summaryrefslogtreecommitdiff
path: root/sec-policy/selinux-base
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-12-14 13:26:14 +0000
committerV3n3RiX <venerix@redcorelinux.org>2020-12-14 13:26:14 +0000
commit6abbf81ef2f298e3221ff5e67a1f3c5f23958212 (patch)
tree25413d1cb3a0cbfe36029db32398c0f333609215 /sec-policy/selinux-base
parent9c417bacd51da6d8b57fa9f37425161d30d4b95b (diff)
gentoo resync : 14.12.2020
Diffstat (limited to 'sec-policy/selinux-base')
-rw-r--r--sec-policy/selinux-base/Manifest11
-rw-r--r--sec-policy/selinux-base/metadata.xml2
-rw-r--r--sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild157
-rw-r--r--sec-policy/selinux-base/selinux-base-2.20200818-r2.ebuild (renamed from sec-policy/selinux-base/selinux-base-2.20200818-r1.ebuild)13
-rw-r--r--sec-policy/selinux-base/selinux-base-9999.ebuild11
5 files changed, 15 insertions, 179 deletions
diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest
index 0507485dbf21..ddf021c0bd1f 100644
--- a/sec-policy/selinux-base/Manifest
+++ b/sec-policy/selinux-base/Manifest
@@ -1,13 +1,10 @@
AUX config 631 BLAKE2B 7c7c5ad7e2349cf8dd6877bba7947f256b6bdee492ef76a44ac378eafb9203c0d7ad6f188a762c61b80672a56dca65767567cd68c998aa67d58a9579e5c0cae6 SHA512 f3c4fece54e5786de94fc97c8e7678f9901c6963828d28b020c423458ac258480191f216522fed7658e7ad1c94fd25557efc524a4b75ec8837116c6a14c2328a
AUX selinux.conf 119 BLAKE2B c877aec601cfc066b42493a3b45e179834d30b7f0eb34b625f3758795c2fd2e58744cf539fdb5b06c002365fb264bdf6e953c1f6e30c7b2d310e22206ea5a37f SHA512 a057f84388b2b494b5e7623b076450c1856687c50a4ccb5aa22215748461786a0c71fdd9f76e9ed8639bcd3040006fb010aa5497192d6c0cab432a1b9c028b3b
-DIST patchbundle-selinux-base-policy-2.20190201-r1.tar.bz2 426390 BLAKE2B 33e05e03e1e087f0bf460930f074108af5fa05688f7681ba3545530d21174be7d29e9035a7bc37e9acdbe3468680891f9865ad83188eb0f8fb9b9012252d6a1e SHA512 f2855a340f4ae7ba6c4cf0ec9445de7ca20f9fc0f11783992340ca2f073bbbf2d4999190f46f3910213dd1555e9578b3609284af6a7712b401053216c004ff7e
DIST patchbundle-selinux-base-policy-2.20190609-r1.tar.bz2 407664 BLAKE2B e6b6b56f990389365c062522582e2177bc3b70040c99948efad25737e69178f9f72149cc443cb9edacfdd1aa6bc29f637cc61939f66e5cc3841f83298b33c41e SHA512 16195b51bb414ac82821f93756b3b5d0ec206b7035a50379c1f796082d9c53b11369e15086e1e26521808944266364470c43dcfdd1818ba079fda1613b7ef9bd
-DIST patchbundle-selinux-base-policy-2.20200818-r1.tar.bz2 278147 BLAKE2B 1e63517f15ed297c3cc1ed068db30ef60c0ebb11790abb89a80cde44da882b9381a8eccc66378576d84c106af7e9f7fd9e65b76b8e6f5134b34a2b517f5bb7f1 SHA512 d688e3f9d5dceb8a8747025adeddcfdd923e39757ab5ad7b92be00b544e47f0aa0c47aaf5a71eb4d3f616743d3291b8a8babdedfa238913371d58be3fccd4812
-DIST refpolicy-2.20190201.tar.bz2 552750 BLAKE2B d3cbdf5c5f8480cd36173d8cfbd2f55a6ad4a9f2176883dcc19eece6059114ca8700d07f8bd318d0430da253bb9e4e6a6e03f7a7db8a7964c95b00452aaab040 SHA512 c6568b679ad1a7c5c566b55291e86ce3784ee609c0091e5d465d41055724d950180780c7eedb3413351101b9182db51c7bce1816db1a9a17b3257861363efc6e
+DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST refpolicy-2.20190609.tar.bz2 555882 BLAKE2B abc45d9c906e0c880b7c47b0fb8e33f4a277c73244e20e8a95c44452db817241110127a5f8a3347cfbf5e30bf91f9dd4e5dd826426eb88b383fdbff5963f5fcd SHA512 f05ca08d31e62b7bf7203d7b243cce9ba87dd68d13b30067b99a44d5007449078fa82d591faa88c2955d370a346e69faedc850c02bd77c5624a8c746a13467f3
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
-EBUILD selinux-base-2.20190201-r1.ebuild 4115 BLAKE2B e8aae442032d9bf13d7b731429a7509787ce473a624877e70cc533522e0f4e2f296a546280f0d3f1fd882186e57e990be5c74ae6fc2548b20f533f5cf39aacef SHA512 583881aeedce6e61f83678f64eb99e5779291436651bd4d8b74f16e7a4741915da48bf5e71eee34fab0aca3124864ff3dc763b9938acb64b4022c0ca0807301b
EBUILD selinux-base-2.20190609-r1.ebuild 4148 BLAKE2B 4612b1f194d7635b8bf29c60f177ae4bec921b6ba5648d4d7ec0bdd322f3179cd4037d56d4f75857f80bfc9ae2f2362ab5b15ea300d015cc73c30834eb505bf9 SHA512 7c23345cb1dfb2b4206f05e5ce443fcd3ffba033ce14f9c176262b9f2a771cfab6a2c5bbb22a88809b650017f21fb6b858bd9709220320df0d2adf25c0a1a673
-EBUILD selinux-base-2.20200818-r1.ebuild 4150 BLAKE2B c557086ca49ab14a940f5b5e13b18cbbb827b3a914efe9959084d813acf8a3724f7f70a04f88b363f4a803e2886a8274b1cb0f380124565b34dff523d5a0a56a SHA512 ee0235f92adcf10fd5451d13df6be53174dbc7e84140e566e1ab9df2fec5c6f4bd1c712505e4fa4e7c374443aeb3a28f2fc3c55cd4b49ecc20626e4635ce25d3
-EBUILD selinux-base-9999.ebuild 4150 BLAKE2B c557086ca49ab14a940f5b5e13b18cbbb827b3a914efe9959084d813acf8a3724f7f70a04f88b363f4a803e2886a8274b1cb0f380124565b34dff523d5a0a56a SHA512 ee0235f92adcf10fd5451d13df6be53174dbc7e84140e566e1ab9df2fec5c6f4bd1c712505e4fa4e7c374443aeb3a28f2fc3c55cd4b49ecc20626e4635ce25d3
-MISC metadata.xml 967 BLAKE2B 1d3313048964e8b84c6386c24682735ba255897021b5d9df9739a4852864e092c6c8a42c86b91962274c22764661ff5f4f8c0c34edfbf52abe6ae8583f15fcdd SHA512 fc513a530a30b8114a5b9c02862939a4cdd2e123f370292bdc0399b161afdf4843f53c2a15b4bd505d2111496fc6354a54c408c9022137086a33385e5fa99541
+EBUILD selinux-base-2.20200818-r2.ebuild 4082 BLAKE2B f6eab54aec21a2a93ee8b2301ab57e1fb5daa90c2169a5e3231adf63fdde0cfaf1ce1c046b74c019c75d4d23eab7f3df4aab65012a0b77b1fb0cb0049886c47e SHA512 ef6ab4e99691a71a3a63b64bfea2002b72b67101cc3e018d311c0cc5979ea2f47d5fe6182e0b99ea9a75330652244b2441d0d0e0492614fe2f0bc6c37823ee9f
+EBUILD selinux-base-9999.ebuild 4084 BLAKE2B e2529612cf08b38594ea10fdbe0cdb25f9189aeee6d56c3372a64d5a9de8f3662fc16640d285e64e646f9f8dcd730c6e86161a8da7a72658f209e09346b34991 SHA512 20d5668e233332f6e96a2e5d7bbb0a63cb0bdf943e253cdbc06fc17d4a2aa149d2abecf36efbd0e847386b7bfa669adca7d5d33dbe67d2fe36c7c584d755cbca
+MISC metadata.xml 744 BLAKE2B 8589c81049afca5563829e8be7c262429474ffa5e4d448cdd5404b16899734ba06189c073f876075250df7d0231d424ecbd142e85aaad71a4df016035625a0e2 SHA512 9367603b98ebd5aff6e1377ba9d537dd2ae532da28daf9f16479c60f35a6ec7e34089ec1966c4c88b364440693662b111ee32f2f74baaf218006b480b3951eed
