b2163a6fa0be2a4029a8e9f774abfd4377031ee9afd32 DIST patchbundle-selinux-base-policy-2.20170805-r3.tar.bz2 324834 BLAKE2B ecc3b0425987aa648b3dd52977a6e1fd987e605fe302c3b6d8742d3eac9a1c89697de1f97331e9863b132bb95814ae7577e161a024cdda297fb84458aa9417fd SHA512 62ec2e70397d06d464e95305a4c0699cc07063d879d986a74442955fb8076a00cbe4a4f7a3cda46876cbf2ad38189be06f0c05ce9698aadafa6e9f02a8daf668 DIST patchbundle-selinux-base-policy-2.20170805-r4.tar.bz2 689641 BLAKE2B 1accfbecd4825a6cdb8c3c189c9e23898d1dbe8415d2fe26a842782dec634958f01861916a3c040740359562984718b61cee7af7d9395b125590931110e67eff SHA512 2067b090cd054e47d6496c9513d69a7a37a72de8dc873159a8055e27fe2380dc73006354d790c455ae893645f956c6be6d6ad2d30be7428ff8a442604a0c5400 +DIST patchbundle-selinux-base-policy-2.20180114-r1.tar.bz2 285245 BLAKE2B 32ff8fa3330aa1e17d6a2fc3c267e9c66d5f540fe4b7d1da8961cdc8e3c4a86e157db66e144c9cef13d52b85aa8a242e89ccf6e9c3ef455a7133bc448586d70f SHA512 5d5ce77b42e183d0b0241567bbe718622ab388cf9538193730c999da832f3ea7e4e9306f2b96cfbcfad01e6fcc834cf1d43b7b388a5a50242dd7f5ef3e252b42 DIST refpolicy-2.20170204.tar.bz2 709965 BLAKE2B 7fb10d6054d74204f8c7d6d8ee88603f37b6600ed4a03e937a3a233ea7a80feef6ab90ba01af8d444fa79b266456260b14af3be0ad6a311baff6e3408af7d1ba SHA512 30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f DIST refpolicy-2.20170805.tar.bz2 740430 BLAKE2B 0597f51fceb5ca88b3506aa16cbd2d7f3df3a1d9c6afdf4cc5fc7eca25fa19c5810889f90ed1ee0abef401d41384558abb69f6638caf50341f71d075fa99e561 SHA512 dbb6809b028ae75296ad26d5997cc21d835c49555a0e37957cb39b36b144af6e817320073a29247448eba1876ab9e29d3956ff4456f1542b66ba38af459ec586 +DIST refpolicy-2.20180114.tar.bz2 743725 BLAKE2B f64fc08dd68033a1762e147a0f205d8d1b71853017cefe4252ca4ca67029d457f28d81a82ae4e78c01e6c2131e9329d0e5634afee12fb4b291685e7563d59107 SHA512 9acb15d1d84670b25d1fc310e048348f707aa22ea184828e677946817aeb6ee2c590233195ead13aa91c7096544d6d29dfb6e98297120ef9464fc6107ffc9ce7 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r1.ebuild new file mode 100644 index 000000000000..5dadfcb0904b --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r1.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://www.gentoo.org/proj/en/hardened/selinux/" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_setup() { + if use systemd; then + MODS="${MODS} systemd" + fi +} + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i -C "${S}"/${i} || die "${i} compile failed" + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + done + done +} + +pkg_postinst() { + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "<sys-apps/policycoreutils-2.5"; then + COMMAND="-b base.pp" + fi + + for i in ${MODS}; do + COMMAND="${COMMAND} -i ${i}.pp" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" + + semodule -s ${i} ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" + done + + # Relabel depending packages + local PKGSET=""; + if [[ -x /usr/bin/qdepends ]] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [[ -x /usr/bin/equery ]] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [[ -n "${PKGSET}" ]] ; then + rlpkg ${PKGSET}; + fi +} |