mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-13 07:56:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #917 from flatcar/tormath1/selinux-policy-update

Browse Source 
selinux: update
This commit is contained in:
Mathieu Tortuyaux 2023-09-20 12:35:23 +02:00 committed by GitHub
commit 233758055d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
93 changed files with 607 additions and 1535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/portage-stable-packages-list vendored
View File

@ -295,6 +295,7 @@ eclass/python-single-r1.eclass
eclass/python-utils-r1.eclass
eclass/readme.gentoo-r1.eclass
eclass/savedconfig.eclass
eclass/selinux-policy-2.eclass
eclass/strip-linguas.eclass
eclass/systemd.eclass
eclass/tmpfiles.eclass
@ -363,8 +364,17 @@ profiles
#
# scripts
sec-policy/selinux-base
sec-policy/selinux-base-policy
sec-policy/selinux-container
sec-policy/selinux-dbus
sec-policy/selinux-sssd
sec-policy/selinux-unconfined
sys-apps/acl
sys-apps/attr
sys-apps/checkpolicy
sys-apps/config-site
sys-apps/coreutils
sys-apps/debianutils
@ -400,6 +410,7 @@ sys-apps/portage
sys-apps/pv
sys-apps/sandbox
sys-apps/sed
sys-apps/semodule-utils
sys-apps/smartmontools
sys-apps/texinfo
sys-apps/usbutils
@ -454,6 +465,8 @@ sys-libs/libcap
sys-libs/libcap-ng
sys-libs/libnvme
sys-libs/libseccomp
sys-libs/libselinux
sys-libs/libsepol
sys-libs/ncurses
sys-libs/readline
sys-libs/talloc

11
changelog/updates/2023-06-21-selinux.md Normal file
View File

@ -0,0 +1,11 @@
- libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))
- libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))
- semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))
- policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))
- libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))
- checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5))
- selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))
- selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))
- selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))
- selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))
- selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101))

0
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r308.ebuild → sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r309.ebuild vendored
View File

3
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild vendored
View File

@ -144,9 +144,10 @@ RDEPEND="${RDEPEND}
net-misc/wget
net-misc/whois
net-vpn/wireguard-tools
sec-policy/selinux-virt
sec-policy/selinux-base
sec-policy/selinux-base-policy
sec-policy/selinux-container
sec-policy/selinux-dbus
sec-policy/selinux-unconfined
sys-apps/acl
sys-apps/attr

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/config → sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/selinux-config vendored
View File

6
sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0.ebuild vendored
View File

@ -64,6 +64,9 @@ src_install() {
['/usr/share/skel/.bash_logout']='/usr/share/flatcar/etc/skel/.bash_logout'
['/usr/share/skel/.bash_profile']='/usr/share/flatcar/etc/skel/.bash_profile'
['/usr/share/skel/.bashrc']='/usr/share/flatcar/etc/skel/.bashrc'
['/usr/lib/selinux/config']='/usr/share/flatcar/etc/selinux/config'
['/usr/lib/selinux/mcs']='/usr/share/flatcar/etc/selinux/mcs'
['/usr/lib/selinux/semanage.conf']='/usr/share/flatcar/etc/selinux/semanage.conf'
)
local link target
@ -76,6 +79,9 @@ src_install() {
fi
done
insinto '/etc/selinux/'
newins "${FILESDIR}/selinux-config" config
insinto '/etc/bash/bashrc.d'
doins "${FILESDIR}/99-flatcar-bcc"

2
sdk_container/src/third_party/coreos-overlay/coreos/config/env/sec-policy/selinux-base vendored Normal file
View File

@ -0,0 +1,2 @@
PKG_INSTALL_MASK+=" /etc/selinux/config"
INSTALL_MASK+=" /etc/selinux/config"

4
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/init.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/init.patch vendored
View File

@ -1,7 +1,7 @@
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index dbd39cf8f..563559ca7 100644
--- refpolicy/policy/modules/system/init.te
+++ refpolicy/policy/modules/system/init.te
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -1503,3 +1503,6 @@ optional_policy(`
userdom_dontaudit_rw_all_users_stream_sockets(systemprocess)
userdom_dontaudit_write_user_tmp_files(systemprocess)

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/locallogin.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/locallogin.patch vendored
View File

@ -1,9 +1,9 @@
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 109980e79..d5c4a5d95 100644
--- refpolicy/policy/modules/system/locallogin.te
+++ refpolicy/policy/modules/system/locallogin.te
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -34,7 +34,7 @@ role system_r types sulogin_t;
allow local_login_t self:capability { chown dac_read_search dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config };
dontaudit local_login_t self:capability net_admin;
-allow local_login_t self:process { getcap setcap setexec setrlimit setsched };

14
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/logging.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/logging.patch vendored
View File

@ -1,18 +1,18 @@
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 7d713540d..d6cbc654d 100644
--- refpolicy/policy/modules/system/logging.te
+++ refpolicy/policy/modules/system/logging.te
@@ -516,11 +516,13 @@ userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
userdom_dontaudit_search_user_home_dirs(syslogd_t)
index abd61e6bd..fb5d69366 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -525,11 +525,13 @@ userdom_dontaudit_search_user_home_dirs(syslogd_t)
ifdef(`init_systemd',`
+ require { type kernel_t; }
# for systemd-journal
+ require { type kernel_t; }
allow syslogd_t self:capability audit_control;
allow syslogd_t self:netlink_audit_socket connected_socket_perms;
allow syslogd_t self:capability2 audit_read;
allow syslogd_t self:capability { chown setgid setuid sys_ptrace };
allow syslogd_t self:netlink_audit_socket { getattr getopt read setopt write nlmsg_write };
+ allow syslogd_t kernel_t:netlink_audit_socket getattr;
+ allow syslogd_t kernel_t:netlink_audit_socket getattr;
# remove /run/log/journal when switching to permanent storage
allow syslogd_t var_log_t:dir rmdir;

10
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/ping.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base-policy/ping.patch vendored
View File

@ -1,19 +1,19 @@
diff -u -r refpolicy/policy/modules/admin/netutils.te refpolicy/policy/modules/admin/netutils.te
--- refpolicy/policy/modules/admin/netutils.te 2022-01-12 14:28:26.850809330 -0000
+++ refpolicy/policy/modules/admin/netutils.te 2022-01-12 14:29:50.323880882 -0000
--- a/refpolicy/policy/modules/admin/netutils.te 2022-01-12 14:28:26.850809330 -0000
+++ b/refpolicy/policy/modules/admin/netutils.te 2022-01-12 14:29:50.323880882 -0000
@@ -117,6 +117,7 @@
corenet_raw_sendrecv_generic_node(ping_t)
corenet_tcp_sendrecv_generic_node(ping_t)
corenet_raw_bind_generic_node(ping_t)
+corenet_icmp_bind_generic_node(ping_t)
dev_read_urand(ping_t)
@@ -189,6 +190,7 @@
corenet_tcp_connect_all_ports(traceroute_t)
corenet_sendrecv_all_client_packets(traceroute_t)
corenet_sendrecv_traceroute_server_packets(traceroute_t)
+corenet_icmp_bind_generic_node(traceroute_t)
dev_read_rand(traceroute_t)
dev_read_urand(traceroute_t)

16
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/0001-policy-modules-kernel-all-more-actions-for-kernel.patch vendored Normal file
View File

@ -0,0 +1,16 @@
diff --git refpolicy/policy/modules/kernel/kernel.te refpolicy/policy/modules/kernel/kernel.te
index 56dbd5af5..b5cf0e3c0 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -363,6 +363,11 @@ files_list_home(kernel_t)
files_read_usr_files(kernel_t)
mcs_process_set_categories(kernel_t)
+mcs_killall(kernel_t)
+mcs_file_read_all(kernel_t)
+mcs_file_write_all(kernel_t)
+mcs_ptrace_all(kernel_t)
+allow kernel_t self:user_namespace create;
mls_process_read_all_levels(kernel_t)
mls_process_write_all_levels(kernel_t)

44
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/files-relabel.patch vendored Normal file
View File

@ -0,0 +1,44 @@
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 495cbe2f4..a5605f866 100644
--- a/refpolicy/policy/modules/kernel/files.if
+++ b/refpolicy/policy/modules/kernel/files.if
@@ -7892,3 +7892,39 @@ interface(`files_unconfined',`
typeattribute $1 files_unconfined_type;
')
+
+########################################
+## <summary>
+## Relabel all files on the filesystem, except
+## policy_config_t and exceptions.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="exception_types" optional="true">
+## <summary>
+## The types to be excluded. Each type or attribute
+## must be negated by the caller.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_relabel_all_non_policy_files',`
+ gen_require(`
+ attribute file_type;
+ type policy_config_t;
+ ')
+
+ allow $1 { file_type -policy_config_t $2 }:dir list_dir_perms;
+ relabel_dirs_pattern($1, { file_type -policy_config_t $2 }, { file_type -policy_config_t $2 })
+ relabel_files_pattern($1, { file_type -policy_config_t $2 }, { file_type -policy_config_t $2 })
+ relabel_lnk_files_pattern($1, { file_type -policy_config_t $2 }, { file_type -policy_config_t $2 })
+ relabel_fifo_files_pattern($1, { file_type -policy_config_t $2 }, { file_type -policy_config_t $2 })
+ relabel_sock_files_pattern($1, { file_type -policy_config_t $2 }, { file_type -policy_config_t $2 })
+ # this is only relabelfrom since there should be no
+ # device nodes with file types.
+ relabelfrom_blk_files_pattern($1, { file_type -policy_config_t $2 }, { file_type -policy_config_t $2 })
+ relabelfrom_chr_files_pattern($1, { file_type -policy_config_t $2 }, { file_type -policy_config_t $2 })
+')

14
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/icmp-bind.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-base/icmp-bind.patch vendored
View File

@ -1,8 +1,8 @@
diff -u -r refpolicy/policy/modules/kernel/corenetwork.if.in refpolicy2/policy/modules/kernel/corenetwork.if.in
--- refpolicy/policy/modules/kernel/corenetwork.if.in 2022-01-12 16:59:47.572670384 -0000
+++ refpolicy2/policy/modules/kernel/corenetwork.if.in 2022-01-12 17:01:54.974858982 -0000
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in 2022-01-12 16:59:47.572670384 -0000
+++ b/refpolicy2/policy/modules/kernel/corenetwork.if.in 2022-01-12 17:01:54.974858982 -0000
@@ -879,6 +879,24 @@
########################################
## <summary>
+## Bind ICMP sockets to generic nodes.
@ -27,14 +27,14 @@ diff -u -r refpolicy/policy/modules/kernel/corenetwork.if.in refpolicy2/policy/m
## </summary>
## <desc>
diff -u -r refpolicy/policy/modules/kernel/corenetwork.te.in refpolicy2/policy/modules/kernel/corenetwork.te.in
--- refpolicy/policy/modules/kernel/corenetwork.te.in 2022-01-12 16:59:47.573670362 -0000
+++ refpolicy2/policy/modules/kernel/corenetwork.te.in 2022-01-12 17:03:12.754142616 -0000
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in 2022-01-12 16:59:47.573670362 -0000
+++ b/refpolicy2/policy/modules/kernel/corenetwork.te.in 2022-01-12 17:03:12.754142616 -0000
@@ -373,7 +373,7 @@
# Bind to any network address.
allow corenet_unconfined_type port_type:{ tcp_socket udp_socket rawip_socket sctp_socket } name_bind;
-allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket sctp_socket } node_bind;
+allow corenet_unconfined_type node_type:{ icmp_socket tcp_socket udp_socket rawip_socket sctp_socket } node_bind;
# Infiniband
corenet_ib_access_all_pkeys(corenet_unconfined_type)

