/[gentoo-x86]/sec-policy/selinux-base/selinux-base-9999.ebuild
Gentoo

Contents of /sec-policy/selinux-base/selinux-base-9999.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Sat Oct 13 16:30:53 2012 UTC (18 months ago) by swift
Branch: MAIN
Adding live ebuilds for SELinux policies

(Portage version: 2.1.11.9/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r13.ebuild,v 1.1 2012/02/23 18:17:40 swift Exp $
4 EAPI="4"
5
6 inherit eutils git-2
7
8 IUSE="+peer_perms +open_perms +ubac doc"
9
10 DESCRIPTION="Gentoo base policy for SELinux"
11 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
12 EGIT_REPO_URI="git://git.overlays.gentoo.org/proj/hardened-refpolicy.git"
13 EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
14 LICENSE="GPL-2"
15 SLOT="0"
16
17 KEYWORDS=""
18
19 RDEPEND=">=sys-apps/policycoreutils-2.1.10
20 >=sys-fs/udev-151
21 !<=sec-policy/selinux-base-policy-2.20120725"
22 DEPEND="${RDEPEND}
23 sys-devel/m4
24 >=sys-apps/checkpolicy-2.1.8"
25
26 S=${WORKDIR}/
27
28 src_unpack() {
29 git-2_src_unpack
30 }
31
32 src_prepare() {
33 cd "${S}/refpolicy"
34 # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
35 # system_r role
36 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
37 "${S}/refpolicy/config/appconfig-standard/default_contexts"
38 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
39 "${S}/refpolicy/config/appconfig-mls/default_contexts"
40 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
41 "${S}/refpolicy/config/appconfig-mcs/default_contexts"
42 }
43
44 src_configure() {
45 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
46
47 # Update the SELinux refpolicy capabilities based on the users' USE flags.
48
49 if ! use peer_perms; then
50 sed -i -e '/network_peer_controls/d' \
51 "${S}/refpolicy/policy/policy_capabilities"
52 fi
53
54 if ! use open_perms; then
55 sed -i -e '/open_perms/d' \
56 "${S}/refpolicy/policy/policy_capabilities"
57 fi
58
59 if ! use ubac; then
60 sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
61 || die "Failed to disable User Based Access Control"
62 fi
63
64 echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
65
66 # Setup the policies based on the types delivered by the end user.
67 # These types can be "targeted", "strict", "mcs" and "mls".
68 for i in ${POLICY_TYPES}; do
69 cp -a "${S}/refpolicy" "${S}/${i}"
70
71 cd "${S}/${i}";
72 make conf || die "Make conf in ${i} failed"
73
74 #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
75 sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
76
77 sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
78 "${S}/${i}/build.conf" || die "build.conf setup failed."
79
80 if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
81 then
82 # MCS/MLS require additional settings
83 sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
84 || die "failed to set type to mls"
85 fi
86
87 if [ "${i}" == "targeted" ]; then
88 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
89 "${S}/${i}/config/appconfig-standard/seusers" \
90 || die "targeted seusers setup failed."
91 fi
92 done
93 }
94
95 src_compile() {
96 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
97
98 for i in ${POLICY_TYPES}; do
99 cd "${S}/${i}"
100 make base || die "${i} compile failed"
101 if use doc; then
102 make html || die
103 fi
104 done
105 }
106
107 src_install() {
108 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
109
110 for i in ${POLICY_TYPES}; do
111 cd "${S}/${i}"
112
113 make DESTDIR="${D}" install \
114 || die "${i} install failed."
115
116 make DESTDIR="${D}" install-headers \
117 || die "${i} headers install failed."
118
119 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
120
121 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
122
123 # libsemanage won't make this on its own
124 keepdir "/etc/selinux/${i}/policy"
125
126 if use doc; then
127 dohtml doc/html/*;
128 fi
129
130 insinto /usr/share/selinux/devel;
131 doins doc/policy.xml;
132
133 done
134
135 dodoc doc/Makefile.example doc/example.{te,fc,if}
136
137 insinto /etc/selinux
138 doins "${FILESDIR}/config"
139 }
140
141 pkg_preinst() {
142 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
143 previous_less_than_r13=$?
144 }

  ViewVC Help
Powered by ViewVC 1.1.20