diff options
| author |   Chris PeBenito <pebenito@gentoo.org> | 2003-05-14 19:13:19 +0000 |
|---|---|---|
| committer | Chris PeBenito <pebenito@gentoo.org> | 2003-05-14 19:13:19 +0000 |
| commit | 03bb2959272e1228bac5a2b4445a4b788985bf9a (patch) | |
| tree | c7980d3b137d9f5dd2853da7c8976a6b5c431d15 /sys-apps/selinux-small | |
| parent | for dev-java/jdbc-informix (diff) | |
| download | gentoo-2-03bb2959272e1228bac5a2b4445a4b788985bf9a.tar.gz gentoo-2-03bb2959272e1228bac5a2b4445a4b788985bf9a.tar.bz2 gentoo-2-03bb2959272e1228bac5a2b4445a4b788985bf9a.zip | |
Bump, for adding Method/zwelch's setfiles patch
Diffstat (limited to 'sys-apps/selinux-small')
| -rw-r--r-- | sys-apps/selinux-small/ChangeLog | 11 | ||||
| -rw-r--r-- | sys-apps/selinux-small/Manifest | 5 | ||||
| -rw-r--r-- | sys-apps/selinux-small/files/digest-selinux-small-2003040709-r1 | 2 | ||||
| -rw-r--r-- | sys-apps/selinux-small/files/selinux-small-2003040709-setfiles.diff | 120 | ||||
| -rw-r--r-- | sys-apps/selinux-small/selinux-small-2003040709-r1.ebuild | 147 |
5 files changed, 283 insertions, 2 deletions
diff --git a/sys-apps/selinux-small/ChangeLog b/sys-apps/selinux-small/ChangeLog index 1e3cbded3417..a9fc04671fe9 100644 --- a/sys-apps/selinux-small/ChangeLog +++ b/sys-apps/selinux-small/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-apps/selinux-small # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/ChangeLog,v 1.14 2003/05/10 18:27:06 pebenito Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/ChangeLog,v 1.15 2003/05/14 19:13:15 pebenito Exp $ + +*selinux-small-2003040709-r1 (14 May 2003) + + 14 May 2003; Chris PeBenito <pebenito@gentoo.org> + selinux-small-2003040709-r1.ebuild, + files/selinux-small-2003040709-setfiles.diff: + Added Method/zwelch's setfiles patch. This provides the setfiles support for + labelling files correctly, in the sandbox. Still need portage support for + this, however. *selinux-small-2003040709 (10 May 2003) diff --git a/sys-apps/selinux-small/Manifest b/sys-apps/selinux-small/Manifest index 7e0f291deda2..756fe8e23891 100644 --- a/sys-apps/selinux-small/Manifest +++ b/sys-apps/selinux-small/Manifest @@ -1,9 +1,12 @@ MD5 a72c63e1fb9dfae6192d836123273767 selinux-small-2003011510-r3.ebuild 3993 MD5 5f53b492ab89de7607a70d08f844228e selinux-small-2003011510-r4.ebuild 4212 -MD5 19122eea7b09ab29b8688d430eb559fb ChangeLog 2964 +MD5 66f378585e11a8229bc89202d00f09fb ChangeLog 3319 MD5 78c9c107caf533d59ef182eb9a90d6bc selinux-small-2003040709.ebuild 4421 +MD5 6ed2547809a991a94a1cfd1aa19cd875 selinux-small-2003040709-r1.ebuild 4482 MD5 e5ffaa323b22754b51eaa94f04bcf5dd files/digest-selinux-small-2003011510-r3 151 MD5 e5ffaa323b22754b51eaa94f04bcf5dd files/digest-selinux-small-2003011510-r4 151 MD5 5b8ae6c77d50a559c31fb144faf6843e files/selinux-small-2003011510-bison.diff 553 MD5 5b8ae6c77d50a559c31fb144faf6843e files/selinux-small-2003040709-bison.diff 553 MD5 0986e11cde481cc9d4f8061654dedead files/digest-selinux-small-2003040709 151 +MD5 0986e11cde481cc9d4f8061654dedead files/digest-selinux-small-2003040709-r1 151 +MD5 3809db44913b783d2b8bb31c8361aa92 files/selinux-small-2003040709-setfiles.diff 2623 diff --git a/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r1 b/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r1 new file mode 100644 index 000000000000..be96298ad944 --- /dev/null +++ b/sys-apps/selinux-small/files/digest-selinux-small-2003040709-r1 @@ -0,0 +1,2 @@ +MD5 f2a8e506d952ceb4a30970a646e9a227 selinux-small-2003040709.tgz 571597 +MD5 98d24820cf82cce8d826b88ff2617eb6 selinux-small_2003040709-5.diff.gz 62300 diff --git a/sys-apps/selinux-small/files/selinux-small-2003040709-setfiles.diff b/sys-apps/selinux-small/files/selinux-small-2003040709-setfiles.diff