/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r6.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r6.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.4 - (hide annotations) (download)
Sun May 13 11:50:11 2012 UTC (6 years, 5 months ago) by swift
Branch: MAIN
CVS Tags: HEAD
Changes since 1.3: +1 -1 lines
FILE REMOVED
Cleanup older policies

(Portage version: 2.1.10.49/cvs/Linux x86_64)

1 swift 1.1 # Copyright 1999-2011 Gentoo Foundation
2     # Distributed under the terms of the GNU General Public License v2
3 swift 1.4 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20110726-r6.ebuild,v 1.3 2011/12/19 18:17:16 swift Exp $
4 swift 1.1
5     EAPI="4"
6     IUSE="+peer_perms +open_perms +ubac doc"
7    
8     inherit eutils
9    
10     DESCRIPTION="Gentoo base policy for SELinux"
11     HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
12     SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
13     http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PF}.tar.bz2"
14     LICENSE="GPL-2"
15     SLOT="0"
16    
17 swift 1.3 KEYWORDS="amd64 x86"
18 swift 1.1
19     RDEPEND=">=sys-apps/policycoreutils-1.30.30
20     >=sys-fs/udev-151"
21     DEPEND="${RDEPEND}
22     sys-devel/m4
23     >=sys-apps/checkpolicy-1.30.12"
24    
25     S=${WORKDIR}/
26    
27     src_prepare() {
28     # Apply the gentoo patches to the policy. These patches are only necessary
29     # for base policies, or for interface changes on modules.
30     EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
31     EPATCH_SUFFIX="patch" \
32     EPATCH_SOURCE="${WORKDIR}" \
33     EPATCH_FORCE="yes" \
34     epatch
35    
36     cd "${S}/refpolicy"
37     # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
38     # system_r role
39     sed -i -e 's:system_crond_t:system_cronjob_t:g' \
40     "${S}/refpolicy/config/appconfig-standard/default_contexts"
41     sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
42     "${S}/refpolicy/config/appconfig-mls/default_contexts"
43     sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
44     "${S}/refpolicy/config/appconfig-mcs/default_contexts"
45     }
46    
47     src_configure() {
48     [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
49    
50     # Update the SELinux refpolicy capabilities based on the users' USE flags.
51    
52     if ! use peer_perms; then
53     sed -i -e '/network_peer_controls/d' \
54     "${S}/refpolicy/policy/policy_capabilities"
55     fi
56    
57     if ! use open_perms; then
58     sed -i -e '/open_perms/d' \
59     "${S}/refpolicy/policy/policy_capabilities"
60     fi
61    
62     if ! use ubac; then
63     sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
64     || die "Failed to disable User Based Access Control"
65     fi
66    
67     echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
68    
69     # Setup the policies based on the types delivered by the end user.
70     # These types can be "targeted", "strict", "mcs" and "mls".
71     for i in ${POLICY_TYPES}; do
72     cp -a "${S}/refpolicy" "${S}/${i}"
73    
74     cd "${S}/${i}";
75     make conf || die "Make conf in ${i} failed"
76    
77     # Define what we see as "base" and what we want to remain modular.
78     cp "${FILESDIR}/modules.conf" \
79     "${S}/${i}/policy/modules.conf" \
80     || die "failed to set up modules.conf"
81     # In case of "targeted", we add the "unconfined" to the base policy
82     if [[ "${i}" == "targeted" ]];
83     then
84     echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
85     fi
86    
87     sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
88     "${S}/${i}/build.conf" || die "build.conf setup failed."
89    
90     if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
91     then
92     # MCS/MLS require additional settings
93     sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
94     || die "failed to set type to mls"
95     fi
96    
97     if [ "${i}" == "targeted" ]; then
98     sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
99     "${S}/${i}/config/appconfig-standard/seusers" \
100     || die "targeted seusers setup failed."
101     fi
102     done
103     }
104    
105     src_compile() {
106     [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
107    
108     for i in ${POLICY_TYPES}; do
109     cd "${S}/${i}"
110     make base || die "${i} compile failed"
111     if use doc; then
112     make html || die
113     fi
114     done
115     }
116    
117     src_install() {
118     [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
119    
120     for i in ${POLICY_TYPES}; do
121     cd "${S}/${i}"
122    
123     make DESTDIR="${D}" install \
124     || die "${i} install failed."
125    
126     make DESTDIR="${D}" install-headers \
127     || die "${i} headers install failed."
128    
129     echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
130    
131     echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
132    
133     # libsemanage won't make this on its own
134     keepdir "/etc/selinux/${i}/policy"
135    
136     if use doc; then
137     dohtml doc/html/*;
138     fi
139     done
140    
141     dodoc doc/Makefile.example doc/example.{te,fc,if}
142    
143     insinto /etc/selinux
144     doins "${FILESDIR}/config"
145     }
146    
147     pkg_preinst() {
148     has_version "<${CATEGORY}/${PN}-2.20101213-r13"
149     previous_less_than_r13=$?
150     }
151    
152     pkg_postinst() {
153     [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
154    
155     for i in ${POLICY_TYPES}; do
156     einfo "Inserting base module into ${i} module store."
157    
158     cd "${ROOT}/usr/share/selinux/${i}"
159     semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
160     done
161     elog "Updates on policies might require you to relabel files. If you, after"
162     elog "installing new SELinux policies, get 'permission denied' errors,"
163     elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
164     }

  ViewVC Help
Powered by ViewVC 1.1.20