Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sec-policy/selinux-base-policy
diff options
context:
space:
mode:
authorJason Zaman <perfinion@gentoo.org>2022-03-30 20:43:09 -0700
committerJason Zaman <perfinion@gentoo.org>2022-03-30 20:46:03 -0700
commit6bdba56deab946ff743494afb96ff6a50d0f7a56 (patch)
tree2a6a80f455bc8cc56972d8e22916b52f68405988 /sec-policy/selinux-base-policy
parentapp-admin/salt: add 3003.4 (diff)
downloadgentoo-6bdba56deab946ff743494afb96ff6a50d0f7a56.tar.gz
gentoo-6bdba56deab946ff743494afb96ff6a50d0f7a56.tar.bz2
gentoo-6bdba56deab946ff743494afb96ff6a50d0f7a56.zip
sec-policy: Release of SELinux policies 2.20220106-r2
Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'sec-policy/selinux-base-policy')
-rw-r--r--sec-policy/selinux-base-policy/Manifest1
-rw-r--r--sec-policy/selinux-base-policy/selinux-base-policy-2.20220106-r2.ebuild141
2 files changed, 142 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 131e71c09953..227fccb4ae3d 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -2,6 +2,7 @@ DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST patchbundle-selinux-base-policy-2.20210908-r1.tar.bz2 295091 BLAKE2B 649d9a1d9190aac4a42d460b0609175bb7e1a32624d7504ebfa294741ed5fc2eec286471af1b9128f4cdb9845240b37353a8e641e111b9e53250607c34257baf SHA512 5c9cbd97ece391a2ba0f3586bf19811a2425b9c94c9beafa781dd7b175d7572a46e31a46e8f8671a4b7e122186574f5098a247fee62e1be8afc89233d71effb9
DIST patchbundle-selinux-base-policy-2.20220106-r1.tar.bz2 299683 BLAKE2B 9e48733878e2f809b8634a1e96a4b1bb2fc3e866e562a6ac9449da8d4af591cbe7de380384fabec50c7a7c67733253f82024ce62dee51fc73e35e0653626ff6c SHA512 314c639e08b15a94656e467e81857241b242020884c0e40272cfb422cccc35f2d4a5f067dc6ebdf8926335a65d737c233d1df75f69b356509e07fd60b46b07bf
+DIST patchbundle-selinux-base-policy-2.20220106-r2.tar.bz2 436316 BLAKE2B 07d6ba7a5fa8e8213e922bfd4c698b73c1cdf598ceaa5efe98be095b51aafa446af8ea7217dcc2bc001bfadaa250bfcc8b8dea3d9aa630384f8cdf139512170d SHA512 68a71d098ae09b034cb57f8e38c06b23a6584f5538b94a44fb1e48e48c718f2b37eb5e38931e55e8769481ebf0ed8c8642cfa85a45ac23a71be31cc35380fbad
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc
DIST refpolicy-2.20210908.tar.bz2 556375 BLAKE2B 12791eeed54204ef075b2d95a738c7d5007d48630d2a60d7e698bcb909dda0abcc15233811a91f4646415ab3daabe2cac46fbfbd04e61f71782e729c0209f99d SHA512 7b84330ca5dd631629302f342a11bf6211cf0711ff3f3273d63ddb072e84c8fe8bef48d511b264affc82090ee51036a09421f81878e10b0c047f572d7720de96
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20220106-r2.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20220106-r2.ebuild
new file mode 100644
index 000000000000..c6f79d31df40
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20220106-r2.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+if [[ ${PV} == 9999* ]]; then
+ EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+ EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+ EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+ inherit git-r3
+else
+ SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
+ https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
+ KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
+fi
+
+HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
+DESCRIPTION="SELinux policy for core modules"
+
+IUSE="systemd +unconfined"
+
+PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
+DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ sys-apps/checkpolicy
+ sys-devel/m4"
+
+MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
+DEL_MODS="hotplug"
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+
+# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
+# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
+# added) needs to remain then.
+
+pkg_pretend() {
+ for i in ${POLICY_TYPES}; do
+ if [[ "${i}" == "targeted" ]] && ! use unconfined; then
+ die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
+ fi
+ done
+}
+
+src_prepare() {
+ local modfiles
+
+ if [[ ${PV} != 9999* ]]; then
+ einfo "Applying SELinux policy updates ... "
+ eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
+ fi
+
+ eapply_user
+
+ # Collect only those files needed for this particular module
+ for i in ${MODS}; do
+ modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
+ modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+ done
+
+ for i in ${DEL_MODS}; do
+ [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}"
+ done
+
+ for i in ${POLICY_TYPES}; do
+ mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
+ cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
+ || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
+
+ cp ${modfiles} "${S}"/${i} \
+ || die "Failed to copy the module files to ${S}/${i}"
+ done
+}
+
+src_compile() {
+ for i in ${POLICY_TYPES}; do
+ emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i}
+ done
+}
+
+src_install() {
+ local BASEDIR="/usr/share/selinux"
+
+ for i in ${POLICY_TYPES}; do
+ for j in ${MODS}; do
+ einfo "Installing ${i} ${j} policy package"
+ insinto ${BASEDIR}/${i}
+ doins "${S}"/${i}/${j}.pp
+ done
+ done
+}
+
+pkg_postinst() {
+ # Set root path and don't load policy into the kernel when cross compiling
+ local root_opts=""
+ if [[ "${ROOT}" != "" ]]; then
+ root_opts="-p ${ROOT} -n"
+ fi
+
+ # Override the command from the eclass, we need to load in base as well here
+ local COMMAND="-i base.pp"
+ if has_version "<sys-apps/policycoreutils-2.5"; then
+ COMMAND="-b base.pp"
+ fi
+
+ for i in ${MODS}; do
+ COMMAND="${COMMAND} -i ${i}.pp"
+ done
+
+ for i in ${POLICY_TYPES}; do
+ einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
+
+ cd "${ROOT}/usr/share/selinux/${i}"
+
+ semodule ${root_opts} -s ${i} ${COMMAND}
+
+ for mod in ${DEL_MODS}; do
+ if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
+ einfo "Removing obsolete ${i} ${mod} policy package"
+ semodule ${root_opts} -s ${i} -r ${mod}
+ fi
+ done
+ done
+
+ # Don't relabel when cross compiling
+ if [[ "${ROOT}" == "" ]]; then
+ # Relabel depending packages
+ local PKGSET="";
+ if [[ -x /usr/bin/qdepends ]] ; then
+ PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ elif [[ -x /usr/bin/equery ]] ; then
+ PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ fi
+ if [[ -n "${PKGSET}" ]] ; then
+ rlpkg ${PKGSET};
+ fi
+ fi
+}