77
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/selinux-container/container.patch vendored Normal file
View File

@ -0,0 +1,77 @@
diff --git a/policy/modules/services/container.fc b/policy/modules/services/container.fc
index 056aa6023..e4bcada03 100644
--- a/refpolicy/policy/modules/services/container.fc
+++ b/refpolicy/policy/modules/services/container.fc
@@ -113,3 +113,5 @@ HOME_DIR/\.docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
/var/log/kube-controller-manager(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kube-proxy(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kube-scheduler(/.*)? gen_context(system_u:object_r:container_log_t,s0)
+
+/usr/share/containerd(/.*)? gen_context(system_u:object_r:container_config_t,s0)
diff --git a/policy/modules/services/container.te b/policy/modules/services/container.te
index 5de421fc3..4a6c2760e 100644
--- a/refpolicy/policy/modules/services/container.te
+++ b/refpolicy/policy/modules/services/container.te
@@ -1007,3 +1007,62 @@ optional_policy(`
unconfined_domain_noaudit(spc_user_t)
domain_ptrace_all_domains(spc_user_t)
')
+
+allow container_domain self:socket_class_set { accept ioctl read getattr lock write append getopt setopt };
+allow container_domain init_t:unix_stream_socket { accept ioctl read getattr lock write append getopt shutdown };
+
+# required for sharing /run for the etcd-wrapper
+files_mounton_runtime_dirs(container_engine_domain)
+
+# this is a hack while the system is not labelled. we need to authorize transition from kernel_t
+require {
+ type kernel_t;
+ type tmpfs_t;
+ type var_lib_t;
+ type unconfined_t;
+}
+allow kernel_t container_t:process transition;
+allow initrc_t container_t:process transition;
+allow kernel_t container_t:process2 nnp_transition;
+allow kernel_t unconfined_t:process transition;
+fs_manage_tmpfs_chr_files(container_t)
+fs_manage_tmpfs_dirs(container_t)
+fs_manage_tmpfs_files(container_t)
+fs_manage_tmpfs_sockets(container_t)
+fs_manage_tmpfs_symlinks(container_t)
+fs_remount_tmpfs(container_t)
+kernel_read_messages(container_t)
+kernel_sigchld(container_t)
+kernel_use_fds(container_t)
+allow container_t self:process getcap;
+files_read_var_lib_files(container_t)
+files_read_var_lib_symlinks(container_t)
+term_use_generic_ptys(container_t)
+term_setattr_generic_ptys(container_t)
+allow container_t tmpfs_t:chr_file { read write open };
+allow container_t container_file_t:chr_file { manage_file_perms };
+allow container_t self:capability sys_chroot;
+allow container_t self:process getpgid;
+allow container_t container_file_t:file { entrypoint mounton };
+allow container_t var_lib_t:file { entrypoint execute execute_no_trans };
+allow container_t kernel_t:fifo_file { getattr ioctl read write open append };
+allow container_t initrc_t:fifo_file { getattr ioctl read write open append };
+filetrans_pattern(kernel_t, etc_t, container_file_t, dir, "cni");
+
+# this is required by flanneld
+allow container_t kernel_t:system { module_request };
+
+# required by flanneld to write into /run/flannel/subnet.env
+filetrans_pattern(kernel_t, var_run_t, container_file_t, dir, "flannel");
+
+# required for cilium
+allow kernel_t spc_t:process transition;
+# required for cilium, can be upstreamed
+# Jun 20 08:01:43 localhost audit[3480]: AVC avc: denied { open } for pid=3480 comm="cilium-agent" scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=perf_event permissive=1
+# Jun 20 08:01:43 localhost audit[3480]: AVC avc: denied { kernel } for pid=3480 comm="cilium-agent" scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=perf_event permissive=1
+# Jun 20 08:01:43 localhost audit[3480]: AVC avc: denied { cpu } for pid=3480 comm="cilium-agent" scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=perf_event permissive=1
+# Jun 20 08:01:43 localhost audit[3480]: AVC avc: denied { read } for pid=3480 comm="cilium-agent" scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=perf_event permissive=1
+allow spc_t self:perf_event { open cpu kernel read };
+# required for using cilium cgroup v1
+allow kernel_t self:perf_event { open cpu kernel read };
+allow unconfined_t container_file_t:file { entrypoint };

4
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/Manifest vendored
View File

@ -1,4 +0,0 @@
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

22
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/sshd.patch vendored
View File

@ -1,22 +0,0 @@
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
index 60060c35c..8d9f5b7a6 100644
--- refpolicy/policy/modules/services/ssh.fc
+++ refpolicy/policy/modules/services/ssh.fc
@@ -6,7 +6,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/bin/ssh -- gen_context(system_u:object_r:ssh_exec_t,s0)
/usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0)
/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
-/usr/bin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
+/usr/bin/sshd -- gen_context(system_u:object_r:unconfined_t,s0)
/usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
/usr/lib/ssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
@@ -17,7 +17,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
-/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
+/usr/sbin/sshd -- gen_context(system_u:object_r:unconfined_t,s0)
/run/sshd(/.*)? gen_context(system_u:object_r:sshd_runtime_t,s0)
/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_runtime_t,s0)

11
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/unlabeled.patch vendored
View File

@ -1,11 +0,0 @@
index 7c60eda2c..736187b7a 100644
--- refpolicy/policy/modules/kernel/kernel.te
+++ refpolicy/policy/modules/kernel/kernel.te
@@ -191,6 +191,7 @@ genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
type unlabeled_t;
kernel_rootfs_mountpoint(unlabeled_t)
fs_associate(unlabeled_t)
+fs_associate_tmpfs(unlabeled_t)
sid file gen_context(system_u:object_r:unlabeled_t,s0)
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
neverallow * unlabeled_t:file entrypoint;

4
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/Manifest vendored
View File

@ -1,4 +0,0 @@
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

24
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/0001-policy-modules-kernel-all-more-actions-for-kernel.patch vendored
View File

@ -1,24 +0,0 @@
From 607ff9b67848aafd1bdefa6eda7ade0fd7161d04 Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mathieu@kinvolk.io>
Date: Fri, 4 Jun 2021 13:17:44 +0200
Subject: [PATCH] policy/modules/kernel: all more actions for kernel
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
---
policy/modules/kernel/kernel.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git refpolicy/policy/modules/kernel/kernel.te refpolicy/policy/modules/kernel/kernel.te
--- refpolicy/policy/modules/kernel/kernel.te
+++ refpolicy/policy/modules/kernel/kernel.te
@@ -351,6 +351,10 @@ files_list_home(kernel_t)
files_read_usr_files(kernel_t)
mcs_process_set_categories(kernel_t)
+mcs_killall(kernel_t)
+mcs_file_read_all(kernel_t)
+mcs_file_write_all(kernel_t)
+mcs_ptrace_all(kernel_t)
mls_process_read_all_levels(kernel_t)
mls_process_write_all_levels(kernel_t)

27
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/0001-policy-ms-MCS-restricts-relabelfrom.patch vendored
View File

@ -1,27 +0,0 @@
--- refpolicy/policy/mcs
+++ refpolicy/policy/mcs
@@ -1,4 +1,6 @@
ifdef(`enable_mcs',`
+
+default_range dir_file_class_set target low-high;
#
# Define sensitivities
#
@@ -99,14 +101,14 @@ mlsconstrain { lnk_file chr_file blk_file sock_file } { write setattr }
# New filesystem object labels must be dominated by the relabeling subject
# clearance, also the objects are single-level.
mlsconstrain file { create relabelto }
- (( h1 dom h2 ) and ( l2 eq h2 ));
+ ((( h1 dom h2 ) and ( l2 eq h2 )) or (t1 == mcswriteall));
# new file labels must be dominated by the relabeling subject clearance
mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
- ( h1 dom h2 );
+ (( h1 dom h2 ) or (t1 == mcswriteall));
mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
- (( h1 dom h2 ) and ( l2 eq h2 ));
+ ((( h1 dom h2 ) and ( l2 eq h2 ) or (t1 == mcswriteall)));
mlsconstrain process { transition dyntransition }
(( h1 dom h2 ) or ( t1 == mcssetcats ));

10
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/lxc_contexts vendored
View File

@ -1,10 +0,0 @@
# This file is used to configure the per-instance contexts of rkt and other
# applications that use libvirt for lxc container support.
#
# See:
# https://coreos.com/rkt/docs/latest/selinux.html
# https://selinuxproject.org/page/PolicyConfigurationFiles#contexts.2Flxc_contexts_File
process = "system_u:system_r:svirt_lxc_net_t:s0"
content = "system_u:object_r:virt_var_lib_t:s0"
file = "system_u:object_r:svirt_lxc_file_t:s0"

4
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/tmpfiles.d/selinux-base.conf vendored
View File

@ -1,4 +0,0 @@
#Type Path Mode UID GID Age Argument
d /etc/selinux/ - - - - -
L /etc/selinux/config - - - - ../../usr/lib/selinux/config
L /etc/selinux/mcs - - - - ../../usr/lib/selinux/mcs

4
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/Manifest vendored
View File

@ -1,4 +0,0 @@
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

45
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.patch vendored
View File

@ -1,45 +0,0 @@
index 4943ad79d..8b0ed779e 100644
--- services/virt.te
+++ services/virt.te
@@ -1377,3 +1377,41 @@ sysnet_dns_name_resolve(virtlogd_t)
virt_manage_log(virtlogd_t)
virt_read_config(virtlogd_t)
+
+require {
+ type kernel_t;
+ type tmpfs_t;
+ type var_lib_t;
+}
+allow kernel_t svirt_lxc_net_t:process transition;
+allow initrc_t svirt_lxc_net_t:process transition;
+allow kernel_t svirt_lxc_net_t:process2 nnp_transition;
+fs_manage_tmpfs_chr_files(svirt_lxc_net_t)
+fs_manage_tmpfs_dirs(svirt_lxc_net_t)
+fs_manage_tmpfs_files(svirt_lxc_net_t)
+fs_manage_tmpfs_sockets(svirt_lxc_net_t)
+fs_manage_tmpfs_symlinks(svirt_lxc_net_t)
+fs_remount_tmpfs(svirt_lxc_net_t)
+kernel_read_messages(svirt_lxc_net_t)
+kernel_sigchld(svirt_lxc_net_t)
+kernel_use_fds(svirt_lxc_net_t)
+allow svirt_lxc_net_t self:process getcap;
+files_read_var_lib_files(svirt_lxc_net_t)
+files_read_var_lib_symlinks(svirt_lxc_net_t)
+term_use_generic_ptys(svirt_lxc_net_t)
+term_setattr_generic_ptys(svirt_lxc_net_t)
+allow svirt_lxc_net_t tmpfs_t:chr_file { read write open };
+allow svirt_lxc_net_t svirt_lxc_file_t:chr_file { manage_file_perms };
+allow svirt_lxc_net_t self:capability sys_chroot;
+allow svirt_lxc_net_t self:process getpgid;
+allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };
+allow svirt_lxc_net_t var_lib_t:file { entrypoint execute execute_no_trans };
+allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open append };
+allow svirt_lxc_net_t initrc_t:fifo_file { getattr ioctl read write open append };
+filetrans_pattern(kernel_t, etc_t, svirt_lxc_file_t, dir, "cni");
+
+# this is required by flanneld
+allow svirt_lxc_net_t kernel_t:system { module_request };
+
+# required by flanneld to write into /run/flannel/subnet.env
+filetrans_pattern(kernel_t, var_run_t, svirt_lxc_file_t, dir, "flannel");

