diff options
Diffstat (limited to 'sec-policy/selinux-base')
-rw-r--r-- | sec-policy/selinux-base/Manifest | 4 | ||||
-rw-r--r-- | sec-policy/selinux-base/metadata.xml | 1 | ||||
-rw-r--r-- | sec-policy/selinux-base/selinux-base-9999.ebuild | 15 |
3 files changed, 9 insertions, 11 deletions
diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest index cf9b5dac2342..eecac315d704 100644 --- a/sec-policy/selinux-base/Manifest +++ b/sec-policy/selinux-base/Manifest @@ -15,5 +15,5 @@ EBUILD selinux-base-2.20180114-r3.ebuild 4123 BLAKE2B c2c01645221cad12c3f4249cb6 EBUILD selinux-base-2.20180701-r1.ebuild 4129 BLAKE2B 272e1866b03954f2e3a86d6f059738f627a69fee4a9e31299c597bdf16b831f23923a365682377bab772f5091d2469d34a7076f944bf0148b7a3197271687864 SHA512 5f4cc117086fcc09c91ec1a1cdb61c8f6dbe7219c64382fc44274065879aea3932ddb9bbe91411c5bc2c03f025f6728e25b9a4957d38a7fbc2cf86206b81c72b EBUILD selinux-base-2.20180701-r2.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682 EBUILD selinux-base-2.20190201-r1.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682 -EBUILD selinux-base-9999.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682 -MISC metadata.xml 839 BLAKE2B 797f551065b80455c9538f115d680016954b7fc05cd5232ca09b86d83163c81e9ed868ea6b9be08d3c1284dcfd3527e88660befb747a631f4d2292331410cb52 SHA512 330017a98a3f9f4e6d6004955eb939c8d9c1c92fe6d091f78cdd7d2f6a02838c67a8a3268f38dad7df27f909ff51dc295d5de748f9767a257b5dad36c74d921a +EBUILD selinux-base-9999.ebuild 4164 BLAKE2B e778e6f3924e97996d0dbfd1ff3ce4ce1ad006e6e82ca52562092f83349f1d8dee29b477c10e5256fcb1233ddebe10b19e4eca2e583f47d904caf63585e77e6e SHA512 28d2d7f5baf51c833ec008e92626a65fb3fa5e9b27f43875423497090859ee9e5afe45ac0ec9df6debbcc347aaf45097c1d368eff0f2e2325a8d6345d69345f7 +MISC metadata.xml 967 BLAKE2B 1d3313048964e8b84c6386c24682735ba255897021b5d9df9739a4852864e092c6c8a42c86b91962274c22764661ff5f4f8c0c34edfbf52abe6ae8583f15fcdd SHA512 fc513a530a30b8114a5b9c02862939a4cdd2e123f370292bdc0399b161afdf4843f53c2a15b4bd505d2111496fc6354a54c408c9022137086a33385e5fa99541 diff --git a/sec-policy/selinux-base/metadata.xml b/sec-policy/selinux-base/metadata.xml index 16f3d9c00e66..cf565be6f044 100644 --- a/sec-policy/selinux-base/metadata.xml +++ b/sec-policy/selinux-base/metadata.xml @@ -14,5 +14,6 @@ <flag name="open_perms">Enable the open permissions for file object classes (SELinux policy capability).</flag> <flag name="ubac">Enable User Based Access Control (UBAC) in the SELinux policy</flag> <flag name="unconfined">Enable support for the unconfined SELinux module</flag> + <flag name="unknown-perms">Default allow unknown classes in kernels newer than the policy (SELinux policy capability).</flag> </use> </pkgmetadata> diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild index 16ee9f2b2abb..5342853efec5 100644 --- a/sec-policy/selinux-base/selinux-base-9999.ebuild +++ b/sec-policy/selinux-base/selinux-base-9999.ebuild @@ -16,7 +16,7 @@ else KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" fi -IUSE="doc +open_perms +peer_perms systemd +ubac +unconfined" +IUSE="doc +unknown-perms systemd +ubac +unconfined" DESCRIPTION="Gentoo base policy for SELinux" HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" @@ -48,14 +48,11 @@ src_configure() { # Update the SELinux refpolicy capabilities based on the users' USE flags. - if ! use peer_perms; then - sed -i -e '/network_peer_controls/d' \ - "${S}/refpolicy/policy/policy_capabilities" || die - fi - - if ! use open_perms; then - sed -i -e '/open_perms/d' \ - "${S}/refpolicy/policy/policy_capabilities" || die + if use unknown-perms; then + sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \ + || die "Failed to allow Unknown Permissions Handling" + sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \ + || die "Failed to allow Unknown Permissions Handling" fi if ! use ubac; then |