/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Sat Nov 12 20:53:21 2011 UTC (2 years, 10 months ago) by swift
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
FILE REMOVED
Removing the SELinux 2.20101213 policies

(Portage version: 2.1.10.11/cvs/Linux x86_64)

1 # Copyright 1999-2011 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r20.ebuild,v 1.1 2011/07/25 22:13:22 blueness Exp $
4
5 EAPI="1"
6 IUSE="+peer_perms +open_perms +ubac"
7
8 inherit eutils
9
10 #PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
11 PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
12 DESCRIPTION="Gentoo base policy for SELinux"
13 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
14 #SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
15 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
16 http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
17 LICENSE="GPL-2"
18 SLOT="0"
19
20 KEYWORDS="~amd64 ~x86"
21
22 RDEPEND=">=sys-apps/policycoreutils-1.30.30
23 >=sys-fs/udev-151"
24 DEPEND="${RDEPEND}
25 sys-devel/m4
26 >=sys-apps/checkpolicy-1.30.12"
27
28 S=${WORKDIR}/
29
30 src_unpack() {
31 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
32
33 unpack ${A}
34
35 cd "${S}"
36 epatch "${PATCHBUNDLE}"
37 cd "${S}/refpolicy"
38 # Fix bug 257111
39 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
40 "${S}/refpolicy/config/appconfig-standard/default_contexts"
41
42 if ! use peer_perms; then
43 sed -i -e '/network_peer_controls/d' \
44 "${S}/refpolicy/policy/policy_capabilities"
45 fi
46
47 if ! use open_perms; then
48 sed -i -e '/open_perms/d' \
49 "${S}/refpolicy/policy/policy_capabilities"
50 fi
51
52 for i in ${POLICY_TYPES}; do
53 cp -a "${S}/refpolicy" "${S}/${i}"
54
55 cd "${S}/${i}";
56 make conf || die "Make conf in ${i} failed"
57
58 # Define what we see as "base" and what we want to remain modular
59 cp "${FILESDIR}/modules.conf" \
60 "${S}/${i}/policy/modules.conf" \
61 || die "failed to set up modules.conf"
62 if [[ "${i}" == "targeted" ]];
63 then
64 echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
65 fi
66 sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
67 -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
68 || die "build.conf setup failed."
69
70 if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
71 then
72 # MCS/MLS require additional settings
73 sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
74 || die "failed to set type to mls"
75 fi
76
77 if ! use ubac; then
78 sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
79 fi
80
81 echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
82
83 if [ "${i}" == "targeted" ]; then
84 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
85 "${S}/${i}/config/appconfig-standard/seusers" \
86 || die "targeted seusers setup failed."
87 fi
88 done
89 }
90
91 src_compile() {
92 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
93
94 for i in ${POLICY_TYPES}; do
95 cd "${S}/${i}"
96 make base || die "${i} compile failed"
97 done
98 }
99
100 src_install() {
101 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
102
103 for i in ${POLICY_TYPES}; do
104 cd "${S}/${i}"
105
106 make DESTDIR="${D}" install \
107 || die "${i} install failed."
108
109 make DESTDIR="${D}" install-headers \
110 || die "${i} headers install failed."
111
112 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
113
114 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
115
116 # libsemanage won't make this on its own
117 keepdir "/etc/selinux/${i}/policy"
118 done
119
120 dodoc doc/Makefile.example doc/example.{te,fc,if}
121
122 insinto /etc/selinux
123 doins "${FILESDIR}/config"
124 }
125
126 pkg_preinst() {
127 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
128 previous_less_than_r13=$?
129 }
130
131 pkg_postinst() {
132 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
133
134 for i in ${POLICY_TYPES}; do
135 einfo "Inserting base module into ${i} module store."
136
137 cd "/usr/share/selinux/${i}"
138 semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
139 done
140 elog "Updates on policies might require you to relabel files. If you, after"
141 elog "installing new SELinux policies, get 'permission denied' errors,"
142 elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
143 }

  ViewVC Help
Powered by ViewVC 1.1.20