diff options
| author |   Jason Zaman <perfinion@gentoo.org> | 2022-04-08 19:47:35 -0700 |
|---|---|---|
| committer | Jason Zaman <perfinion@gentoo.org> | 2022-04-08 19:54:47 -0700 |
| commit | 5025cd79c9235e11e50286522870085f54102c82 (patch) | |
| tree | 66235d35ec1b6be2719480ad3796913ad466d024 /sec-policy/selinux-base-policy | |
| parent | sec-policy: Stabilize SELinux policies 2.20220106-r2 (diff) | |
| download | gentoo-5025cd79c9235e11e50286522870085f54102c82.tar.gz gentoo-5025cd79c9235e11e50286522870085f54102c82.tar.bz2 gentoo-5025cd79c9235e11e50286522870085f54102c82.zip | |
sec-policy: Drop old SELinux policies
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'sec-policy/selinux-base-policy')
4 files changed, 0 insertions, 417 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 227fccb4ae3d..82ff2983e4aa 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,9 +1,3 @@ -DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3 -DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff -DIST patchbundle-selinux-base-policy-2.20210908-r1.tar.bz2 295091 BLAKE2B 649d9a1d9190aac4a42d460b0609175bb7e1a32624d7504ebfa294741ed5fc2eec286471af1b9128f4cdb9845240b37353a8e641e111b9e53250607c34257baf SHA512 5c9cbd97ece391a2ba0f3586bf19811a2425b9c94c9beafa781dd7b175d7572a46e31a46e8f8671a4b7e122186574f5098a247fee62e1be8afc89233d71effb9 DIST patchbundle-selinux-base-policy-2.20220106-r1.tar.bz2 299683 BLAKE2B 9e48733878e2f809b8634a1e96a4b1bb2fc3e866e562a6ac9449da8d4af591cbe7de380384fabec50c7a7c67733253f82024ce62dee51fc73e35e0653626ff6c SHA512 314c639e08b15a94656e467e81857241b242020884c0e40272cfb422cccc35f2d4a5f067dc6ebdf8926335a65d737c233d1df75f69b356509e07fd60b46b07bf DIST patchbundle-selinux-base-policy-2.20220106-r2.tar.bz2 436316 BLAKE2B 07d6ba7a5fa8e8213e922bfd4c698b73c1cdf598ceaa5efe98be095b51aafa446af8ea7217dcc2bc001bfadaa250bfcc8b8dea3d9aa630384f8cdf139512170d SHA512 68a71d098ae09b034cb57f8e38c06b23a6584f5538b94a44fb1e48e48c718f2b37eb5e38931e55e8769481ebf0ed8c8642cfa85a45ac23a71be31cc35380fbad -DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7 -DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc -DIST refpolicy-2.20210908.tar.bz2 556375 BLAKE2B 12791eeed54204ef075b2d95a738c7d5007d48630d2a60d7e698bcb909dda0abcc15233811a91f4646415ab3daabe2cac46fbfbd04e61f71782e729c0209f99d SHA512 7b84330ca5dd631629302f342a11bf6211cf0711ff3f3273d63ddb072e84c8fe8bef48d511b264affc82090ee51036a09421f81878e10b0c047f572d7720de96 DIST refpolicy-2.20220106.tar.bz2 560342 BLAKE2B bc0e65466333e02acb48adbb28b8176d3c8e508b2ff97d4f8a876d7c0a65534a62d86c9816ac59f6eed583f4b5c51cf432643edd2dad24dd51eb3cf22e2b75ac SHA512 794327d2dd07196b5f36771f9a961cdf294cf68f690735418d6bdd859499b7007c518cc022ccca9c245a5266b85bdb7cacdcaeefee14e4800937c9101476b373 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r2.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r2.ebuild deleted file mode 100644 index 9e42cf570b5f..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r2.ebuild +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -if [[ ${PV} == 9999* ]]; then - EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" - EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" - EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" - - inherit git-r3 -else - SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 - https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~mips x86" -fi - -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" -DESCRIPTION="SELinux policy for core modules" - -IUSE="systemd +unconfined" - -PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" -DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" -RDEPEND="${DEPEND}" -BDEPEND=" - sys-apps/checkpolicy - sys-devel/m4" - -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/" - -# Code entirely copied from selinux-eclass (cannot inherit due to dependency on -# itself), when reworked reinclude it. Only postinstall (where -b base.pp is -# added) needs to remain then. - -pkg_pretend() { - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "targeted" ]] && ! use unconfined; then - die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." - fi - done -} - -src_prepare() { - local modfiles - - if [[ ${PV} != 9999* ]]; then - einfo "Applying SELinux policy updates ... " - eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" - fi - - eapply_user - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done -} - -src_compile() { - for i in ${POLICY_TYPES}; do - emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} - done -} - -src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp - done - done -} - -pkg_postinst() { - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ "${ROOT}" != "" ]]; then - root_opts="-p ${ROOT} -n" - fi - - # Override the command from the eclass, we need to load in base as well here - local COMMAND="-i base.pp" - if has_version "<sys-apps/policycoreutils-2.5"; then - COMMAND="-b base.pp" - fi - - for i in ${MODS}; do - COMMAND="${COMMAND} -i ${i}.pp" - done - - for i in ${POLICY_TYPES}; do - einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" - - cd "${ROOT}/usr/share/selinux/${i}" - - semodule ${root_opts} -s ${i} ${COMMAND} - done - - # Don't relabel when cross compiling - if [[ "${ROOT}" == "" ]]; then - # Relabel depending packages - local PKGSET=""; - if [[ -x /usr/bin/qdepends ]] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - elif [[ -x /usr/bin/equery ]] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - fi - if [[ -n "${PKGSET}" ]] ; then - rlpkg ${PKGSET}; - fi - fi -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild deleted file mode 100644 index 612ab55a8ac5..