diff --git a/sec-policy/selinux-base/metadata.xml b/sec-policy/selinux-base/metadata.xml
index cf565be6f044..e59a87405fd8 100644
--- a/sec-policy/selinux-base/metadata.xml
+++ b/sec-policy/selinux-base/metadata.xml
@@ -10,8 +10,6 @@
There is no extra policy in this package.
</longdescription>
<use>
- <flag name="peer_perms">Enable the labeled networking peer permissions (SELinux policy capability).</flag>
- <flag name="open_perms">Enable the open permissions for file object classes (SELinux policy capability).</flag>
<flag name="ubac">Enable User Based Access Control (UBAC) in the SELinux policy</flag>
<flag name="unconfined">Enable support for the unconfined SELinux module</flag>
<flag name="unknown-perms">Default allow unknown classes in kernels newer than the policy (SELinux policy capability).</flag>
diff --git a/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild
deleted file mode 100644
index 818af8e1c44d..000000000000
--- a/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-if [[ ${PV} == 9999* ]]; then
- EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
- EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
- EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
-
- inherit git-r3
-else
- SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
- https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
-
- KEYWORDS="amd64 -arm ~arm64 ~mips x86"
-fi
-
-IUSE="doc +open_perms +peer_perms systemd +ubac +unconfined"
-
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
-LICENSE="GPL-2"
-SLOT="0"
-
-RDEPEND=">=sys-apps/policycoreutils-2.8"
-DEPEND="${RDEPEND}
- sys-devel/m4
- >=sys-apps/checkpolicy-2.8"
-
-S=${WORKDIR}/
-
-src_prepare() {
- if [[ ${PV} != 9999* ]]; then
- einfo "Applying SELinux policy updates ... "
- eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
- fi
-
- eapply_user
-
- cd "${S}/refpolicy" || die
- emake bare
-}
-
-src_configure() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- # Update the SELinux refpolicy capabilities based on the users' USE flags.
-
- if ! use peer_perms; then
- sed -i -e '/network_peer_controls/d' \
- "${S}/refpolicy/policy/policy_capabilities" || die
- fi
-
- if ! use open_perms; then
- sed -i -e '/open_perms/d' \
- "${S}/refpolicy/policy/policy_capabilities" || die
- fi
-
- if ! use ubac; then
- sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
- || die "Failed to disable User Based Access Control"
- fi
-
- if use systemd; then
- sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
- || die "Failed to enable SystemD"
- fi
-
- echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
-
- # Prepare initial configuration
- cd "${S}/refpolicy" || die
- emake conf
-
- # Setup the policies based on the types delivered by the end user.
- # These types can be "targeted", "strict", "mcs" and "mls".
