diff options
Diffstat (limited to 'sec-policy/selinux-base')
5 files changed, 165 insertions, 11 deletions
diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest index ebf25d4753a8..0507485dbf21 100644 --- a/sec-policy/selinux-base/Manifest +++ b/sec-policy/selinux-base/Manifest @@ -2,9 +2,12 @@ AUX config 631 BLAKE2B 7c7c5ad7e2349cf8dd6877bba7947f256b6bdee492ef76a44ac378eaf AUX selinux.conf 119 BLAKE2B c877aec601cfc066b42493a3b45e179834d30b7f0eb34b625f3758795c2fd2e58744cf539fdb5b06c002365fb264bdf6e953c1f6e30c7b2d310e22206ea5a37f SHA512 a057f84388b2b494b5e7623b076450c1856687c50a4ccb5aa22215748461786a0c71fdd9f76e9ed8639bcd3040006fb010aa5497192d6c0cab432a1b9c028b3b DIST patchbundle-selinux-base-policy-2.20190201-r1.tar.bz2 426390 BLAKE2B 33e05e03e1e087f0bf460930f074108af5fa05688f7681ba3545530d21174be7d29e9035a7bc37e9acdbe3468680891f9865ad83188eb0f8fb9b9012252d6a1e SHA512 f2855a340f4ae7ba6c4cf0ec9445de7ca20f9fc0f11783992340ca2f073bbbf2d4999190f46f3910213dd1555e9578b3609284af6a7712b401053216c004ff7e DIST patchbundle-selinux-base-policy-2.20190609-r1.tar.bz2 407664 BLAKE2B e6b6b56f990389365c062522582e2177bc3b70040c99948efad25737e69178f9f72149cc443cb9edacfdd1aa6bc29f637cc61939f66e5cc3841f83298b33c41e SHA512 16195b51bb414ac82821f93756b3b5d0ec206b7035a50379c1f796082d9c53b11369e15086e1e26521808944266364470c43dcfdd1818ba079fda1613b7ef9bd +DIST patchbundle-selinux-base-policy-2.20200818-r1.tar.bz2 278147 BLAKE2B 1e63517f15ed297c3cc1ed068db30ef60c0ebb11790abb89a80cde44da882b9381a8eccc66378576d84c106af7e9f7fd9e65b76b8e6f5134b34a2b517f5bb7f1 SHA512 d688e3f9d5dceb8a8747025adeddcfdd923e39757ab5ad7b92be00b544e47f0aa0c47aaf5a71eb4d3f616743d3291b8a8babdedfa238913371d58be3fccd4812 DIST refpolicy-2.20190201.tar.bz2 552750 BLAKE2B d3cbdf5c5f8480cd36173d8cfbd2f55a6ad4a9f2176883dcc19eece6059114ca8700d07f8bd318d0430da253bb9e4e6a6e03f7a7db8a7964c95b00452aaab040 SHA512 c6568b679ad1a7c5c566b55291e86ce3784ee609c0091e5d465d41055724d950180780c7eedb3413351101b9182db51c7bce1816db1a9a17b3257861363efc6e DIST refpolicy-2.20190609.tar.bz2 555882 BLAKE2B abc45d9c906e0c880b7c47b0fb8e33f4a277c73244e20e8a95c44452db817241110127a5f8a3347cfbf5e30bf91f9dd4e5dd826426eb88b383fdbff5963f5fcd SHA512 f05ca08d31e62b7bf7203d7b243cce9ba87dd68d13b30067b99a44d5007449078fa82d591faa88c2955d370a346e69faedc850c02bd77c5624a8c746a13467f3 -EBUILD selinux-base-2.20190201-r1.ebuild 4129 BLAKE2B 6a757ed06800b462aac3fdd0343732ee2fd88e45b6c0557187686bb18fb9f296e4159de52e77d440c1f2278e8945de456800918315a492e8d0679189c24877ad SHA512 eb9b30d65d98828c751c16c42f756a7f946a8b2b73e7cfdc0272409d59121a135678a593ad181756747b58db67a5096ac72c79bbe212a2a6c2ee587ae00998ac -EBUILD selinux-base-2.20190609-r1.ebuild 4164 BLAKE2B 18880e11e2deb3ac150ffc09aa273ac2cc51da775c45f25ec8820a5439dbdd0e2b0c2e3acbed5c21c6d3b6246ebeaf56d78f0e1b8390e9e6f86b63afccc7a844 SHA512 1d3b09ab0b7ae019772d781ec632bb54fb67b691256a8d15eaa95eab21afe55f427b5897d2bdd6951bb84c1826f8d71a08d3567783fd800e15794f72eea782c3 -EBUILD selinux-base-9999.ebuild 4164 BLAKE2B e778e6f3924e97996d0dbfd1ff3ce4ce1ad006e6e82ca52562092f83349f1d8dee29b477c10e5256fcb1233ddebe10b19e4eca2e583f47d904caf63585e77e6e SHA512 28d2d7f5baf51c833ec008e92626a65fb3fa5e9b27f43875423497090859ee9e5afe45ac0ec9df6debbcc347aaf45097c1d368eff0f2e2325a8d6345d69345f7 +DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7 +EBUILD selinux-base-2.20190201-r1.ebuild 4115 BLAKE2B