Initial commit to tree, renames selinux-openldap

Package-Manager: portage-2.1.9.42/cvs/Linux x86_64
author: Anthony G. Basile <blueness@gentoo.org> 2011-04-16 13:25:34 +0000
committer: Anthony G. Basile <blueness@gentoo.org> 2011-04-16 13:25:34 +0000
commit: aa55ea0061acdb720aee88006bd80738e382c990 (patch)
tree: 8bba5b96d82fbdcc9018b3e4fb5aaa446b8b430e /sec-policy/selinux-ldap
parent: Removed maskings and unmaskings for sec-policy/selinux-hal. (diff)
download: historical-aa55ea0061acdb720aee88006bd80738e382c990.tar.gz
historical-aa55ea0061acdb720aee88006bd80738e382c990.tar.bz2
historical-aa55ea0061acdb720aee88006bd80738e382c990.zip
5 files changed, 190 insertions, 0 deletions
diff --git a/sec-policy/selinux-ldap/ChangeLog b/sec-policy/selinux-ldap/ChangeLog
new file mode 100644
index 000000000000..ad940efdc36d
--- /dev/null
+++ b/sec-policy/selinux-ldap/ChangeLog
@@ -0,0 +1,109 @@
+# ChangeLog for sec-policy/selinux-ldap
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-ldap/ChangeLog,v 1.1 2011/04/16 13:25:34 blueness Exp $
+
+  16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/fix-services-ldap-r1.patch, +selinux-ldap-2.20101213-r1.ebuild,
+  +metadata.xml:
+  Initial commit to tree, renames selinux-openldap
+
+*selinux-ldap-2.20101213-r1 (14 Mar 2011)
+
+  14 Mar 2011; <swift@gentoo.org> +files/fix-services-ldap-r1.patch,
+  +selinux-ldap-2.20101213-r1.ebuild, +metadata.xml:
+  Fix file contexts, enable ldap administration
+
+*selinux-openldap-2.20101213 (05 Feb 2011)
+
+  05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+  +selinux-openldap-2.20101213.ebuild:
+  New upstream policy.
+
+*selinux-openldap-2.20091215 (16 Dec 2009)
+
+  16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-openldap-2.20091215.ebuild:
+  New upstream release.
+
+  14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-openldap-20070329.ebuild, -selinux-openldap-20070928.ebuild,
+  selinux-openldap-20080525.ebuild:
+  Mark 20080525 stable, clear old ebuilds.
+
+*selinux-openldap-2.20090730 (03 Aug 2009)
+
+  03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-openldap-2.20090730.ebuild:
+  New upstream release.
+
+  18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+  selinux-openldap-20070329.ebuild, selinux-openldap-20070928.ebuild,
+  selinux-openldap-20080525.ebuild:
+  Drop alpha, mips, ppc, sparc selinux support.
+
+*selinux-openldap-20080525 (25 May 2008)
+
+  25 May 2008; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-openldap-20080525.ebuild:
+  New SVN snapshot.
+
+  16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
+  -selinux-openldap-20050626.ebuild, -selinux-openldap-20051122.ebuild,
+  -selinux-openldap-20061114.ebuild:
+  Remove old ebuilds.
+
+  03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
+  selinux-openldap-20070928.ebuild:
+  Mark stable.
+
+*selinux-openldap-20070928 (26 Nov 2007)
+
+  26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-openldap-20070928.ebuild:
+  New SVN snapshot.
+
+  29 Aug 2007; Christian Heim <phreak@gentoo.org> metadata.xml:
+  Removing kaiowas from metadata due to his retirement (see #61930 for
+  reference).
+
+  04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+  selinux-openldap-20070329.ebuild:
+  Mark stable.
+
+*selinux-openldap-20070329 (29 Mar 2007)
+
+  29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-openldap-20070329.ebuild:
+  New SVN snapshot.
+
+  22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
+  Redigest for Manifest2
+
+*selinux-openldap-20061114 (15 Nov 2006)
+
+  15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-openldap-20061114.ebuild:
+  New SVN snapshot.