- for i in ${POLICY_TYPES}; do
- cp -a "${S}/refpolicy" "${S}/${i}" || die
- cd "${S}/${i}" || die
-
- #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
- sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
-
- sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
- "${S}/${i}/build.conf" || die "build.conf setup failed."
-
- if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
- then
- # MCS/MLS require additional settings
- sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
- || die "failed to set type to mls"
- fi
-
- if [ "${i}" == "targeted" ]; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-standard/seusers" \
- || die "targeted seusers setup failed."
- fi
-
- if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-${i}/seusers" \
- || die "policy seusers setup failed."
- fi
- done
-}
-
-src_compile() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
- emake base
- if use doc; then
- emake html
- fi
- done
-}
-
-src_install() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
-
- emake DESTDIR="${D}" install
- emake DESTDIR="${D}" install-headers
-
- echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
-
- echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
-
- # libsemanage won't make this on its own
- keepdir "/etc/selinux/${i}/policy"
-
- if use doc; then
- docinto ${i}/html
- dodoc -r doc/html/*;
- fi
-
- insinto /usr/share/selinux/devel;
- doins doc/policy.xml;
-
- done
-
- docinto /
- dodoc doc/Makefile.example doc/example.{te,fc,if}
-
- doman man/man8/*.8;
-
- insinto /etc/selinux
- doins "${FILESDIR}/config"
-
- insinto /usr/share/portage/config/sets
- doins "${FILESDIR}/selinux.conf"
-}
diff --git a/sec-policy/selinux-base/selinux-base-2.20200818-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20200818-r2.ebuild
index a16000f98026..9eaddb863d20 100644
--- a/sec-policy/selinux-base/selinux-base-2.20200818-r1.ebuild
+++ b/sec-policy/selinux-base/selinux-base-2.20200818-r2.ebuild
@@ -1,7 +1,7 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI="6"
+EAPI="7"
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
@@ -13,7 +13,7 @@ else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
- KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
+ KEYWORDS="amd64 -arm ~arm64 ~mips x86"
fi
IUSE="doc +unknown-perms systemd +ubac +unconfined"
@@ -24,9 +24,10 @@ LICENSE="GPL-2"
SLOT="0"
RDEPEND=">=sys-apps/policycoreutils-2.8"
-DEPEND="${RDEPEND}
- sys-devel/m4
- >=sys-apps/checkpolicy-2.8"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=sys-apps/checkpolicy-2.8
+ sys-devel/m4"
S=${WORKDIR}/
@@ -46,7 +47,6 @@ src_configure() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
# Update the SELinux refpolicy capabilities based on the users' USE flags.
-
if use unknown-perms; then
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
|| die "Failed to allow Unknown Permissions Handling"
@@ -76,7 +76,6 @@ src_configure() {
cp -a "${S}/refpolicy" "${S}/${i}" || die
cd "${S}/${i}" || die
- #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild
index a16000f98026..3be921e88deb 100644
--- a/sec-policy/selinux-base/selinux-base-9999.ebuild
+++ b/sec-policy/selinux-base/selinux-base-9999.ebuild
@@ -1,7 +1,7 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI="6"
+EAPI="7"
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
@@ -24,9 +24,10 @@ LICENSE="GPL-2"
SLOT="0"
RDEPEND=">=sys-apps/policycoreutils-2.8"
-DEPEND="${RDEPEND}
- sys-devel/m4
- >=sys-apps/checkpolicy-2.8"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=sys-apps/checkpolicy-2.8
+ sys-devel/m4"
S=${WORKDIR}/
@@ -46,7 +47,6 @@ src_configure() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
# Update the SELinux refpolicy capabilities based on the users' USE flags.
-
if use unknown-perms; then
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
|| die "Failed to allow Unknown Permissions Handling"
@@ -76,7 +76,6 @@ src_configure() {
cp -a "${S}/refpolicy" "${S}/${i}" || die
cd "${S}/${i}" || die
- #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \