/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations) (download)
Sat Nov 12 20:53:21 2011 UTC (2 years, 8 months ago) by swift
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +1 -1 lines
FILE REMOVED
Removing the SELinux 2.20101213 policies

(Portage version: 2.1.10.11/cvs/Linux x86_64)

1 # Copyright 1999-2011 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r17.ebuild,v 1.2 2011/07/03 00:33:35 blueness Exp $
4
5 EAPI="1"
6 IUSE="+peer_perms +open_perms +ubac"
7
8 inherit eutils
9
10 #PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
11 PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
12
13 DESCRIPTION="Gentoo base policy for SELinux"
14 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
15
16 #SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
17 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
18 http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
19
20 LICENSE="GPL-2"
21 SLOT="0"
22
23 KEYWORDS="~amd64 ~x86"
24
25 RDEPEND=">=sys-apps/policycoreutils-1.30.30
26 >=sys-fs/udev-151"
27 DEPEND="${RDEPEND}
28 sys-devel/m4
29 >=sys-apps/checkpolicy-1.30.12"
30
31 S=${WORKDIR}/
32
33 src_unpack() {
34 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
35 MOD_CONF_VER="20090730"
36
37 unpack ${A}
38
39 cd "${S}"
40 epatch "${PATCHBUNDLE}"
41 cd "${S}/refpolicy"
42 # Fix bug 257111
43 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
44 "${S}/refpolicy/config/appconfig-standard/default_contexts"
45
46 if ! use peer_perms; then
47 sed -i -e '/network_peer_controls/d' \
48 "${S}/refpolicy/policy/policy_capabilities"
49 fi
50
51 if ! use open_perms; then
52 sed -i -e '/open_perms/d' \
53 "${S}/refpolicy/policy/policy_capabilities"
54 fi
55
56 for i in ${POLICY_TYPES}; do
57 cp -a "${S}/refpolicy" "${S}/${i}"
58
59 cd "${S}/${i}";
60 make conf || die "Make conf in ${i} failed"
61
62 cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
63 "${S}/${i}/policy/modules.conf" \
64 || die "failed to set up modules.conf"
65 sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
66 -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
67 || die "build.conf setup failed."
68
69 if ! use ubac; then
70 sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
71 fi
72
73 echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
74
75 if [ "${i}" == "targeted" ]; then
76 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
77 "${S}/${i}/config/appconfig-standard/seusers" \
78 || die "targeted seusers setup failed."
79 fi
80 done
81 }
82
83 src_compile() {
84 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
85
86 for i in ${POLICY_TYPES}; do
87 cd "${S}/${i}"
88 make base || die "${i} compile failed"
89 done
90 }
91
92 src_install() {
93 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
94
95 for i in ${POLICY_TYPES}; do
96 cd "${S}/${i}"
97
98 make DESTDIR="${D}" install \
99 || die "${i} install failed."
100
101 make DESTDIR="${D}" install-headers \
102 || die "${i} headers install failed."
103
104 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
105
106 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
107
108 # libsemanage won't make this on its own
109 keepdir "/etc/selinux/${i}/policy"
110 done
111
112 dodoc doc/Makefile.example doc/example.{te,fc,if}
113
114 insinto /etc/selinux
115 doins "${FILESDIR}/config"
116 }
117
118 pkg_preinst() {
119 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
120 previous_less_than_r13=$?
121 }
122
123 pkg_postinst() {
124 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
125
126 for i in ${POLICY_TYPES}; do
127 einfo "Inserting base module into ${i} module store."
128
129 cd "/usr/share/selinux/${i}"
130 semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
131 done
132 elog "Updates on policies might require you to relabel files. If you, after"
133 elog "installing new SELinux policies, get 'permission denied' errors,"
134 elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
135 }

  ViewVC Help
Powered by ViewVC 1.1.20