/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Sun May 13 11:50:11 2012 UTC (2 years, 3 months ago) by swift
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
FILE REMOVED
Cleanup older policies

(Portage version: 2.1.10.49/cvs/Linux x86_64)

1 # Copyright 1999-2011 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r7.ebuild,v 1.1 2011/12/04 19:02:17 swift Exp $
4
5 EAPI="4"
6 IUSE="+peer_perms +open_perms +ubac doc"
7
8 inherit eutils
9
10 DESCRIPTION="Gentoo base policy for SELinux"
11 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
12 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
13 http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2"
14 LICENSE="GPL-2"
15 SLOT="0"
16
17 KEYWORDS="~amd64 ~x86"
18
19 RDEPEND=">=sys-apps/policycoreutils-1.30.30
20 >=sys-fs/udev-151"
21 DEPEND="${RDEPEND}
22 sys-devel/m4
23 >=sys-apps/checkpolicy-1.30.12"
24
25 S=${WORKDIR}/
26
27 src_prepare() {
28 # Apply the gentoo patches to the policy. These patches are only necessary
29 # for base policies, or for interface changes on modules.
30 EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
31 EPATCH_SUFFIX="patch" \
32 EPATCH_SOURCE="${WORKDIR}" \
33 EPATCH_FORCE="yes" \
34 epatch
35
36 cd "${S}/refpolicy"
37 # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
38 # system_r role
39 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
40 "${S}/refpolicy/config/appconfig-standard/default_contexts"
41 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
42 "${S}/refpolicy/config/appconfig-mls/default_contexts"
43 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
44 "${S}/refpolicy/config/appconfig-mcs/default_contexts"
45 }
46
47 src_configure() {
48 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
49
50 # Update the SELinux refpolicy capabilities based on the users' USE flags.
51
52 if ! use peer_perms; then
53 sed -i -e '/network_peer_controls/d' \
54 "${S}/refpolicy/policy/policy_capabilities"
55 fi
56
57 if ! use open_perms; then
58 sed -i -e '/open_perms/d' \
59 "${S}/refpolicy/policy/policy_capabilities"
60 fi
61
62 if ! use ubac; then
63 sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
64 || die "Failed to disable User Based Access Control"
65 fi
66
67 echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
68
69 # Setup the policies based on the types delivered by the end user.
70 # These types can be "targeted", "strict", "mcs" and "mls".
71 for i in ${POLICY_TYPES}; do
72 cp -a "${S}/refpolicy" "${S}/${i}"
73
74 cd "${S}/${i}";
75 make conf || die "Make conf in ${i} failed"
76
77 # Define what we see as "base" and what we want to remain modular.
78 cp "${FILESDIR}/modules.conf" \
79 "${S}/${i}/policy/modules.conf" \
80 || die "failed to set up modules.conf"
81 # In case of "targeted", we add the "unconfined" to the base policy
82 if [[ "${i}" == "targeted" ]];
83 then
84 echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
85 fi
86
87 sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
88 "${S}/${i}/build.conf" || die "build.conf setup failed."
89
90 if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
91 then
92 # MCS/MLS require additional settings
93 sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
94 || die "failed to set type to mls"
95 fi
96
97 if [ "${i}" == "targeted" ]; then
98 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
99 "${S}/${i}/config/appconfig-standard/seusers" \
100 || die "targeted seusers setup failed."
101 fi
102 done
103 }
104
105 src_compile() {
106 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
107
108 for i in ${POLICY_TYPES}; do
109 cd "${S}/${i}"
110 make base || die "${i} compile failed"
111 if use doc; then
112 make html || die
113 fi
114 done
115 }
116
117 src_install() {
118 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
119
120 for i in ${POLICY_TYPES}; do
121 cd "${S}/${i}"
122
123 make DESTDIR="${D}" install \
124 || die "${i} install failed."
125
126 make DESTDIR="${D}" install-headers \
127 || die "${i} headers install failed."
128
129 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
130
131 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
132
133 # libsemanage won't make this on its own
134 keepdir "/etc/selinux/${i}/policy"
135
136 if use doc; then
137 dohtml doc/html/*;
138 fi
139 done
140
141 dodoc doc/Makefile.example doc/example.{te,fc,if}
142
143 insinto /etc/selinux
144 doins "${FILESDIR}/config"
145 }
146
147 pkg_preinst() {
148 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
149 previous_less_than_r13=$?
150 }
151
152 pkg_postinst() {
153 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
154
155 for i in ${POLICY_TYPES}; do
156 einfo "Inserting base module into ${i} module store."
157
158 cd "${ROOT}/usr/share/selinux/${i}"
159 semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
160 done
161 elog "Updates on policies might require you to relabel files. If you, after"
162 elog "installing new SELinux policies, get 'permission denied' errors,"
163 elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
164 }

  ViewVC Help
Powered by ViewVC 1.1.20