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -if [[ ${PV} == 9999* ]]; then - EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" - EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" - EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" - - inherit git-r3 -else - SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 - https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~mips x86" -fi - -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" -DESCRIPTION="SELinux policy for core modules" - -IUSE="systemd +unconfined" - -PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" -DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" -RDEPEND="${DEPEND}" -BDEPEND=" - sys-apps/checkpolicy - sys-devel/m4" - -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" -DEL_MODS="hotplug" -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/" - -# Code entirely copied from selinux-eclass (cannot inherit due to dependency on -# itself), when reworked reinclude it. Only postinstall (where -b base.pp is -# added) needs to remain then. - -pkg_pretend() { - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "targeted" ]] && ! use unconfined; then - die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." - fi - done -} - -src_prepare() { - local modfiles - - if [[ ${PV} != 9999* ]]; then - einfo "Applying SELinux policy updates ... " - eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" - fi - - eapply_user - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" - done - - for i in ${DEL_MODS}; do - [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done -} - -src_compile() { - for i in ${POLICY_TYPES}; do - emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} - done -} - -src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp - done - done -} - -pkg_postinst() { - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ "${ROOT}" != "" ]]; then - root_opts="-p ${ROOT} -n" - fi - - # Override the command from the eclass, we need to load in base as well here - local COMMAND="-i base.pp" - if has_version "<sys-apps/policycoreutils-2.5"; then - COMMAND="-b base.pp" - fi - - for i in ${MODS}; do - COMMAND="${COMMAND} -i ${i}.pp" - done - - for i in ${POLICY_TYPES}; do - einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" - - cd "${ROOT}/usr/share/selinux/${i}" - - semodule ${root_opts} -s ${i} ${COMMAND} - - for mod in ${DEL_MODS}; do - if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then - einfo "Removing obsolete ${i} ${mod} policy package" - semodule ${root_opts} -s ${i} -r ${mod} - fi - done - done - - # Don't relabel when cross compiling - if [[ "${ROOT}" == "" ]]; then - # Relabel depending packages - local PKGSET=""; - if [[ -x /usr/bin/qdepends ]] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - elif [[ -x /usr/bin/equery ]] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - fi - if [[ -n "${PKGSET}" ]] ; then - rlpkg ${PKGSET}; - fi - fi -} diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild deleted file mode 100644 index 612ab55a8ac5..000000000000 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -if [[ ${PV} == 9999* ]]; then - EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" - EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" - EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" - - inherit git-r3 -else - SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 - https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" - KEYWORDS="amd64 arm arm64 ~mips x86" -fi - -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" -DESCRIPTION="SELinux policy for core modules" - -IUSE="systemd +unconfined" - -PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" -DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" -RDEPEND="${DEPEND}" -BDEPEND=" - sys-apps/checkpolicy - sys-devel/m4" - -MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" -DEL_MODS="hotplug" -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/" - -# Code entirely copied from selinux-eclass (cannot inherit due to dependency on -# itself), when reworked reinclude it. Only postinstall (where -b base.pp is -# added) needs to remain then. - -pkg_pretend() { - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "targeted" ]] && ! use unconfined; then - die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." - fi - done -} - -src_prepare() { - local modfiles - - if [[ ${PV} != 9999* ]]; then - einfo "Applying SELinux policy updates ... " - eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" - fi - - eapply_user - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" - done - - for i in ${DEL_MODS}; do - [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done -} - -src_compile() { - for i in ${POLICY_TYPES}; do - emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} - done -} - -src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp - done - done -} - -pkg_postinst() { - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ "${ROOT}" != "" ]]; then - root_opts="-p ${ROOT} -n" - fi - - # Override the command from the eclass, we need to load in base as well here - local COMMAND="-i base.pp" - if has_version "<sys-apps/policycoreutils-2.5"; then - COMMAND="-b base.pp" - fi - - for i in ${MODS}; do - COMMAND="${COMMAND} -i ${i}.pp" - done - - for i in ${POLICY_TYPES}; do - einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" - - cd "${ROOT}/usr/share/selinux/${i}" - - semodule ${root_opts} -s ${i} ${COMMAND} - - for mod in ${DEL_MODS}; do - if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then - einfo "Removing obsolete ${i} ${mod} policy package" - semodule ${root_opts} -s ${i} -r ${mod} - fi - done - done - - # Don't relabel when cross compiling - if [[ "${ROOT}" == "" ]]; then - # Relabel depending packages - local PKGSET=""; - if [[ -x /usr/bin/qdepends ]] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - elif [[ -x /usr/bin/equery ]] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - fi - if [[ -n "${PKGSET}" ]] ; then - rlpkg ${PKGSET}; - fi - fi -} |