Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sec-policy
diff options
context:
space:
mode:
authorChris PeBenito <pebenito@gentoo.org>2004-02-10 03:50:06 +0000
committerChris PeBenito <pebenito@gentoo.org>2004-02-10 03:50:06 +0000
commit61f1e844784d70ab4fbafec70b8a1de9f63e2b35 (patch)
tree0a8b383572ed0b55b6a9cd392b17cdfc0c26a249 /sec-policy
parentx86/ppc/hppa stable (diff)
downloadhistorical-61f1e844784d70ab4fbafec70b8a1de9f63e2b35.tar.gz
historical-61f1e844784d70ab4fbafec70b8a1de9f63e2b35.tar.bz2
historical-61f1e844784d70ab4fbafec70b8a1de9f63e2b35.zip
minor update
Diffstat (limited to 'sec-policy')
-rw-r--r--sec-policy/selinux-base-policy/ChangeLog9
-rw-r--r--sec-policy/selinux-base-policy/Manifest11
-rw-r--r--sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20031010-r11
-rw-r--r--sec-policy/selinux-base-policy/files/digest-selinux-base-policy-200312251
-rw-r--r--sec-policy/selinux-base-policy/files/digest-selinux-base-policy-200402021
-rw-r--r--sec-policy/selinux-base-policy/files/digest-selinux-base-policy-200402091
-rw-r--r--sec-policy/selinux-base-policy/files/selinux-base-policy-20031010-cvs.diff99
-rw-r--r--sec-policy/selinux-base-policy/selinux-base-policy-20031010-r1.ebuild71
-rw-r--r--sec-policy/selinux-base-policy/selinux-base-policy-20031225.ebuild72
-rw-r--r--sec-policy/selinux-base-policy/selinux-base-policy-20040209.ebuild (renamed from sec-policy/selinux-base-policy/selinux-base-policy-20040202.ebuild)4
10 files changed, 14 insertions, 256 deletions
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index cc362f707543..23da65177fa3 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sec-policy/selinux-base-policy
# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.14 2004/02/07 23:13:58 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.15 2004/02/10 03:50:04 pebenito Exp $
+
+*selinux-base-policy-20040209 (09 Feb 2004)
+
+ 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ selinux-base-policy-20040209.ebuild:
+ Minor revision to add XFS labeling and policy for integrated
+ runscript-run_init.
07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
selinux-base-policy-20040202.ebuild:
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index a4f69a58e73c..7755e6c5eef1 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -1,9 +1,4 @@
-MD5 b7cf9f5189f5c3520d31dd96397796d2 ChangeLog 5384
-MD5 6bdbcf497a0768287d05253ed9993855 selinux-base-policy-20031225.ebuild 2265
-MD5 b41407492ee68b770b6db8630fc0c77f selinux-base-policy-20040202.ebuild 2263
+MD5 e65e595d2685d89f4b82769aa63aed14 ChangeLog 5606
MD5 808b5f7f5d6654666e9193672d463229 metadata.xml 473
-MD5 cf680c66e6bb71484cd79a66b893a8db selinux-base-policy-20031010-r1.ebuild 2226
-MD5 3aaac443a8a784e9b57152783ec6a783 files/digest-selinux-base-policy-20040202 80
-MD5 09e663114ddafd06e4686e4bafefebf1 files/digest-selinux-base-policy-20031225 80
-MD5 58ed8d91932fc65a3cf102265e86ef3a files/digest-selinux-base-policy-20031010-r1 80
-MD5 73ed970a243dc34033a2f2c29f5b63e1 files/selinux-base-policy-20031010-cvs.diff 4268
+MD5 80b2d56e3e7d6af2a82ef2fdeecbf7f8 selinux-base-policy-20040209.ebuild 2262
+MD5 ea0721d8ef8dbf149f81258e0d3fa86c files/digest-selinux-base-policy-20040209 80
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20031010-r1 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20031010-r1
deleted file mode 100644
index a5a9e2f5961f..000000000000
--- a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20031010-r1
+++ /dev/null
@@ -1 +0,0 @@
-MD5 50cff5131904b9d20bae580edad5cd37 selinux-base-policy-20031010.tar.bz2 58084
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20031225 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20031225
deleted file mode 100644
