/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Sat Nov 12 20:53:21 2011 UTC (2 years, 10 months ago) by swift
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
FILE REMOVED
Removing the SELinux 2.20101213 policies

(Portage version: 2.1.10.11/cvs/Linux x86_64)

1 # Copyright 1999-2011 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild,v 1.1 2011/08/07 10:53:56 blueness Exp $
4
5 EAPI="1"
6 IUSE="+peer_perms +open_perms +ubac"
7
8 inherit eutils
9
10 #PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
11 PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
12 DESCRIPTION="Gentoo base policy for SELinux"
13 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
14 #SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
15 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
16 http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
17 LICENSE="GPL-2"
18 SLOT="0"
19
20 KEYWORDS="~amd64 ~x86"
21
22 RDEPEND=">=sys-apps/policycoreutils-1.30.30
23 >=sys-fs/udev-151"
24 DEPEND="${RDEPEND}
25 sys-devel/m4
26 >=sys-apps/checkpolicy-1.30.12"
27
28 S=${WORKDIR}/
29
30 src_unpack() {
31 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
32
33 unpack ${A}
34
35 cd "${S}"
36 epatch "${PATCHBUNDLE}"
37 cd "${S}/refpolicy"
38 # Fix bug 257111
39 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
40 "${S}/refpolicy/config/appconfig-standard/default_contexts"
41 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
42 "${S}/refpolicy/config/appconfig-mls/default_contexts"
43 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
44 "${S}/refpolicy/config/appconfig-mcs/default_contexts"
45
46 if ! use peer_perms; then
47 sed -i -e '/network_peer_controls/d' \
48 "${S}/refpolicy/policy/policy_capabilities"
49 fi
50
51 if ! use open_perms; then
52 sed -i -e '/open_perms/d' \
53 "${S}/refpolicy/policy/policy_capabilities"
54 fi
55
56 for i in ${POLICY_TYPES}; do
57 cp -a "${S}/refpolicy" "${S}/${i}"
58
59 cd "${S}/${i}";
60 make conf || die "Make conf in ${i} failed"
61
62 # Define what we see as "base" and what we want to remain modular
63 cp "${FILESDIR}/modules.conf" \
64 "${S}/${i}/policy/modules.conf" \
65 || die "failed to set up modules.conf"
66 if [[ "${i}" == "targeted" ]];
67 then
68 echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
69 fi
70 sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
71 -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
72 || die "build.conf setup failed."
73
74 if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
75 then
76 # MCS/MLS require additional settings
77 sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
78 || die "failed to set type to mls"
79 fi
80
81 if ! use ubac; then
82 sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
83 fi
84
85 echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
86
87 if [ "${i}" == "targeted" ]; then
88 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
89 "${S}/${i}/config/appconfig-standard/seusers" \
90 || die "targeted seusers setup failed."
91 fi
92 done
93 }
94
95 src_compile() {
96 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
97
98 for i in ${POLICY_TYPES}; do
99 cd "${S}/${i}"
100 make base || die "${i} compile failed"
101 done
102 }
103
104 src_install() {
105 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
106
107 for i in ${POLICY_TYPES}; do
108 cd "${S}/${i}"
109
110 make DESTDIR="${D}" install \
111 || die "${i} install failed."
112
113 make DESTDIR="${D}" install-headers \
114 || die "${i} headers install failed."
115
116 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
117
118 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
119
120 # libsemanage won't make this on its own
121 keepdir "/etc/selinux/${i}/policy"
122 done
123
124 dodoc doc/Makefile.example doc/example.{te,fc,if}
125
126 insinto /etc/selinux
127 doins "${FILESDIR}/config"
128 }
129
130 pkg_preinst() {
131 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
132 previous_less_than_r13=$?
133 }
134
135 pkg_postinst() {
136 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
137
138 for i in ${POLICY_TYPES}; do
139 einfo "Inserting base module into ${i} module store."
140
141 cd "/usr/share/selinux/${i}"
142 semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
143 done
144 elog "Updates on policies might require you to relabel files. If you, after"
145 elog "installing new SELinux policies, get 'permission denied' errors,"
146 elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
147 }

  ViewVC Help
Powered by ViewVC 1.1.20