18
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20200818-r2.ebuild vendored
View File

@ -1,18 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="virt"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
# flatcar changes
POLICY_PATCH="${FILESDIR}/virt.patch"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
fi

2
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/Manifest vendored
View File

@ -1,2 +0,0 @@
DIST checkpolicy-3.1.tar.gz 69072 BLAKE2B 31cb5ef52533b0a62f954e770278fc5766a961d87fb86260b04abe562bcd90d0025b33931c6ad54096c64ab54150c7562c112eac80eb2f60dbcdda57f4cacfe2 SHA512 2276a5a0919286049d2ceba386ef5f6de523745b588bb81cb4fed5eced5fd0b8070249b7a3ae5a85e2abb9369a86318f727d4073aad14ab75c43750a46069168
DIST checkpolicy-3.2.tar.gz 69035 BLAKE2B 263c582c8ed3c38822513899f3591edfc5d0132977451503a8b45d2074b5a1c5ce03973353b3ceaad44da913b4e35546cfef1988b68bd517618efdb942f994ec SHA512 133639595c2acc66c02b5a637c5e0c60d80ce2bae04f4a709d9fafabd31f9497d1a6e3334904b985c2a1bd94a7a7e3df782c2af2ae41d1fd79b69156a835edeb

65
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/checkpolicy-3.1.ebuild vendored
View File

@ -1,65 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
MY_P="${P//_/-}"
MY_RELEASEDATE="20200710"
SEPOL_VER="${PV}"
SEMNG_VER="${PV}"
DESCRIPTION="SELinux policy compiler"
HOMEPAGE="http://userspace.selinuxproject.org"
if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="debug"
DEPEND=">=sys-libs/libsepol-${SEPOL_VER}"
BDEPEND="sys-devel/flex
sys-devel/bison"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}"
src_compile() {
# flatcar changes
emake \
CC="$(tc-getCC)" \
YACC="bison -y" \
PREFIX="/usr" \
LIBDIR="${ROOT:-/}\$(PREFIX)/$(get_libdir)" \
INCLUDEDIR="${ROOT}\$(PREFIX)/include"
}
src_install() {
# flatcar changes
# we remove the `default` behavior to override
# the LIBSEPOLA variable in order to fix cross compile
emake DESTDIR="${D}" \
LIBSEPOLA="${ROOT:-/}/usr/$(get_libdir)/libsepol.a" \
install
if use debug; then
dobin "${S}/test/dismod"
dobin "${S}/test/dispol"
fi
}
pkg_postinst() {
if ! tc-is-cross-compiler; then
einfo "This checkpolicy can compile version `checkpolicy -V | cut -f 1 -d ' '` policy."
fi
}

3
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/Manifest vendored
View File

@ -1,3 +1,2 @@
DIST policycoreutils-3.1.tar.gz 2817914 BLAKE2B ef68bb5f9cf577164ead44803b6be2bd6401c9e923d2c775c7c8c47f0e803749feaec4247fec5cc1cb766314954402fd2506370bb397f746437ecfcf65b384f3 SHA512 0592f218563a99ba95d2cfd07fdc3761b61c1cc3c01a17ab89ad840169e1a7d4083521d5cacc72d1b76911d516bf592db7a3f90d9ef0cc11ceed007e4580e140
DIST policycoreutils-3.5.tar.gz 775639 BLAKE2B 777b8564484e89385db7a184c4cad9a99aabf1fd1ac41abd5826c7e6ad29118ae9d6f0d0fd968b6ced87f2f04bc6d7cd207b67428151522915367f656fb8d3f8 SHA512 7978ef6b7a278c6384c9b397734d03c4932c8aefecceaa1e6a1345be27b253dbe276fdcd219ce83ad732c6ed55d53bbc3254e39bccadd67d2cd1152a14749444
DIST policycoreutils-extra-1.37.tar.bz2 8809 BLAKE2B a7f6122c2e27f54b018174e962bd7f4c14af04e09bbb5300bde6967ea7f2dc5cd03b5787919a4e7f5288bcbc6747922962b5bd3b588ab1e3a035fbff4910d8f5 SHA512 0a85cd7cf279256b5e1927f9dfdd89626a1c8b77b0aeb62b496e7e8d1dccbaa315e39f9308fb2df7270f0bc1c10787b19990e7365cad74b47b61e30394c8b23f
DIST policycoreutils-3.2.tar.gz 2817961 BLAKE2B 747cbd7b84ffa9153067340f8f1dc5a652eaf85b037a6e10e116d3d0b31c8e7c9794bc6a46ae212848bef4887478ac167e359a387bebac49e0acd08b727808ce SHA512 d16781d2d61b8b78d6fc242f2b5c3a03f47ea524fb61655823b6b0f0327ff376c65fe7bdf7a53f5863c01e599cf4a7050f21fda0fe6a8f2c2c16f89b156a4346

2
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/tmpfiles.d/10-var-lib-selinux.conf vendored Normal file
View File

@ -0,0 +1,2 @@
#Type Path Mode UID GID Age Argument
L /var/lib/selinux/ - - - - ../../usr/lib/selinux/policy

2
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

224
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r4.ebuild vendored
View File

@ -1,224 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{6..11} )
PYTHON_REQ_USE="xml(+)"
inherit multilib python-r1 toolchain-funcs bash-completion-r1
MY_P="${P//_/-}"
MY_RELEASEDATE="20200710"
EXTRAS_VER="1.37"
SEMNG_VER="${PV}"
SELNX_VER="${PV}"
SEPOL_VER="${PV}"
# flatcar changes: nls, extra
IUSE="audit extra nls pam python split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DESCRIPTION="SELinux core utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
S1="${WORKDIR}/${MY_P}/${PN}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz
https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
KEYWORDS="amd64 ~arm64 ~mips x86"
S1="${WORKDIR}/${MY_P}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
fi
LICENSE="GPL-2"
SLOT="0"
# flatcar changes: remove setools. Since 4.x setools is written in python
# so it's not shipped anymore with Flatcar OS
DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python?,${PYTHON_USEDEP}]
>=sys-libs/libsemanage-${SEMNG_VER}:=[python?,${PYTHON_USEDEP}]
>=sys-libs/libsepol-${SEPOL_VER}:=
sys-libs/libcap-ng:=
audit? ( >=sys-process/audit-1.5.1[python?,${PYTHON_USEDEP}] )
pam? ( sys-libs/pam:= )
python? ( ${PYTHON_DEPS} )"
# Avoid dependency loop in the cross-compile case, bug #755173
# (Still exists in native)
BDEPEND="sys-devel/gettext"
# pax-utils for scanelf used by rlpkg
RDEPEND="${DEPEND}
app-misc/pax-utils"
PDEPEND="sys-apps/semodule-utils
python? ( sys-apps/selinux-python )"
src_unpack() {
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
default
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
fi
}
src_prepare() {
S="${S1}"
cd "${S}" || die "Failed to switch to ${S}"
if [[ ${PV} != 9999 ]] ; then
# If needed for live ebuilds please use /etc/portage/patches
eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch"
fi
# rlpkg is more useful than fixfiles
sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
|| die "fixfiles sed 1 failed"
sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
|| die "fixfiles sed 2 failed"
eapply_user
sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
# flatcar changes
if use python; then
python_copy_sources
# Our extra code is outside the regular directory, so set it to the extra
# directory. We really should optimize this as it is ugly, but the extra
# code is needed for Gentoo at the same time that policycoreutils is present
# (so we cannot use an additional package for now).
if use extra ; then
S="${S2}"
python_copy_sources
fi
fi
# flatcar changes
# Skip building unneeded parts.
if ! use python ; then
for dir in audit2allow gui scripts semanage sepolicy sepolgen-ifgen; do
sed -e "s/ $dir / /" -i Makefile || die
done
fi
use nls || sed -e "s/ po / /" -i Makefile || die
}
src_compile() {
building() {
emake -C "${BUILD_DIR}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
# flatcar changes
if use python; then
S="${S1}" # Regular policycoreutils
python_foreach_impl building
if use extra ; then
S="${S2}" # Extra set
python_foreach_impl building
fi
else
BUILD_DIR="${S1}"
building
if use extra ; then
BUILD_DIR="${S2}"
building
fi
fi
}
src_install() {
# Python scripts are present in many places. There are no extension modules.
installation-policycoreutils() {
einfo "Installing policycoreutils"
emake -C "${BUILD_DIR}" DESTDIR="${D}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
install
# flatcar changes
if use python; then
python_optimize
fi
}
installation-extras() {
einfo "Installing policycoreutils-extra"
emake -C "${BUILD_DIR}" \
DESTDIR="${D}" \
SHLIBDIR="${D}$(get_libdir)/rc" \
install
# flatcar changes
if use python; then
python_optimize
fi
}
# flatcar changes
if use python; then
S="${S1}" # policycoreutils
python_foreach_impl installation-policycoreutils
if use extra ; then
S="${S2}"
installation-extras
S="${S1}" # back for later
fi
else
BUILD_DIR="${S1}"
installation-policycoreutils
if use extra ; then
BUILD_DIR="${S2}"
installation-extras
fi
fi
# remove redhat-style init script
rm -fR "${D}/etc/rc.d" || die
# compatibility symlinks
use split-usr && dosym ../../sbin/setfiles /usr/sbin/setfiles
bashcomp_alias setsebool getsebool
# location for policy definitions
# flatcar changes:
dodir /usr/lib/selinux/policy
dosym ../../usr/lib/selinux/policy /var/lib/selinux
keepdir /usr/lib/selinux/policy
# Set version-specific scripts
# flatcar changes
if use python; then
# Set version-specific scripts
for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
python_replicate_script "${ED}/usr/bin/${pyscript}"
done
python_replicate_script "${ED}/usr/sbin/semanage"
use extra && python_replicate_script "${ED}/usr/sbin/rlpkg"
fi
}
pkg_postinst() {
for POLICY_TYPE in ${POLICY_TYPES} ; do
# There have been some changes to the policy store, rebuilding now.
# https://marc.info/?l=selinux&m=143757277819717&w=2
einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
semodule -p "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
done
}

162
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.2-r1.ebuild vendored
View File

