diff options
| author |   Kenton Groombridge <concord@gentoo.org> | 2023-03-31 13:55:21 -0400 |
|---|---|---|
| committer | Kenton Groombridge <concord@gentoo.org> | 2023-03-31 14:22:41 -0400 |
| commit | 38bb244797b6f12077cbce589947a7acc5b4c338 (patch) | |
| tree | b5303799695e7d294f8406b97f3d117e3fe4b0f6 /sec-policy/selinux-base-policy | |
| parent | sec-policy/selinux-crio: add dependency for sec-policy/selinux-podman (diff) | |
| download | gentoo-38bb244797b6f12077cbce589947a7acc5b4c338.tar.gz gentoo-38bb244797b6f12077cbce589947a7acc5b4c338.tar.bz2 gentoo-38bb244797b6f12077cbce589947a7acc5b4c338.zip | |
sec-policy: Release of SELinux policies 2.20221101-r4
Bug: https://bugs.gentoo.org/891771
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 1 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild | 141 |
2 files changed, 142 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index ca04b3fe9619..2e0dbd97ce61 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,3 +1,4 @@ DIST patchbundle-selinux-base-policy-2.20221101-r2.tar.bz2 285989 BLAKE2B e6c5851c4f9b4cbe3f0b478d72e20a1ce05ce85dd0b11d2be7a9a6a4a6c4091e70c092307ed8a1c626a39e13e6437417bc78875fc5985e7d652c69f4644d347e SHA512 8d881cd42f1da699af7ea39023fcc2d89fab5b2476975e2ab8764ad110b237cbf44d1688499d6cbc0514ee538f7770f391a3e2df32e8980f1af6a509ea9ffd78 DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f +DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6 DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild new file mode 100644 index 000000000000..aaff2143be85 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" +RDEPEND="${DEPEND}" +BDEPEND=" + sys-apps/checkpolicy + sys-devel/m4" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" +DEL_MODS="hotplug" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${DEL_MODS}; do + [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp + done + done +} + +pkg_postinst() { + # Set root path and don't load policy into the kernel when cross compiling + local root_opts="" + if [[ "${ROOT}" != "" ]]; then + root_opts="-p ${ROOT} -n" + fi + + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "<sys-apps/policycoreutils-2.5"; then + COMMAND="-b base.pp" + fi + + for i in ${MODS}; do + COMMAND="${COMMAND} -i ${i}.pp" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd "${ROOT}/usr/share/selinux/${i}" + + semodule ${root_opts} -s ${i} ${COMMAND} + + for mod in ${DEL_MODS}; do + if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then + einfo "Removing obsolete ${i} ${mod} policy package" + semodule ${root_opts} -s ${i} -r ${mod} + fi + done + done + + # Don't relabel when cross compiling + if [[ "${ROOT}" == "" ]]; then + # Relabel depending packages + local PKGSET=""; + if [[ -x /usr/bin/qdepends ]] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [[ -x /usr/bin/equery ]] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [[ -n "${PKGSET}" ]] ; then + rlpkg ${PKGSET}; + fi + fi +} |