/[gentoo-x86]/sec-policy/selinux-base/selinux-base-2.20120725-r5.ebuild
Gentoo

Contents of /sec-policy/selinux-base/selinux-base-2.20120725-r5.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Thu Oct 4 18:29:39 2012 UTC (2 years, 2 months ago) by swift
Branch: MAIN
Changes since 1.1: +2 -2 lines
Stabilization of r5 policy

(Portage version: 2.1.11.9/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20120725-r5.ebuild,v 1.1 2012/09/22 09:27:12 swift Exp $
4 EAPI="4"
5
6 inherit eutils
7
8 IUSE="+peer_perms +open_perms +ubac doc"
9
10 DESCRIPTION="Gentoo base policy for SELinux"
11 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
12 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
13 http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
14 LICENSE="GPL-2"
15 SLOT="0"
16
17 KEYWORDS="amd64 x86"
18
19 RDEPEND=">=sys-apps/policycoreutils-2.1.10
20 >=sys-fs/udev-151
21 !<=sec-policy/selinux-base-policy-2.20120725"
22 DEPEND="${RDEPEND}
23 sys-devel/m4
24 >=sys-apps/checkpolicy-2.1.8"
25
26 S=${WORKDIR}/
27
28 src_prepare() {
29 # Apply the gentoo patches to the policy. These patches are only necessary
30 # for base policies, or for interface changes on modules.
31 EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
32 EPATCH_SUFFIX="patch" \
33 EPATCH_SOURCE="${WORKDIR}" \
34 EPATCH_FORCE="yes" \
35 epatch
36
37 cd "${S}/refpolicy"
38 # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
39 # system_r role
40 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
41 "${S}/refpolicy/config/appconfig-standard/default_contexts"
42 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
43 "${S}/refpolicy/config/appconfig-mls/default_contexts"
44 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
45 "${S}/refpolicy/config/appconfig-mcs/default_contexts"
46 }
47
48 src_configure() {
49 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
50
51 # Update the SELinux refpolicy capabilities based on the users' USE flags.
52
53 if ! use peer_perms; then
54 sed -i -e '/network_peer_controls/d' \
55 "${S}/refpolicy/policy/policy_capabilities"
56 fi
57
58 if ! use open_perms; then
59 sed -i -e '/open_perms/d' \
60 "${S}/refpolicy/policy/policy_capabilities"
61 fi
62
63 if ! use ubac; then
64 sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
65 || die "Failed to disable User Based Access Control"
66 fi
67
68 echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
69
70 # Setup the policies based on the types delivered by the end user.
71 # These types can be "targeted", "strict", "mcs" and "mls".
72 for i in ${POLICY_TYPES}; do
73 cp -a "${S}/refpolicy" "${S}/${i}"
74
75 cd "${S}/${i}";
76 make conf || die "Make conf in ${i} failed"
77
78 #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
79 sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
80
81 sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
82 "${S}/${i}/build.conf" || die "build.conf setup failed."
83
84 if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
85 then
86 # MCS/MLS require additional settings
87 sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
88 || die "failed to set type to mls"
89 fi
90
91 if [ "${i}" == "targeted" ]; then
92 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
93 "${S}/${i}/config/appconfig-standard/seusers" \
94 || die "targeted seusers setup failed."
95 fi
96 done
97 }
98
99 src_compile() {
100 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
101
102 for i in ${POLICY_TYPES}; do
103 cd "${S}/${i}"
104 make base || die "${i} compile failed"
105 if use doc; then
106 make html || die
107 fi
108 done
109 }
110
111 src_install() {
112 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
113
114 for i in ${POLICY_TYPES}; do
115 cd "${S}/${i}"
116
117 make DESTDIR="${D}" install \
118 || die "${i} install failed."
119
120 make DESTDIR="${D}" install-headers \
121 || die "${i} headers install failed."
122
123 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
124
125 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
126
127 # libsemanage won't make this on its own
128 keepdir "/etc/selinux/${i}/policy"
129
130 if use doc; then
131 dohtml doc/html/*;
132 fi
133
134 insinto /usr/share/selinux/devel;
135 doins doc/policy.xml;
136
137 done
138
139 dodoc doc/Makefile.example doc/example.{te,fc,if}
140
141 insinto /etc/selinux
142 doins "${FILESDIR}/config"
143 }
144
145 pkg_preinst() {
146 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
147 previous_less_than_r13=$?
148 }

  ViewVC Help
Powered by ViewVC 1.1.20