summaryrefslogtreecommitdiff
blob: 11630893fb17ea9c87a3bfa4fd0ff57eace82fa4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/selinux-small/selinux-small-2003040709-r1.ebuild,v 1.2 2003/05/25 21:34:18 pebenito Exp $

DESCRIPTION="SELinux libraries and policy compiler"
HOMEPAGE="http://www.nsa.gov/selinux"
SRC_URI="http://www.nsa.gov/selinux/archives/${P}.tgz
	 http://www.coker.com.au/selinux/selinux-small/selinux-small_${PV}-5.diff.gz"

LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/selinux"

# to easily specify that libsecure is in the workdir, and we want to use pam
LIBSECURE="-I${S}/libsecure/include -L${S}/libsecure/src -DUSE_PAM"

KEYWORDS="~x86 ~ppc ~alpha ~sparc"
IUSE="selinux"
DEPEND="<sys-libs/glibc-2.3.2
	sys-devel/flex
	sys-libs/pam
        || (
                >=sys-kernel/selinux-sources-2.4.20-r1
                >=sys-kernel/hardened-sources-2.4.20-r1
           )"

RDEPEND="<sys-libs/glibc-2.3.2
	|| (
                >=sys-kernel/selinux-sources-2.4.20-r1
                >=sys-kernel/hardened-sources-2.4.20-r1
           )
	 dev-tcltk/expect
	 sys-apps/selinux-base-policy"

pkg_setup() {
	use selinux || eend 1 "You must have selinux in USE."

	if [ ! -f /usr/src/linux/security/selinux/ss/ebitmap.c ]; then
		eerror "The /usr/src/linux symlink appears to be incorrect.  It must"
		eerror "be pointing to a selinux-sources or hardened-sources kernel"
		eerror "for selinux-small to compile.  If the symlink is correct, the"
		eerror "kernel sources may be damaged or incomplete, and will need to"
		eend 1 "be remerged.  Please fix and retry."
	fi
}

src_compile() {
	ln -s /usr/src/linux ${WORKDIR}/lsm-2.4

	cd ${S}

	epatch ${WORKDIR}/selinux-small_${PV}-5.diff
	epatch ${FILESDIR}/${P}-bison.diff

	cd ${S}/setfiles
	epatch ${FILESDIR}/${P}-setfiles.diff

	einfo "Compiling checkpolicy"
	cd ${S}/module
		make all LSMVER=-2.4 || die "Checkpolicy compilation failed"

	einfo "Compiling libsecure"
	cd ${S}/libsecure
		make SE_INC=/usr/include/linux/flask \
			EXTRA_CFLAGS="${CFLAGS}" \
			|| die "libsecure compile failed."
	cd ${S}/devfsd
		mv devfsd-conflet selinux-small
		make CFLAGS="${CFLAGS} ${LIBSECURE}" \
			LDFLAGS="-L${S}/libsecure/src" \
			|| die "devfsd compile failed."

	einfo "Compiling utilities"
	cd ${S}/setfiles
		make CFLAGS="${CFLAGS} ${LIBSECURE}" \
			LDFLAGS="-L${S}/libsecure/src" setfiles \
			|| die "setfiles compile failed."
	cd ${S}/utils/newrole
		make CFLAGS="${CFLAGS} ${LIBSECURE} -lcrypt" \
			|| die "newrole compile failed."
	cd ${S}/utils/run_init
		make CFLAGS="${CFLAGS} ${LIBSECURE} -lcrypt" \
			|| die "run_init compile failed."
	cd ${S}/utils/spasswd
		make CFLAGS="${CFLAGS} ${LIBSECURE}" \
			LDFLAGS="-L${S}/libsecure/src -lcrypt" \
			|| die "spasswd compile failed."
}

src_install() {
	# install policy stuff
	dosbin ${S}/module/checkpolicy/checkpolicy
	dosbin ${S}/setfiles/setfiles

	insinto /etc/security
	doins ${S}/utils/appconfig/*

	insinto /usr/include
	doins ${S}/libsecure/include/*.h

	insinto /etc/devfs.d
	doins ${S}/devfsd/selinux-small

	dolib.a ${S}/libsecure/src/libsecure.a
	dobin ${S}/libsecure/test/{avc_enforcing,avc_toggle,context_to_sid,sid_to_context,list_sids,chsid,lchsid,chsidfs,get_user_sids}
	dosbin ${S}/libsecure/test/load_policy
	dobin ${S}/utils/spasswd/{sadminpasswd,schfn,schsh,spasswd,suseradd,suserdel,svipw}
	dobin ${S}/utils/run_init/run_init
	dosbin ${S}/utils/run_init/open_init_pty
	dobin ${S}/utils/newrole/newrole

	doman ${S}/setfiles/setfiles.8
	doman ${S}/libsecure/man/man[12]/*
	doman ${S}/utils/newrole/newrole.1
	doman ${S}/utils/run_init/run_init.8

	exeinto /lib/devfsd
	doexe ${S}/devfsd/devfsd-se.so

	# install pam stuff
	dodir /etc/pam.d
	sed "/pam_rootok.so/d" /etc/pam.d/su > ${D}/etc/pam.d/newrole
	cp ${D}/etc/pam.d/newrole ${D}/etc/pam.d/run_init
}

pkg_postinst() {
	einfo
	einfo "To recompile the policy and relabel the filesystem simply run:"
	einfo "ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config"
	einfo
}

pkg_config() {
	cd /etc/security/selinux/src/policy

	einfo "Compiling policy"
	make policy || die "Policy compile failed (see above error messages)"

	einfo "Installing policy"
	make install || die "Policy install failed (see above error messages)"

	einfo "Loading policy"
	make load || die "Policy loading failed (see above error messages)"

	einfo "Relabeling filesystems -- This will take a very long time!"
	make relabel || die "Relabeling failed (see above error messages)"
}