@ -1,162 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{6..10} )
PYTHON_REQ_USE="xml"
inherit multilib python-r1 toolchain-funcs bash-completion-r1
EXTRAS_VER="1.37"
IUSE="audit pam split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DESCRIPTION="SELinux core utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
S1="${WORKDIR}/${PN}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz
https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
KEYWORDS="~amd64 ~arm64 ~mips ~x86"
S1="${WORKDIR}/${P}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
fi
LICENSE="GPL-2"
SLOT="0"
DEPEND=">=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
>=sys-libs/libsepol-${PV}:=
sys-libs/libcap-ng:=
>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
pam? ( sys-libs/pam:= )
${PYTHON_DEPS}"
# Avoid dependency loop in the cross-compile case, bug #755173
# (Still exists in native)
BDEPEND="sys-devel/gettext"
# pax-utils for scanelf used by rlpkg
RDEPEND="${DEPEND}
app-misc/pax-utils"
PDEPEND="sys-apps/semodule-utils
sys-apps/selinux-python"
src_unpack() {
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
default
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
fi
}
src_prepare() {
S="${S1}"
cd "${S}" || die "Failed to switch to ${S}"
if [[ ${PV} != 9999 ]] ; then
# If needed for live ebuilds please use /etc/portage/patches
eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch"
fi
# rlpkg is more useful than fixfiles
sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
|| die "fixfiles sed 1 failed"
sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
|| die "fixfiles sed 2 failed"
eapply_user
sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
python_copy_sources
# Our extra code is outside the regular directory, so set it to the extra
# directory. We really should optimize this as it is ugly, but the extra
# code is needed for Gentoo at the same time that policycoreutils is present
# (so we cannot use an additional package for now).
S="${S2}"
python_copy_sources
}
src_compile() {
building() {
emake -C "${BUILD_DIR}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
S="${S1}" # Regular policycoreutils
python_foreach_impl building
S="${S2}" # Extra set
python_foreach_impl building
}
src_install() {
# Python scripts are present in many places. There are no extension modules.
installation-policycoreutils() {
einfo "Installing policycoreutils"
emake -C "${BUILD_DIR}" DESTDIR="${D}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
install
python_optimize
}
installation-extras() {
einfo "Installing policycoreutils-extra"
emake -C "${BUILD_DIR}" \
DESTDIR="${D}" \
install
python_optimize
}
S="${S1}" # policycoreutils
python_foreach_impl installation-policycoreutils
S="${S2}" # extras
python_foreach_impl installation-extras
S="${S1}" # back for later
# remove redhat-style init script
rm -fR "${D}/etc/rc.d" || die
# compatibility symlinks
use split-usr && dosym ../../sbin/setfiles /usr/sbin/setfiles
bashcomp_alias setsebool getsebool
# location for policy definitions
dodir /var/lib/selinux
keepdir /var/lib/selinux
# Set version-specific scripts
for pyscript in rlpkg; do
python_replicate_script "${ED}/usr/sbin/${pyscript}"
done
}
pkg_postinst() {
for POLICY_TYPE in ${POLICY_TYPES} ; do
# There have been some changes to the policy store, rebuilding now.
# https://marc.info/?l=selinux&m=143757277819717&w=2
einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
done
}

82
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-9999.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.5.ebuild vendored
View File

@ -1,17 +1,17 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{6..10} )
PYTHON_REQ_USE="xml"
PYTHON_COMPAT=( python3_{9..11} )
PYTHON_REQ_USE="xml(+)"
inherit multilib python-r1 toolchain-funcs bash-completion-r1
TMPFILES_OPTIONAL=1
inherit multilib python-r1 toolchain-funcs bash-completion-r1 tmpfiles
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
EXTRAS_VER="1.37"
IUSE="audit pam split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DESCRIPTION="SELinux core utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
@ -19,29 +19,29 @@ if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
S1="${WORKDIR}/${PN}"
S1="${WORKDIR}/${P}/${PN}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz
https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
KEYWORDS="~amd64 ~arm64 ~mips ~x86"
S1="${WORKDIR}/${P}"
KEYWORDS="amd64 arm arm64 ~mips x86"
S1="${WORKDIR}/${MY_P}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="audit pam split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DEPEND=">=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
DEPEND=">=sys-libs/libselinux-${PV}:=
>=sys-libs/libsemanage-${PV}:=
>=sys-libs/libsepol-${PV}:=
sys-libs/libcap-ng:=
>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
pam? ( sys-libs/pam:= )
${PYTHON_DEPS}"
pam? ( sys-libs/pam:= )"
# Avoid dependency loop in the cross-compile case, bug #755173
# (Still exists in native)
@ -51,8 +51,7 @@ BDEPEND="sys-devel/gettext"
RDEPEND="${DEPEND}
app-misc/pax-utils"
PDEPEND="sys-apps/semodule-utils
sys-apps/selinux-python"
PDEPEND="sys-apps/semodule-utils"
src_unpack() {
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
@ -79,14 +78,6 @@ src_prepare() {
eapply_user
sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
python_copy_sources
# Our extra code is outside the regular directory, so set it to the extra
# directory. We really should optimize this as it is ugly, but the extra
# code is needed for Gentoo at the same time that policycoreutils is present
# (so we cannot use an additional package for now).
S="${S2}"
python_copy_sources
}
src_compile() {
@ -99,10 +90,8 @@ src_compile() {
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
S="${S1}" # Regular policycoreutils
python_foreach_impl building
S="${S2}" # Extra set
python_foreach_impl building
BUILD_DIR="${S1}"
building
}
src_install() {
@ -117,7 +106,6 @@ src_install() {
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
install
python_optimize
}
installation-extras() {
@ -125,38 +113,38 @@ src_install() {
emake -C "${BUILD_DIR}" \
DESTDIR="${D}" \
install
python_optimize
}
S="${S1}" # policycoreutils
python_foreach_impl installation-policycoreutils
S="${S2}" # extras
python_foreach_impl installation-extras
S="${S1}" # back for later
BUILD_DIR="${S1}"
installation-policycoreutils
# remove redhat-style init script
rm -fR "${D}/etc/rc.d" || die
# compatibility symlinks
use split-usr && dosym ../../sbin/setfiles /usr/sbin/setfiles
if use split-usr; then
dosym ../../sbin/setfiles /usr/sbin/setfiles
else
# remove sestatus symlink
rm -f "${D}"/usr/sbin/sestatus || die
fi
bashcomp_alias setsebool getsebool
# location for policy definitions
dodir /var/lib/selinux
keepdir /var/lib/selinux
dodir /usr/lib/selinux/policy
dosym ../../usr/lib/selinux/policy /var/lib/selinux
keepdir /usr/lib/selinux/policy
# Set version-specific scripts
for pyscript in rlpkg; do
python_replicate_script "${ED}/usr/sbin/${pyscript}"
done
# Recreate the symlink in /var in case of wiping the root filesystem.
dotmpfiles "${FILESDIR}/tmpfiles.d/10-var-lib-selinux.conf"
}
pkg_postinst() {
for POLICY_TYPE in ${POLICY_TYPES} ; do
# There have been some changes to the policy store, rebuilding now.
# https://marc.info/?l=selinux&m=143757277819717&w=2
einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
semodule -p "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
done
}

2
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/Manifest vendored
View File

@ -1,2 +0,0 @@
DIST libselinux-3.1.tar.gz 204703 BLAKE2B 72ff2d99dd6640405e804f58bdfbf05e152615ea92f902b3942602af13dc17080afeabb942ed33ae6b3f528870f4b11584e533848e455a97bf8f7151a8d44646 SHA512 57730cddd2d4751556d9e1f207c0f85119c81848f0620c16239e997150989e3f9a586a8c23861fd51ed89f7e084ad441190a58a288258a49a95f7beef7dbbb13
DIST libselinux-3.2.tar.gz 206380 BLAKE2B 544eaaa87b9738c61929abe48713b530a8909eaea017890040f2fe299af86f09b6eb2cf4c9a68e06268ba09923b2b67703ac7a2b973906acb45f698e9ccaeed2 SHA512 18129ac0b9936e1f66021f1b311cf1c1e27a01e50cb70f08a3e1c642c5251e4538aec25a8427778569dfecf5333cf1fb84f1a59afdce8019328d0cff7e5833c5

159
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/libselinux-3.1-r3.ebuild vendored
View File

@ -1,159 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{6..11} )
USE_RUBY="ruby25 ruby26 ruby27"
# No, I am not calling ruby-ng
inherit python-r1 toolchain-funcs multilib-minimal
MY_P="${P//_/-}"
SEPOL_VER="${PV}"
MY_RELEASEDATE="20200710"
DESCRIPTION="SELinux userland library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="public-domain"
SLOT="0"
IUSE="pcre2 python ruby static-libs ruby_targets_ruby25 ruby_targets_ruby26 ruby_targets_ruby27"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}:=[${MULTILIB_USEDEP}]
!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
python? ( ${PYTHON_DEPS} )
ruby? (
ruby_targets_ruby25? ( dev-lang/ruby:2.5 )
ruby_targets_ruby26? ( dev-lang/ruby:2.6 )
ruby_targets_ruby27? ( dev-lang/ruby:2.7 )
)
elibc_musl? ( sys-libs/fts-standalone )"
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )
ruby? ( >=dev-lang/swig-2.0.9 )"
src_prepare() {
eapply_user
multilib_copy_sources
}
multilib_src_compile() {
tc-export AR CC PKG_CONFIG RANLIB
emake \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
all
if multilib_is_native_abi && use python; then
building() {
emake \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
pywrap
}
python_foreach_impl building
fi
if multilib_is_native_abi && use ruby; then
building() {
einfo "Calling rubywrap for ${1}"
# Clean up .lo file to force rebuild
rm -f src/selinuxswig_ruby_wrap.lo || die
emake \
RUBY=${1} \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
building ${RUBYTARGET}
done
fi
}
multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install
if multilib_is_native_abi && use python; then
installation() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation
fi
if multilib_is_native_abi && use ruby; then
installation() {
einfo "Calling install-rubywrap for ${1}"
# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
rm src/selinuxswig_ruby_wrap.lo
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
RUBY=${1} \
USE_PCRE2="$(usex pcre2 y n)" \
install-rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
installation ${RUBYTARGET}
done
fi
use static-libs || rm "${D}"/usr/lib*/*.a || die
}
pkg_postinst() {
# Fix bug 473502
for POLTYPE in ${POLICY_TYPES};
do
mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
# Fix bug 516608
for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
# flatcar changes:
# since libselinux is installed under `/build/amd64-usr`, we need to
# specify abspath to the binary `sefcontext_compile`, as well as abspath
# to the policy files.
if [[ -f "${ROOT}/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
${ROOT}/usr/sbin/sefcontext_compile ${ROOT}/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
|| die "Failed to recompile contexts"
fi
done
done
}

3
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/Manifest vendored
View File

@ -1,2 +1 @@
DIST libsemanage-3.1.tar.gz 179601 BLAKE2B 69450a4eda1f3728d339f65db1eec9940995fcea5208d17dca531ebc998aefbfec48fe91beffa3490e1502953aa550405fb696635d01b0eb8050c8f00f11106a SHA512 8609ca7d13b5c603677740f2b14558fea3922624af182d20d618237ba11fcf2559fab82fc68d1efa6ff118f064d426f005138521652c761de92cd66150102197
DIST libsemanage-3.2.tar.gz 178839 BLAKE2B c0925812d784923a7a239ba919fc0a0e1d84cb528cbf4a357fb7938d3c06ebd2f0b60cd3eba40b76bf7c2922a081b99b16b32dc16638aa1bfce32553e241fb9f SHA512 6ad670bb298b1bab506217b12a3fda5d2209f4387a11410f0c1b65f765ffb579b0d70795dee19048909e0b72ef904fc318be60d5a01f80ab12742ce07647a084
DIST libsemanage-3.5.tar.gz 185060 BLAKE2B 3e08b15cb6b335a2747bd5f0bd84f74abdd22a7e8ec91ebb443ca6fe3886d5e8cd2827fefdaa0e9caf2af3280cffbf593ee828fee54dd423a21b257493cc754c SHA512 959fbd0d6bc6849da6caa13dc41c3f8818cbbd29f04b5d2ac7246c4b395b4f370f113a04cc9cfcb52be2afebfa636013ac4ad4011384c58c7ce066a45cae2751

