/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Sat Nov 12 20:53:21 2011 UTC (3 years, 1 month ago) by swift
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
FILE REMOVED
Removing the SELinux 2.20101213 policies

(Portage version: 2.1.10.11/cvs/Linux x86_64)

1 # Copyright 1999-2011 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild,v 1.1 2011/07/10 02:30:17 blueness Exp $
4
5 EAPI="1"
6 IUSE="+peer_perms +open_perms +ubac"
7
8 inherit eutils
9
10 #PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
11 PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
12 DESCRIPTION="Gentoo base policy for SELinux"
13 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
14 #SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
15 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
16 http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
17 LICENSE="GPL-2"
18 SLOT="0"
19
20 KEYWORDS="~amd64 ~x86"
21
22 RDEPEND=">=sys-apps/policycoreutils-1.30.30
23 >=sys-fs/udev-151"
24 DEPEND="${RDEPEND}
25 sys-devel/m4
26 >=sys-apps/checkpolicy-1.30.12"
27
28 S=${WORKDIR}/
29
30 src_unpack() {
31 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
32 MOD_CONF_VER="20090730"
33
34 unpack ${A}
35
36 cd "${S}"
37 epatch "${PATCHBUNDLE}"
38 cd "${S}/refpolicy"
39 # Fix bug 257111
40 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
41 "${S}/refpolicy/config/appconfig-standard/default_contexts"
42
43 if ! use peer_perms; then
44 sed -i -e '/network_peer_controls/d' \
45 "${S}/refpolicy/policy/policy_capabilities"
46 fi
47
48 if ! use open_perms; then
49 sed -i -e '/open_perms/d' \
50 "${S}/refpolicy/policy/policy_capabilities"
51 fi
52
53 for i in ${POLICY_TYPES}; do
54 cp -a "${S}/refpolicy" "${S}/${i}"
55
56 cd "${S}/${i}";
57 make conf || die "Make conf in ${i} failed"
58
59 cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
60 "${S}/${i}/policy/modules.conf" \
61 || die "failed to set up modules.conf"
62 sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
63 -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
64 || die "build.conf setup failed."
65
66 if ! use ubac; then
67 sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
68 fi
69
70 echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
71
72 if [ "${i}" == "targeted" ]; then
73 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
74 "${S}/${i}/config/appconfig-standard/seusers" \
75 || die "targeted seusers setup failed."
76 fi
77 done
78 }
79
80 src_compile() {
81 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
82
83 for i in ${POLICY_TYPES}; do
84 cd "${S}/${i}"
85 make base || die "${i} compile failed"
86 done
87 }
88
89 src_install() {
90 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
91
92 for i in ${POLICY_TYPES}; do
93 cd "${S}/${i}"
94
95 make DESTDIR="${D}" install \
96 || die "${i} install failed."
97
98 make DESTDIR="${D}" install-headers \
99 || die "${i} headers install failed."
100
101 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
102
103 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
104
105 # libsemanage won't make this on its own
106 keepdir "/etc/selinux/${i}/policy"
107 done
108
109 dodoc doc/Makefile.example doc/example.{te,fc,if}
110
111 insinto /etc/selinux
112 doins "${FILESDIR}/config"
113 }
114
115 pkg_preinst() {
116 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
117 previous_less_than_r13=$?
118 }
119
120 pkg_postinst() {
121 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
122
123 for i in ${POLICY_TYPES}; do
124 einfo "Inserting base module into ${i} module store."
125
126 cd "/usr/share/selinux/${i}"
127 semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
128 done
129 elog "Updates on policies might require you to relabel files. If you, after"
130 elog "installing new SELinux policies, get 'permission denied' errors,"
131 elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
132 }

  ViewVC Help
Powered by ViewVC 1.1.20