+
+*selinux-openldap-20061008 (10 Oct 2006)
+
+  10 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+  +selinux-openldap-20061008.ebuild:
+  First mainstream reference policy testing release.
+
+  02 Dec 2005; petre rodan <kaiowas@gentoo.org>
+  selinux-openldap-20051122.ebuild:
+  mark stable on amd64 mips ppc sparc x86
+
+*selinux-openldap-20051122 (28 Nov 2005)
+
+  28 Nov 2005; petre rodan <kaiowas@gentoo.org>
+  selinux-openldap-20050626.ebuild, +selinux-openldap-20051122.ebuild:
+  marked stable on amd64 mips ppc sparc x86, merge with upstream
+
+*selinux-openldap-20050626 (26 Jun 2005)
+
+  26 Jun 2005; petre rodan <kaiowas@gentoo.org> +metadata.xml,
+  +selinux-openldap-20050626.ebuild:
+  initial commit
+
diff --git a/sec-policy/selinux-ldap/Manifest b/sec-policy/selinux-ldap/Manifest
new file mode 100644
index 000000000000..943e2e9a1306
--- /dev/null
+++ b/sec-policy/selinux-ldap/Manifest
@@ -0,0 +1,15 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+AUX fix-services-ldap-r1.patch 1803 RMD160 30deef4c8ab5e97aac158380ac94b28377fc7c59 SHA1 c4d2ae9db59eebfecbe9a5147a57ce944f2dfca4 SHA256 fefd3ab124605048f7042ea95cea3a4f768802373b608d38a519e471fd694537
+DIST refpolicy-2.20101213.tar.bz2 559450 RMD160 4858f792f4db5b179de6fb8419a626c29d59bdd3 SHA1 0e881e99b8950a358eadc44633551ca10f12eaee SHA256 b691ee8f6066cc19bb0d4384fe3be277d97d22e9d4ac2db0c252065e8c3535de
+EBUILD selinux-ldap-2.20101213-r1.ebuild 547 RMD160 5d13637d681a415344d6e75cf4beb5241232b569 SHA1 b2461363a6853456e2d8b0677b36849c139bbf1a SHA256 d884e1c91a5ea3b8156b2d270d4b2f197ec9b36d90a1b41645d3a3f7e9fcdfc8
+MISC ChangeLog 3460 RMD160 d77f836fffc2f2f9021944253a3095b99f908eff SHA1 5428bb20ba7d721b6f234db976bddcf642677130 SHA256 330faeae05f24bc824f4142580c6ba76d134a924763edf341592c97d9b896f53
+MISC metadata.xml 232 RMD160 5a9be5ffb3c01c66354753839a89fe28933de08e SHA1 88d37d757de1f862ae0deff460cca2bdcca42748 SHA256 52b9b6e6d6f33940bd146eba8e36de809589263d70d3ca58d67cd025ab4a5872
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.17 (GNU/Linux)
+
+iEYEAREIAAYFAk2pmNkACgkQl5yvQNBFVTV12gCgme94HWIW1pCDcVtMFCztKLwk
+Up4An3W3hv7HcbW/RGlOc1kTcPkppmQ5
+=U7xu
+-----END PGP SIGNATURE-----
diff --git a/sec-policy/selinux-ldap/files/fix-services-ldap-r1.patch b/sec-policy/selinux-ldap/files/fix-services-ldap-r1.patch
new file mode 100644
index 000000000000..f459b06167b8
--- /dev/null
+++ b/sec-policy/selinux-ldap/files/fix-services-ldap-r1.patch
@@ -0,0 +1,43 @@
+--- services/ldap.te	2010-09-10 17:05:45.000000000 +0200
++++ services/ldap.te	2011-03-12 22:10:48.814999997 +0100
+@@ -42,11 +42,12 @@
+ # cjp: why net_raw?