3
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/files/tmpfiles.d/libsemanage.conf vendored
View File

@ -1,3 +0,0 @@
#Type Path Mode UID GID Age Argument
d /etc/selinux/ - - - - -
L /etc/selinux/semanage.conf - - - - ../../usr/lib/selinux/semanage.conf

145
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-3.1-r2.ebuild vendored
View File

@ -1,145 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{6..11} )
# flatcar changes
TMPFILES_OPTIONAL=1
inherit python-r1 toolchain-funcs multilib-minimal tmpfiles
MY_P="${P//_/-}"
MY_RELEASEDATE="20200710"
SEPOL_VER="${PV}"
SELNX_VER="${PV}"
DESCRIPTION="SELinux kernel and policy management library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="python"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
>=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
python? ( ${PYTHON_DEPS} )"
DEPEND="${RDEPEND}"
BDEPEND="
python? (
>=dev-lang/swig-2.0.4-r1
virtual/pkgconfig
)
sys-devel/bison
sys-devel/flex"
# tests are not meant to be run outside of the
# full SELinux userland repo
RESTRICT="test"
src_prepare() {
eapply_user
echo >> "${S}/src/semanage.conf"
echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
echo "# or debugging of policy." >> "${S}/src/semanage.conf"
echo "save-linked=false" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
echo "# would catch." >> "${S}/src/semanage.conf"
echo "expand-check=1" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
echo "bzip-small=true" >> "${S}/src/semanage.conf"
multilib_copy_sources
}
multilib_src_compile() {
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
all
# flatcar changes
if multilib_is_native_abi && use python; then
building_py() {
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
"$@"
}
python_foreach_impl building_py swigify
python_foreach_impl building_py pywrap
fi
}
multilib_src_install() {
# flatcar changes
emake \
DEFAULT_SEMANAGE_CONF_LOCATION="/usr/lib/selinux/semanage.conf" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
SHLIBDIR="/usr/$(get_libdir)" \
DESTDIR="${ED}" install
# flatcar changes
if multilib_is_native_abi && use python; then
installation_py() {
# flatcar changes
emake DESTDIR="${ED}" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
SHLIBDIR="${EPREFIX}/usr/$(get_libdir)" \
LIBSEPOLA="${EPREFIX%/}/usr/$(get_libdir)/libsepol.a" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation_py
fi
# flatcar changes
dotmpfiles "${FILESDIR}/tmpfiles.d/libsemanage.conf"
}
multiib_src_install_all() {
python_setup
python_fix_shebang "${ED}"/usr/libexec/selinux/semanage_migrate_store
}
pkg_postinst() {
# Migrate the SELinux semanage configuration store if not done already
local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null)
if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${selinuxtype}/active ] ; then
ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
ewarn "If there are any issues, it can be done manually by running:"
ewarn "/usr/libexec/selinux/semanage_migrate_store"
ewarn "For more information, please see"
ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
fi
}

127
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-3.2.ebuild vendored
View File

@ -1,127 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{6..10} )
inherit python-r1 toolchain-funcs multilib-minimal
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux kernel and policy management library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0/2"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
>=sys-libs/libselinux-${PV}:=[${MULTILIB_USEDEP}]
>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
${PYTHON_DEPS}"
DEPEND="${RDEPEND}"
BDEPEND=">=dev-lang/swig-2.0.4-r1
sys-devel/bison
sys-devel/flex
virtual/pkgconfig"
# tests are not meant to be run outside of the
# full SELinux userland repo
RESTRICT="test"
src_prepare() {
eapply_user
echo >> "${S}/src/semanage.conf"
echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
echo "# or debugging of policy." >> "${S}/src/semanage.conf"
echo "save-linked=false" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
echo "# would catch." >> "${S}/src/semanage.conf"
echo "expand-check=1" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
echo "bzip-small=true" >> "${S}/src/semanage.conf"
multilib_copy_sources
}
multilib_src_compile() {
local -x CFLAGS="${CFLAGS} -fno-semantic-interposition"
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
all
if multilib_is_native_abi; then
building_py() {
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
"$@"
}
python_foreach_impl building_py swigify
python_foreach_impl building_py pywrap
fi
}
multilib_src_install() {
emake \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
DESTDIR="${ED}" install
if multilib_is_native_abi; then
installation_py() {
emake DESTDIR="${ED}" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation_py
fi
}
multiib_src_install_all() {
python_setup
python_fix_shebang "${ED}"/usr/libexec/selinux/semanage_migrate_store
}
pkg_postinst() {
# Migrate the SELinux semanage configuration store if not done already
local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null)
if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${selinuxtype}/active ] ; then
ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
ewarn "If there are any issues, it can be done manually by running:"
ewarn "/usr/libexec/selinux/semanage_migrate_store"
ewarn "For more information, please see"
ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
fi
}

51
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild → sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-3.5.ebuild vendored
View File

@ -1,8 +1,8 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{6..10} )
PYTHON_COMPAT=( python3_{9..11} )
inherit python-r1 toolchain-funcs multilib-minimal
@ -18,23 +18,21 @@ if [[ ${PV} == 9999 ]]; then
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips ~riscv x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0/2"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
RDEPEND="app-arch/bzip2[${MULTILIB_USEDEP}]
>=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
>=sys-libs/libselinux-${PV}:=[${MULTILIB_USEDEP}]
>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
${PYTHON_DEPS}"
>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]"
DEPEND="${RDEPEND}"
BDEPEND=">=dev-lang/swig-2.0.4-r1
sys-devel/bison
sys-devel/flex
virtual/pkgconfig"
BDEPEND="sys-devel/bison
sys-devel/flex"
# tests are not meant to be run outside of the
# full SELinux userland repo
@ -78,39 +76,14 @@ multilib_src_compile() {
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
all
if multilib_is_native_abi; then
building_py() {
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
"$@"
}
python_foreach_impl building_py swigify
python_foreach_impl building_py pywrap
fi
}
multilib_src_install() {
emake \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
DESTDIR="${ED}" install
if multilib_is_native_abi; then
installation_py() {
emake DESTDIR="${ED}" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation_py
fi
}
multiib_src_install_all() {
python_setup
python_fix_shebang "${ED}"/usr/libexec/selinux/semanage_migrate_store
SHLIBDIR="/usr/$(get_libdir)" \
DESTDIR="${ED}" \
install
}
pkg_postinst() {

