Browse files

Updates

  • Loading branch information...
1 parent 0242cf2 commit f7a715f5b005615164209575087884be4bfadbe5 @sjvermeu committed May 15, 2011
View
92 eclass/selinux-policy-2.eclass
@@ -0,0 +1,92 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.5 2011/02/05 11:28:10 blueness Exp $
+
+# Eclass for installing SELinux policy, and optionally
+# reloading the reference-policy based modules.
+
+inherit eutils
+
+IUSE=""
+
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+
+RDEPEND=">=sys-apps/policycoreutils-1.30.30
+ >=sec-policy/selinux-base-policy-${PV}"
+
+DEPEND="${RDEPEND}
+ sys-devel/m4
+ >=sys-apps/checkpolicy-1.30.12"
+
+selinux-policy-2_src_unpack() {
+ local modfiles
+ [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+ unpack ${A}
+
+ for i in ${MODS}; do
+ modfiles="`find ${S}/refpolicy/policy/modules -iname $i.te` $modfiles"
+ modfiles="`find ${S}/refpolicy/policy/modules -iname $i.fc` $modfiles"
+ done
+
+ for i in ${POLICY_TYPES}; do
+ mkdir "${S}"/${i}
+ cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile
+
+ cp ${modfiles} "${S}"/${i}
+
+ if [ -n "${POLICY_PATCH}" ]; then
+ for POLPATCH in "${POLICY_PATCH}";
+ do
+ cd "${S}"/${i}
+ einfo "Patching ${i}"
+ epatch "${POLPATCH}" || die "failed patch ${POLPATCH}"
+ done
+ fi
+
+ done
+}
+
+selinux-policy-2_src_compile() {
+ [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+ for i in ${POLICY_TYPES}; do
+ make NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+ done
+}
+
+selinux-policy-2_src_install() {
+ [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+ local BASEDIR="/usr/share/selinux"
+
+ for i in ${POLICY_TYPES}; do
+ for j in ${MODS}; do
+ echo "Installing ${i} ${j} policy package"
+ insinto ${BASEDIR}/${i}
+ doins "${S}"/${i}/${j}.pp
+ done
+ done
+}
+
+selinux-policy-2_pkg_postinst() {
+ # build up the command in the case of multiple modules
+ local COMMAND
+ for i in ${MODS}; do
+ COMMAND="-i ${i}.pp ${COMMAND}"
+ done
+ [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
+
+ for i in ${POLICY_TYPES}; do
+ einfo "Inserting the following modules into the $i module store: ${MODS}"
+
+ cd /usr/share/selinux/${i}
+ semodule -s ${i} ${COMMAND} || die "Failed to load in modules ${MODS} in the $i policy store"
+ done
+}
+
+EXPORT_FUNCTIONS src_unpack src_compile src_install pkg_postinst
View
3 profiles/profiles.desc
@@ -1,3 +0,0 @@
-amd64 hardened/linux/amd64/selinux dev
-amd64 hardened/linux/amd64/no-multilib/selinux dev
-x86 hardened/linux/x86/selinux dev
View
14 sec-policy/selinux-mozilla/ChangeLog
@@ -1,14 +0,0 @@
-# ChangeLog for sec-policy/selinux-mozilla
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-mozilla/ChangeLog,v 1.1 2011/02/05 20:41:05 blueness Exp $
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog:
- Initial commit to portage.
