/[gentoo-x86]/sec-policy/selinux-base/selinux-base-2.20120215-r6.ebuild
Gentoo

Contents of /sec-policy/selinux-base/selinux-base-2.20120215-r6.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (hide annotations) (download)
Sat Mar 31 12:29:14 2012 UTC (2 years, 8 months ago) by swift
Branch: MAIN
Pushing out 2.20120215 SELinux policies

(Portage version: 2.1.10.49/cvs/Linux x86_64)

1 swift 1.1 # Copyright 1999-2012 Gentoo Foundation
2     # Distributed under the terms of the GNU General Public License v2
3     # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r13.ebuild,v 1.1 2012/02/23 18:17:40 swift Exp $
4    
5     EAPI="4"
6     IUSE="+peer_perms +open_perms +ubac doc"
7    
8     inherit eutils
9    
10     DESCRIPTION="Gentoo base policy for SELinux"
11     HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
12     SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
13     http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
14     LICENSE="GPL-2"
15     SLOT="0"
16    
17     KEYWORDS="~amd64 ~x86"
18    
19     RDEPEND=">=sys-apps/policycoreutils-2.1.10
20     >=sys-fs/udev-151
21     !<=sec-policy/selinux-base-policy-2.20120215"
22     DEPEND="${RDEPEND}
23     sys-devel/m4
24     >=sys-apps/checkpolicy-2.1.8"
25    
26     S=${WORKDIR}/
27    
28     src_prepare() {
29     # Apply the gentoo patches to the policy. These patches are only necessary
30     # for base policies, or for interface changes on modules.
31     EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
32     EPATCH_SUFFIX="patch" \
33     EPATCH_SOURCE="${WORKDIR}" \
34     EPATCH_FORCE="yes" \
35     epatch
36    
37     cd "${S}/refpolicy"
38     # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
39     # system_r role
40     sed -i -e 's:system_crond_t:system_cronjob_t:g' \
41     "${S}/refpolicy/config/appconfig-standard/default_contexts"
42     sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
43     "${S}/refpolicy/config/appconfig-mls/default_contexts"
44     sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
45     "${S}/refpolicy/config/appconfig-mcs/default_contexts"
46     }
47    
48     src_configure() {
49     [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
50    
51     # Update the SELinux refpolicy capabilities based on the users' USE flags.
52    
53     if ! use peer_perms; then
54     sed -i -e '/network_peer_controls/d' \
55     "${S}/refpolicy/policy/policy_capabilities"
56     fi
57    
58     if ! use open_perms; then
59     sed -i -e '/open_perms/d' \
60     "${S}/refpolicy/policy/policy_capabilities"
61     fi
62    
63     if ! use ubac; then
64     sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
65     || die "Failed to disable User Based Access Control"
66     fi
67    
68     echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
69    
70     # Setup the policies based on the types delivered by the end user.
71     # These types can be "targeted", "strict", "mcs" and "mls".
72     for i in ${POLICY_TYPES}; do
73     cp -a "${S}/refpolicy" "${S}/${i}"
74    
75     cd "${S}/${i}";
76     make conf || die "Make conf in ${i} failed"
77    
78     #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
79     sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
80    
81     sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
82     "${S}/${i}/build.conf" || die "build.conf setup failed."
83    
84     if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
85     then
86     # MCS/MLS require additional settings
87     sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
88     || die "failed to set type to mls"
89     fi
90    
91     if [ "${i}" == "targeted" ]; then
92     sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
93     "${S}/${i}/config/appconfig-standard/seusers" \
94     || die "targeted seusers setup failed."
95     fi
96     done
97     }
98    
99     src_compile() {
100     [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
101    
102     for i in ${POLICY_TYPES}; do
103     cd "${S}/${i}"
104     make base || die "${i} compile failed"
105     if use doc; then
106     make html || die
107     fi
108     done
109     }
110    
111     src_install() {
112     [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
113    
114     for i in ${POLICY_TYPES}; do
115     cd "${S}/${i}"
116    
117     make DESTDIR="${D}" install \
118     || die "${i} install failed."
119    
120     make DESTDIR="${D}" install-headers \
121     || die "${i} headers install failed."
122    
123     echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
124    
125     echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
126    
127     # libsemanage won't make this on its own
128     keepdir "/etc/selinux/${i}/policy"
129    
130     if use doc; then
131     dohtml doc/html/*;
132     fi
133     done
134    
135     dodoc doc/Makefile.example doc/example.{te,fc,if}
136    
137     insinto /etc/selinux
138     doins "${FILESDIR}/config"
139     }
140    
141     pkg_preinst() {
142     has_version "<${CATEGORY}/${PN}-2.20101213-r13"
143     previous_less_than_r13=$?
144     }

  ViewVC Help
Powered by ViewVC 1.1.20