Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Packages to support the SELinux security mechanism #10664

Open
wants to merge 11 commits into
base: master
from
Prev

utils/selinux-python: new package

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
  • Loading branch information
tpetazzoni committed Nov 19, 2019
commit 933055ea754a24027cec940c203b8ffea1ca24b3
@@ -0,0 +1,155 @@
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=selinux-python
PKG_VERSION:=2.9
PKG_RELEASE:=1

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20190315
PKG_HASH:=3650b5393b0d1790cac66db00e34f059aa91c23cfe3c2559676594e295d75fde
PKG_BUILD_DEPENDS:=PACKAGE_selinux-audit2allow:libsepol

PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>

include $(INCLUDE_DIR)/package.mk
include ../../lang/python/python-package.mk

#
# common definitions
#

define Package/selinux-python/Default
SECTION:=utils
DEPENDS:=+python +python-libselinux
CATEGORY:=Utilities
URL:=http://selinuxproject.org/page/Main_Page
endef

define Package/selinux-python/Default/description
A set of SELinux tools written in python that help with
managing a system with SELinux enabled.
endef

MAKE_VARS = \
PYTHON=$(HOST_PYTHON_BIN) \
PYTHONLIBDIR=$(PYTHON_PKG_DIR)

define Build/Compile
$(call Build/Compile/Default,all)
endef

#
# selinux-audit2allow
#

define Package/selinux-audit2allow
$(call Package/selinux-python/Default)
TITLE:=selinux-audit2allow
DEPENDS:=+python-sepolgen +libsepol
endef

define Package/selinux-audit2allow/description
$(call Package/selinux-python/Default/description)
This package contains the audit2allow and audit2why tools.
endef

define Package/selinux-audit2allow/install
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/audit2allow DESTDIR=$(1) install
rm -rf $(1)/usr/share/man
endef

#
# selinux-chchat
#

define Package/selinux-chcat
$(call Package/selinux-python/Default)
TITLE:=selinux-chcat
endef

define Package/selinux-chcat/description
$(call Package/selinux-python/Default/description)
This package contains the chcat tool.
endef

define Package/selinux-chcat/install
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/chcat DESTDIR=$(1) install
rm -rf $(1)/usr/share
endef

#
# selinux-semanage
#

define Package/selinux-semanage
$(call Package/selinux-python/Default)
TITLE:=selinux-semanage
DEPENDS:=+python-sepolicy
endef

define Package/selinux-semanage/description
$(call Package/selinux-python/Default/description)
This package contains the semanage tool.
endef

define Package/selinux-semanage/install
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/semanage DESTDIR=$(1) install
rm -rf $(1)/usr/share
endef

#
# python-sepolgen
#

define Package/python-sepolgen
$(call Package/selinux-python/Default)
SUBMENU:=Python
SECTION:=lang
CATEGORY:=Languages
TITLE:=python-sepolgen
endef

define Package/python-sepolgen/description
$(call Package/selinux-python/Default/description)
This package contains the sepolgen Python library.
endef

define Package/python-sepolgen/install
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install
$(INSTALL_DIR) $(1)/usr/share/sepolgen/
$(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map
$(RM) -rf $(1)/var
endef

#
# python-sepolicy
#

define Package/python-sepolicy
$(call Package/selinux-python/Default)
SUBMENU:=Python
SECTION:=lang
CATEGORY:=Languages
TITLE:=python-sepolicy
endef

define Package/python-sepolicy/description
$(call Package/selinux-python/Default/description)
This package contains the sepolicy Python library.
endef

define Package/python-sepolicy/install
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install
rm -rf $(1)/usr/share
endef

$(eval $(call BuildPackage,selinux-audit2allow))
$(eval $(call BuildPackage,selinux-chcat))
$(eval $(call BuildPackage,selinux-semanage))
$(eval $(call BuildPackage,python-sepolgen))
$(eval $(call BuildPackage,python-sepolicy))
@@ -0,0 +1,26 @@
From 4dfa91b1377b6dc57e66443ea1a08c6d79a3a6e2 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Wed, 2 Oct 2019 12:04:24 +0200
Subject: [PATCH] sepolgen: adjust data_dir()

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
sepolgen/src/sepolgen/defaults.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py
index 6e800695..a61d1efd 100644
--- a/sepolgen/src/sepolgen/defaults.py
+++ b/sepolgen/src/sepolgen/defaults.py
@@ -57,7 +57,7 @@ Various default settings, including file and directory locations.
"""

def data_dir():
- return "/var/lib/sepolgen"
+ return "/usr/share/sepolgen"

def perm_map():
return data_dir() + "/perm_map"
--
2.21.0

@@ -0,0 +1,38 @@
From a8a7f8fb5cfe95f28cd5f7ff4b4679ca122fe410 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Wed, 2 Oct 2019 13:38:18 +0200
Subject: [PATCH] sepolgen: don't hardcode search for ausearch in /sbin

ausearch may be installed in another location, just rely on PATH to
find ausearch.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
sepolgen/src/sepolgen/audit.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index 4adb851f..5eafa587 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
s = time.localtime(time.time() - off)
bootdate = time.strftime("%x", s)
boottime = time.strftime("%X", s)
- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
stdout=subprocess.PIPE).communicate()[0]
if util.PY3:
output = util.decode_input(output)
@@ -56,7 +56,7 @@ def get_audit_msgs():
string contain all of the audit messages returned by ausearch.
"""
import subprocess
- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
+ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
stdout=subprocess.PIPE).communicate()[0]
if util.PY3:
output = util.decode_input(output)
--
2.21.0

@@ -0,0 +1,67 @@
From 193e708d53517802040742e63041716e1f89a039 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Wed, 2 Oct 2019 13:40:20 +0200
Subject: [PATCH] Don't force using python3

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
audit2allow/audit2allow | 2 +-
audit2allow/sepolgen-ifgen | 2 +-
chcat/chcat | 2 +-
semanage/semanage | 2 +-
sepolicy/sepolicy.py | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/audit2allow/audit2allow b/audit2allow/audit2allow
index 09b06f66..81f610ad 100644
--- a/audit2allow/audit2allow
+++ b/audit2allow/audit2allow
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python -Es
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
# Authors: Dan Walsh <dwalsh@redhat.com>
#
diff --git a/audit2allow/sepolgen-ifgen b/audit2allow/sepolgen-ifgen
index be2d093b..99700ea9 100644
--- a/audit2allow/sepolgen-ifgen
+++ b/audit2allow/sepolgen-ifgen
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python -Es
#
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
diff --git a/chcat/chcat b/chcat/chcat
index ba398684..63e91635 100755
--- a/chcat/chcat
+++ b/chcat/chcat
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python -Es
# Copyright (C) 2005 Red Hat
# see file 'COPYING' for use and warranty information
#
diff --git a/semanage/semanage b/semanage/semanage
index 144cc000..552ace6a 100644
--- a/semanage/semanage
+++ b/semanage/semanage
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python -Es
# Copyright (C) 2012-2013 Red Hat
# AUTHOR: Miroslav Grepl <mgrepl@redhat.com>
# AUTHOR: David Quigley <selinux@davequigley.com>
diff --git a/sepolicy/sepolicy.py b/sepolicy/sepolicy.py
index 1934cd86..af606857 100755
--- a/sepolicy/sepolicy.py
+++ b/sepolicy/sepolicy.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3 -Es
+#!/usr/bin/python -Es
# Copyright (C) 2012 Red Hat
# AUTHOR: Dan Walsh <dwalsh@redhat.com>
# see file 'COPYING' for use and warranty information
--
2.21.0

ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.