+ allow slapd_t self:capability { kill setgid setuid net_raw dac_override dac_read_search };
+ dontaudit slapd_t self:capability sys_tty_config;
+-allow slapd_t self:process setsched;
++allow slapd_t self:process { setsched signal };
+ allow slapd_t self:fifo_file rw_fifo_file_perms;
+ allow slapd_t self:udp_socket create_socket_perms;
+ #slapd needs to listen and accept needed by ldapsearch (slapd needs to accept from ldapseach)
+ allow slapd_t self:tcp_socket create_stream_socket_perms;
++allow slapd_t self:unix_stream_socket listen;
+ 
+ allow slapd_t slapd_cert_t:dir list_dir_perms;
+ read_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
+@@ -114,6 +115,7 @@
+ 
+ userdom_dontaudit_use_unpriv_user_fds(slapd_t)
+ userdom_dontaudit_search_user_home_dirs(slapd_t)
++userdom_use_user_terminals(slapd_t)
+ 
+ optional_policy(`
+ 	kerberos_keytab_template(slapd, slapd_t)
+--- services/ldap.fc	2010-08-03 15:11:06.000000000 +0200
++++ services/ldap.fc	2011-03-12 18:57:10.880999997 +0100
+@@ -8,7 +8,16 @@
+ /usr/lib/slapd		--	gen_context(system_u:object_r:slapd_exec_t,s0)
+ ')
+ 
++ifdef(`distro_gentoo',`
++/usr/lib(64)?/openldap/slapd	--	gen_context(system_u:object_r:slapd_exec_t,s0)
++')
++
+ /var/lib/ldap(/.*)?		gen_context(system_u:object_r:slapd_db_t,s0)
++ifdef(`distro_gentoo',`
++/var/lib/openldap-data(/.*)?	gen_context(system_u:object_r:slapd_db_t,s0)
++/var/lib/openldap-ldbm(/.*)?	gen_context(system_u:object_r:slapd_db_t,s0)
++/var/lib/openldap-slurpd(/.*)?	gen_context(system_u:object_r:slapd_db_t,s0)
++')
+ /var/lib/ldap/replog(/.*)?	gen_context(system_u:object_r:slapd_replog_t,s0)
+ 
+ /var/run/ldapi		-s	gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --git a/sec-policy/selinux-ldap/metadata.xml b/sec-policy/selinux-ldap/metadata.xml
new file mode 100644
index 000000000000..d873bf1f89a8
--- /dev/null
+++ b/sec-policy/selinux-ldap/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>selinux</herd>
+	<longdescription>Gentoo SELinux policy for openldap</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild b/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild
new file mode 100644
index 000000000000..f7a60d9be9a2
--- /dev/null
+++ b/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild
@@ -0,0 +1,17 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild,v 1.1 2011/04/16 13:25:34 blueness Exp $
+
+MODS="ldap"
+IUSE=""
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for OpenLDAP server"
+
+KEYWORDS="~amd64 ~x86"
+RDEPEND="!<=sec-policy/selinux-openldap-2.20101213
+		>=sys-apps/policycoreutils-1.30.30
+		>=sec-policy/selinux-base-policy-${PV}"
+
+POLICY_PATCH="${FILESDIR}/fix-services-ldap-r1.patch"
author	Anthony G. Basile <blueness@gentoo.org>	2011-04-16 13:25:34 +0000
committer	Anthony G. Basile <blueness@gentoo.org>	2011-04-16 13:25:34 +0000
commit	aa55ea0061acdb720aee88006bd80738e382c990 (patch)
tree	8bba5b96d82fbdcc9018b3e4fb5aaa446b8b430e /sec-policy/selinux-ldap
parent	Removed maskings and unmaskings for sec-policy/selinux-hal. (diff)
download	historical-aa55ea0061acdb720aee88006bd80738e382c990.tar.gz historical-aa55ea0061acdb720aee88006bd80738e382c990.tar.bz2 historical-aa55ea0061acdb720aee88006bd80738e382c990.zip