2
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

122
sdk_container/src/third_party/portage-stable/eclass/selinux-policy-2.eclass vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# Eclass for installing SELinux policy, and optionally
@ -7,7 +7,7 @@
# @ECLASS: selinux-policy-2.eclass
# @MAINTAINER:
# selinux@gentoo.org
# @SUPPORTED_EAPIS: 6 7
# @SUPPORTED_EAPIS: 7
# @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy
# @DESCRIPTION:
# The selinux-policy-2.eclass supports deployment of the various SELinux modules
@ -18,67 +18,69 @@
# Also, it supports for bundling patches to make the whole thing just a bit more
# manageable.
# @ECLASS-VARIABLE: MODS
case ${EAPI} in
7) ;;
*) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;;
esac
if [[ ! ${_SELINUX_POLICY_2_ECLASS} ]]; then
_SELINUX_POLICY_2_ECLASS=1
# @ECLASS_VARIABLE: MODS
# @DESCRIPTION:
# This variable contains the (upstream) module name for the SELinux module.
# This name is only the module name, not the category!
: ${MODS:="_illegal"}
: "${MODS:="_illegal"}"
# @ECLASS-VARIABLE: BASEPOL
# @ECLASS_VARIABLE: BASEPOL
# @DESCRIPTION:
# This variable contains the version string of the selinux-base-policy package
# that this module build depends on. It is used to patch with the appropriate
# patch bundle(s) that are part of selinux-base-policy.
: ${BASEPOL:=${PVR}}
: "${BASEPOL:=${PVR}}"
# @ECLASS-VARIABLE: POLICY_PATCH
# @ECLASS_VARIABLE: POLICY_PATCH
# @DESCRIPTION:
# This variable contains the additional patch(es) that need to be applied on top
# of the patchset already contained within the BASEPOL variable. The variable
# can be both a simple string (space-separated) or a bash array.
: ${POLICY_PATCH:=""}
: "${POLICY_PATCH:=""}"
# @ECLASS-VARIABLE: POLICY_FILES
# @ECLASS_VARIABLE: POLICY_FILES
# @DESCRIPTION:
# When defined, this contains the files (located in the ebuilds' files/
# directory) which should be copied as policy module files into the store.
# Generally, users would want to include at least a .te and .fc file, but .if
# files are supported as well. The variable can be both a simple string
# (space-separated) or a bash array.
: ${POLICY_FILES:=""}
: "${POLICY_FILES:=""}"
# @ECLASS-VARIABLE: POLICY_TYPES
# @ECLASS_VARIABLE: POLICY_TYPES
# @DESCRIPTION:
# This variable informs the eclass for which SELinux policies the module should
# be built. Currently, Gentoo supports targeted, strict, mcs and mls.
# This variable is the same POLICY_TYPES variable that we tell SELinux
# users to set in make.conf. Therefore, it is not the module that should
# override it, but the user.
: ${POLICY_TYPES:="targeted strict mcs mls"}
: "${POLICY_TYPES:="targeted strict mcs mls"}"
# @ECLASS-VARIABLE: SELINUX_GIT_REPO
# @ECLASS_VARIABLE: SELINUX_GIT_REPO
# @DESCRIPTION:
# When defined, this variable overrides the default repository URL as used by
# this eclass. It allows end users to point to a different policy repository
# using a single variable, rather than having to set the packagename_LIVE_REPO
# variable for each and every SELinux policy module package they want to install.
# The default value is Gentoo's hardened-refpolicy repository.
: ${SELINUX_GIT_REPO:="https://anongit.gentoo.org/git/proj/hardened-refpolicy.git"};
: "${SELINUX_GIT_REPO:="https://anongit.gentoo.org/git/proj/hardened-refpolicy.git"}"
# @ECLASS-VARIABLE: SELINUX_GIT_BRANCH
# @ECLASS_VARIABLE: SELINUX_GIT_BRANCH
# @DESCRIPTION:
# When defined, this variable sets the Git branch to use of the repository. This
# allows for users and developers to use a different branch for the entire set of
# SELinux policy packages, rather than having to override them one by one with the
# packagename_LIVE_BRANCH variable.
# The default value is the 'master' branch.
: ${SELINUX_GIT_BRANCH:="master"};
case "${EAPI:-0}" in
0|1|2|3|4|5) die "EAPI<6 is not supported";;
6|7) : ;;
*) die "unknown EAPI" ;;
esac
: "${SELINUX_GIT_BRANCH:="master"}"
case ${BASEPOL} in
9999) inherit git-r3
@ -113,17 +115,12 @@ else
RDEPEND=">=sys-apps/policycoreutils-2.0.82
>=sec-policy/selinux-base-policy-${PV}"
fi
if [[ ${EAPI} == 6 ]]; then
DEPEND="${RDEPEND}
sys-devel/m4
>=sys-apps/checkpolicy-2.0.21"
else
DEPEND="${RDEPEND}"
BDEPEND="sys-devel/m4
>=sys-apps/checkpolicy-2.0.21"
fi
EXPORT_FUNCTIONS src_unpack src_prepare src_compile src_install pkg_postinst pkg_postrm
DEPEND="${RDEPEND}"
BDEPEND="
sys-devel/m4
>=sys-apps/checkpolicy-2.0.21
"
# @FUNCTION: selinux-policy-2_src_unpack
# @DESCRIPTION:
@ -159,7 +156,7 @@ selinux-policy-2_src_prepare() {
if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]]; then
cd "${S}"
einfo "Applying SELinux policy updates ... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
eapply -p0 -- "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
# Call in eapply_user. We do this early on as we start moving
@ -169,7 +166,7 @@ selinux-policy-2_src_prepare() {
# Copy additional files to the 3rd_party/ location
if [[ "$(declare -p POLICY_FILES 2>/dev/null 2>&1)" == "declare -a"* ]] ||
[[ -n ${POLICY_FILES} ]]; then
add_interfaces=1;
add_interfaces=1;
cd "${S}/refpolicy/policy/modules"
for POLFILE in ${POLICY_FILES[@]};
do
@ -177,22 +174,21 @@ selinux-policy-2_src_prepare() {
done
fi
# Apply the additional patches refered to by the module ebuild.
# Apply the additional patches referred to by the module ebuild.
# But first some magic to differentiate between bash arrays and strings
cd "${S}/refpolicy/policy/modules"
for POLPATCH in ${POLICY_PATCH[@]};
do
einfo "Installing ${POLPATCH}"
eapply -p0 "${POLPATCH}"
done
if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]]; then
[[ -n ${POLICY_PATCH[*]} ]] && eapply -d "${S}/refpolicy/policy/modules" -- "${POLICY_PATCH[@]}"
else
[[ -n ${POLICY_PATCH} ]] && eapply -d "${S}/refpolicy/policy/modules" -- ${POLICY_PATCH}
fi
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.cil) $modfiles"
modfiles="$(find "${S}/refpolicy/policy/modules" -iname $i.te) $modfiles"
modfiles="$(find "${S}/refpolicy/policy/modules" -iname $i.fc) $modfiles"
modfiles="$(find "${S}/refpolicy/policy/modules" -iname $i.cil) $modfiles"
if [[ ${add_interfaces} -eq 1 ]]; then
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.if) $modfiles"
modfiles="$(find "${S}/refpolicy/policy/modules" -iname $i.if) $modfiles"
fi
done
@ -220,7 +216,7 @@ selinux-policy-2_src_compile() {
for i in ${POLICY_TYPES}; do
# Support USE flags in builds
export M4PARAM="${makeuse}"
emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i} || die "${i} compile failed"
emake NAME=$i SHAREDIR="${EPREFIX}"/usr/share/selinux -C "${S}"/${i}
done
}
@ -256,21 +252,26 @@ selinux-policy-2_src_install() {
selinux-policy-2_pkg_postinst() {
# Set root path and don't load policy into the kernel when cross compiling
local root_opts=""
if [[ "${ROOT%/}" != "" ]]; then
root_opts="-p ${ROOT%/} -n"
if [[ -n ${ROOT} ]]; then
root_opts="-p ${ROOT} -n"
fi
# build up the command in the case of multiple modules
local COMMAND
for i in ${POLICY_TYPES}; do
if [[ "${i}" == "strict" ]] && [[ "${MODS}" = "unconfined" ]]; then
einfo "Ignoring loading of unconfined module in strict module store.";
continue;
if [[ "${MODS}" = "unconfined" ]]; then
case ${i} in
strict|mcs|mls)
einfo "Ignoring loading of unconfined module in ${i} module store.";
continue
;;
esac
fi
einfo "Inserting the following modules into the $i module store: ${MODS}"
cd "${ROOT%/}/usr/share/selinux/${i}" || die "Could not enter /usr/share/selinux/${i}"
cd "${ROOT}/usr/share/selinux/${i}" || die "Could not enter /usr/share/selinux/${i}"
for j in ${MODS} ; do
if [[ -f "${j}.pp" ]] ; then
COMMAND="${j}.pp ${COMMAND}"
@ -302,7 +303,7 @@ selinux-policy-2_pkg_postinst() {
ewarn "If it is the last SELinux module package being installed however,"
ewarn "then it is advised to look at the error above and take appropriate"
ewarn "action since the new SELinux policies are not loaded until the"
ewarn "command finished succesfully."
ewarn "command finished successfully."
ewarn ""
ewarn "To reload, run the following command from within /usr/share/selinux/${i}:"
ewarn " semodule ${COMMAND_base} -i \$(ls *.pp | grep -v base.pp)"
@ -310,16 +311,16 @@ selinux-policy-2_pkg_postinst() {
ewarn " semodule ${COMMAND_base} -i \$(ls *.pp | grep -v base.pp | grep -v unconfined.pp)"
ewarn "depending on if you need the unconfined domain loaded as well or not."
else
einfo "SELinux modules reloaded succesfully."
einfo "SELinux modules reloaded successfully."
fi
else
einfo "SELinux modules loaded succesfully."
einfo "SELinux modules loaded successfully."
fi
COMMAND="";
done
# Don't relabel when cross compiling
if [[ "${ROOT%/}" == "" ]]; then
if [[ -z ${ROOT} ]]; then
# Relabel depending packages
local PKGSET="";
if [[ -x /usr/bin/qdepends ]] ; then
@ -342,8 +343,8 @@ selinux-policy-2_pkg_postrm() {
if [[ -z "${REPLACED_BY_VERSION}" ]]; then
# Set root path and don't load policy into the kernel when cross compiling
local root_opts=""
if [[ "${ROOT%/}" != "" ]]; then
root_opts="-p ${ROOT%/} -n"
if [[ -n ${ROOT} ]]; then
root_opts="-p ${ROOT} -n"
fi
# build up the command in the case of multiple modules
@ -359,9 +360,12 @@ selinux-policy-2_pkg_postrm() {
if [[ $? -ne 0 ]]; then
ewarn "SELinux module unload failed.";
else
einfo "SELinux modules unloaded succesfully."
einfo "SELinux modules unloaded successfully."
fi
done
fi
}
fi
EXPORT_FUNCTIONS src_unpack src_prepare src_compile src_install pkg_postinst pkg_postrm

3
sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/Manifest vendored Normal file
View File

@ -0,0 +1,3 @@
DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f
DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6
DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6

2
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/metadata.xml → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

22
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r3.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -12,7 +12,7 @@ if [[ ${PV} == 9999* ]]; then
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
@ -28,6 +28,7 @@ BDEPEND="
sys-devel/m4"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
DEL_MODS="hotplug"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
@ -56,8 +57,12 @@ src_prepare() {
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles"
done
for i in ${DEL_MODS}; do
[[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}"
done
for i in ${POLICY_TYPES}; do
@ -72,7 +77,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i}
done
}
@ -111,6 +116,13 @@ pkg_postinst() {
cd "${ROOT}/usr/share/selinux/${i}"
semodule ${root_opts} -s ${i} ${COMMAND}
for mod in ${DEL_MODS}; do
if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
einfo "Removing obsolete ${i} ${mod} policy package"
semodule ${root_opts} -s ${i} -r ${mod}
fi
done
done
# Don't relabel when cross compiling

42
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r3.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/selinux-base-policy-2.20221101-r4.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -11,8 +11,8 @@ if [[ ${PV} == 9999* ]]; then
inherit git-r3
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PV}-r2.tar.bz2"
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
@ -27,26 +27,12 @@ BDEPEND="
sys-apps/checkpolicy
sys-devel/m4"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
DEL_MODS="hotplug"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
# flatcar changes: apply a couple of
# patches on the current policies
PATCHES=(
"${FILESDIR}/sshd.patch"
"${FILESDIR}/init.patch"
"${FILESDIR}/locallogin.patch"
"${FILESDIR}/logging.patch"
# this patch is required to prevent `torcx-generator`
# to fail if SELinux is enforced in early boot.
# It can be removed once we drop torcx support.
"${FILESDIR}/unlabeled.patch"
# This is to allow pings from some IP address.
"${FILESDIR}/ping.patch"
)
# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
# added) needs to remain then.
@ -67,13 +53,16 @@ src_prepare() {
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
eapply -p0 "${PATCHES[@]}"
eapply_user
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles"
done
for i in ${DEL_MODS}; do
[[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}"
done
for i in ${POLICY_TYPES}; do
@ -88,7 +77,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i}
done
}
@ -127,6 +116,13 @@ pkg_postinst() {
cd "${ROOT}/usr/share/selinux/${i}"
semodule ${root_opts} -s ${i} ${COMMAND}
for mod in ${DEL_MODS}; do
if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
einfo "Removing obsolete ${i} ${mod} policy package"
semodule ${root_opts} -s ${i} -r ${mod}
fi
done
done
# Don't relabel when cross compiling

22
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -12,7 +12,7 @@ if [[ ${PV} == 9999* ]]; then
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
@ -28,6 +28,7 @@ BDEPEND="
sys-devel/m4"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
DEL_MODS="hotplug"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
@ -56,8 +57,12 @@ src_prepare() {
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles"
done
for i in ${DEL_MODS}; do
[[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}"
done
for i in ${POLICY_TYPES}; do
@ -72,7 +77,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i}
done
}
@ -111,6 +116,13 @@ pkg_postinst() {
cd "${ROOT}/usr/share/selinux/${i}"
semodule ${root_opts} -s ${i} ${COMMAND}
for mod in ${DEL_MODS}; do
if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
einfo "Removing obsolete ${i} ${mod} policy package"
semodule ${root_opts} -s ${i} -r ${mod}
fi
done
done
# Don't relabel when cross compiling

3
sdk_container/src/third_party/portage-stable/sec-policy/selinux-base/Manifest vendored Normal file
View File

@ -0,0 +1,3 @@
DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f
DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6
DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6

15
sdk_container/src/third_party/portage-stable/sec-policy/selinux-base/files/config vendored Normal file
View File

@ -0,0 +1,15 @@
# This file controls the state of SELinux on the system on boot.
# SELINUX can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE can take one of these four values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Full SELinux protection with Multi-Level Security
# mcs - Full SELinux protection with Multi-Category Security
# (mls, but only one sensitivity level)
SELINUXTYPE=strict

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/selinux.conf → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base/files/selinux.conf vendored
View File

2
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/metadata.xml → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

9
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20210203-r1.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base/selinux-base-2.20221101-r3.ebuild vendored
View File

@ -1,8 +1,12 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{9..11} )
PYTHON_REQ_USE="xml(+)"
inherit python-any-r1
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
@ -13,7 +17,7 @@ else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi
IUSE="doc +unknown-perms systemd +ubac +unconfined"
@ -26,6 +30,7 @@ SLOT="0"
RDEPEND=">=sys-apps/policycoreutils-2.8"
DEPEND="${RDEPEND}"
BDEPEND="
${PYTHON_DEPS}
>=sys-apps/checkpolicy-2.8
sys-devel/m4"

61
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20200818-r3.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base/selinux-base-2.20221101-r4.ebuild vendored
View File