index 750ee996cae0..000000000000
--- a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20031225
+++ /dev/null
@@ -1 +0,0 @@
-MD5 9f559174c3f48736eafd3e35fe2c7c6f selinux-base-policy-20031225.tar.bz2 60974
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040202 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040202
deleted file mode 100644
index 413c0b49d783..000000000000
--- a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040202
+++ /dev/null
@@ -1 +0,0 @@
-MD5 5b208058ff2889761ff69c0ea6a8830e selinux-base-policy-20040202.tar.bz2 61252
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040209 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040209
new file mode 100644
index 000000000000..22abc1cd70b1
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20040209
@@ -0,0 +1 @@
+MD5 8e4249edef338e7b3812c89863ed6d20 selinux-base-policy-20040209.tar.bz2 60580
diff --git a/sec-policy/selinux-base-policy/files/selinux-base-policy-20031010-cvs.diff b/sec-policy/selinux-base-policy/files/selinux-base-policy-20031010-cvs.diff
deleted file mode 100644
index 655a8a406677..000000000000
--- a/sec-policy/selinux-base-policy/files/selinux-base-policy-20031010-cvs.diff
+++ /dev/null
@@ -1,99 +0,0 @@
-diff --exclude=CVS -urN base-policy.old/domains/program/portage.te base-policy/domains/program/portage.te
---- base-policy.old/domains/program/portage.te 2003-09-30 20:10:50.000000000 -0500
-+++ base-policy/domains/program/portage.te 2003-11-01 22:55:33.000000000 -0600
-@@ -34,11 +34,12 @@
- can_exec(portage_t,portage_lib_t)
- can_network(portage_t)
- can_create_pty(portage)
-+general_domain_access(portage_t)
- general_proc_read_access(portage_t)
- can_tcp_connect(portage_t,portage_t)
-
- allow portage_t self:process { fork setpgid setsched signal_perms };
--allow portage_t portage_t:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
-+allow portage_t portage_t:capability { fowner fsetid mknod setgid setuid chown dac_override dac_read_search net_raw };
- allow portage_t shell_exec_t:file entrypoint;
- allow portage_t fs_t:filesystem getattr;
- allow portage_t privfd:fd use;
-@@ -48,6 +49,9 @@
- # read/write/create any files in the system
- can_setfscreate(portage_t)
- create_dir_notdevfile(portage_t,file_type)
-+allow portage_t security_t:dir r_dir_perms;
-+allow portage_t security_t:file getattr;
-+allow portage_t shadow_t:file getattr;
-
- # allow portage to compile and load policy, and run setfiles -r
- ifdef(`setfiles.te',`
-@@ -90,11 +94,6 @@
- #role_tty_type_change(portage,staff)
- #role_tty_type_change(staff,portage)
-
--# ZZZ uncomment to allow transitions between portage_r and user_r
--# still need to give individual users role access in the users file
--#role_tty_type_change(portage,user)
--#role_tty_type_change(user,portage)
--
- # sysadm_t needs to access portage for qpkg, rlpkg.
- allow sysadm_t { portage_cache_t portage_db_t }:file { read ioctl };
- allow sysadm_t portage_lib_t:file rx_file_perms;
-@@ -102,15 +101,8 @@
- dontaudit sysadm_t portage_cache_t:file write;
-
- # various ipc and networking stuff (esp needed for compiling perl):
--allow portage_t self:sem create_sem_perms;
--allow portage_t self:shm create_shm_perms;
--allow portage_t self:msgq create_msgq_perms;
--allow portage_t self:unix_dgram_socket { create_socket_perms connect sendto };
--allow portage_t self:unix_stream_socket { create_stream_socket_perms connectto };
--allow portage_t self:fifo_file { read write getattr };
- allow portage_t self:rawip_socket { create ioctl };
- allow portage_t self:udp_socket recvfrom;
--allow portage_t self:msg { send receive };
- allow portage_t syslogd_t:unix_dgram_socket sendto;
-
- # /dev/null and zero access (gcc compile writes to zero, why?)
