summaryrefslogtreecommitdiff
path: root/sec-policy/selinux-base
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-01-15 15:51:32 +0000
committerV3n3RiX <venerix@redcorelinux.org>2020-01-15 15:51:32 +0000
commit21435953e16cda318a82334ddbadb3b5c36d9ea7 (patch)
treee1810a4b135afce04b34862ef0fab2bfaeb8aeca /sec-policy/selinux-base
parent7bc9c63c9da678a7e6fceb095d56c634afd22c56 (diff)
gentoo resync : 15.01.2020
Diffstat (limited to 'sec-policy/selinux-base')
-rw-r--r--sec-policy/selinux-base/Manifest4
-rw-r--r--sec-policy/selinux-base/metadata.xml1
-rw-r--r--sec-policy/selinux-base/selinux-base-9999.ebuild15
3 files changed, 9 insertions, 11 deletions
diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest
index cf9b5dac2342..eecac315d704 100644
--- a/sec-policy/selinux-base/Manifest
+++ b/sec-policy/selinux-base/Manifest
@@ -15,5 +15,5 @@ EBUILD selinux-base-2.20180114-r3.ebuild 4123 BLAKE2B c2c01645221cad12c3f4249cb6
EBUILD selinux-base-2.20180701-r1.ebuild 4129 BLAKE2B 272e1866b03954f2e3a86d6f059738f627a69fee4a9e31299c597bdf16b831f23923a365682377bab772f5091d2469d34a7076f944bf0148b7a3197271687864 SHA512 5f4cc117086fcc09c91ec1a1cdb61c8f6dbe7219c64382fc44274065879aea3932ddb9bbe91411c5bc2c03f025f6728e25b9a4957d38a7fbc2cf86206b81c72b
EBUILD selinux-base-2.20180701-r2.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682
EBUILD selinux-base-2.20190201-r1.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682
-EBUILD selinux-base-9999.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682
-MISC metadata.xml 839 BLAKE2B 797f551065b80455c9538f115d680016954b7fc05cd5232ca09b86d83163c81e9ed868ea6b9be08d3c1284dcfd3527e88660befb747a631f4d2292331410cb52 SHA512 330017a98a3f9f4e6d6004955eb939c8d9c1c92fe6d091f78cdd7d2f6a02838c67a8a3268f38dad7df27f909ff51dc295d5de748f9767a257b5dad36c74d921a
+EBUILD selinux-base-9999.ebuild 4164 BLAKE2B e778e6f3924e97996d0dbfd1ff3ce4ce1ad006e6e82ca52562092f83349f1d8dee29b477c10e5256fcb1233ddebe10b19e4eca2e583f47d904caf63585e77e6e SHA512 28d2d7f5baf51c833ec008e92626a65fb3fa5e9b27f43875423497090859ee9e5afe45ac0ec9df6debbcc347aaf45097c1d368eff0f2e2325a8d6345d69345f7
+MISC metadata.xml 967 BLAKE2B 1d3313048964e8b84c6386c24682735ba255897021b5d9df9739a4852864e092c6c8a42c86b91962274c22764661ff5f4f8c0c34edfbf52abe6ae8583f15fcdd SHA512 fc513a530a30b8114a5b9c02862939a4cdd2e123f370292bdc0399b161afdf4843f53c2a15b4bd505d2111496fc6354a54c408c9022137086a33385e5fa99541
diff --git a/sec-policy/selinux-base/metadata.xml b/sec-policy/selinux-base/metadata.xml
index 16f3d9c00e66..cf565be6f044 100644
--- a/sec-policy/selinux-base/metadata.xml
+++ b/sec-policy/selinux-base/metadata.xml
@@ -14,5 +14,6 @@
<flag name="open_perms">Enable the open permissions for file object classes (SELinux policy capability).</flag>
<flag name="ubac">Enable User Based Access Control (UBAC) in the SELinux policy</flag>
<flag name="unconfined">Enable support for the unconfined SELinux module</flag>
+ <flag name="unknown-perms">Default allow unknown classes in kernels newer than the policy (SELinux policy capability).</flag>
</use>
</pkgmetadata>
diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild
index 16ee9f2b2abb..5342853efec5 100644
--- a/sec-policy/selinux-base/selinux-base-9999.ebuild
+++ b/sec-policy/selinux-base/selinux-base-9999.ebuild
@@ -16,7 +16,7 @@ else
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi
-IUSE="doc +open_perms +peer_perms systemd +ubac +unconfined"
+IUSE="doc +unknown-perms systemd +ubac +unconfined"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
@@ -48,14 +48,11 @@ src_configure() {
# Update the SELinux refpolicy capabilities based on the users' USE flags.
- if ! use peer_perms; then
- sed -i -e '/network_peer_controls/d' \
- "${S}/refpolicy/policy/policy_capabilities" || die
- fi
-
- if ! use open_perms; then
- sed -i -e '/open_perms/d' \
- "${S}/refpolicy/policy/policy_capabilities" || die
+ if use unknown-perms; then
+ sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
+ || die "Failed to allow Unknown Permissions Handling"
+ sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
+ || die "Failed to allow Unknown Permissions Handling"
fi
if ! use ubac; then