@ -1,13 +1,11 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
# flatcar changes
PYTHON_COMPAT=( python3_{8,9,10,11} )
PYTHON_COMPAT=( python3_{9..11} )
PYTHON_REQ_USE="xml(+)"
TMPFILES_OPTIONAL=1
inherit systemd tmpfiles python-any-r1
inherit python-any-r1
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
@ -17,9 +15,9 @@ if [[ ${PV} == 9999* ]]; then
inherit git-r3
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PV}-r2.tar.bz2"
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi
IUSE="doc +unknown-perms systemd +ubac +unconfined"
@ -29,24 +27,12 @@ HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
LICENSE="GPL-2"
SLOT="0"
# flatcar changes
RDEPEND=">=sys-apps/policycoreutils-2.8
>=sys-apps/checkpolicy-2.8
"
RDEPEND=">=sys-apps/policycoreutils-2.8"
DEPEND="${RDEPEND}"
# flatcar: BDEPEND on python - normally pulled in through policycoreutils
# but we made that dep conditional on USE=python
BDEPEND="sys-devel/m4
${PYTHON_DEPS}
"
# flatcar changes
PATCHES=(
"${FILESDIR}"/0001-policy-modules-kernel-all-more-actions-for-kernel.patch
"${FILESDIR}"/0001-policy-ms-MCS-restricts-relabelfrom.patch
"${FILESDIR}"/icmp-bind.patch
)
BDEPEND="
${PYTHON_DEPS}
>=sys-apps/checkpolicy-2.8
sys-devel/m4"
S=${WORKDIR}/
@ -56,8 +42,6 @@ src_prepare() {
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
# flatcar changes
eapply -p0 "${PATCHES[@]}"
eapply_user
cd "${S}/refpolicy" || die
@ -99,10 +83,6 @@ src_configure() {
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
# flatcar changes: it's required to run polkit without segfault
# we need to pass this argument now before the compilation of the policy
sed -i "s/allow_execmem = false/allow_execmem = true/" "${S}/${i}/policy/booleans.conf" || die
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
"${S}/${i}/build.conf" || die "build.conf setup failed."
@ -132,9 +112,7 @@ src_compile() {
for i in ${POLICY_TYPES}; do
cd "${S}/${i}" || die
# flatcar changes
emake base BINDIR="${ROOT}/usr/bin" NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux \
LD_LIBRARY_PATH="${ROOT}/usr/lib64:${LD_LIBRARY_PATH}" -C "${S}"/${i}
emake base
if use doc; then
emake html
fi
@ -167,29 +145,14 @@ src_install() {
done
# flatcar changes
dotmpfiles "${FILESDIR}/tmpfiles.d/selinux-base.conf"
systemd-tmpfiles --root="${D}" --create selinux-base.conf
docinto /
dodoc doc/Makefile.example doc/example.{te,fc,if}
doman man/man8/*.8;
# flatcar changes
insinto /usr/lib/selinux
insinto /etc/selinux
doins "${FILESDIR}/config"
insinto /etc/selinux/mcs/contexts
doins "${FILESDIR}/lxc_contexts"
# flatcar changes
mkdir -p "${D}/usr/lib/selinux"
for i in ${POLICY_TYPES}; do
mv "${D}/etc/selinux/${i}" "${D}/usr/lib/selinux"
dosym "../../usr/lib/selinux/${i}" "/etc/selinux/${i}"
done
insinto /usr/share/portage/config/sets
doins "${FILESDIR}/selinux.conf"
}

9
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-9999.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-base/selinux-base-9999.ebuild vendored
View File

@ -1,8 +1,12 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{9..11} )
PYTHON_REQ_USE="xml(+)"
inherit python-any-r1
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
@ -13,7 +17,7 @@ else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi
IUSE="doc +unknown-perms systemd +ubac +unconfined"
@ -26,6 +30,7 @@ SLOT="0"
RDEPEND=">=sys-apps/policycoreutils-2.8"
DEPEND="${RDEPEND}"
BDEPEND="
${PYTHON_DEPS}
>=sys-apps/checkpolicy-2.8
sys-devel/m4"

3
sdk_container/src/third_party/portage-stable/sec-policy/selinux-container/Manifest vendored Normal file
View File

@ -0,0 +1,3 @@
DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f
DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6
DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6

2
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/metadata.xml → sdk_container/src/third_party/portage-stable/sec-policy/selinux-container/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

15
sdk_container/src/third_party/portage-stable/sec-policy/selinux-container/selinux-container-2.20221101-r3.ebuild vendored Normal file
View File

@ -0,0 +1,15 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="container"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for container"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

15
sdk_container/src/third_party/portage-stable/sec-policy/selinux-container/selinux-container-2.20221101-r4.ebuild vendored Normal file
View File

@ -0,0 +1,15 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="container"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for container"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

15
sdk_container/src/third_party/portage-stable/sec-policy/selinux-container/selinux-container-9999.ebuild vendored Normal file
View File

@ -0,0 +1,15 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="container"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for container"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi

3
sdk_container/src/third_party/portage-stable/sec-policy/selinux-dbus/Manifest vendored Normal file
View File

@ -0,0 +1,3 @@
DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f
DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6
DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6

2
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/metadata.xml → sdk_container/src/third_party/portage-stable/sec-policy/selinux-dbus/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

8
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-9999.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-dbus/selinux-dbus-2.20221101-r3.ebuild vendored
View File

@ -1,15 +1,15 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="virt"
MODS="dbus"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
DESCRIPTION="SELinux policy for dbus"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

15
sdk_container/src/third_party/portage-stable/sec-policy/selinux-dbus/selinux-dbus-2.20221101-r4.ebuild vendored Normal file
View File

@ -0,0 +1,15 @@
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="dbus"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for dbus"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20210203-r1.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-dbus/selinux-dbus-9999.ebuild vendored
View File

@ -4,12 +4,12 @@
EAPI="7"
IUSE=""
MODS="virt"
MODS="dbus"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
DESCRIPTION="SELinux policy for dbus"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi

7
sdk_container/src/third_party/portage-stable/sec-policy/selinux-sssd/Manifest vendored
View File

@ -1,4 +1,3 @@
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc
DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f
DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6
DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6

2
sdk_container/src/third_party/portage-stable/sec-policy/selinux-sssd/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

4
sdk_container/src/third_party/portage-stable/sec-policy/selinux-sssd/selinux-sssd-2.20200818-r2.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-sssd/selinux-sssd-2.20221101-r3.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -11,5 +11,5 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for sssd"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 -arm arm64 ~mips x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

4
sdk_container/src/third_party/portage-stable/sec-policy/selinux-sssd/selinux-sssd-2.20210203-r1.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-sssd/selinux-sssd-2.20221101-r4.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -11,5 +11,5 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for sssd"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

4
sdk_container/src/third_party/portage-stable/sec-policy/selinux-sssd/selinux-sssd-9999.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -11,5 +11,5 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for sssd"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi

7
sdk_container/src/third_party/portage-stable/sec-policy/selinux-unconfined/Manifest vendored
View File

@ -1,4 +1,3 @@
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc
DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f
DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6
DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6

2
sdk_container/src/third_party/portage-stable/sec-policy/selinux-unconfined/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

4
sdk_container/src/third_party/portage-stable/sec-policy/selinux-unconfined/selinux-unconfined-2.20200818-r2.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-unconfined/selinux-unconfined-2.20221101-r3.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -11,5 +11,5 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for unconfined"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

4
sdk_container/src/third_party/portage-stable/sec-policy/selinux-unconfined/selinux-unconfined-2.20210203-r1.ebuild → sdk_container/src/third_party/portage-stable/sec-policy/selinux-unconfined/selinux-unconfined-2.20221101-r4.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -11,5 +11,5 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for unconfined"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips x86"
fi

4
sdk_container/src/third_party/portage-stable/sec-policy/selinux-unconfined/selinux-unconfined-9999.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -11,5 +11,5 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for unconfined"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi

1
sdk_container/src/third_party/portage-stable/sys-apps/checkpolicy/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST checkpolicy-3.5.tar.gz 69904 BLAKE2B e02ccad07534568a1bbb612330018bbe486800ea40df20ed6f9dc38c88aff7f8858782a28ba7915a58c3bb384f180eb8da7a8fe97a92bcb9baa61eec18da6cbc SHA512 fcd490d865af3b4350c32c5dd9916f8406219841e1e255d8945c6dcc958535247aa27af5597a6988e19f11faea7beeabcb46e8ba2431112bb4aa5c7697bca529

10
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/checkpolicy-3.2.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/checkpolicy/checkpolicy-3.5.ebuild vendored
View File

@ -1,10 +1,13 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux policy compiler"
HOMEPAGE="http://userspace.selinuxproject.org"
@ -13,8 +16,9 @@ if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="amd64 arm arm64 ~mips ~riscv x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"

10
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/checkpolicy-9999.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/checkpolicy/checkpolicy-9999.ebuild vendored
View File

@ -1,10 +1,13 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux policy compiler"
HOMEPAGE="http://userspace.selinuxproject.org"
@ -13,8 +16,9 @@ if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~riscv ~x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"

11
sdk_container/src/third_party/portage-stable/sys-apps/checkpolicy/metadata.xml vendored Normal file
View File

@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
<upstream>
<remote-id type="github">SELinuxProject/selinux</remote-id>
</upstream>
</pkgmetadata>

3
sdk_container/src/third_party/portage-stable/sys-apps/semodule-utils/Manifest vendored
View File

@ -1,2 +1 @@
DIST semodule-utils-3.1.tar.gz 14257 BLAKE2B c8c9a1ce7c9c4f53b1f4c728d16b149fdc284f4cff8b4fce0cb59b77d37d6d7e9bf2102c7177c4eaf94677af6147e42d8d0bd55c0bf3a358968d0162d5a6c65a SHA512 b92794bbfbce5834ee7f62fddb40b5506e9291e8fa7c5d669b2e281089b8f8dc40c4522ea287ac5deffdaee751442ba8e691e2ac45fdd378b60d5d6b2527d157
DIST semodule-utils-3.2.tar.gz 14260 BLAKE2B 35c071c96071028d4a912a89b88d02672f1fb8c2d8d23c3cb472b607dad55acdf351ef870b4d52bb2bed7b816a199c18947afcd16e77b66268822288feb4af2a SHA512 f937647cc22f7ed719908bad64415d706fd97cf1dce484dbca2484b05b3295de40e31bec643b6caaf4e8be742b1f911428d393c5e2d1d0ae39a2a37fd3be9bc1
DIST semodule-utils-3.5.tar.gz 14383 BLAKE2B a1bb432013bca1023d99b32f43b2c972b6b807a4677f9d8c9fb9aff10225232506f3ecca86fc231b4c63d04582a91a1c4218f87ce5532a4d35a26a09665c6f10 SHA512 7c32f425ae71745040d1c6a6585149a1efb319913aa9d4c8bf185b0a4216dc66378fa38595b171614ee3ae4ade997d3ae56a060346e334faec55c419a87d71dd

2
sdk_container/src/third_party/portage-stable/sys-apps/semodule-utils/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>

52
sdk_container/src/third_party/portage-stable/sys-apps/semodule-utils/semodule-utils-3.1.ebuild vendored
View File