-
-*selinux-mozilla-2.20101213-r1 (22 Jan 2011)
-
- 22 Jan 2011; <swift@gentoo.org> +selinux-mozilla-2.20101213-r1.ebuild,
- files/fix-mozilla.patch:
- Support binary firefox, add call to alsa interface and support tmp type
- for mozilla
-
View
5 sec-policy/selinux-mozilla/Manifest
@@ -1,5 +0,0 @@
-AUX fix-apps-mozilla-r2.patch 2181 RMD160 38c03a0a8eb5f0808f456d355ab9b8d13047a745 SHA1 51f0e381dcf6ae7ab8060cabf4e7e7128e60efe3 SHA256 fcbd381cc4ce5ace7b33097d9784b52f708afdc5a17b94783e837d216ab84a7e
-DIST refpolicy-2.20101213.tar.bz2 559450 RMD160 4858f792f4db5b179de6fb8419a626c29d59bdd3 SHA1 0e881e99b8950a358eadc44633551ca10f12eaee SHA256 b691ee8f6066cc19bb0d4384fe3be277d97d22e9d4ac2db0c252065e8c3535de
-EBUILD selinux-mozilla-2.20101213-r2.ebuild 431 RMD160 6330547ced0a70beb3c128ff38a64361d8196255 SHA1 bf83ad43b86f46697cb98eee719137cb304f822a SHA256 ee2fe50d5fc74f55a63b876c2c2ef6dda01cdfb5955711dbb6531f555a6ca848
-MISC ChangeLog 558 RMD160 3dec81cc5efb200a84fa70ced8030a72532fdf25 SHA1 4111ff8a0c5b2b9876b7c39d50dcbc2d56a495ee SHA256 8633cfdc2d81c60788febbcf0a84a7a47aa421cc188c030ec139c7c5618d8342
-MISC metadata.xml 231 RMD160 7398548d29a8ee91f4541c7ebcfaf3e20b1d9838 SHA1 2cf337863affdf44a4c46f6d84968b5488c2f9b1 SHA256 273d289d0f0b50f0a43bac2d1f9f62bbee4850d6c0cd873ac5d371df049abffa
View
57 sec-policy/selinux-mozilla/files/fix-apps-mozilla-r2.patch
@@ -1,57 +0,0 @@
---- apps/mozilla.te 2010-12-13 15:11:01.000000000 +0100
-+++ apps/mozilla.te 2011-05-02 22:23:19.098000084 +0200
-@@ -33,6 +33,10 @@
- files_tmpfs_file(mozilla_tmpfs_t)
- ubac_constrained(mozilla_tmpfs_t)
-
-+type mozilla_tmp_t;
-+files_tmp_file(mozilla_tmp_t)
-+ubac_constrained(mozilla_tmp_t)
-+
- ########################################
- #
- # Local policy
-@@ -68,6 +72,12 @@
- manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
- fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
-
-+manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
-+manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
-+files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir } )
-+#userdom_manage_user_tmp_files(mozilla_t)
-+#userdom_manage_user_tmp_sockets(mozilla_t)
-+
- kernel_read_kernel_sysctls(mozilla_t)
- kernel_read_network_state(mozilla_t)
- # Access /proc, sysctl
-@@ -143,6 +153,7 @@
-
- userdom_use_user_ptys(mozilla_t)
-
-+
- xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
- xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
- xserver_dontaudit_getattr_xdm_tmp_sockets(mozilla_t)
-@@ -266,3 +277,7 @@
- optional_policy(`
- thunderbird_domtrans(mozilla_t)
- ')
-+
-+optional_policy(`
-+ alsa_read_rw_config(mozilla_t)
-+')
---- apps/mozilla.fc 2010-08-03 15:11:03.000000000 +0200
-+++ apps/mozilla.fc 2011-01-02 22:23:34.407000019 +0100
-@@ -27,3 +27,12 @@
- /usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
- /usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
- /usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-+
-+ifdef(`distro_gentoo',`
-+/usr/bin/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-+/opt/firefox/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/opt/firefox/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-+/opt/firefox/run-mozilla.sh -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-+/opt/firefox/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-+/opt/firefox/plugin-container -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-+')
View
6 sec-policy/selinux-mozilla/metadata.xml
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>selinux</herd>
- <longdescription>Gentoo SELinux policy for mozilla</longdescription>
-</pkgmetadata>
View
15 sec-policy/selinux-mozilla/selinux-mozilla-2.20101213-r2.ebuild
@@ -1,15 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-mozilla/selinux-mozilla-2.20101213-r1.ebuild,v 1.1 2011/02/05 20:41:05 blueness Exp $
-
-IUSE=""
-
-MODS="mozilla"
-
-inherit selinux-policy-2
-
-DESCRIPTION="SELinux policy for general applications"
-
-KEYWORDS="~amd64 ~x86"
-
-POLICY_PATCH="${FILESDIR}/fix-apps-mozilla-r2.patch"
View
173 sec-policy/selinux-squid/ChangeLog
@@ -1,173 +0,0 @@
-# ChangeLog for sec-policy/selinux-squid
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-squid/ChangeLog,v 1.32 2011/02/05 12:07:05 blueness Exp $
-
-*selinux-squid-2.20101213-r1 (22 Apr 2011)
-
- 22 Apr 2011; <swift@gentoo.org> +selinux-squid-2.20101213-r1.ebuild,
- +metadata.xml:
- Depending on selinux-apache as squid uses domains defined in apache
-
-*selinux-squid-2.20101213 (05 Feb 2011)
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
- +selinux-squid-2.20101213.ebuild:
- New upstream policy.