-@@ -119,13 +111,9 @@
- allow portage_t random_device_t:chr_file r_file_perms;
-
- # merging baselayout will need this:
--r_dir_file(portage_t,proc_t)
- allow portage_t proc_t:dir write;
- can_exec(portage_t,init_exec_t)
-
--# misc
--allow portage_t portage_tmp_t:dir ioctl;
--
- # seems to work ok without these
- dontaudit portage_t { sysctl_t sysctl_kernel_t device_t }:dir search;
- dontaudit portage_t sysctl_kernel_t:file r_file_perms;
-@@ -134,3 +122,13 @@
- dontaudit portage_t domain:dir r_dir_perms;
- dontaudit portage_t domain:notdevfile_class_set r_file_perms;
- dontaudit portage_t kernel_t:system syslog_read;
-+
-+# temp bandaid fixes for portage sloppiness
-+dontaudit setfiles_t portage_cache_t:file read;
-+dontaudit ldconfig_t portage_cache_t:file read;
-+dontaudit checkpolicy_t portage_cache_t:file read;
-+dontaudit useradd_t portage_cache_t:file read;
-+dontaudit groupadd_t portage_cache_t:file read;
-+dontaudit setfiles_t portage_db_t:file write;
-+dontaudit useradd_t portage_db_t:file write;
-+dontaudit groupadd_t portage_db_t:file write;
-diff --exclude=CVS -urN base-policy.old/file_contexts/types.fc base-policy/file_contexts/types.fc
---- base-policy.old/file_contexts/types.fc 2003-10-07 14:07:44.000000000 -0500
-+++ base-policy/file_contexts/types.fc 2003-10-19 23:05:47.000000000 -0500
-@@ -232,10 +279,8 @@
- #
- # gentoo-specific gcc stuff
- #
--/usr/i[3-6]86-pc-linux-gnu/bin(/.*)? system_u:object_r:bin_t
--/usr/i[3-6]86-pc-linux-gnu/gcc-bin/.*(/.*)? system_u:object_r:bin_t
--/usr/powerpc-unknown-linux-gnu/bin(/.*)? system_u:object_r:bin_t
--/usr/powerpc-unknown-linux-gnu/gcc-bin/.*(/.*)? system_u:object_r:bin_t
-+/usr/.*-.*-linux-gnu/bin(/.*)? system_u:object_r:bin_t
-+/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? system_u:object_r:bin_t
-
- #
- # /usr/.*glibc.*-linux/lib
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-20031010-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-20031010-r1.ebuild
deleted file mode 100644
index e14c3294c9e0..000000000000
--- a/sec-policy/selinux-base-policy/selinux-base-policy-20031010-r1.ebuild
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-20031010-r1.ebuild,v 1.2 2003/11/27 17:51:43 pebenito Exp $
-
-IUSE="build"
-
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
-SRC_URI="mirror://gentoo/${P}.tar.bz2"
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="x86 ppc sparc"
-DEPEND="build? ( sys-devel/make )"
-RDEPEND="sys-devel/m4
- sys-devel/make"
-
-S=${WORKDIR}/base-policy
-
-[ -z ${POLICYDIR} ] && POLICYDIR="/etc/security/selinux/src/policy"
-
-src_unpack() {
- unpack ${A}
- cd ${S}
- epatch ${FILESDIR}/${P}-cvs.diff
-}
-
-src_install() {
- if use build; then
- # generate a file_contexts
- dodir ${POLICYDIR}/file_contexts
- einfo "Ignore the checkpolicy error on the next line."
