sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild

# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $

EAPI="1"
IUSE="+peer_perms +open_perms +ubac"

inherit eutils

#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
        http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"

KEYWORDS="~amd64 ~x86"

RDEPEND=">=sys-apps/policycoreutils-1.30.30
        >=sys-fs/udev-151"
DEPEND="${RDEPEND}
        sys-devel/m4
        >=sys-apps/checkpolicy-1.30.12"

S=${WORKDIR}/

src_unpack() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

        unpack ${A}

        cd "${S}"
        epatch "${PATCHBUNDLE}"
        cd "${S}/refpolicy"
        # Fix bug 257111
        sed -i -e 's:system_crond_t:system_cronjob_t:g' \
                "${S}/refpolicy/config/appconfig-standard/default_contexts"

        if ! use peer_perms; then
                sed -i -e '/network_peer_controls/d' \
                        "${S}/refpolicy/policy/policy_capabilities"
        fi

        if ! use open_perms; then
                sed -i -e '/open_perms/d' \
                        "${S}/refpolicy/policy/policy_capabilities"
        fi

        for i in ${POLICY_TYPES}; do
                cp -a "${S}/refpolicy" "${S}/${i}"

                cd "${S}/${i}";
                make conf || die "Make conf in ${i} failed"

                # Define what we see as "base" and what we want to remain modular
                cp "${FILESDIR}/modules.conf" \
                        "${S}/${i}/policy/modules.conf" \
                        || die "failed to set up modules.conf"
                if [[ "${i}" == "targeted" ]];
                then
                        echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
                fi
                sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
                        -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
                        || die "build.conf setup failed."

                if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
                then
                        # MCS/MLS require additional settings
                        sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
                                || die "failed to set type to mls"
                fi

                if ! use ubac; then
                        sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
                fi

                echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"

                if [ "${i}" == "targeted" ]; then
                        sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
                        "${S}/${i}/config/appconfig-standard/seusers" \
                        || die "targeted seusers setup failed."
                fi
        done
}

src_compile() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

        for i in ${POLICY_TYPES}; do
                cd "${S}/${i}"
                make base || die "${i} compile failed"
        done
}

src_install() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

        for i in ${POLICY_TYPES}; do
                cd "${S}/${i}"

                make DESTDIR="${D}" install \
                        || die "${i} install failed."

                make DESTDIR="${D}" install-headers \
                        || die "${i} headers install failed."

                echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"

                echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"

                # libsemanage won't make this on its own
                keepdir "/etc/selinux/${i}/policy"
        done

        dodoc doc/Makefile.example doc/example.{te,fc,if}

        insinto /etc/selinux
        doins "${FILESDIR}/config"
}

pkg_preinst() {
        has_version "<${CATEGORY}/${PN}-2.20101213-r13"
        previous_less_than_r13=$?
}

pkg_postinst() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"

        for i in ${POLICY_TYPES}; do
                einfo "Inserting base module into ${i} module store."

                cd "/usr/share/selinux/${i}"
                semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
        done
        elog "Updates on policies might require you to relabel files. If you, after"
        elog "installing new SELinux policies, get 'permission denied' errors,"
        elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
}
1	# Copyright 1999-2011 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $
4
5	EAPI="1"
6	IUSE="+peer_perms +open_perms +ubac"
7
8	inherit eutils
9
10	#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
11	PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
12	DESCRIPTION="Gentoo base policy for SELinux"
13	HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
14	#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
15	SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
16	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
17	LICENSE="GPL-2"
18	SLOT="0"
19
20	KEYWORDS="~amd64 ~x86"
21
22	RDEPEND=">=sys-apps/policycoreutils-1.30.30
23	>=sys-fs/udev-151"
24	DEPEND="${RDEPEND}
25	sys-devel/m4
26	>=sys-apps/checkpolicy-1.30.12"
27
28	S=${WORKDIR}/
29
30	src_unpack() {
31	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
32
33	unpack ${A}
34
35	cd "${S}"
36	epatch "${PATCHBUNDLE}"
37	cd "${S}/refpolicy"
38	# Fix bug 257111
39	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
40	"${S}/refpolicy/config/appconfig-standard/default_contexts"
41
42	if ! use peer_perms; then
43	sed -i -e '/network_peer_controls/d' \
44	"${S}/refpolicy/policy/policy_capabilities"
45	fi
46
47	if ! use open_perms; then
48	sed -i -e '/open_perms/d' \
49	"${S}/refpolicy/policy/policy_capabilities"
50	fi
51
52	for i in ${POLICY_TYPES}; do
53	cp -a "${S}/refpolicy" "${S}/${i}"
54
55	cd "${S}/${i}";
56	make conf \|\| die "Make conf in ${i} failed"
57
58	# Define what we see as "base" and what we want to remain modular
59	cp "${FILESDIR}/modules.conf" \
60	"${S}/${i}/policy/modules.conf" \
61	\|\| die "failed to set up modules.conf"
62	if [[ "${i}" == "targeted" ]];
63	then
64	echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
65	fi
66	sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
67	-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
68	\|\| die "build.conf setup failed."
69
70	if [[ "${i}" == "mls" ]] \|\| [[ "${i}" == "mcs" ]];
71	then
72	# MCS/MLS require additional settings
73	sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
74	\|\| die "failed to set type to mls"
75	fi
76
77	if ! use ubac; then
78	sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
79	fi
80
81	echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
82
83	if [ "${i}" == "targeted" ]; then
84	sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
85	"${S}/${i}/config/appconfig-standard/seusers" \
86	\|\| die "targeted seusers setup failed."
87	fi
88	done
89	}
90
91	src_compile() {
92	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
93
94	for i in ${POLICY_TYPES}; do
95	cd "${S}/${i}"
96	make base \|\| die "${i} compile failed"
97	done
98	}
99
100	src_install() {
101	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
102
103	for i in ${POLICY_TYPES}; do
104	cd "${S}/${i}"
105
106	make DESTDIR="${D}" install \
107	\|\| die "${i} install failed."
108
109	make DESTDIR="${D}" install-headers \
110	\|\| die "${i} headers install failed."
111
112	echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
113
114	echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
115
116	# libsemanage won't make this on its own
117	keepdir "/etc/selinux/${i}/policy"
118	done
119
120	dodoc doc/Makefile.example doc/example.{te,fc,if}
121
122	insinto /etc/selinux
123	doins "${FILESDIR}/config"
124	}
125
126	pkg_preinst() {
127	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
128	previous_less_than_r13=$?
129	}
130
131	pkg_postinst() {
132	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
133
134	for i in ${POLICY_TYPES}; do
135	einfo "Inserting base module into ${i} module store."
136
137	cd "/usr/share/selinux/${i}"
138	semodule -s "${i}" -b base.pp \|\| die "Could not load in new base policy"
139	done
140	elog "Updates on policies might require you to relabel files. If you, after"
141	elog "installing new SELinux policies, get 'permission denied' errors,"
142	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
143	}