-
-*selinux-squid-2.20091215 (16 Dec 2009)
-
- 16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
- +selinux-squid-2.20091215.ebuild:
- New upstream release.
-
- 14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- -selinux-squid-20070329.ebuild, -selinux-squid-20070928.ebuild,
- selinux-squid-20080525.ebuild:
- Mark 20080525 stable, clear old ebuilds.
-
-*selinux-squid-2.20090730 (03 Aug 2009)
-
- 03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- +selinux-squid-2.20090730.ebuild:
- New upstream release.
-
- 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
- selinux-squid-20070329.ebuild, selinux-squid-20070928.ebuild,
- selinux-squid-20080525.ebuild:
- Drop alpha, mips, ppc, sparc selinux support.
-
-*selinux-squid-20080525 (25 May 2008)
-
- 25 May 2008; Chris PeBenito <pebenito@gentoo.org>
- +selinux-squid-20080525.ebuild:
- New SVN snapshot.
-
- 16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
- -selinux-squid-20051023.ebuild, -selinux-squid-20051122.ebuild,
- -selinux-squid-20061114.ebuild:
- Remove old ebuilds.
-
- 03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
- selinux-squid-20070928.ebuild:
- Mark stable.
-
-*selinux-squid-20070928 (26 Nov 2007)
-
- 26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
- +selinux-squid-20070928.ebuild:
- New SVN snapshot.
-
- 29 Aug 2007; Christian Heim <phreak@gentoo.org> metadata.xml:
- Removing kaiowas from metadata due to his retirement (see #61930 for
- reference).
-
- 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
- selinux-squid-20070329.ebuild:
- Mark stable.
-
-*selinux-squid-20070329 (29 Mar 2007)
-
- 29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
- +selinux-squid-20070329.ebuild:
- New SVN snapshot.
-
- 22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
- Redigest for Manifest2
-
-*selinux-squid-20061114 (15 Nov 2006)
-
- 15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
- +selinux-squid-20061114.ebuild:
- New SVN snapshot.
-
-*selinux-squid-20061008 (10 Oct 2006)
-
- 10 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- +selinux-squid-20061008.ebuild:
- First mainstream reference policy testing release.
-
- 02 Dec 2005; petre rodan <kaiowas@gentoo.org>
- selinux-squid-20051122.ebuild:
- mark stable on amd64 mips ppc sparc x86
-
-*selinux-squid-20051122 (28 Nov 2005)
-
- 28 Nov 2005; petre rodan <kaiowas@gentoo.org>
- -selinux-squid-20050626.ebuild, +selinux-squid-20051122.ebuild:
- merge with upstream
-
- 27 Oct 2005; petre rodan <kaiowas@gentoo.org>
- selinux-squid-20051023.ebuild:
- mark stable on amd64 mips ppc sparc x86
-
-*selinux-squid-20051023 (24 Oct 2005)
-
- 24 Oct 2005; petre rodan <kaiowas@gentoo.org>
- -selinux-squid-20050408.ebuild, +selinux-squid-20051023.ebuild:
- added mips keyword, merge with upstream
-
-*selinux-squid-20050626 (26 Jun 2005)
-
- 26 Jun 2005; petre rodan <kaiowas@gentoo.org>
- -selinux-squid-20050219.ebuild, +selinux-squid-20050626.ebuild:
- added name_connect rules, mark stable
-
- 07 May 2005; petre rodan <kaiowas@gentoo.org>
- selinux-squid-20050408.ebuild:
- mark stable
-
-*selinux-squid-20050408 (23 Apr 2005)
-
- 23 Apr 2005; petre rodan <kaiowas@gentoo.org>
- -selinux-squid-20041120.ebuild, +selinux-squid-20050408.ebuild:
- merge with upstream
-
- 23 Mar 2005; petre rodan <kaiowas@gentoo.org>
- selinux-squid-20050219.ebuild:
- mark stable
-
-*selinux-squid-20050219 (25 Feb 2005)
-
- 25 Feb 2005; petre rodan <kaiowas@gentoo.org>
- +selinux-squid-20050219.ebuild:
- merge with upstream policy
-
- 12 Dec 2004; petre rodan <kaiowas@gentoo.org>
- -selinux-squid-20040106.ebuild, -selinux-squid-20041109.ebuild:
- removed old builds
-
- 23 Nov 2004; petre rodan <kaiowas@gentoo.org>
- selinux-squid-20041120.ebuild:
- mark stable
-
-*selinux-squid-20041120 (22 Nov 2004)
-
- 22 Nov 2004; petre rodan <kaiowas@gentoo.org>
- +selinux-squid-20041120.ebuild:
- merge with nsa policy
-
-*selinux-squid-20041109 (13 Nov 2004)
-
- 13 Nov 2004; petre rodan <kaiowas@gentoo.org>
- -selinux-squid-20040925.ebuild, -selinux-squid-20041024.ebuild,
- +selinux-squid-20041109.ebuild:
- merge with nsa policy
-
-*selinux-squid-20041024 (27 Oct 2004)
-
- 27 Oct 2004; petre rodan <kaiowas@gentoo.org>
- +selinux-squid-20041024.ebuild:
- merge with nsa policy
-
-*selinux-squid-20040925 (23 Oct 2004)
-
- 23 Oct 2004; petre rodan <kaiowas@gentoo.org> metadata.xml,
- +selinux-squid-20040925.ebuild:
- update needed by base-policy-20041023
-
-*selinux-squid-20040106 (06 Jan 2004)
-
- 06 Jan 2004; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
- selinux-squid-20040106.ebuild:
- Initial commit. Fixed up by Petre Rodan.
-
View
4 sec-policy/selinux-squid/Manifest
@@ -1,4 +0,0 @@
-DIST refpolicy-2.20101213.tar.bz2 559450 RMD160 4858f792f4db5b179de6fb8419a626c29d59bdd3 SHA1 0e881e99b8950a358eadc44633551ca10f12eaee SHA256 b691ee8f6066cc19bb0d4384fe3be277d97d22e9d4ac2db0c252065e8c3535de
-EBUILD selinux-squid-2.20101213-r1.ebuild 407 RMD160 19f7af4069cacf4bbd953d3de92d7cf0150e2619 SHA1 c8ee73c4d4c9d8ce0353af9ad6be31ed00f39439 SHA256 9bd2b0cc5e49ac6037237ee735b85167ccc56427955e75980cd8ca1fb47defb6
-MISC ChangeLog 5088 RMD160 84e1dbeb8e8c33ea099809795cae88b8f3c2b994 SHA1 83f22ea8ff6f18bb4dde67cbe2705dedd3965a15 SHA256 dd13f3e59929c3a8d2f469ca0f3e545e3247740f4b183b6e88d58ff4788f9cc6
-MISC metadata.xml 229 RMD160 77aec01ead94e80465cc377109a1e766808da827 SHA1 a789582fd8e2892db7ced5e1139b94edf2f2aa22 SHA256 4013435083664287b3ff9887d144f0ec096623c3f4aa660c378824822709e2eb
View
6 sec-policy/selinux-squid/metadata.xml
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>selinux</herd>
- <longdescription>Gentoo SELinux policy for squid</longdescription>
-</pkgmetadata>
View
14 sec-policy/selinux-squid/selinux-squid-2.20101213-r1.ebuild
@@ -1,14 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-squid/selinux-squid-2.20101213.ebuild,v 1.1 2011/02/05 12:07:05 blueness Exp $
-
-MODS="squid"
-IUSE=""
-
-inherit selinux-policy-2
-
-DESCRIPTION="SELinux policy for squid"
-
-KEYWORDS="~amd64 ~x86"
-DEPEND="sec-policy/selinux-apache"
-RDEPEND="${DEPEND}"

0 comments on commit f7a715f

Please sign in to comment.