- make -C ${S} \
- FC=${D}/${POLICYDIR}/file_contexts/file_contexts \
- ${D}/${POLICYDIR}/file_contexts/file_contexts
-
- [ ! -f ${D}/${POLICYDIR}/file_contexts/file_contexts ] && \
- die "file_contexts was not generated."
- else
- # install full policy
- dodir /etc/security/selinux/src
-
- insinto /etc/security
- doins ${S}/appconfig/*
-
- cp -a ${S} ${D}/${POLICYDIR}
- rm -fR ${D}/${POLICYDIR}/appconfig
- fi
-}
-
-pkg_postinst() {
- echo
- einfo "This is the base policy for SELinux on Gentoo. This policy"
- einfo "package only covers the applications in the system profile."
- einfo "More policy may need to be added according to your requirements."
- echo
- eerror "It is STRONGLY suggested that you evaluate and merge the"
- eerror "policy changes. If any of the file contexts (*.fc) have"
- eerror "changed, you should also relabel."
- echo
- ewarn "Please check the Changelog, there may be important information."
- echo
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- sleep 8
-}
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-20031225.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-20031225.ebuild
deleted file mode 100644
index bbf886b33379..000000000000
--- a/sec-policy/selinux-base-policy/selinux-base-policy-20031225.ebuild
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 1999-2004 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-20031225.ebuild,v 1.2 2004/01/17 06:26:55 pebenito Exp $
-
-IUSE="build"
-
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
-SRC_URI="mirror://gentoo/${P}.tar.bz2"
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~x86 ~ppc ~sparc"
-DEPEND="build? ( sys-devel/make )"
-RDEPEND="sys-devel/m4
- sys-devel/make
- !build? ( >=sys-libs/pam-0.77 )"
-
-S=${WORKDIR}/base-policy
-
-[ -z ${POLICYDIR} ] && POLICYDIR="/etc/security/selinux/src/policy"
-
-#src_unpack() {
-# unpack ${A}
-# cd ${S}
-# epatch ${FILESDIR}/${P}-cvs.diff
-#}
-
-src_install() {
- if use build; then
- # generate a file_contexts
- dodir ${POLICYDIR}/file_contexts
- einfo "Ignore the checkpolicy error on the next line."
- make -C ${S} \
- FC=${D}/${POLICYDIR}/file_contexts/file_contexts \
- ${D}/${POLICYDIR}/file_contexts/file_contexts
-
- [ ! -f ${D}/${POLICYDIR}/file_contexts/file_contexts ] && \
- die "file_contexts was not generated."
- else
- # install full policy
- dodir /etc/security/selinux/src
-
- insinto /etc/security
- doins ${S}/appconfig/*
-
- cp -a ${S} ${D}/${POLICYDIR}
- rm -fR ${D}/${POLICYDIR}/appconfig
- fi
-}
-
-pkg_postinst() {
- echo
- einfo "This is the base policy for SELinux on Gentoo. This policy"
- einfo "package only covers the applications in the system profile."
- einfo "More policy may need to be added according to your requirements."
- echo
- eerror "It is STRONGLY suggested that you evaluate and merge the"
- eerror "policy changes. If any of the file contexts (*.fc) have"
- eerror "changed, you should also relabel."
- echo
- ewarn "Please check the Changelog, there may be important information."
- echo
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
- sleep 8
-}
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-20040202.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-20040209.ebuild
index 86ee90510606..b9f8bd5fd900 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-20040202.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-20040209.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-20040202.ebuild,v 1.2 2004/02/07 23:13:58 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-20040209.ebuild,v 1.1 2004/02/10 03:50:04 pebenito Exp $
IUSE="build"
@@ -9,7 +9,7 @@ HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
SRC_URI="mirror://gentoo/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="x86 ppc ~sparc"
+KEYWORDS="x86 ppc sparc"
DEPEND="build? ( sys-devel/make )"
RDEPEND="sys-devel/m4
sys-devel/make