add experimental policy

Package-Manager: portage-2.1_pre4

5 files changed, 112 insertions, 0 deletions

diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
new file mode 100644
index 000000000000..41e69934447d
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/config
@@ -0,0 +1,12 @@
+# This file controls the state of SELinux on the system on boot.
+
+# SELINUX can take one of these three values:
+#	enforcing - SELinux security policy is enforced.
+#	permissive - SELinux prints warnings instead of enforcing.
+#	disabled - No SELinux policy is loaded.
+SELINUX=permissive
+
+# SELINUXTYPE can take one of these two values:
+#	targeted - Only targeted network daemons are protected.
+#	strict - Full SELinux protection.
+SELINUXTYPE=strict
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-99999999 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-99999999
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-99999999
diff --git a/sec-policy/selinux-base-policy/files/modules.conf.strict b/sec-policy/selinux-base-policy/files/modules.conf.strict
new file mode 100644
index 000000000000..48168692b6fc
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.strict
@@ -0,0 +1,43 @@
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+storage = base
+su = base
+sysnetwork = base
+terminal = base
+udev = base
+userdomain = base
+usermanage = base
diff --git a/sec-policy/selinux-base-policy/files/modules.conf.targeted b/sec-policy/selinux-base-policy/files/modules.conf.targeted
new file mode 100644
index 000000000000..a307f9f57eb3
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/modules.conf.targeted
@@ -0,0 +1,44 @@
+authlogin = base
+bootloader = base
+clock = base
+consoletype = base
+corecommands = base
+corenetwork = base
+cron = base
+devices = base
+dmesg = base
+domain = base
+files = base
+filesystem = base
+fstools = base
+getty = base
+hostname = base
+hotplug = base
+init = base
+iptables = base
+kernel = base
+libraries = base
+locallogin = base
+logging = base
+lvm = base
+miscfiles = base
+mls = base
+modutils = base
+mount = base
+mta = base
+netutils = base
+nscd = base
+portage = base
+raid = base
+rsync = base
+selinux = base
+selinuxutil = base
+ssh = base
+storage = base
+su = base
+sysnetwork = base
+terminal = base
+udev = base
+unconfined = base
+userdomain = base
+usermanage = base
diff --git a/sec-policy/selinux-base-policy/files/semanage.conf b/sec-policy/selinux-base-policy/files/semanage.conf
new file mode 100644
index 000000000000..b01ffe0fc031
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/semanage.conf
@@ -0,0 +1,13 @@
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+#  "source"     - libsemanage manipulates a source SELinux policy
+#  "direct"     - libsemanage will write directly to a module store.
+#  /foo/bar     - Write by way of a policy management server, whose
+#                 named socket is at /foo/bar.  The path must begin
+#                 with a '/'.
+#  foo.com:4242 - Establish a TCP connection to a remote policy
+#                 management server at foo.com.  If there is a colon
+#                 then the remainder is interpreted as a port number;
+#                 otherwise default to port 4242.
+module-store = direct