e8aae442032d9bf13d7b731429a7509787ce473a624877e70cc533522e0f4e2f296a546280f0d3f1fd882186e57e990be5c74ae6fc2548b20f533f5cf39aacef SHA512 583881aeedce6e61f83678f64eb99e5779291436651bd4d8b74f16e7a4741915da48bf5e71eee34fab0aca3124864ff3dc763b9938acb64b4022c0ca0807301b +EBUILD selinux-base-2.20190609-r1.ebuild 4148 BLAKE2B 4612b1f194d7635b8bf29c60f177ae4bec921b6ba5648d4d7ec0bdd322f3179cd4037d56d4f75857f80bfc9ae2f2362ab5b15ea300d015cc73c30834eb505bf9 SHA512 7c23345cb1dfb2b4206f05e5ce443fcd3ffba033ce14f9c176262b9f2a771cfab6a2c5bbb22a88809b650017f21fb6b858bd9709220320df0d2adf25c0a1a673 +EBUILD selinux-base-2.20200818-r1.ebuild 4150 BLAKE2B c557086ca49ab14a940f5b5e13b18cbbb827b3a914efe9959084d813acf8a3724f7f70a04f88b363f4a803e2886a8274b1cb0f380124565b34dff523d5a0a56a SHA512 ee0235f92adcf10fd5451d13df6be53174dbc7e84140e566e1ab9df2fec5c6f4bd1c712505e4fa4e7c374443aeb3a28f2fc3c55cd4b49ecc20626e4635ce25d3 +EBUILD selinux-base-9999.ebuild 4150 BLAKE2B c557086ca49ab14a940f5b5e13b18cbbb827b3a914efe9959084d813acf8a3724f7f70a04f88b363f4a803e2886a8274b1cb0f380124565b34dff523d5a0a56a SHA512 ee0235f92adcf10fd5451d13df6be53174dbc7e84140e566e1ab9df2fec5c6f4bd1c712505e4fa4e7c374443aeb3a28f2fc3c55cd4b49ecc20626e4635ce25d3 MISC metadata.xml 967 BLAKE2B 1d3313048964e8b84c6386c24682735ba255897021b5d9df9739a4852864e092c6c8a42c86b91962274c22764661ff5f4f8c0c34edfbf52abe6ae8583f15fcdd SHA512 fc513a530a30b8114a5b9c02862939a4cdd2e123f370292bdc0399b161afdf4843f53c2a15b4bd505d2111496fc6354a54c408c9022137086a33385e5fa99541 diff --git a/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild index c172a8fdb9bd..818af8e1c44d 100644 --- a/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild +++ b/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild @@ -23,8 +23,7 @@ HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" LICENSE="GPL-2" SLOT="0" -RDEPEND=">=sys-apps/policycoreutils-2.8 - virtual/udev" +RDEPEND=">=sys-apps/policycoreutils-2.8" DEPEND="${RDEPEND} sys-devel/m4 >=sys-apps/checkpolicy-2.8" diff --git a/sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild index bb95a29ae659..c11baced5560 100644 --- a/sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild +++ b/sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild @@ -13,7 +13,7 @@ else SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" - KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" + KEYWORDS="amd64 -arm ~arm64 ~mips x86" fi IUSE="doc +unknown-perms systemd +ubac +unconfined" @@ -23,8 +23,7 @@ HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" LICENSE="GPL-2" SLOT="0" -RDEPEND=">=sys-apps/policycoreutils-2.8 - virtual/udev" +RDEPEND=">=sys-apps/policycoreutils-2.8" DEPEND="${RDEPEND} sys-devel/m4 >=sys-apps/checkpolicy-2.8" diff --git a/sec-policy/selinux-base/selinux-base-2.20200818-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20200818-r1.ebuild new file mode 100644 index 000000000000..a16000f98026 --- /dev/null +++ b/sec-policy/selinux-base/selinux-base-2.20200818-r1.ebuild @@ -0,0 +1,154 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" + + KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" +fi + +IUSE="doc +unknown-perms systemd +ubac +unconfined" + +DESCRIPTION="Gentoo base policy for SELinux" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" +LICENSE="GPL-2" +SLOT="0" + +RDEPEND=">=sys-apps/policycoreutils-2.8" +DEPEND="${RDEPEND} + sys-devel/m4 + >=sys-apps/checkpolicy-2.8" + +S=${WORKDIR}/ + +src_prepare() { + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + cd "${S}/refpolicy" || die + emake bare +} + +src_configure() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + # Update the SELinux refpolicy capabilities based on the users' USE flags. + + if use unknown-perms; then + sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \ + || die "Failed to allow Unknown Permissions Handling" + sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \ + || die "Failed to allow Unknown Permissions Handling" + fi + + if ! use ubac; then + sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \ + || die "Failed to disable User Based Access Control" + fi + + if use systemd; then + sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \ + || die "Failed to enable SystemD" + fi + + echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die + + # Prepare initial configuration + cd "${S}/refpolicy" || die + emake conf + + # Setup the policies based on the types delivered by the end user. + # These types can be "targeted", "strict", "mcs" and "mls". + for i in ${POLICY_TYPES}; do + cp -a "${S}/refpolicy" "${S}/${i}" || die + cd "${S}/${i}" || die + + #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf" + sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die + + sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \ + "${S}/${i}/build.conf" || die "build.conf setup failed." + + if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]]; + then + # MCS/MLS require additional settings + sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \ + || die "failed to set type to mls" + fi + + if [ "${i}" == "targeted" ]; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-standard/seusers" \ + || die "targeted seusers setup failed." + fi + + if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then + sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \ + "${S}/${i}/config/appconfig-${i}/seusers" \ + || die "policy seusers setup failed." + fi + done +} + +src_compile() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" || die + emake base + if use doc; then + emake html + fi + done +} + +src_install() { + [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs" + + for i in ${POLICY_TYPES}; do + cd "${S}/${i}" || die + + emake DESTDIR="${D}" install + emake DESTDIR="${D}" install-headers + + echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die + + echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die + + # libsemanage won't make this on its own + keepdir "/etc/selinux/${i}/policy" + + if use doc; then + docinto ${i}/html + dodoc -r doc/html/*; + fi + + insinto /usr/share/selinux/devel; + doins doc/policy.xml; + + done + + docinto / + dodoc doc/Makefile.example doc/example.{te,fc,if} + + doman man/man8/*.8; + + insinto /etc/selinux + doins "${FILESDIR}/config" + + insinto /usr/share/portage/config/sets + doins "${FILESDIR}/selinux.conf" +} diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild index 5342853efec5..a16000f98026 100644 --- a/sec-policy/selinux-base/selinux-base-9999.ebuild +++ b/sec-policy/selinux-base/selinux-base-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="6" @@ -23,8 +23,7 @@ HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" LICENSE="GPL-2" SLOT="0" -RDEPEND=">=sys-apps/policycoreutils-2.8 - virtual/udev" +RDEPEND=">=sys-apps/policycoreutils-2.8" DEPEND="${RDEPEND} sys-devel/m4 >=sys-apps/checkpolicy-2.8" |