diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-01-15 15:51:32 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-01-15 15:51:32 +0000 |
| commit | 21435953e16cda318a82334ddbadb3b5c36d9ea7 (patch) | |
| tree | e1810a4b135afce04b34862ef0fab2bfaeb8aeca /sec-policy | |
| parent | 7bc9c63c9da678a7e6fceb095d56c634afd22c56 (diff) | |
gentoo resync : 15.01.2020
Diffstat (limited to 'sec-policy')
| -rw-r--r-- | sec-policy/Manifest.gz | bin | 42247 -> 42248 bytes | |||
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 2 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild | 8 | ||||
| -rw-r--r-- | sec-policy/selinux-base/Manifest | 4 | ||||
| -rw-r--r-- | sec-policy/selinux-base/metadata.xml | 1 | ||||
| -rw-r--r-- | sec-policy/selinux-base/selinux-base-9999.ebuild | 15 |
6 files changed, 11 insertions, 19 deletions
diff --git a/sec-policy/Manifest.gz b/sec-policy/Manifest.gz Binary files differindex 19dc3196b03d..bf78aa01148b 100644 --- a/sec-policy/Manifest.gz +++ b/sec-policy/Manifest.gz diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index c512933b91c5..7f86304789e7 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -13,5 +13,5 @@ EBUILD selinux-base-policy-2.20180114-r3.ebuild 3870 BLAKE2B fa66f8133138d5ac7cb EBUILD selinux-base-policy-2.20180701-r1.ebuild 3876 BLAKE2B 886b6e7bb11fa59cb32be59661ab021c835558b376cf90c1893c2dba57c650926c6f2c3907147d5ede00ef5e9d2439226ee85d69a60e1aea0d083b7cfce2e34f SHA512 4d3fa8afc75f629b0bffec8ef74326a7d234e182180faab49105f722a94799b19d928ce2ab5884ae32982a79fe8e711696227e1f607eaadf796e074482ff5f40 EBUILD selinux-base-policy-2.20180701-r2.ebuild 3878 BLAKE2B 4a38dc3bc45ba2362a8a62b812efb7179be9afd9c13daf2cac04a90d7cdd6d7f3117c86ed4564dc87bb79a17f7059a68a3ab7c24ec25683bc66dfc4e5e4dbf70 SHA512 944630188aea33453b77daba5d5ebce110efd1503aa7d6cd9059eb84d47cd19fff2de7708da57d5517570da183cd55b470530a98053b1eced766d668d35a1792 EBUILD selinux-base-policy-2.20190201-r1.ebuild 3878 BLAKE2B 4a38dc3bc45ba2362a8a62b812efb7179be9afd9c13daf2cac04a90d7cdd6d7f3117c86ed4564dc87bb79a17f7059a68a3ab7c24ec25683bc66dfc4e5e4dbf70 SHA512 944630188aea33453b77daba5d5ebce110efd1503aa7d6cd9059eb84d47cd19fff2de7708da57d5517570da183cd55b470530a98053b1eced766d668d35a1792 -EBUILD selinux-base-policy-9999.ebuild 3878 BLAKE2B 4a38dc3bc45ba2362a8a62b812efb7179be9afd9c13daf2cac04a90d7cdd6d7f3117c86ed4564dc87bb79a17f7059a68a3ab7c24ec25683bc66dfc4e5e4dbf70 SHA512 944630188aea33453b77daba5d5ebce110efd1503aa7d6cd9059eb84d47cd19fff2de7708da57d5517570da183cd55b470530a98053b1eced766d668d35a1792 +EBUILD selinux-base-policy-9999.ebuild 3818 BLAKE2B e5c0dbf7326cfb52fb95951c7ec7ad29a09c0604f2106198c63d182923157933590c97f70b993b77810e83d67dc667d8cf12d46450f3548629abfd3fe0a88d6b SHA512 ed99b8042b5b16247d4cd2bc02d8f3a6ee13a3fd1ca16d5500b6ba3df56d9d20d1cbd82add3e280c4cd4c27216ec794690af645e14ed6e0af0cf9a70aa983a95 MISC metadata.xml 534 BLAKE2B 1bb289204431150ae974c9fd677926faf72e75def3294b9df405a048e398ac3b6147de8483512487edaeea378e1dbd32df0675acb7fa50326c48382603c5dbfe SHA512 d8340bec9d0ec0feb396b17b53a6d53e3caa7ddd1efdc5e5de07baf86592ad0526d08fc08908295cf18a915eef1c7429c72970d56967162b2390eed6f28c822a diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild index 7b6afaf3e213..17908940fcb0 100644 --- a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild +++ b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild @@ -24,7 +24,7 @@ PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" RDEPEND="$DEPEND" -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg" +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" LICENSE="GPL-2" SLOT="0" S="${WORKDIR}/" @@ -33,12 +33,6 @@ S="${WORKDIR}/" # itself), when reworked reinclude