new file mode 100644 index 000000000000..846b88739a38 --- /dev/null +++ b/sys-apps/selinux-small/files/selinux-small-2003040709-setfiles.diff @@ -0,0 +1,120 @@ +--- setfiles.c.orig 2003-04-04 07:29:44.000000000 -0600 ++++ setfiles.c 2003-05-10 23:42:39.000000000 -0500 +@@ -89,6 +89,10 @@ + static int use_inum = 0; + + static int quiet = 0; ++ ++static char *rootpath = NULL; ++static int rootpathlen = 0; ++ + #define QPRINTF(args...) do { if (!quiet) printf(args); } while (0) + + /* +@@ -283,15 +287,27 @@ + int match(const char *name, struct stat *sb, security_id_t *out_sid) + { + int i, ret; ++ const char *fullname = name; ++ ++ /* fullname will be the real file that gets labeled ++ * name will be what is matched in the policy */ ++ if (NULL != rootpath) { ++ if (0 != strncmp(rootpath, name, rootpathlen)) { ++ fprintf(stderr, "%s: %s is not located in %s\n", ++ progname, name, rootpath); ++ return -1; ++ } ++ name += rootpathlen; ++ } + + if (flask_enabled) { +- ret = lstat_secure(name, sb, out_sid); ++ ret = lstat_secure(fullname, sb, out_sid); + } else { +- ret = lstat(name, sb); ++ ret = lstat(fullname, sb); + } + if (ret) { + fprintf(stderr, "%s: unable to stat file %s\n", progname, +- name); ++ fullname); + return -1; + } + +@@ -564,6 +580,23 @@ + return 0; + } + ++void set_rootpath(const char *arg) ++{ ++ int len; ++ ++ rootpath = strdup(arg); ++ if (NULL == rootpath) { ++ fprintf(stderr, "%s: insufficient memory for rootpath\n", ++ progname); ++ exit(1); ++ } ++ ++ /* trim trailing /, if present */ ++ len = strlen(rootpath); ++ while ('/' == rootpath[len - 1]) ++ rootpath[--len] = 0; ++ rootpathlen = len; ++} + + int main(int argc, char **argv) + { +@@ -577,7 +610,7 @@ + struct stat sb; + + /* Process any options. */ +- while ((opt = getopt(argc, argv, "dinqsvRW")) > 0) { ++ while ((opt = getopt(argc, argv, "dinqsvrRW")) > 0) { + switch (opt) { + case 'd': + debug = 1; +@@ -604,6 +637,20 @@ + case 'i': + use_inum = 1; + break; ++ case 'r': ++ if (optind + 1 >= argc) { ++ fprintf(stderr, "usage: %s -r rootpath\n", ++ argv[0]); ++ exit(1); ++ } ++ if (NULL != rootpath) { ++ fprintf(stderr, ++ "%s: only one -r can be specified\n", ++ argv[0]); ++ exit(1); ++ } ++ set_rootpath(argv[optind++]); ++ break; + } + } + +@@ -675,7 +722,7 @@ + } else { + if (optind > (argc - 2)) { + fprintf(stderr, +- "usage: %s [-dnqvRW] spec_file pathname...\n", ++ "usage: %s [-dnqvrRW] spec_file pathname...\n", + argv[0]); + exit(1); + } +@@ -919,7 +966,11 @@ + } + else for (; optind < argc; optind++) + { +- ++ if (NULL != rootpath) { ++ QPRINTF("%s: labeling files, pretending %s is /\n", ++ argv[0], rootpath); ++ } ++ + if (flask_enabled) { + QPRINTF("%s: labeling files under %s\n", argv[0], + argv[optind]); diff --git a/sys-apps/selinux-small/selinux-small-2003040709-r1.ebuild b/sys-apps/selinux-small/selinux-small-2003040709-r1.ebuild new file mode 100644 index 000000000000..7fb727ca7d71 --- /dev/null +++ b/sys-apps/selinux-small/selinux-small-2003040709-r1.ebuild @@ -0,0 +1,147 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/selinux-small-2003040709-r1.ebuild,v 1.1 2003/05/14 19:13:15 pebenito Exp $ + +DESCRIPTION="SELinux libraries and policy compiler" +HOMEPAGE="http://www.nsa.gov/selinux" +SRC_URI="http://www.nsa.gov/selinux/archives/${P}.tgz + http://www.coker.com.au/selinux/selinux-small/selinux-small_${PV}-5.diff.gz" + +LICENSE="GPL-1" +SLOT="0" +S="${WORKDIR}/selinux" + +# to easily specify that libsecure is in the workdir, and we want to use pam +LIBSECURE="-I${S}/libsecure/include -L${S}/libsecure/src -DUSE_PAM" + +KEYWORDS="~x86 ~ppc ~alpha ~sparc" +IUSE="selinux" +DEPEND="<sys-libs/glibc-2.3.2 + sys-devel/flex + sys-libs/pam + || ( + >=sys-kernel/selinux-sources-2.4.20-r1 + >=sys-kernel/hardened-sources-2.4.20-r1 + )" + +RDEPEND="<sys-libs/glibc-2.3.2 + || ( + >=sys-kernel/selinux-sources-2.4.20-r1 + >=sys-kernel/hardened-sources-2.4.20-r1 + ) + dev-tcltk/expect + sys-apps/selinux-base-policy" + +pkg_setup() { + use selinux || eend 1 "You must have selinux in USE." + + if [ ! -f /usr/src/linux/security/selinux/ss/ebitmap.c ]; then + eerror "The /usr/src/linux symlink appears to be incorrect. It must" + eerror "be pointing to a selinux-sources or hardened-sources kernel" + eerror "for selinux-small to compile. If the symlink is correct, the" + eerror "kernel sources may be damaged or incomplete, and will need to" + eend 1 "be remerged. Please fix and retry." + fi +} + +src_compile() { + ln -s /usr/src/linux ${WORKDIR}/lsm-2.4 + + cd ${S} + + epatch ${WORKDIR}/selinux-small_${PV}-5.diff + epatch ${FILESDIR}/${P}-bison.diff + + cd ${S}/setfiles + epatch ${FILESDIR}/${P}-setfiles.diff + + einfo "Compiling checkpolicy" + cd ${S}/module + make all LSMVER=-2.4 || die "Checkpolicy compilation failed" + + einfo "Compiling libsecure" + cd ${S}/libsecure + make SE_INC=/usr/include/linux/flask \ + EXTRA_CFLAGS="${CFLAGS}" \ + || die "libsecure compile failed." + cd ${S}/devfsd + mv devfsd-conflet selinux-small + make CFLAGS="${CFLAGS} ${LIBSECURE}" \ + LDFLAGS="-L${S}/libsecure/src" \ + || die "devfsd compile failed." + + einfo "Compiling utilities" + cd ${S}/setfiles + make CFLAGS="${CFLAGS} ${LIBSECURE}" \ + LDFLAGS="-L${S}/libsecure/src" setfiles \ + || die "setfiles compile failed." + cd ${S}/utils/newrole + make CFLAGS="${CFLAGS} ${LIBSECURE} -lcrypt" \ + || die "newrole compile failed." + cd ${S}/utils/run_init + make CFLAGS="${CFLAGS} ${LIBSECURE} -lcrypt" \ + || die "run_init compile failed." + cd ${S}/utils/spasswd + make CFLAGS="${CFLAGS} ${LIBSECURE}" \ + LDFLAGS="-L${S}/libsecure/src -lcrypt" \ + || die "spasswd compile failed." +} + +src_install() { + # install policy stuff + dosbin ${S}/module/checkpolicy/checkpolicy + dosbin ${S}/setfiles/setfiles + + insinto /etc/security + doins ${S}/utils/appconfig/* + + insinto /usr/include + doins ${S}/libsecure/include/*.h + + insinto /etc/devfs.d + doins ${S}/devfsd/selinux-small + + dolib.a ${S}/libsecure/src/libsecure.a + dobin ${S}/libsecure/test/{avc_enforcing,avc_toggle,context_to_sid,sid_to_context,list_sids,chsid,lchsid,chsidfs,get_user_sids} + dosbin ${S}/libsecure/test/load_policy + dobin ${S}/utils/spasswd/{sadminpasswd,schfn,schsh,spasswd,suseradd,suserdel,svipw} + dobin ${S}/utils/run_init/run_init + dosbin ${S}/utils/run_init/open_init_pty + dobin ${S}/utils/newrole/newrole + + doman ${S}/setfiles/setfiles.8 + doman ${S}/libsecure/man/man[12]/* + doman ${S}/utils/newrole/newrole.1 + doman ${S}/utils/run_init/run_init.8 + + exeinto /lib/devfsd + doexe ${S}/devfsd/devfsd-se.so + + # install pam stuff + dodir /etc/pam.d + sed "/pam_rootok.so/d" /etc/pam.d/su > ${D}/etc/pam.d/newrole + cp ${D}/etc/pam.d/newrole ${D}/etc/pam.d/run_init +} + +pkg_postinst() { + einfo + einfo "To recompile the policy and relabel the filesystem simply run:" + einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config" + einfo +} + +pkg_config() { + cd /etc/security/selinux/src/policy + + einfo "Compiling policy" + make policy || die "Policy compile failed (see above error messages)" + + einfo "Installing policy" + make install || die "Policy install failed (see above error messages)" + + einfo "Loading policy" + make load || die "Policy loading failed (see above error messages)" + + einfo "Relabeling filesystems -- This will take a very long time!" + make relabel || die "Relabeling failed (see above error messages)" +} |