move to sec-policy

author: Chris PeBenito <pebenito@gentoo.org> 2003-07-28 19:39:52 +0000
committer: Chris PeBenito <pebenito@gentoo.org> 2003-07-28 19:39:52 +0000
commit: b1bf66a753d0099a117a3c5a2b79e5ef60625c05 (patch)
tree: 15aa46f0c3c2c33ba47c03d8b0264884dc6fd129 /sec-policy
parent: move to sec-policy (diff)
download: gentoo-2-b1bf66a753d0099a117a3c5a2b79e5ef60625c05.tar.gz
gentoo-2-b1bf66a753d0099a117a3c5a2b79e5ef60625c05.tar.bz2
gentoo-2-b1bf66a753d0099a117a3c5a2b79e5ef60625c05.zip
7 files changed, 205 insertions, 3 deletions
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
new file mode 100644
index 000000000000..77698ec539d0
--- /dev/null
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -0,0 +1,65 @@
+# ChangeLog for sys-apps/selinux-base-policy
+# Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.1 2003/07/28 19:38:14 pebenito Exp $
+
+*selinux-base-policy-20030720 (20 Jul 2003)
+
+  20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030720.ebuild:
+  Many fixes, including the syslog fix. File contexts have changed, so a relabel
+  is needed. You may encounter problems relabeling /usr/portage, as its file
+  context has changed, as files should not have the same type as a domain.
+  Relabelling in permissive will fix this, or temporarily give portage_t a
+  file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
+  users.fc, since all users with SELinux identities should have their home
+  directories have the correct identity, not the generic identity.
+
+  06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Mark stable
+
+*selinux-base-policy-20030604 (04 Jun 2003)
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030604.ebuild:
+  Fix broken 20030603
+
+  04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Pulling 20030603, as there are problems, 20030604 later today
+
+*selinux-base-policy-20030603 (03 Jun 2003)
+
+  03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030603.ebuild:
+  Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
+  as they are not appropriate for the base policy, and untested.
+
+*selinux-base-policy-20030522 (22 May 2003)
+
+  22 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030522.ebuild:
+  The policy is in pretty good shape now. I've been able to run in enforcing mode
+  with little problem. I've also been able to successfully merge and unmerge
+  packages in enforcing mode, with few exceptions (why does mysql need to run ps
+  during configure?).
+
+*selinux-base-policy-20030514 (14 May 2003)
+
+  14 May 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030514.ebuild:
+  Many improvements in many areas. Of note, rlogind policies were removed. Klogd
+  is being merged into syslogd. The portage policy is much more complete, but
+  still needs work. Its suggested that all changes be merged in, policy
+  reloaded, then relabel.
+
+*selinux-base-policy-20030419 (19 Apr 2003)
+
+  23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
+  selinux-base-policy-20030419.ebuild:
+  Marking stable for selinux-small stable usage
+
+  19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
+  selinux-base-policy-20030419.ebuild:
+  Initial commit.  Base policies for SELinux, with Gentoo-specifics
+
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index be197fe75ee1..f66202ce01aa 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -1,6 +1,6 @@
-MD5 9e63288b5aa51dd67529df447fce804e ChangeLog 2756
+MD5 f26e692fc91d3c693bf592290ccd4a0c ChangeLog 2757
 MD5 808b5f7f5d6654666e9193672d463229 metadata.xml 473
-MD5 eca4bbf3d791558ffbcaca9807e88e6e selinux-base-policy-20030720.ebuild 2047
-MD5 c7756990d5442f1d086a1f09693c6a7e selinux-base-policy-20030604.ebuild 2046
+MD5 ea1b4c7f7b273d07e5b6ed72e9e22548 selinux-base-policy-20030720.ebuild 2049
+MD5 f69b789c5dedf6b114e28c134b4d73a3 selinux-base-policy-20030604.ebuild 2048
 MD5 d10857a9bb40eeac10d0e5b3e83c27b8 files/digest-selinux-base-policy-20030720 80
 MD5 ca4360b2c75e8cc5e4d3f65ac763d5b4 files/digest-selinux-base-policy-20030604 80
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20030604 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20030604
new file mode 100644
index 000000000000..19db0d8594d1
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20030604
@@ -0,0 +1 @@
+MD5 bbb37787dfbf3b0fc568ecf37a8e4a3e selinux-base-policy-20030604.tar.bz2 46037
diff --git a/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20030720 b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20030720
new file mode 100644
index 000000000000..6fbcadd47fe7
--- /dev/null
+++ b/sec-policy/selinux-base-policy/files/digest-selinux-base-policy-20030720
@@ -0,0 +1 @@
+MD5 ad36c07336d743709e6c52c165a55b96 selinux-base-policy-20030720.tar.bz2 46993
diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
new file mode 100644
index 000000000000..94bdea0f68b8
--- /dev/null
+++ b/sec-policy/selinux-base-policy/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>hardened</herd>
+<maintainer>
+  <email>pebenito@gentoo.org</email>
+  <name>Chris PeBenito</name>
+  <description>Primary Maintainer</description>
+</maintainer>
+<longdescription>Gentoo SELinux base policy.  This contains policy for a system at the end of system installation.  No extra policy is in this package.</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-20030604.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-20030604.ebuild
new file mode 100644
index 000000000000..f0250ab2ac21
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-20030604.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-20030604.ebuild,v 1.1 2003/07/28 19:38:14 pebenito Exp $
+
+IUSE="selinux"
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org"
+SRC_URI="mirror://gentoo/${P}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="x86"
+RDEPEND="|| (
+		>=sys-kernel/selinux-sources-2.4.20-r1
+		>=sys-kernel/hardened-sources-2.4.20-r1
+	    )
+	 sys-devel/m4
+	 sys-devel/make"
+DEPEND=""
+S=${WORKDIR}/base-policy
+
+pkg_setup() {
+	if [ -z "`use selinux`" ]; then
+		eerror "selinux is missing from your USE.  You seem to be using the"
+		eerror "incorrect profile.  SELinux has a different profile than"
+		eerror "mainline Gentoo.  Make sure the /etc/make.profile symbolic"
+		eend 1 "link is pointing to /usr/portage/profiles/selinux-x86-1.4/"
+	fi
+}
+
+src_install() {
+	dodir /etc/security/selinux/src
+
+	insinto /etc/security
+	doins ${S}/appconfig/*
+	rm -fR ${S}/appconfig
+
+	mv ${S} ${D}/etc/security/selinux/src/policy
+}
+
+pkg_postinst() {
+	echo
+	einfo "This is the base policy for SELinux on Gentoo.  This policy"
+	einfo "package only covers the applications in the system profile."
+	einfo "More policy may need to be added according to your requirements."
+	echo
+	eerror "It is STRONGLY suggested that you evaluate and merge the"
+	eerror "policy changes.  If any of the file contexts (*.fc) have"
+	eerror "changed, you should also relabel."
+	echo
+	ewarn "Please check the Changelog, there may be important information."
+	echo
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	sleep 8
+}
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-20030720.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-20030720.ebuild
new file mode 100644
index 000000000000..6f60bdb7ef47
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-20030720.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-20030720.ebuild,v 1.1 2003/07/28 19:38:14 pebenito Exp $
+
+IUSE="selinux"
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="http://www.gentoo.org"
+SRC_URI="mirror://gentoo/${P}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+RDEPEND="|| (
+		>=sys-kernel/selinux-sources-2.4.20-r1
+		>=sys-kernel/hardened-sources-2.4.20-r1
+	    )
+	 sys-devel/m4
+	 sys-devel/make"
+DEPEND=""
+S=${WORKDIR}/base-policy
+
+pkg_setup() {
+	if [ -z "`use selinux`" ]; then
+		eerror "selinux is missing from your USE.  You seem to be using the"
+		eerror "incorrect profile.  SELinux has a different profile than"
+		eerror "mainline Gentoo.  Make sure the /etc/make.profile symbolic"
+		eend 1 "link is pointing to /usr/portage/profiles/selinux-x86-1.4/"
+	fi
+}
+
+src_install() {
+	dodir /etc/security/selinux/src
+
+	insinto /etc/security
+	doins ${S}/appconfig/*
+	rm -fR ${S}/appconfig
+
+	mv ${S} ${D}/etc/security/selinux/src/policy
+}
+
+pkg_postinst() {
+	echo
+	einfo "This is the base policy for SELinux on Gentoo.  This policy"
+	einfo "package only covers the applications in the system profile."
+	einfo "More policy may need to be added according to your requirements."
+	echo
+	eerror "It is STRONGLY suggested that you evaluate and merge the"
+	eerror "policy changes.  If any of the file contexts (*.fc) have"
+	eerror "changed, you should also relabel."
+	echo
+	ewarn "Please check the Changelog, there may be important information."
+	echo
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	echo -ne "\a" ; sleep 0.1 ; echo -ne "\a" ; sleep 1
+	sleep 8
+}
author	Chris PeBenito <pebenito@gentoo.org>	2003-07-28 19:39:52 +0000
committer	Chris PeBenito <pebenito@gentoo.org>	2003-07-28 19:39:52 +0000
commit	b1bf66a753d0099a117a3c5a2b79e5ef60625c05 (patch)
tree	15aa46f0c3c2c33ba47c03d8b0264884dc6fd129 /sec-policy
parent	move to sec-policy (diff)
download	gentoo-2-b1bf66a753d0099a117a3c5a2b79e5ef60625c05.tar.gz gentoo-2-b1bf66a753d0099a117a3c5a2b79e5ef60625c05.tar.bz2 gentoo-2-b1bf66a753d0099a117a3c5a2b79e5ef60625c05.zip