@ -1,52 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
MY_RELEASEDATE="20200710"
SEPOL_VER="${PV}"
SELNX_VER="${PV}"
MY_P="${P//_/-}"
IUSE=""
if [[ ${PV} == *9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
DESCRIPTION="SELinux policy module utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
LICENSE="GPL-2"
SLOT="0"
DEPEND=">=sys-libs/libsepol-${SEPOL_VER}:="
# flatcar changes: add a weak blocker on policycoreutils-2.4
# to prevent file collisions
# policycoreutils-2.4 and semodule-utils provide the same files
RDEPEND="${DEPEND}
!=sys-apps/policycoreutils-2.4-r2
"
src_prepare() {
default
sed -i 's/-Werror//g' "${S}"/*/Makefile || die "Failed to remove Werror"
}
src_compile() {
emake CC="$(tc-getCC)"
}
src_install() {
emake DESTDIR="${D}" install
}

18
sdk_container/src/third_party/portage-stable/sys-apps/semodule-utils/semodule-utils-3.2.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/semodule-utils/semodule-utils-3.5.ebuild vendored
View File

@ -1,29 +1,31 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
IUSE=""
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux policy module utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == *9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="amd64 arm arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
DESCRIPTION="SELinux policy module utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
LICENSE="GPL-2"
SLOT="0"
IUSE=""
DEPEND=">=sys-libs/libsepol-${PV}:="
RDEPEND="${DEPEND}"
src_prepare() {

16
sdk_container/src/third_party/portage-stable/sys-apps/semodule-utils/semodule-utils-9999.ebuild vendored
View File

@ -1,29 +1,31 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
IUSE=""
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux policy module utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == *9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz"
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
S="${WORKDIR}/${MY_P}"
fi
DESCRIPTION="SELinux policy module utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
LICENSE="GPL-2"
SLOT="0"
IUSE=""
DEPEND=">=sys-libs/libsepol-${PV}:="
RDEPEND="${DEPEND}"
src_prepare() {

1
sdk_container/src/third_party/portage-stable/sys-libs/libselinux/Manifest vendored Normal file
View File

@ -0,0 +1 @@
DIST libselinux-3.5.tar.gz 211453 BLAKE2B f7f3067c4bb0448e18bd7085135f11d94ae99728949480a655c0f660486817beb5829d8a43dff7bce286ccd50705b0c657bde85970f01c794e01fb707f469d8b SHA512 4e13261a5821018a5f3cdce676f180bb62e5bc225981ca8a498ece0d1c88d9ba8eaa0ce4099dd0849309a8a7c5a9a0953df841a9922f2c284e5a109e5d937ba7

46
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/libselinux-3.2-r1.ebuild → sdk_container/src/third_party/portage-stable/sys-libs/libselinux/libselinux-3.5-r1.ebuild vendored
View File

@ -1,9 +1,9 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{6..10} )
USE_RUBY="ruby25 ruby26 ruby27"
PYTHON_COMPAT=( python3_{10..12} )
USE_RUBY="ruby30 ruby31 ruby32"
# No, I am not calling ruby-ng
inherit python-r1 toolchain-funcs multilib-minimal
@ -20,28 +20,30 @@ if [[ ${PV} == 9999 ]]; then
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips ~riscv x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="public-domain"
SLOT="0"
IUSE="pcre2 python ruby static-libs ruby_targets_ruby25 ruby_targets_ruby26 ruby_targets_ruby27"
IUSE="python ruby static-libs ruby_targets_ruby30 ruby_targets_ruby31 ruby_targets_ruby32"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
RDEPEND="dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}]
>=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
python? ( ${PYTHON_DEPS} )
ruby? (
ruby_targets_ruby25? ( dev-lang/ruby:2.5 )
ruby_targets_ruby26? ( dev-lang/ruby:2.6 )
ruby_targets_ruby27? ( dev-lang/ruby:2.7 )
ruby_targets_ruby30? ( dev-lang/ruby:3.0 )
ruby_targets_ruby31? ( dev-lang/ruby:3.1 )
ruby_targets_ruby32? ( dev-lang/ruby:3.2 )
)
elibc_musl? ( sys-libs/fts-standalone )"
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )
python? (
>=dev-lang/swig-2.0.9
dev-python/pip[${PYTHON_USEDEP}]
)
ruby? ( >=dev-lang/swig-2.0.9 )"
src_prepare() {
@ -59,7 +61,7 @@ multilib_src_compile() {
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
all
@ -69,7 +71,7 @@ multilib_src_compile() {
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
pywrap
}
@ -86,7 +88,7 @@ multilib_src_compile() {
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
rubywrap
}
@ -102,7 +104,7 @@ multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
install
if multilib_is_native_abi && use python; then
@ -110,7 +112,7 @@ multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
install-pywrap
python_optimize # bug 531638
}
@ -126,7 +128,7 @@ multilib_src_install() {
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
RUBY=${1} \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
install-rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
@ -143,12 +145,12 @@ pkg_postinst() {
# Fix bug 473502
for POLTYPE in ${POLICY_TYPES};
do
mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
mkdir -p "${ROOT}/etc/selinux/${POLTYPE}/contexts/files" || die
touch "${ROOT}/etc/selinux/${POLTYPE}/contexts/files/file_contexts.local" || die
# Fix bug 516608
for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
if [[ -f "/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
if [[ -f "${ROOT}/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
sefcontext_compile "${ROOT}/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" \
|| die "Failed to recompile contexts"
fi
done

38
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/libselinux-9999.ebuild → sdk_container/src/third_party/portage-stable/sys-libs/libselinux/libselinux-9999.ebuild vendored
View File

@ -1,9 +1,9 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_{6..10} )
USE_RUBY="ruby25 ruby26 ruby27"
PYTHON_COMPAT=( python3_{10..12} )
USE_RUBY="ruby30 ruby31 ruby32"
# No, I am not calling ruby-ng
inherit python-r1 toolchain-funcs multilib-minimal
@ -20,28 +20,30 @@ if [[ ${PV} == 9999 ]]; then
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~riscv ~x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="public-domain"
SLOT="0"
IUSE="pcre2 python ruby static-libs ruby_targets_ruby25 ruby_targets_ruby26 ruby_targets_ruby27"
IUSE="python ruby static-libs ruby_targets_ruby30 ruby_targets_ruby31 ruby_targets_ruby32"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
RDEPEND="dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}]
>=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
python? ( ${PYTHON_DEPS} )
ruby? (
ruby_targets_ruby25? ( dev-lang/ruby:2.5 )
ruby_targets_ruby26? ( dev-lang/ruby:2.6 )
ruby_targets_ruby27? ( dev-lang/ruby:2.7 )
ruby_targets_ruby30? ( dev-lang/ruby:3.0 )
ruby_targets_ruby31? ( dev-lang/ruby:3.1 )
ruby_targets_ruby32? ( dev-lang/ruby:3.2 )
)
elibc_musl? ( sys-libs/fts-standalone )"
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )
python? (
>=dev-lang/swig-2.0.9
dev-python/pip[${PYTHON_USEDEP}]
)
ruby? ( >=dev-lang/swig-2.0.9 )"
src_prepare() {
@ -59,7 +61,7 @@ multilib_src_compile() {
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
all
@ -69,7 +71,7 @@ multilib_src_compile() {
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
pywrap
}
@ -86,7 +88,7 @@ multilib_src_compile() {
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
rubywrap
}
@ -102,7 +104,7 @@ multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
install
if multilib_is_native_abi && use python; then
@ -110,7 +112,7 @@ multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
install-pywrap
python_optimize # bug 531638
}
@ -126,7 +128,7 @@ multilib_src_install() {
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
RUBY=${1} \
USE_PCRE2="$(usex pcre2 y n)" \
USE_PCRE2=y \
install-rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do

5
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/metadata.xml → sdk_container/src/third_party/portage-stable/sys-libs/libselinux/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>
@ -10,9 +10,6 @@
process and file security contexts and to obtain security policy
decisions. Required for any applications that use the SELinux API.
</longdescription>
<use>
<flag name="pcre2">Use <pkg>dev-libs/libpcre2</pkg> for fcontext regexes</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:selinuxproject:libselinux</remote-id>
<remote-id type="github">SELinuxProject/selinux</remote-id>

3
sdk_container/src/third_party/portage-stable/sys-libs/libsepol/Manifest vendored
View File

@ -1,2 +1 @@
DIST libsepol-3.1.tar.gz 473842 BLAKE2B ef1d596c4d53cc0a87e899ef4aeb5bf29c9d6b8303632ddc866c100d30debd8aedd0e8b38cb4ce3141b80421cd914148ff072e492d63dc2dacf03ac2ce59ca5a SHA512 4b5f4e82853ff3e9b4fac2dbdea5c2fc3bb7b508af912217ac4b75da6540fbcd77aa314ab95cd9dfa94fbc4a885000656a663c1a152f65b4cf6970ea0b6034ab
DIST libsepol-3.2.tar.gz 477749 BLAKE2B 6f35387c0373869672080e151f212c081389f6799539124353aa1749ae2648669b2e237a271297c1c212b7a9e0c35f05edfff1bb724c8a15993e8fb8c599ac2e SHA512 1a6b3489ff766958a4b444b9be63a794267243aed303d3e7d87278f11be492dbf603a0c8181c4c5e01cb0e1ceb43810a77f738f0b9bd1d7d2be67053f9c67a6f
DIST libsepol-3.5.tar.gz 497522 BLAKE2B dad2d346605be53fe41aef69e2e4bd4f1ce68a15f0b9307deb6b66bbe7bf06a9ee6be580e60d2f19aebbc8ee5041ac8a7b831b51342ba7c7089e1f1a447e7691 SHA512 66f45a9f4951589855961955db686b006b4c0cddead6ac49ad238a0e4a34775905bd10fb8cf0c0ff2ab64f9b7d8366b97fcd5b19c382dec39971a2835cc765c8

51
sdk_container/src/third_party/portage-stable/sys-libs/libsepol/libsepol-3.1.ebuild vendored
View File

@ -1,51 +0,0 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs multilib-minimal
MY_P="${P//_/-}"
MY_RELEASEDATE="20200710"
DESCRIPTION="SELinux binary policy representation library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0"
# tests are not meant to be run outside of the full SELinux userland repo
RESTRICT="test"
src_prepare() {
eapply_user
multilib_copy_sources
}
multilib_src_compile() {
tc-export CC AR RANLIB
# https://bugs.gentoo.org/706730
local -x CFLAGS="${CFLAGS} -fcommon"
emake \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)"
}
multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
install
}

4
sdk_container/src/third_party/portage-stable/sys-libs/libsepol/libsepol-3.2.ebuild → sdk_container/src/third_party/portage-stable/sys-libs/libsepol/libsepol-3.5.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -17,7 +17,7 @@ if [[ ${PV} == 9999 ]]; then
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
KEYWORDS="amd64 arm arm64 ~mips ~riscv x86"
S="${WORKDIR}/${MY_P}"
fi

4
sdk_container/src/third_party/portage-stable/sys-libs/libsepol/libsepol-9999.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2021 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
@ -17,7 +17,7 @@ if [[ ${PV} == 9999 ]]; then
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~riscv ~x86"
S="${WORKDIR}/${MY_P}"
fi

2
sdk_container/src/third_party/portage-stable/sys-libs/libsepol/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>selinux@gentoo.org</email>