it. Only postinstall (where -b base.pp is # added) needs to remain then. -pkg_setup() { - if use systemd; then - MODS="${MODS} systemd" - fi -} - pkg_pretend() { for i in ${POLICY_TYPES}; do if [[ "${i}" == "targeted" ]] && ! use unconfined; then diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest index cf9b5dac2342..eecac315d704 100644 --- a/sec-policy/selinux-base/Manifest +++ b/sec-policy/selinux-base/Manifest @@ -15,5 +15,5 @@ EBUILD selinux-base-2.20180114-r3.ebuild 4123 BLAKE2B c2c01645221cad12c3f4249cb6 EBUILD selinux-base-2.20180701-r1.ebuild 4129 BLAKE2B 272e1866b03954f2e3a86d6f059738f627a69fee4a9e31299c597bdf16b831f23923a365682377bab772f5091d2469d34a7076f944bf0148b7a3197271687864 SHA512 5f4cc117086fcc09c91ec1a1cdb61c8f6dbe7219c64382fc44274065879aea3932ddb9bbe91411c5bc2c03f025f6728e25b9a4957d38a7fbc2cf86206b81c72b EBUILD selinux-base-2.20180701-r2.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682 EBUILD selinux-base-2.20190201-r1.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682 -EBUILD selinux-base-9999.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682 -MISC metadata.xml 839 BLAKE2B 797f551065b80455c9538f115d680016954b7fc05cd5232ca09b86d83163c81e9ed868ea6b9be08d3c1284dcfd3527e88660befb747a631f4d2292331410cb52 SHA512 330017a98a3f9f4e6d6004955eb939c8d9c1c92fe6d091f78cdd7d2f6a02838c67a8a3268f38dad7df27f909ff51dc295d5de748f9767a257b5dad36c74d921a +EBUILD selinux-base-9999.ebuild 4164 BLAKE2B e778e6f3924e97996d0dbfd1ff3ce4ce1ad006e6e82ca52562092f83349f1d8dee29b477c10e5256fcb1233ddebe10b19e4eca2e583f47d904caf63585e77e6e SHA512 28d2d7f5baf51c833ec008e92626a65fb3fa5e9b27f43875423497090859ee9e5afe45ac0ec9df6debbcc347aaf45097c1d368eff0f2e2325a8d6345d69345f7 +MISC metadata.xml 967 BLAKE2B 1d3313048964e8b84c6386c24682735ba255897021b5d9df9739a4852864e092c6c8a42c86b91962274c22764661ff5f4f8c0c34edfbf52abe6ae8583f15fcdd SHA512 fc513a530a30b8114a5b9c02862939a4cdd2e123f370292bdc0399b161afdf4843f53c2a15b4bd505d2111496fc6354a54c408c9022137086a33385e5fa99541 diff --git a/sec-policy/selinux-base/metadata.xml b/sec-policy/selinux-base/metadata.xml index 16f3d9c00e66..cf565be6f044 100644 --- a/sec-policy/selinux-base/metadata.xml +++ b/sec-policy/selinux-base/metadata.xml @@ -14,5 +14,6 @@ <flag name="open_perms">Enable the open permissions for file object classes (SELinux policy capability).</flag> <flag name="ubac">Enable User Based Access Control (UBAC) in the SELinux policy</flag> <flag name="unconfined">Enable support for the unconfined SELinux module</flag> + <flag name="unknown-perms">Default allow unknown classes in kernels newer than the policy (SELinux policy capability).</flag> </use> </pkgmetadata> diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild index 16ee9f2b2abb..5342853efec5 100644 --- a/sec-policy/selinux-base/selinux-base-9999.ebuild +++ b/sec-policy/selinux-base/selinux-base-9999.ebuild @@ -16,7 +16,7 @@ else KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" fi -IUSE="doc +open_perms +peer_perms systemd +ubac +unconfined" +IUSE="doc +unknown-perms systemd +ubac +unconfined" DESCRIPTION="Gentoo base policy for SELinux" HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" @@ -48,14 +48,11 @@ src_configure() { # Update the SELinux refpolicy capabilities based on the users' USE flags. - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" || die - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" || die + if use unknown-perms; then + sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \ + || die "Failed to allow Unknown Permissions Handling" + sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \ + || die "Failed to allow Unknown Permissions Handling" fi if ! use ubac; then |