mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 02:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1048 from kinvolk/tormath1/selinux

Browse Source 
selinux: upgrade selinux libs
This commit is contained in:
Mathieu Tortuyaux 2021-07-16 11:25:10 +02:00 committed by GitHub
commit aa3ad05497
99 changed files with 2339 additions and 6826 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

428
sdk_container/src/third_party/coreos-overlay/app-admin/setools/ChangeLog vendored
View File

@ -1,428 +0,0 @@
# ChangeLog for app-admin/setools
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/setools/ChangeLog,v 1.101 2015/05/10 09:06:14 perfinion Exp $
10 May 2015; Jason Zaman <perfinion@gentoo.org> setools-3.3.8-r7.ebuild:
stabilize selinux 2.4 userland
18 Apr 2015; Jason Zaman <perfinion@gentoo.org> setools-3.3.8-r7.ebuild:
Cleanup deps
16 Mar 2015; Mike Frysinger <vapier@gentoo.org> setools-3.3.8-r5.ebuild,
setools-3.3.8-r7.ebuild:
Use new toolchain helpers for selecting the bfd linker #467136 by Amadeusz
Sławiński. Clean up quoting/redundant die/semicolons too.
03 Mar 2015; Sven Vermeulen <swift@gentoo.org> setools-3.3.8-r7.ebuild:
Fix bug #542032 - SWIG version check does not work
02 Mar 2015; Sven Vermeulen <swift@gentoo.org> -setools-3.3.8-r6.ebuild:
Drop r6 (build failure with swig, fixed in r7)
18 Feb 2015; Jason Zaman <perfinion@gentoo.org> setools-3.3.8-r7.ebuild:
re-add keywords to -r7
*setools-3.3.8-r7 (17 Feb 2015)
17 Feb 2015; Jason Zaman <perfinion@gentoo.org> +setools-3.3.8-r7.ebuild:
revbump with swig patches, dropping keywords for testing
*setools-3.3.8-r6 (12 Feb 2015)
12 Feb 2015; Jason Zaman <perfinion@gentoo.org>
+files/setools3-userspace-2.4-compatibility.patch, +setools-3.3.8-r6.ebuild:
fix compile error with 2.4 userland, bug 539462
05 Aug 2014; Sven Vermeulen <swift@gentoo.org> -setools-3.3.8-r2.ebuild,
-setools-3.3.8-r4.ebuild:
Remove obsolete ebuilds
30 Jul 2014; Sven Vermeulen <swift@gentoo.org> setools-3.3.8-r5.ebuild:
Fix bug #509532 - Fix failure of unresolved overloaded function type
28 May 2014; Sven Vermeulen <swift@gentoo.org> -setools-3.3.7-r1.ebuild,
-setools-3.3.7-r3.ebuild, -setools-3.3.7-r5.ebuild, -setools-3.3.7-r6.ebuild,
-setools-3.3.8-r1.ebuild, -setools-3.3.8-r3.ebuild:
Spring cleanup
*setools-3.3.8-r5 (28 May 2014)
28 May 2014; Sven Vermeulen <swift@gentoo.org> +setools-3.3.8-r5.ebuild:
Fix bug #509532 - Build failure with unresolved overloaded function type
24 Mar 2014; Sven Vermeulen <swift@gentoo.org> setools-3.3.8-r4.ebuild:
Stabilize
*setools-3.3.8-r4 (04 Feb 2014)
04 Feb 2014; Sven Vermeulen <swift@gentoo.org> +setools-3.3.8-r4.ebuild:
Switch to python-r1, use EAPI=5, explicitly use bfd linker (bug 467136)
*setools-3.3.8-r3 (19 Jan 2014)
19 Jan 2014; Sven Vermeulen <swift@gentoo.org> +setools-3.3.8-r3.ebuild:
Fix pthread_cond_timedwait error thanks to Christopher J. PeBenito for the
patch
27 Jun 2013; Sven Vermeulen <swift@gentoo.org> setools-3.3.8-r2.ebuild:
Stabilize
*setools-3.3.8-r2 (22 Apr 2013)
22 Apr 2013; Sven Vermeulen <swift@gentoo.org> +setools-3.3.8-r2.ebuild:
Using SLOTed swig, fixes bug #453512
16 Apr 2013; Sven Vermeulen <swift@gentoo.org> setools-3.3.8-r1.ebuild:
Stabilize
*setools-3.3.8-r1 (09 Mar 2013)
09 Mar 2013; Sven Vermeulen <swift@gentoo.org> +setools-3.3.8-r1.ebuild:
New upstream release (3.3.8)
30 Dec 2012; Sven Vermeulen setools-3.3.7-r6.ebuild:
Stabilize
*setools-3.3.7-r6 (23 Nov 2012)
23 Nov 2012; Sven Vermeulen +setools-3.3.7-r6.ebuild:
Fix bugs #436338 and #430262
18 Nov 2012; <swift@gentoo.org> setools-3.3.7-r5.ebuild:
Adding epatch_user to simplify development and support user-provided patches
*setools-3.3.7-r5 (08 Sep 2012)
08 Sep 2012; <swift@gentoo.org> +setools-3.3.7-r5.ebuild:
Fix bugs #424627 and #430262
30 Jul 2012; <swift@gentoo.org> setools-3.3.7-r3.ebuild:
Stabilization
09 Jul 2012; <swift@gentoo.org> setools-3.3.7-r3.ebuild:
Fixing bug #424581 - Work around mkdir_p changes in automake until 1.12 is
default
26 Jun 2012; Mike Gilbert <floppym@gentoo.org> setools-3.3.7-r1.ebuild,
setools-3.3.7-r3.ebuild:
Restict pypy per Arfrever.
*setools-3.3.7-r3 (25 Jun 2012)
25 Jun 2012; <swift@gentoo.org> +setools-3.3.7-r3.ebuild:
Support Python3, fix audit2allow support, bug #415091 and bug #408179
21 May 2012; Mike Frysinger <vapier@gentoo.org> setools-3.3.7-r1.ebuild:
Inherit eutils for epatch.
03 May 2012; Jeff Horelick <jdhore@gentoo.org> setools-3.3.7-r1.ebuild:
dev-util/pkgconfig -> virtual/pkgconfig
12 Nov 2011; <swift@gentoo.org> -setools-3.3.7.ebuild:
Remove obsoleted ebuilds
23 Oct 2011; <swift@gentoo.org> setools-3.3.7-r1.ebuild:
Stabilization (tracker #384231)
19 Aug 2011; <swift@gentoo.org> -setools-2.4.ebuild, -setools-3.3.4.ebuild,
-setools-3.3.5.ebuild, -setools-3.3.6.ebuild,
-files/setools-3.3.6-headers.diff, -files/apol_tcl_fc.c.diff:
Remove obsoleted versions of setools
*setools-3.3.7-r1 (19 Aug 2011)
19 Aug 2011; <swift@gentoo.org>
+files/fix-check-role_set_expand-libsepol-2.1.0.patch,
+setools-3.3.7-r1.ebuild, +files/fix-implicit-def-fstat.patch:
Fix #378943 where setools fails to build with new selinux userspace
08 Jul 2011; Samuli Suominen <ssuominen@gentoo.org> setools-2.4.ebuild:
Convert from "useq" to "use".
28 May 2011; Anthony G. Basile <blueness@gentoo.org> setools-3.3.7.ebuild:
Stable amd64 x86
04 Apr 2011; Anthony G. Basile <blueness@gentoo.org> setools-2.4.ebuild:
Updated SRC_URI, bug #341929
29 Mar 2011; Christoph Mende <angelos@gentoo.org> setools-3.3.4.ebuild,
setools-3.3.5.ebuild, setools-3.3.6.ebuild, setools-3.3.7.ebuild:
Fixed slot deps
13 Feb 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
Updated metadata.xml to reflect new selinux herd.
06 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
setools-3.3.7.ebuild:
Set SUPPORT_PYTHON_ABIS (bug #308279). Fix building with SWIG 2.
*setools-3.3.7 (12 May 2010)
12 May 2010; Chris PeBenito <pebenito@gentoo.org> +setools-3.3.7.ebuild:
New upstream release.
20 Sep 2009; Chris PeBenito <pebenito@gentoo.org> setools-3.3.6.ebuild,
+files/setools-3.3.6-headers.diff:
Fix QA issues.
*setools-3.3.6 (08 Aug 2009)
08 Aug 2009; Chris PeBenito <pebenito@gentoo.org> +setools-3.3.6.ebuild:
New upstream release.
22 Jul 2009; Chris PeBenito <pebenito@gentoo.org> setools-3.3.4.ebuild,
setools-3.3.5.ebuild:
Drop alpha, mips, ppc, sparc selinux support.
13 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
setools-3.3.5.ebuild:
Use emake rather than make.
*setools-3.3.5 (02 Dec 2008)
02 Dec 2008; Chris PeBenito <pebenito@gentoo.org> setools-2.4.ebuild,
-setools-3.3.1.ebuild, -setools-3.3.3.ebuild, +setools-3.3.5.ebuild:
New upstream bugfix release for libsepol 2.x additional features.
Cleanup old ebuilds.
*setools-3.3.4 (31 Mar 2008)
31 Mar 2008; Chris PeBenito <pebenito@gentoo.org> +setools-3.3.4.ebuild:
Update with fixes for glibc 2.7, gcc 3.4, and tcl/tk 8.5.
*setools-3.3.3 (26 Feb 2008)
26 Feb 2008; Chris PeBenito <pebenito@gentoo.org> +setools-3.3.3.ebuild:
New upstream bugfix release.
*setools-3.3.1 (27 Aug 2007)
27 Aug 2007; Chris PeBenito <pebenito@gentoo.org> -setools-3.0.ebuild,
-setools-3.1.ebuild, -setools-3.2.ebuild, -setools-3.3.ebuild,
+setools-3.3.1.ebuild:
New upstream bugfix release. Clear out old unstable ebuilds.
20 Aug 2007; Chris PeBenito <pebenito@gentoo.org> setools-3.1.ebuild,
setools-3.2.ebuild:
Set bwidget dep to 1.8 to fix #175415.
*setools-3.3 (04 Aug 2007)
04 Aug 2007; Chris PeBenito <pebenito@gentoo.org> +setools-3.3.ebuild:
New upstream release.
*setools-3.2 (09 May 2007)
09 May 2007; Chris PeBenito <pebenito@gentoo.org> +setools-3.2.ebuild:
New upstream release.
*setools-3.1 (16 Feb 2007)
16 Feb 2007; Chris PeBenito <pebenito@gentoo.org> +setools-3.1.ebuild:
New upstream release.
02 Feb 2007; Chris PeBenito <pebenito@gentoo.org> setools-3.0.ebuild:
Fix bug #156752.
*setools-3.0 (18 Oct 2006)
18 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-files/setools-2.2-nogui.diff, -setools-2.2.ebuild, -setools-2.3.ebuild,
+setools-3.0.ebuild:
New upstream release.
12 Sep 2006; Chris PeBenito <pebenito@gentoo.org> setools-2.4.ebuild:
Mark stable.
11 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
+files/apol_tcl_fc.c.diff, setools-2.4.ebuild:
Fixes to hopefully take care of #133028
*setools-2.4 (09 May 2006)
09 May 2006; Chris PeBenito <pebenito@gentoo.org> +setools-2.4.ebuild:
New upstream release.
*setools-2.3 (03 Feb 2006)
03 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +setools-2.3.ebuild:
New upstream release.
02 Jan 2006; Chris PeBenito <pebenito@gentoo.org> -setools-2.1.2.ebuild,
-setools-2.1.3.ebuild, setools-2.2.ebuild:
Mark stable.
05 Dec 2005; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
setools-2.1.2.ebuild, setools-2.1.3.ebuild, setools-2.2.ebuild:
Update homepage and metadata.
12 Nov 2005; Chris PeBenito <pebenito@gentoo.org>
+files/setools-2.2-nogui.diff, setools-2.2.ebuild:
Add patch to fix bug #112284.
*setools-2.2 (08 Nov 2005)
08 Nov 2005; Chris PeBenito <pebenito@gentoo.org> +setools-2.2.ebuild:
New upstream release.
*setools-2.1.3 (12 Oct 2005)
12 Oct 2005; Chris PeBenito <pebenito@gentoo.org> -setools-2.1.0.ebuild,
-setools-2.1.1.ebuild, +setools-2.1.3.ebuild:
New upstream release.
08 Oct 2005; Chris PeBenito <pebenito@gentoo.org> setools-2.1.2.ebuild:
Mark stable.
07 Sep 2005; Chris PeBenito <pebenito@gentoo.org> setools-2.1.0.ebuild,
setools-2.1.1.ebuild, setools-2.1.2.ebuild:
Fix changed URIs.
*setools-2.1.2 (07 Sep 2005)
07 Sep 2005; Chris PeBenito <pebenito@gentoo.org> +setools-2.1.2.ebuild:
New upstream release.
*setools-2.1.1 (20 May 2005)
20 May 2005; Chris PeBenito <pebenito@gentoo.org> setools-2.1.0.ebuild,
+setools-2.1.1.ebuild:
Mark 2.1.0 stable, plus new upstream release.
21 Apr 2005; Simon Stelling <blubb@gentoo.org> setools-2.0-r1.ebuild:
stable on amd64
*setools-2.1.0 (19 Apr 2005)
19 Apr 2005; Chris PeBenito <pebenito@gentoo.org> +setools-2.1.0.ebuild:
New upstream release.
*setools-2.0-r1 (09 Apr 2005)
09 Apr 2005; Chris PeBenito <pebenito@gentoo.org> +setools-2.0-r1.ebuild:
Fix for bug #88248.
29 Mar 2005; Chris PeBenito <pebenito@gentoo.org> setools-2.0.ebuild:
Mark stable.
06 Mar 2005; Chris PeBenito <pebenito@gentoo.org> setools-2.0.ebuild:
Went overboard on CFLAGS fixes, causing some compile failures on some machines.
04 Mar 2005; Chris PeBenito <pebenito@gentoo.org> setools-2.0.ebuild:
Fix DEPEND
*setools-2.0 (04 Mar 2005)
04 Mar 2005; Chris PeBenito <pebenito@gentoo.org> setools-1.5.1.ebuild,
+setools-2.0.ebuild:
New upstream major release. Mark 1.5.1 stable for x86 and ppc.
*setools-1.5.1 (06 Nov 2004)
06 Nov 2004; Chris PeBenito <pebenito@gentoo.org> +setools-1.5.1.ebuild:
New upstream release
*setools-1.4.1-r1 (15 Sep 2004)
15 Sep 2004; Chris PeBenito <pebenito@gentoo.org> -setools-1.3.1.ebuild,
+setools-1.4.1-r1.ebuild, -setools-1.4.1.ebuild:
Fix seuser.fc install.
*setools-1.4.1 (22 Aug 2004)
22 Aug 2004; Chris PeBenito <pebenito@gentoo.org> +setools-1.4.1.ebuild,
-setools-1.4.ebuild:
Bugfix release.
24 Jul 2004; Joshua Brindle <method@gentoo.org> setools-1.4.ebuild:
add libselinux dependancy
*setools-1.4 (21 Jun 2004)
21 Jun 2004; Chris PeBenito <pebenito@gentoo.org> +setools-1.4.ebuild:
New upstream version.
21 Jun 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.3.1.ebuild:
Fix for compiles that are USE="-selinux".
24 May 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.3.1.ebuild:
Fix sandbox violations.
*setools-1.3.1 (05 May 2004)
05 May 2004; Chris PeBenito <pebenito@gentoo.org> +setools-1.3.1.ebuild,
-setools-1.3.ebuild:
New upstream bugfix release.
04 May 2004; Chris PeBenito <pebenito@gentoo.org> -setools-1.2.1.ebuild,
setools-1.3.ebuild:
Mark stable
29 Apr 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.2.1.ebuild,
setools-1.3.ebuild:
Add missing libxml2 dep.
*setools-1.3 (15 Apr 2004)
15 Apr 2004; Chris PeBenito <pebenito@gentoo.org> +setools-1.3.ebuild:
New upstream version.
03 Mar 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.2.1.ebuild:
Mark stable.
*setools-1.2.1 (08 Feb 2004)
08 Feb 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.2.1.ebuild:
New upstream bugfix release.
06 Feb 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.2.ebuild:
Fix seuser file contexts and conf file.
*setools-1.2 (05 Feb 2004)
05 Feb 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.2.ebuild:
New upstream version.
31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.1.1.ebuild:
Mark stable.
*setools-1.1.1 (06 Jan 2004)
06 Jan 2004; Chris PeBenito <pebenito@gentoo.org> setools-1.1.1.ebuild:
New upstream bugfix release.
28 Dec 2003; Chris PeBenito <pebenito@gentoo.org> setools-1.1.ebuild:
Eliminate install -Z. The context option is not needed, and causes sandbox
violations.
22 Dec 2003; Chris PeBenito <pebenito@gentoo.org> setools-1.1.ebuild,
files/setools-1.1-fix_noX.diff:
Treesys makefiles are broken. Add a hack to make it really work for non X
systems.
*setools-1.1 (22 Dec 2003)
22 Dec 2003; Chris PeBenito <pebenito@gentoo.org> setools-1.1.ebuild:
New upstream version. Now X is optional, as there are command line tools. Also
has a new optional gtk log analyzer for audit messages.
20 Nov 2003; Chris PeBenito <pebenito@gentoo.org> setools-1.0.1.ebuild:
Mark stable
*setools-1.0.1 (06 Nov 2003)
06 Nov 2003; Chris PeBenito <pebenito@gentoo.org> setools-1.0.1.ebuild:
New upstream minor version.
*setools-1.0 (23 Oct 2003)
23 Oct 2003; Chris PeBenito <pebenito@gentoo.org> setools-1.0.ebuild:
Setools for the new SELinux API.
22 Sep 2003; Chris PeBenito <pebenito@gentoo.org> setools-20030609.ebuild:
Overdue, mark stable.
*setools-20030609 (02 Jul 2003)
02 Jul 2003; Chris PeBenito <pebenito@gentoo.org> setools-20030609.ebuild:
Initial commit

4
sdk_container/src/third_party/coreos-overlay/app-admin/setools/Manifest vendored
View File

@ -1,4 +0,0 @@
DIST setools-3.3.8-01-fedora-patches.tar.gz 1128 SHA256 420b852d4209d07b73cec84586e000e7a6a719135ea677711abf97d420840bb6 SHA512 1aa2cc50c307929b522e029a552bfd545aef07656d1983289b0ea9be67aa94c07272a59c17630fc09fd79b06845ada318cdfa48d6cc243a24026e015c23b9634 WHIRLPOOL 25ae2b15fb15060fd0d34c55f4cc098b70a3a616f5334b092657a9c5df037b7fcf00fd185f33ba142e47d46c36b2fb7e9434021d6e987832fe833367a50d7449
DIST setools-3.3.8-03-gentoo-patches.tar.gz 6584 SHA256 8eac460b7dc2ee5e2f23148cdbf187316edd78ce0ec7ebbb6b0f68d6ad33d86a SHA512 5458dab5775b558e287f946c299753be5cb5eb6c1c2b9df0e32c7cfa758bb5316d142aa6338d3019f5f1eeb72876e4d5ed4939b0dbfe7b7e01c08a19a086bacc WHIRLPOOL e1afa6bb28f3aee2f3acdc66efd8ca02548c4f8e5707052ea455f1db558126f069d63278251630ee68bf4987157279161006975cb14d44055492228fa476cd72
DIST setools-3.3.8-04-gentoo-patches.tar.bz2 94986 SHA256 9a8a43ac97606fde9b2610ceed65f640638929853f871ce530982bedfd919b64 SHA512 39bf00b6aaf31821c6e2e2fb4c460dd1914fba4bf8385acebedf88f1533da990f1fb925dd49d75827aebef3f394a50a1edea46a07204193b58c65a066a064e6a WHIRLPOOL 4a92e4cf6930584de931c5d0805815aacd1c1af4434ca8e73414eda33588a55ef8d7bdfe4195be642889eee480128cbe12d1c5612e07ea304021b230e0b74816
DIST setools-3.3.8.tar.bz2 951428 SHA256 44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999 SHA512 2c42ee9904174ed6c6fc129e374ec3591925094ab0ef65001b0104e365c5634bf4a79f28369608c80199d8f59fafaa5f274107c04c129c380eeef7adb0c32667 WHIRLPOOL 11c4065809909764f4364b78df1a8030d189315601b882919ccacb5fb147c1b3a061c5bbf9ced3c243d4615ab7727e9db0c89e931a884ae8b317ae3a879e5371

24
sdk_container/src/third_party/coreos-overlay/app-admin/setools/files/fix-check-role_set_expand-libsepol-2.1.0.patch vendored
View File

@ -1,24 +0,0 @@
diff -ur setools-3.3.7.orig/configure.ac setools-3.3.7/configure.ac
--- setools-3.3.7.orig/configure.ac 2011-08-12 19:20:32.651000078 +0200
+++ setools-3.3.7/configure.ac 2011-08-12 19:20:42.224000036 +0200
@@ -503,7 +503,7 @@
[AC_LANG_SOURCE([
#include <sepol/policydb/expand.h>
int main () {
- return role_set_expand(NULL, NULL, NULL, NULL);
+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
}])],
sepol_new_user_role_mapping="yes",
sepol_new_user_role_mapping="no")
diff -ur setools-3.3.7.orig/libqpol/src/policy_define.c setools-3.3.7/libqpol/src/policy_define.c
--- setools-3.3.7.orig/libqpol/src/policy_define.c 2011-08-12 19:20:32.657000013 +0200
+++ setools-3.3.7/libqpol/src/policy_define.c 2011-08-12 19:20:53.907005864 +0200
@@ -2133,7 +2133,7 @@
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
#ifdef HAVE_SEPOL_USER_ROLE_MAPPING
- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
#else
if (role_set_expand(&roles, &e_roles, policydbp))
#endif

13
sdk_container/src/third_party/coreos-overlay/app-admin/setools/files/fix-implicit-def-fstat.patch vendored
View File

@ -1,13 +0,0 @@
diff -ur setools-3.3.7.orig/libqpol/src/policy.c setools-3.3.7/libqpol/src/policy.c
--- setools-3.3.7.orig/libqpol/src/policy.c 2011-08-12 19:48:13.793000029 +0200
+++ setools-3.3.7/libqpol/src/policy.c 2011-08-12 19:49:32.880001229 +0200
@@ -36,6 +36,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
#include <asm/types.h>
#include <sepol/debug.h>

114
sdk_container/src/third_party/coreos-overlay/app-admin/setools/files/setools3-userspace-2.4-compatibility.patch vendored
View File

@ -1,114 +0,0 @@
From f1e5b208d507171968ca4d2eeefd7980f1004a3c Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 12 Feb 2015 08:55:12 -0500
Subject: [PATCH] Update for 2015-02-02 Userspace release (2.4)
SETools now requires libsepol 2.4 and libselinux 2.4.
---
configure.ac | 6 +++---
libqpol/src/policy_define.c | 4 ++--
libqpol/src/policy_extend.c | 4 ++--
libqpol/src/syn_rule_query.c | 6 +++---
secmds/replcon.cc | 2 +-
5 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/configure.ac b/configure.ac
index 80395e6..ae20da7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,9 +25,9 @@ libseaudit_version=4.5
setoolsdir='${prefix}/share/setools-3.3'
javadir='${prefix}/share/java'
-version_min_sepol_major=1
-version_min_sepol_minor=12
-version_min_sepol_patch=27
+version_min_sepol_major=2
+version_min_sepol_minor=4
+version_min_sepol_patch=0
dnl *** end of tunable values ***
diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
index 229779c..15f70ba 100644
--- a/libqpol/src/policy_define.c
+++ b/libqpol/src/policy_define.c
@@ -1661,7 +1661,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
goto bad;
}
class_perm_node_init(perm);
- perm->class = i + 1;
+ perm->tclass = i + 1;
perm->data = datum->s.value;
perm->next = avrule->perms;
avrule->perms = perm;
@@ -1901,7 +1901,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
goto out;
}
class_perm_node_init(cur_perms);
- cur_perms->class = i + 1;
+ cur_perms->tclass = i + 1;
if (!perms)
perms = cur_perms;
if (tail)
diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
index 5325a87..1417271 100644
--- a/libqpol/src/policy_extend.c
+++ b/libqpol/src/policy_extend.c
@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
for (class_node = rule->perms; class_node; class_node = class_node->next) {
key.rule_type = rule->specified;
key.source_val = key.target_val = i + 1;
- key.class_val = class_node->class;
+ key.class_val = class_node->tclass;
key.cond = cond;
if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
goto err;
@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
key.rule_type = rule->specified;
key.source_val = i + 1;
key.target_val = j + 1;
- key.class_val = class_node->class;
+ key.class_val = class_node->tclass;
key.cond = cond;
if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
goto err;
diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
index 3e63204..d7578f1 100644
--- a/libqpol/src/syn_rule_query.c
+++ b/libqpol/src/syn_rule_query.c
@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
return NULL;
}
- return db->class_val_to_struct[srcs->cur->class - 1];
+ return db->class_val_to_struct[srcs->cur->tclass - 1];
}
static int syn_rule_class_state_next(qpol_iterator_t * iter)
@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
}
for (node = internal_rule->perms; node; node = node->next) {
- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
if (!(node->data & (1 << i)))
continue;
- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
if (tmp) {
tmp++; /* remove prepended space */
for (cur = 0; cur < perm_list_sz; cur++)
diff --git a/secmds/replcon.cc b/secmds/replcon.cc
index 34f7c1a..307c39f 100644
--- a/secmds/replcon.cc
+++ b/secmds/replcon.cc
@@ -60,7 +60,7 @@ static struct option const longopts[] = {
{NULL, 0, NULL, 0}
};
-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
/**
* As that setools must work with older libselinux versions that may

29
sdk_container/src/third_party/coreos-overlay/app-admin/setools/files/support-cross-build.patch vendored
View File

@ -1,29 +0,0 @@
diff -ur setools-3.3.8.orig/configure.ac setools-3.3.8/configure.ac
--- setools-3.3.8.orig/configure.ac 2013-01-16 08:36:24.000000000 -0800
+++ setools-3.3.8/configure.ac 2015-06-11 15:01:16.476072420 -0700
@@ -593,25 +593,6 @@
sepol_new_errcodes="yes",
sepol_new_errcodes="no")
-AC_RUN_IFELSE(
- [AC_LANG_SOURCE([
-#include <sepol/policydb/policydb.h>
-#include <stdio.h>
-#include <stdlib.h>
-int main(void) {
- FILE *f = fopen("conftest.data", "w");
- if (f != NULL && fprintf(f, "%d", POLICYDB_VERSION_MAX) > 0) {
- fclose(f);
- exit(EXIT_SUCCESS);
- }
- exit(EXIT_FAILURE);
-}])],
- sepol_policy_version_max=`cat conftest.data`,
- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
-AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
-CFLAGS="${sepol_save_CFLAGS}"
-CPPFLAGS="${sepol_save_CPPFLAGS}"
-
if test ${use_selinux} = "yes"; then
dnl Locate selinux policy root directory
AC_MSG_CHECKING([for selinux policy root])

6
sdk_container/src/third_party/coreos-overlay/app-admin/setools/metadata.xml vendored
View File

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<longdescription>SELinux policy analysis tools.</longdescription>
</pkgmetadata>

141
sdk_container/src/third_party/coreos-overlay/app-admin/setools/setools-3.3.8-r7.ebuild vendored
View File

@ -1,141 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/setools/setools-3.3.8-r7.ebuild,v 1.6 2015/05/10 09:06:14 perfinion Exp $
EAPI="5"
PYTHON_COMPAT=( python2_7 python3_4 python3_5 python3_6 )
inherit autotools java-pkg-opt-2 python-r1 eutils toolchain-funcs
DESCRIPTION="SELinux policy tools"
HOMEPAGE="http://www.tresys.com/selinux/selinux_policy_tools.shtml"
SRC_URI="http://oss.tresys.com/projects/setools/chrome/site/dists/${P}/${P}.tar.bz2
http://dev.gentoo.org/~perfinion/patches/setools/${P}-04-gentoo-patches.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 x86"
IUSE="X debug java python"
COMMONDEPEND=">=sys-libs/libsepol-2.4
>=sys-libs/libselinux-2.4
>=dev-db/sqlite-3.2:3
dev-libs/libxml2:2
python? ( ${PYTHON_DEPS} )
X? (
>=dev-lang/tk-8.4.9:0=
>=gnome-base/libglade-2.0
>=x11-libs/gtk+-2.8:2
)"
DEPEND="${COMMONDEPEND}
>=sys-devel/automake-1.12.1
sys-devel/bison
sys-devel/flex
virtual/pkgconfig
java? ( dev-lang/swig
virtual/jdk:= )
python? ( dev-lang/swig )"
RDEPEND="${COMMONDEPEND}
java? ( >=virtual/jre-1.4:= )
X? ( >=dev-tcltk/bwidget-1.8 )"
RESTRICT="test"
# setools dirs that contain python code to build
PYTHON_DIRS="libapol/swig/python libpoldiff/swig/python libqpol/swig/python libseaudit/swig/python libsefs/swig/python python"
pkg_setup() {
if use java; then
java-pkg-opt-2_pkg_setup
fi
}
src_prepare() {
epatch "${FILESDIR}/support-cross-build.patch"
EPATCH_MULTI_MSG="Applying various (Gentoo) setool fixes... " \
EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}/gentoo-patches" \
EPATCH_FORCE="yes" \
epatch
# Fix build failure due to double __init__.py installation
sed -e "s/^wrappedpy_DATA = qpol.py \$(pkgpython_PYTHON)/wrappedpy_DATA = qpol.py/" -i libqpol/swig/python/Makefile.am || die
# Disable broken check for SWIG version. Bug #542032
sed -e "s/AC_PROG_SWIG(2.0.0)/AC_PROG_SWIG/" -i configure.ac || die "sed failed"
local dir
for dir in ${PYTHON_DIRS}; do
# Python bindings are built/installed manually.
sed -e "s/MAYBE_PYSWIG = python/MAYBE_PYSWIG =/" -i ${dir%python}Makefile.am || die "sed failed"
# Make PYTHON_LDFLAGS replaceable during running `make`.
sed -e "/^AM_LDFLAGS =/s/@PYTHON_LDFLAGS@/\$(PYTHON_LDFLAGS)/" -i ${dir}/Makefile.am || die "sed failed"
done
epatch_user
eautoreconf
# Disable byte-compilation of Python modules.
echo '#!/bin/sh' > py-compile
}
src_configure() {
tc-ld-disable-gold #467136
econf \
--with-java-prefix=${JAVA_HOME} \
--disable-selinux-check \
--disable-bwidget-check \
--with-sepol-devel=${ROOT}/usr \
$(use_enable python swig-python) \
$(use_enable java swig-java) \
$(use_enable X swig-tcl) \
$(use_enable X gui) \
$(use_enable debug)
# work around swig c99 issues. it does not require
# c99 anyway.
sed -i -e 's/-std=gnu99//' "${S}/libseaudit/swig/python/Makefile"
}
src_compile() {
emake
if use python; then
building() {
python_export PYTHON_INCLUDEDIR
python_export PYTHON_SITEDIR
python_export PYTHON_LIBS
emake \
SWIG_PYTHON_CPPFLAGS="-I${PYTHON_INCLUDEDIR}" \
PYTHON_LDFLAGS="${PYTHON_LIBS}" \
pyexecdir="${PYTHON_SITEDIR}" \
pythondir="${PYTHON_SITEDIR}" \
-C "$1"
}
local dir
for dir in ${PYTHON_DIRS}; do
python_foreach_impl building ${dir}
done
fi
}
src_install() {
emake DESTDIR="${D}" install
if use python; then
installation() {
python_export PYTHON_SITEDIR
emake DESTDIR="${D}" \
pyexecdir="${PYTHON_SITEDIR}" \
pythondir="${PYTHON_SITEDIR}" \
-C "$1" install
}
local dir
for dir in ${PYTHON_DIRS}; do
python_foreach_impl installation "${dir}"
done
fi
}

1
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service vendored
View File

@ -8,6 +8,7 @@ Requires=containerd.service docker.socket
[Service]
Type=notify
EnvironmentFile=-/run/flannel/flannel_docker_opts.env
Environment=DOCKER_SELINUX=--selinux-enabled=true
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required

289
sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass vendored
View File

@ -1,289 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.32 2015/04/21 11:19:10 perfinion Exp $
# Eclass for installing SELinux policy, and optionally
# reloading the reference-policy based modules.
# @ECLASS: selinux-policy-2.eclass
# @MAINTAINER:
# selinux@gentoo.org
# @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy
# @DESCRIPTION:
# The selinux-policy-2.eclass supports deployment of the various SELinux modules
# defined in the sec-policy category. It is responsible for extracting the
# specific bits necessary for single-module deployment (instead of full-blown
# policy rebuilds) and applying the necessary patches.
#
# Also, it supports for bundling patches to make the whole thing just a bit more
# manageable.
# @ECLASS-VARIABLE: MODS
# @DESCRIPTION:
# This variable contains the (upstream) module name for the SELinux module.
# This name is only the module name, not the category!
: ${MODS:="_illegal"}
# @ECLASS-VARIABLE: BASEPOL
# @DESCRIPTION:
# This variable contains the version string of the selinux-base-policy package
# that this module build depends on. It is used to patch with the appropriate
# patch bundle(s) that are part of selinux-base-policy.
: ${BASEPOL:=${PVR}}
# @ECLASS-VARIABLE: POLICY_PATCH
# @DESCRIPTION:
# This variable contains the additional patch(es) that need to be applied on top
# of the patchset already contained within the BASEPOL variable. The variable
# can be both a simple string (space-separated) or a bash array.
: ${POLICY_PATCH:=""}
# @ECLASS-VARIABLE: POLICY_FILES
# @DESCRIPTION:
# When defined, this contains the files (located in the ebuilds' files/
# directory) which should be copied as policy module files into the store.
# Generally, users would want to include at least a .te and .fc file, but .if
# files are supported as well. The variable can be both a simple string
# (space-separated) or a bash array.
: ${POLICY_FILES:=""}
# @ECLASS-VARIABLE: POLICY_TYPES
# @DESCRIPTION:
# This variable informs the eclass for which SELinux policies the module should
# be built. Currently, Gentoo supports targeted, strict, mcs and mls.
# This variable is the same POLICY_TYPES variable that we tell SELinux
# users to set in make.conf. Therefore, it is not the module that should
# override it, but the user.
: ${POLICY_TYPES:="targeted strict mcs mls"}
# @ECLASS-VARIABLE: SELINUX_GIT_REPO
# @DESCRIPTION:
# When defined, this variable overrides the default repository URL as used by
# this eclass. It allows end users to point to a different policy repository
# using a single variable, rather than having to set the packagename_LIVE_REPO
# variable for each and every SELinux policy module package they want to install.
# The default value is Gentoo's hardened-refpolicy repository.
: ${SELINUX_GIT_REPO:="git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git"};
# @ECLASS-VARIABLE: SELINUX_GIT_BRANCH
# @DESCRIPTION:
# When defined, this variable sets the Git branch to use of the repository. This
# allows for users and developers to use a different branch for the entire set of
# SELinux policy packages, rather than having to override them one by one with the
# packagename_LIVE_BRANCH variable.
# The default value is the 'master' branch.
: ${SELINUX_GIT_BRANCH:="master"};
extra_eclass=""
case ${BASEPOL} in
9999) extra_eclass="git-r3";
EGIT_REPO_URI="${SELINUX_GIT_REPO}";
EGIT_BRANCH="${SELINUX_GIT_BRANCH}";
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy";;
esac
inherit eutils ${extra_eclass}
IUSE=""
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]];
then
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2"
elif [[ "${BASEPOL}" != "9999" ]];
then
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2"
else
SRC_URI=""
fi
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
# Modules should always depend on at least the first release of the
# selinux-base-policy for which they are generated.
if [[ -n ${BASEPOL} ]];
then
RDEPEND=">=sys-apps/policycoreutils-2.0.82
>=sec-policy/selinux-base-policy-${BASEPOL}"
else
RDEPEND=">=sys-apps/policycoreutils-2.0.82
>=sec-policy/selinux-base-policy-${PV}"
fi
DEPEND="${RDEPEND}
sys-devel/m4
>=sys-apps/checkpolicy-2.0.21"
case "${EAPI:-0}" in
0|1|2|3|4) die "EAPI<5 is not supported";;
*) : ;;
esac
EXPORT_FUNCTIONS "src_unpack src_prepare src_compile src_install pkg_postrm"
# @FUNCTION: selinux-policy-2_src_unpack
# @DESCRIPTION:
# Unpack the policy sources as offered by upstream (refpolicy).
selinux-policy-2_src_unpack() {
if [[ "${BASEPOL}" != "9999" ]];
then
unpack ${A}
else
git-r3_src_unpack
fi
}
# @FUNCTION: selinux-policy-2_src_prepare
# @DESCRIPTION:
# Patch the reference policy sources with our set of enhancements. Start with
# the base patchbundle referred to by the ebuilds through the BASEPOL variable,
# then apply the additional patches as offered by the ebuild.
#
# Next, extract only those files needed for this particular module (i.e. the .te
# and .fc files for the given module in the MODS variable).
#
# Finally, prepare the build environments for each of the supported SELinux
# types (such as targeted or strict), depending on the POLICY_TYPES variable
# content.
selinux-policy-2_src_prepare() {
local modfiles
local add_interfaces=0;
# Create 3rd_party location for user-contributed policies
cd "${S}/refpolicy/policy/modules" && mkdir 3rd_party;
# Patch the sources with the base patchbundle
if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]];
then
cd "${S}"
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}" \
EPATCH_FORCE="yes" \
epatch
fi
# Call in epatch_user. We do this early on as we start moving
# files left and right hereafter.
epatch_user
# Copy additional files to the 3rd_party/ location
if [[ "$(declare -p POLICY_FILES 2>/dev/null 2>&1)" == "declare -a"* ]] ||
[[ -n ${POLICY_FILES} ]];
then
add_interfaces=1;
cd "${S}/refpolicy/policy/modules"
for POLFILE in ${POLICY_FILES[@]};
do
cp "${FILESDIR}/${POLFILE}" 3rd_party/ || die "Could not copy ${POLFILE} to 3rd_party/ location";
done
fi
# Apply the additional patches refered to by the module ebuild.
# But first some magic to differentiate between bash arrays and strings
if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]] ||
[[ -n ${POLICY_PATCH} ]];
then
cd "${S}/refpolicy/policy/modules"
for POLPATCH in ${POLICY_PATCH[@]};
do
epatch "${POLPATCH}"
done
fi
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
if [ ${add_interfaces} -eq 1 ];
then
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.if) $modfiles"
fi
done
for i in ${POLICY_TYPES}; do
mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
cp ${modfiles} "${S}"/${i} \
|| die "Failed to copy the module files to ${S}/${i}"
done
}
# @FUNCTION: selinux-policy-2_src_compile
# @DESCRIPTION:
# Build the SELinux policy module (.pp file) for just the selected module, and
# this for each SELinux policy mentioned in POLICY_TYPES
selinux-policy-2_src_compile() {
local makeuse=""
for useflag in ${IUSE};
do
use ${useflag} && makeuse="${makeuse} -D use_${useflag}"
done
for i in ${POLICY_TYPES}; do
# Support USE flags in builds
export M4PARAM="${makeuse}"
if [[ ${BASEPOL} == 2.20140311* ]]; then
# Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178
emake -j1 NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
else
emake NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
fi
done
}
# @FUNCTION: selinux-policy-2_src_install
# @DESCRIPTION:
# Install the built .pp files in the correct subdirectory within
# /usr/share/selinux.
selinux-policy-2_src_install() {
local BASEDIR="/usr/share/selinux"
for i in ${POLICY_TYPES}; do
for j in ${MODS}; do
einfo "Installing ${i} ${j} policy package"
insinto ${BASEDIR}/${i}
doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
if [[ "${POLICY_FILES[@]}" == *"${j}.if"* ]];
then
insinto ${BASEDIR}/${i}/include/3rd_party
doins "${S}"/${i}/${j}.if || die "Failed to add ${j}.if to ${i}"
fi
done
done
}
# @FUNCTION: selinux-policy-2_pkg_postrm
# @DESCRIPTION:
# Uninstall the module(s) from the SELinux policy stores, effectively
# deactivating the policy on the system.
selinux-policy-2_pkg_postrm() {
# Only if we are not upgrading
if [[ -z "${REPLACED_BY_VERSION}" ]];
then
# build up the command in the case of multiple modules
local COMMAND
for i in ${MODS}; do
COMMAND="-r ${i} ${COMMAND}"
done
for i in ${POLICY_TYPES}; do
einfo "Removing the following modules from the $i module store: ${MODS}"
semodule -s ${i} ${COMMAND}
if [ $? -ne 0 ];
then
ewarn "SELinux module unload failed.";
else
einfo "SELinux modules unloaded succesfully."
fi
done
fi
}

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/package.use vendored
View File

@ -9,6 +9,9 @@ sys-apps/coreutils selinux
# Enable SELinux for tar
app-arch/tar selinux
# Enable SELinux for docker-runc
app-emulation/docker-runc selinux
# Only ship microcode currently distributed by Intel
# See https://bugs.gentoo.org/654638#c11 by iucode-tool maintainer
sys-firmware/intel-microcode vanilla

1033
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/ChangeLog vendored
View File

File diff suppressed because it is too large Load Diff

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/Manifest vendored
View File

@ -1,2 +1,4 @@
DIST patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2 299602 SHA256 e8518004942a6c57170a609683e22b1410c93a2a195829c41dc8fbc703d941b5 SHA512 ce6484fbca1d2d074e50d1a3953392bd3ce0a4617df98fbac37747b469b4f160a9331586dfe1c3ddccb1ccbee24876a2f05ab49e37c8492a48baf83c2d01d140 WHIRLPOOL 1fd7b956e98e95a64c3a713a944d4531259bd156a7feabf6a89c4b5f33ac846377730eede97889e85183be086f282ebd18e860214f6ca3f01b40f2323470ee04
DIST refpolicy-2.20141203.tar.bz2 680243 SHA256 f438209c430d8a2d4ddcbe4bdd3edb46f6af7dc4913637af0b73c635e40c1522 SHA512 682e4280c5799e4c12ec7594afc1389f67be35055748d2e0dbdc3419159a16c96d4946ca6178daee8370515951f8653b2e452efe8c962b8d7f9bc192f0b15a0c WHIRLPOOL 74bca232534e7af9051bb1ab9f77c1ff6c425781cf4561f781d6e9a40cc5ca0d9add540249ea5493e8782a9372aea296ead6c165c6c440ae1509eb319d151ee5
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

15
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/config vendored
View File

@ -1,15 +0,0 @@
# This file controls the state of SELinux on the system on boot.
# SELINUX can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE can take one of these four values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Full SELinux protection with Multi-Level Security
# mcs - Full SELinux protection with Multi-Category Security
# (mls, but only one sensitivity level)
SELINUXTYPE=strict

11
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/init.patch vendored Normal file
View File

@ -0,0 +1,11 @@
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index dbd39cf8f..563559ca7 100644
--- refpolicy/policy/modules/system/init.te
+++ refpolicy/policy/modules/system/init.te
@@ -1503,3 +1503,6 @@ optional_policy(`
userdom_dontaudit_rw_all_users_stream_sockets(systemprocess)
userdom_dontaudit_write_user_tmp_files(systemprocess)
')
+
+require { type unconfined_t; }
+allow init_t unconfined_t:file exec_file_perms;

13
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/locallogin.patch vendored Normal file
View File

@ -0,0 +1,13 @@
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 109980e79..d5c4a5d95 100644
--- refpolicy/policy/modules/system/locallogin.te
+++ refpolicy/policy/modules/system/locallogin.te
@@ -34,7 +34,7 @@ role system_r types sulogin_t;
allow local_login_t self:capability { chown dac_read_search dac_override fowner fsetid kill setgid setuid sys_nice sys_resource sys_tty_config };
dontaudit local_login_t self:capability net_admin;
-allow local_login_t self:process { getcap setcap setexec setrlimit setsched };
+allow local_login_t self:process { setpgid getcap setcap setexec setrlimit setsched };
allow local_login_t self:fd use;
allow local_login_t self:fifo_file rw_fifo_file_perms;
allow local_login_t self:sock_file read_sock_file_perms;

18
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/logging.patch vendored Normal file
View File

@ -0,0 +1,18 @@
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 7d713540d..d6cbc654d 100644
--- refpolicy/policy/modules/system/logging.te
+++ refpolicy/policy/modules/system/logging.te
@@ -516,11 +516,13 @@ userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
userdom_dontaudit_search_user_home_dirs(syslogd_t)
ifdef(`init_systemd',`
+ require { type kernel_t; }
# for systemd-journal
allow syslogd_t self:netlink_audit_socket connected_socket_perms;
allow syslogd_t self:capability2 audit_read;
allow syslogd_t self:capability { chown setgid setuid sys_ptrace };
allow syslogd_t self:netlink_audit_socket { getattr getopt read setopt write nlmsg_write };
+ allow syslogd_t kernel_t:netlink_audit_socket getattr;
# remove /run/log/journal when switching to permanent storage
allow syslogd_t var_log_t:dir rmdir;

50
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/modules.conf vendored
View File

@ -1,50 +0,0 @@
application = base
authlogin = base
bootloader = base
clock = base
consoletype = base
corecommands = base
corenetwork = base
cron = base
devices = base
dmesg = base
domain = base
files = base
filesystem = base
fstools = base
getty = base
hostname = base
hotplug = base
init = base
iptables = base
kernel = base
libraries = base
locallogin = base
logging = base
lvm = base
miscfiles = base
mcs = base
mls = base
modutils = base
mount = base
mta = base
netutils = base
nscd = base
portage = base
raid = base
rsync = base
selinux = base
selinuxutil = base
ssh = base
staff = base
storage = base
su = base
sysadm = base
sysnetwork = base
terminal = base
ubac = base
udev = base
userdomain = base
usermanage = base
unprivuser = base
xdg = base

22
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/files/sshd.patch vendored Normal file
View File

@ -0,0 +1,22 @@
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
index 60060c35c..8d9f5b7a6 100644
--- refpolicy/policy/modules/services/ssh.fc
+++ refpolicy/policy/modules/services/ssh.fc
@@ -6,7 +6,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/bin/ssh -- gen_context(system_u:object_r:ssh_exec_t,s0)
/usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0)
/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
-/usr/bin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
+/usr/bin/sshd -- gen_context(system_u:object_r:unconfined_t,s0)
/usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
/usr/lib/ssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
@@ -17,7 +17,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
-/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
+/usr/sbin/sshd -- gen_context(system_u:object_r:unconfined_t,s0)
/run/sshd(/.*)? gen_context(system_u:object_r:sshd_runtime_t,s0)
/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_runtime_t,s0)

7
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/metadata.xml vendored
View File

@ -1,12 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
<longdescription>
Gentoo SELinux base policy. This contains policy for a system at the end of system installation.
There is no extra policy in this package.
</longdescription>
<use>
<flag name='unconfined'>Enable support for the unconfined SELinux policy module</flag>
<flag name="unconfined">Enable support for the unconfined SELinux policy module</flag>
</use>
</pkgmetadata>

117
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r14.ebuild vendored
View File

@ -1,117 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r5.ebuild,v 1.3 2015/06/05 16:10:32 perfinion Exp $
EAPI="5"
inherit eutils
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
inherit git-2
KEYWORDS=""
else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-2.20141203-r9.tar.bz2"
KEYWORDS="amd64 x86"
fi
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
DESCRIPTION="SELinux policy for core modules"
IUSE="+unconfined"
RDEPEND="=sec-policy/selinux-base-${PVR}"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND=""
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
# added) needs to remain then.
pkg_pretend() {
for i in ${POLICY_TYPES}; do
if [[ "${i}" == "targeted" ]] && ! use unconfined; then
die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
fi
done
}
src_prepare() {
local modfiles
if [[ ${PV} != 9999* ]]; then
# Patch the source with the base patchbundle
cd "${S}"
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}" \
EPATCH_FORCE="yes" \
epatch
fi
# Apply the additional patches refered to by the module ebuild.
# But first some magic to differentiate between bash arrays and strings
if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
then
cd "${S}/refpolicy/policy/modules"
for POLPATCH in "${POLICY_PATCH[@]}";
do
epatch "${POLPATCH}"
done
else
if [[ -n ${POLICY_PATCH} ]];
then
cd "${S}/refpolicy/policy/modules"
for POLPATCH in ${POLICY_PATCH};
do
epatch "${POLPATCH}"
done
fi
fi
# Calling user patches
epatch_user
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
done
for i in ${POLICY_TYPES}; do
mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
cp ${modfiles} "${S}"/${i} \
|| die "Failed to copy the module files to ${S}/${i}"
done
}
src_compile() {
for i in ${POLICY_TYPES}; do
emake BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" NAME=$i -C "${S}"/${i} || die "${i} compile failed"
done
}
src_install() {
local BASEDIR="/usr/share/selinux"
for i in ${POLICY_TYPES}; do
for j in ${MODS}; do
einfo "Installing ${i} ${j} policy package"
insinto ${BASEDIR}/${i}
doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
done
done
}

139
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r2.ebuild vendored Normal file
View File

@ -0,0 +1,139 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
inherit git-r3
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
fi
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
DESCRIPTION="SELinux policy for core modules"
IUSE="systemd +unconfined"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
RDEPEND="${DEPEND}"
BDEPEND="
sys-apps/checkpolicy
sys-devel/m4"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
# flatcar changes: apply a couple of
# patches on the current policies
PATCHES=(
"${FILESDIR}/sshd.patch"
"${FILESDIR}/init.patch"
"${FILESDIR}/locallogin.patch"
"${FILESDIR}/logging.patch"
)
# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
# added) needs to remain then.
pkg_pretend() {
for i in ${POLICY_TYPES}; do
if [[ "${i}" == "targeted" ]] && ! use unconfined; then
die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
fi
done
}
src_prepare() {
local modfiles
if [[ ${PV} != 9999* ]]; then
einfo "Applying SELinux policy updates ... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
eapply -p0 "${PATCHES[@]}"
eapply_user
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
done
for i in ${POLICY_TYPES}; do
mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
cp ${modfiles} "${S}"/${i} \
|| die "Failed to copy the module files to ${S}/${i}"
done
}
src_compile() {
for i in ${POLICY_TYPES}; do
emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
done
}
src_install() {
local BASEDIR="/usr/share/selinux"
for i in ${POLICY_TYPES}; do
for j in ${MODS}; do
einfo "Installing ${i} ${j} policy package"
insinto ${BASEDIR}/${i}
doins "${S}"/${i}/${j}.pp
done
done
}
pkg_postinst() {
# Set root path and don't load policy into the kernel when cross compiling
local root_opts=""
if [[ "${ROOT}" != "" ]]; then
root_opts="-p ${ROOT} -n"
fi
# Override the command from the eclass, we need to load in base as well here
local COMMAND="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
COMMAND="-b base.pp"
fi
for i in ${MODS}; do
COMMAND="${COMMAND} -i ${i}.pp"
done
for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
cd "${ROOT}/usr/share/selinux/${i}"
semodule ${root_opts} -s ${i} ${COMMAND}
done
# Don't relabel when cross compiling
if [[ "${ROOT}" == "" ]]; then
# Relabel depending packages
local PKGSET="";
if [[ -x /usr/bin/qdepends ]] ; then
PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
elif [[ -x /usr/bin/equery ]] ; then
PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
fi
if [[ -n "${PKGSET}" ]] ; then
rlpkg ${PKGSET};
fi
fi
}

129
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild vendored Normal file
View File

@ -0,0 +1,129 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
inherit git-r3
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
DESCRIPTION="SELinux policy for core modules"
IUSE="systemd +unconfined"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
RDEPEND="${DEPEND}"
BDEPEND="
sys-apps/checkpolicy
sys-devel/m4"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
# added) needs to remain then.
pkg_pretend() {
for i in ${POLICY_TYPES}; do
if [[ "${i}" == "targeted" ]] && ! use unconfined; then
die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
fi
done
}
src_prepare() {
local modfiles
if [[ ${PV} != 9999* ]]; then
einfo "Applying SELinux policy updates ... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
eapply_user
# Collect only those files needed for this particular module
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
done
for i in ${POLICY_TYPES}; do
mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
cp ${modfiles} "${S}"/${i} \
|| die "Failed to copy the module files to ${S}/${i}"
done
}
src_compile() {
for i in ${POLICY_TYPES}; do
emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
done
}
src_install() {
local BASEDIR="/usr/share/selinux"
for i in ${POLICY_TYPES}; do
for j in ${MODS}; do
einfo "Installing ${i} ${j} policy package"
insinto ${BASEDIR}/${i}
doins "${S}"/${i}/${j}.pp
done
done
}
pkg_postinst() {
# Set root path and don't load policy into the kernel when cross compiling
local root_opts=""
if [[ "${ROOT}" != "" ]]; then
root_opts="-p ${ROOT} -n"
fi
# Override the command from the eclass, we need to load in base as well here
local COMMAND="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
COMMAND="-b base.pp"
fi
for i in ${MODS}; do
COMMAND="${COMMAND} -i ${i}.pp"
done
for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
cd "${ROOT}/usr/share/selinux/${i}"
semodule ${root_opts} -s ${i} ${COMMAND}
done
# Don't relabel when cross compiling
if [[ "${ROOT}" == "" ]]; then
# Relabel depending packages
local PKGSET="";
if [[ -x /usr/bin/qdepends ]] ; then
PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
elif [[ -x /usr/bin/equery ]] ; then
PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
fi
if [[ -n "${PKGSET}" ]] ; then
rlpkg ${PKGSET};
fi
fi
}

104
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild vendored
View File

@ -1,34 +1,33 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild,v 1.23 2015/04/21 10:33:02 perfinion Exp $
EAPI="5"
inherit eutils
EAPI="7"
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
inherit git-r3
KEYWORDS=""
else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
KEYWORDS="~amd64 ~x86"
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
DESCRIPTION="SELinux policy for core modules"
IUSE="+unconfined"
IUSE="systemd +unconfined"
RDEPEND="=sec-policy/selinux-base-${PVR}"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND=""
DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
RDEPEND="${DEPEND}"
BDEPEND="
sys-apps/checkpolicy
sys-devel/m4"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
@ -49,37 +48,11 @@ src_prepare() {
local modfiles
if [[ ${PV} != 9999* ]]; then
# Patch the source with the base patchbundle
cd "${S}"
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}" \
EPATCH_FORCE="yes" \
epatch
einfo "Applying SELinux policy updates ... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
# Apply the additional patches refered to by the module ebuild.
# But first some magic to differentiate between bash arrays and strings
if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
then
cd "${S}/refpolicy/policy/modules"
for POLPATCH in "${POLICY_PATCH[@]}";
do
epatch "${POLPATCH}"
done
else
if [[ -n ${POLICY_PATCH} ]];
then
cd "${S}/refpolicy/policy/modules"
for POLPATCH in ${POLICY_PATCH};
do
epatch "${POLPATCH}"
done
fi
fi
# Calling user patches
epatch_user
eapply_user
# Collect only those files needed for this particular module
for i in ${MODS}; do
@ -99,7 +72,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
done
}
@ -110,34 +83,47 @@ src_install() {
for j in ${MODS}; do
einfo "Installing ${i} ${j} policy package"
insinto ${BASEDIR}/${i}
doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
doins "${S}"/${i}/${j}.pp
done
done
}
pkg_postinst() {
# Set root path and don't load policy into the kernel when cross compiling
local root_opts=""
if [[ "${ROOT}" != "" ]]; then
root_opts="-p ${ROOT} -n"
fi
# Override the command from the eclass, we need to load in base as well here
local COMMAND
local COMMAND="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
COMMAND="-b base.pp"
fi
for i in ${MODS}; do
COMMAND="-i ${i}.pp ${COMMAND}"
COMMAND="${COMMAND} -i ${i}.pp"
done
for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
cd "${ROOT}/usr/share/selinux/${i}"
semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
semodule ${root_opts} -s ${i} ${COMMAND}
done
# Relabel depending packages
local PKGSET="";
if [ -x /usr/bin/qdepends ] ; then
PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
elif [ -x /usr/bin/equery ] ; then
PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
fi
if [ -n "${PKGSET}" ] ; then
rlpkg ${PKGSET};
# Don't relabel when cross compiling
if [[ "${ROOT}" == "" ]]; then
# Relabel depending packages
local PKGSET="";
if [[ -x /usr/bin/qdepends ]] ; then
PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
elif [[ -x /usr/bin/equery ]] ; then
PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
fi
if [[ -n "${PKGSET}" ]] ; then
rlpkg ${PKGSET};
fi
fi
}

352
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/ChangeLog vendored
View File

@ -1,352 +0,0 @@
# ChangeLog for sec-policy/selinux-base
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.73 2015/06/05 16:10:26 perfinion Exp $
05 Jun 2015; Jason Zaman <perfinion@gentoo.org>
selinux-base-2.20141203-r5.ebuild:
Stabilize policy 2.20141203-r5
*selinux-base-2.20141203-r6 (05 Jun 2015)
05 Jun 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-base-2.20141203-r6.ebuild:
Release of 2.20141203-r6
25 Apr 2015; Mike Gilbert <floppym@gentoo.org>
selinux-base-2.20140311-r5.ebuild, selinux-base-2.20140311-r6.ebuild,
selinux-base-2.20140311-r7.ebuild, selinux-base-2.20141203-r1.ebuild,
selinux-base-2.20141203-r2.ebuild, selinux-base-2.20141203-r3.ebuild,
selinux-base-2.20141203-r4.ebuild, selinux-base-2.20141203-r5.ebuild:
Replace links pointing at git.overlays.gentoo.org.
21 Apr 2015; Jason Zaman <perfinion@gentoo.org> selinux-base-9999.ebuild:
update git urls and migrate git-2 -> git-r3
15 Apr 2015; Jason Zaman <perfinion@gentoo.org>
selinux-base-2.20141203-r4.ebuild:
Stabilize policy 2.20141203-r4
*selinux-base-2.20141203-r5 (15 Apr 2015)
15 Apr 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-base-2.20141203-r5.ebuild:
Release of 2.20141203-r5
22 Mar 2015; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20141203-r3.ebuild:
Stabilize 2.20141203-r3 policies
*selinux-base-2.20141203-r4 (22 Mar 2015)
22 Mar 2015; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20141203-r4.ebuild, selinux-base-9999.ebuild:
Release of 2.20141203-r4
*selinux-base-2.20141203-r3 (29 Jan 2015)
29 Jan 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-base-2.20141203-r3.ebuild, selinux-base-2.20141203-r2.ebuild:
Release of 2.20141203-r3, stable 2.20141203-r2
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-base-2.20140311-r1.ebuild, -selinux-base-2.20140311-r2.ebuild,
-selinux-base-2.20140311-r3.ebuild, -selinux-base-2.20140311-r4.ebuild:
Remove old ebuilds
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20141203-r1.ebuild:
Stabilize 2.20141203-r1
*selinux-base-2.20141203-r2 (21 Dec 2014)
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20141203-r2.ebuild:
Release of 2.20141203-r2
07 Dec 2014; Jason Zaman <perfinion@gentoo.org>
selinux-base-2.20140311-r7.ebuild, selinux-base-9999.ebuild:
Stabilize 2.20140311-r7
*selinux-base-2.20141203-r1 (07 Dec 2014)
07 Dec 2014; Jason Zaman <perfinion@gentoo.org>
+selinux-base-2.20141203-r1.ebuild:
Release of 2.20141203-r1
07 Dec 2014; Jason Zaman <perfinion@gentoo.org> selinux-base-9999.ebuild:
update SRC_URI
07 Dec 2014; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
Clean up sed commands that are no longer needed (bug 257111 is fixed upstream)
05 Dec 2014; Jason Zaman <perfinion@gentoo.org> selinux-base-9999.ebuild:
enable parallel build, bug 530178
01 Nov 2014; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20140311-r6.ebuild:
Stabilize rev 6
*selinux-base-2.20140311-r7 (01 Nov 2014)
01 Nov 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20140311-r7.ebuild:
Bump revision r7 of SELinux policies
01 Nov 2014; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
Add KEYWORDS logic in -9999 ebuilds for ease of copying
24 Aug 2014; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
Back to gogo infrastructure
23 Aug 2014; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
Temporarily use github until gogo is back on track
22 Aug 2014; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20140311-r5.ebuild:
Stabilize r5 policies
*selinux-base-2.20140311-r6 (21 Aug 2014)
21 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20140311-r6.ebuild:
Release of 2.20140311-r6
*selinux-base-2.20140311-r5 (09 Aug 2014)
09 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20140311-r5.ebuild:
Bump towards r5 (fixes duplicate context for hiawatha)
08 Aug 2014; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
Make 9999 ebuilds EAPI=5 and transform to make master for version bumps
06 Aug 2014; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
Supporting the SELINUX_GIT_* variables
05 Aug 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-base-2.20130424-r1.ebuild, -selinux-base-2.20130424-r2.ebuild,
-selinux-base-2.20130424-r3.ebuild, -selinux-base-2.20130424-r4.ebuild:
Remove obsolete ebuilds
*selinux-base-2.20140311-r4 (01 Aug 2014)
01 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20140311-r4.ebuild, selinux-base-2.20140311-r3.ebuild:
Stabilization of r3, and make r4 available for testing
29 May 2014; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20140311-r2.ebuild:
Stabilize 2.20140311-r2
*selinux-base-2.20140311-r3 (29 May 2014)
29 May 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20140311-r3.ebuild:
Bump to 2.20140311-r3
19 Apr 2014; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20140311-r1.ebuild:
Stabilize r1 policies
*selinux-base-2.20140311-r2 (19 Apr 2014)
19 Apr 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20140311-r2.ebuild:
Release of 2.20140311-r2
24 Mar 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-base-2.20120725-r5.ebuild, -selinux-base-2.20120725-r7.ebuild,
-selinux-base-2.20120725-r8.ebuild, -selinux-base-2.20120725-r9.ebuild,
-selinux-base-2.20120725-r10.ebuild, -selinux-base-2.20120725-r11.ebuild,
-selinux-base-2.20120725-r12.ebuild:
Removing older SELinux policies
*selinux-base-2.20140311-r1 (21 Mar 2014)
21 Mar 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20140311-r1.ebuild:
New upstream refpolicy release
12 Jan 2014; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20130424-r4.ebuild:
Stabilize 2.20130424-r4
*selinux-base-2.20130424-r4 (11 Dec 2013)
11 Dec 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20130424-r4.ebuild:
Release of 2.20130424-r4
*selinux-base-2.20130424-r3 (26 Sep 2013)
26 Sep 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20130424-r3.ebuild:
Release 2.20130424-r3, fixing bugs #480628, #482196, #475432, #485304, #480870
and #428322
15 Aug 2013; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild:
Clean up generated cruft before building base policy - see bug 480628
15 Aug 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20130424-r2.ebuild:
Stabilize r2 of policies
*selinux-base-2.20130424-r2 (20 Jul 2013)
20 Jul 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20130424-r2.ebuild:
Pushing out rev 2
16 Jun 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20130424-r1.ebuild:
Stabilize 20130424 policies
07 May 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20130424-r1.ebuild, selinux-base-9999.ebuild:
Add in support for epatch_user (to support interface patching)
*selinux-base-2.20130424-r1 (06 May 2013)
06 May 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20130424-r1.ebuild:
Adding 20130424 release
11 Apr 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20120725-r12.ebuild, selinux-base-9999.ebuild:
Add in support for manual pages
29 Mar 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20120725-r12.ebuild:
Stabilize r12, fixes 455080, 453724, 461880, 453722, 452166, 458876, 457618,
456910, 456194, 453990 and 460152
*selinux-base-2.20120725-r12 (09 Mar 2013)
09 Mar 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20120725-r12.ebuild, selinux-base-9999.ebuild:
Pushing out rev 12
23 Feb 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20120725-r11.ebuild:
Stabilization
*selinux-base-2.20120725-r11 (26 Jan 2013)
26 Jan 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20120725-r11.ebuild:
Bumping selinux-base to revision 11
16 Jan 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20120725-r10.ebuild:
Stabilizing
*selinux-base-2.20120725-r10 (16 Jan 2013)
16 Jan 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-base-2.20120725-r10.ebuild:
Bumping with fix for #451128
13 Jan 2013; Sven Vermeulen <swift@gentoo.org>
selinux-base-2.20120725-r9.ebuild:
Stabilizing r9
30 Dec 2012; Samuli Suominen <ssuominen@gentoo.org>
selinux-base-2.20120725-r9.ebuild:
Use virtual/udev instead of sys-fs/udev; regression introduced by swift@g.o
21 Dec 2012 by not using up-to-date ebuild from gentoo-x86 for revision
bumping.
*selinux-base-2.20120725-r9 (21 Dec 2012)
21 Dec 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120725-r9.ebuild:
Bumping to revision 9
17 Dec 2012; Sven Vermeulen <swift@gentoo.org> -selinux-base-2.20120215-r13.ebuild,
-selinux-base-2.20120215-r14.ebuild, -selinux-base-2.20120215-r15.ebuild,
-selinux-base-2.20120215-r6.ebuild, -selinux-base-2.20120215-r7.ebuild,
-selinux-base-2.20120215-r8.ebuild, -selinux-base-2.20120215-r9.ebuild:
Removing older ebuilds
13 Dec 2012; Sven Vermeulen <swift@gentoo.org> selinux-base-2.20120725-r8.ebuild:
Stabilization
11 Dec 2012; Samuli Suominen <ssuominen@gentoo.org>
selinux-base-2.20120215-r6.ebuild, selinux-base-2.20120215-r7.ebuild,
selinux-base-2.20120215-r8.ebuild, selinux-base-2.20120215-r9.ebuild,
selinux-base-2.20120215-r13.ebuild, selinux-base-2.20120215-r14.ebuild,
selinux-base-2.20120215-r15.ebuild, selinux-base-2.20120725-r5.ebuild,
selinux-base-2.20120725-r7.ebuild, selinux-base-2.20120725-r8.ebuild,
selinux-base-9999.ebuild:
Use virtual/udev instead of sys-fs/udev.
04 Dec 2012; Sven Vermeulen <swift@gentoo.org> selinux-base-9999.ebuild, metadata.xml:
Add in support for unconfined USE flag and fix #445978
*selinux-base-2.20120725-r8 (03 Dec 2012)
03 Dec 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120725-r8.ebuild:
Bumping to revision 8
*selinux-base-2.20120725-r7 (18 Nov 2012)
18 Nov 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120725-r7.ebuild:
Pushing out rev 7
*selinux-base-9999 (13 Oct 2012)
13 Oct 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-9999.ebuild:
Adding live ebuild
04 Oct 2012; Sven Vermeulen <swift@gentoo.org> selinux-base-2.20120725-r5.ebuild:
Stabilization
*selinux-base-2.20120725-r5 (21 Sep 2012)
21 Sep 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120725-r5.ebuild:
Introducing policy for 2.20120725, rev5
30 Jul 2012; Sven Vermeulen <swift@gentoo.org> selinux-base-2.20120215-r14.ebuild:
Stabilization of revision 14 of the SELinux policy modules
*selinux-base-2.20120215-r15 (26 Jul 2012)
26 Jul 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r15.ebuild:
Bump to rev15
*selinux-base-2.20120215-r14 (16 Jul 2012)
16 Jul 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r14.ebuild:
Bumping to rev14
*selinux-base-2.20120215-r13 (27 Jun 2012)
27 Jun 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r13.ebuild:
Bump to revision 13
*selinux-base-2.20120215-r9 (20 May 2012)
20 May 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r9.ebuild:
Bumping to rev 9
29 Apr 2012; Sven Vermeulen <swift@gentoo.org> selinux-base-2.20120215-r7.ebuild:
Stabilizing rev7
*selinux-base-2.20120215-r8 (26 Apr 2012)
26 Apr 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r8.ebuild:
Bump to rev8, fix #411719, #411149 and #411943
*selinux-base-2.20120215-r7 (22 Apr 2012)
22 Apr 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r7.ebuild:
Bumping to rev 7, fixing bugs #401595, #411193 and #403293
31 Mar 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r6.ebuild,
+files/config, +metadata.xml:
Bumping to 2.20120215 policies
*selinux-base-2.20120215-r6 (31 Mar 2012)
31 Mar 2012; Sven Vermeulen <swift@gentoo.org> +selinux-base-2.20120215-r6.ebuild,
+files/config, +metadata.xml:
Initial base policy package (without additional modules)

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/Manifest vendored
View File

@ -1,2 +1,4 @@
DIST patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2 299602 SHA256 e8518004942a6c57170a609683e22b1410c93a2a195829c41dc8fbc703d941b5 SHA512 ce6484fbca1d2d074e50d1a3953392bd3ce0a4617df98fbac37747b469b4f160a9331586dfe1c3ddccb1ccbee24876a2f05ab49e37c8492a48baf83c2d01d140 WHIRLPOOL 1fd7b956e98e95a64c3a713a944d4531259bd156a7feabf6a89c4b5f33ac846377730eede97889e85183be086f282ebd18e860214f6ca3f01b40f2323470ee04
DIST refpolicy-2.20141203.tar.bz2 680243 SHA256 f438209c430d8a2d4ddcbe4bdd3edb46f6af7dc4913637af0b73c635e40c1522 SHA512 682e4280c5799e4c12ec7594afc1389f67be35055748d2e0dbdc3419159a16c96d4946ca6178daee8370515951f8653b2e452efe8c962b8d7f9bc192f0b15a0c WHIRLPOOL 74bca232534e7af9051bb1ab9f77c1ff6c425781cf4561f781d6e9a40cc5ca0d9add540249ea5493e8782a9372aea296ead6c165c6c440ae1509eb319d151ee5
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

24
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/0001-policy-modules-kernel-all-more-actions-for-kernel.patch vendored Normal file
View File

@ -0,0 +1,24 @@
From 607ff9b67848aafd1bdefa6eda7ade0fd7161d04 Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mathieu@kinvolk.io>
Date: Fri, 4 Jun 2021 13:17:44 +0200
Subject: [PATCH] policy/modules/kernel: all more actions for kernel
Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
---
policy/modules/kernel/kernel.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git refpolicy/policy/modules/kernel/kernel.te refpolicy/policy/modules/kernel/kernel.te
--- refpolicy/policy/modules/kernel/kernel.te
+++ refpolicy/policy/modules/kernel/kernel.te
@@ -351,6 +351,10 @@ files_list_home(kernel_t)
files_read_usr_files(kernel_t)
mcs_process_set_categories(kernel_t)
+mcs_killall(kernel_t)
+mcs_file_read_all(kernel_t)
+mcs_file_write_all(kernel_t)
+mcs_ptrace_all(kernel_t)
mls_process_read_all_levels(kernel_t)
mls_process_write_all_levels(kernel_t)

16
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_create.diff → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/0001-policy-ms-MCS-restricts-relabelfrom.patch vendored
View File

@ -1,7 +1,13 @@
diff -ur work.orig/refpolicy/policy/mcs work/refpolicy/policy/mcs
--- refpolicy/policy/mcs 2015-12-18 13:41:18.655947448 +0000
+++ refpolicy/policy/mcs 2015-12-18 13:42:40.364890957 +0000
@@ -100,14 +100,14 @@
--- refpolicy/policy/mcs
+++ refpolicy/policy/mcs
@@ -1,4 +1,6 @@
ifdef(`enable_mcs',`
+
+default_range dir_file_class_set target low-high;
#
# Define sensitivities
#
@@ -99,14 +101,14 @@ mlsconstrain { lnk_file chr_file blk_file sock_file } { write setattr }
# New filesystem object labels must be dominated by the relabeling subject
# clearance, also the objects are single-level.
mlsconstrain file { create relabelto }
@ -15,7 +21,7 @@ diff -ur work.orig/refpolicy/policy/mcs work/refpolicy/policy/mcs
mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
- (( h1 dom h2 ) and ( l2 eq h2 ));
+ ((( h1 dom h2 ) and ( l2 eq h2 )) or (t1 == mcswriteall));
+ ((( h1 dom h2 ) and ( l2 eq h2 ) or (t1 == mcswriteall)));
mlsconstrain process { transition dyntransition }
(( h1 dom h2 ) or ( t1 == mcssetcats ));

1
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/booleans vendored
View File

@ -1 +0,0 @@
allow_execmem = true

13
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/kernel_mcs.diff vendored
View File

@ -1,13 +0,0 @@
diff -ur refpolicy.orig/policy/modules/kernel/kernel.te refpolicy/policy/modules/kernel/kernel.te
--- refpolicy.orig/policy/modules/kernel/kernel.te 2015-06-24 14:05:01.160318849 -0700
+++ refpolicy/policy/modules/kernel/kernel.te 2015-06-24 14:06:23.468516424 -0700
@@ -442,3 +442,9 @@
#dev_manage_all_dev_nodes(kernel_t)
dev_setattr_generic_chr_files(kernel_t)
')
+mcs_killall(kernel_t)
+mcs_file_read_all(kernel_t)
+mcs_file_write_all(kernel_t)
+mcs_process_set_categories(kernel_t)
+mcs_ptrace_all(kernel_t)
+allow kernel_t self:capability2 wake_alarm;

8
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/lxc_contexts vendored
View File

@ -1,4 +1,10 @@
# This file is used to configure the per-instance contexts of rkt and other
# applications that use libvirt for lxc container support.
#
# See:
# https://coreos.com/rkt/docs/latest/selinux.html
# https://selinuxproject.org/page/PolicyConfigurationFiles#contexts.2Flxc_contexts_File
process = "system_u:system_r:svirt_lxc_net_t:s0"
content = "system_u:object_r:virt_var_lib_t:s0"
file = "system_u:object_r:svirt_lxc_file_t:s0"

9
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/mcs_range_target.diff vendored
View File

@ -1,9 +0,0 @@
diff -ur mcs.orig/policy/mcs mcs/policy/mcs
--- refpolicy.orig/policy/mcs 2015-09-14 11:32:38.155721902 -0700
+++ refpolicy/policy/mcs 2015-09-14 11:36:08.055490569 -0700
@@ -1,4 +1,5 @@
ifdef(`enable_mcs',`
+default_range dir_file_class_set target low-high;
#
# Define sensitivities
#

4
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/selinux.conf vendored Normal file
View File

@ -0,0 +1,4 @@
# Rebuild all selinux policy modules
[selinux-rebuild]
class = portage.sets.dbapi.OwnerSet
files = /usr/share/selinux/

1
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/tmpfiles.d/selinux-base.conf vendored
View File

@ -1,3 +1,4 @@
#Type Path Mode UID GID Age Argument
d /etc/selinux/ - - - - -
L /etc/selinux/config - - - - ../../usr/lib/selinux/config
L /etc/selinux/mcs - - - - ../../usr/lib/selinux/mcs

12
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/metadata.xml vendored
View File

@ -1,15 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
<longdescription>
Gentoo SELinux base policy. This contains policy for a system at the end of system installation.
There is no extra policy in this package.
</longdescription>
<use>
<flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
<flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
<flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
<flag name='unconfined'>Enable support for the unconfined SELinux module</flag>
<flag name="ubac">Enable User Based Access Control (UBAC) in the SELinux policy</flag>
<flag name="unconfined">Enable support for the unconfined SELinux module</flag>
<flag name="unknown-perms">Default allow unknown classes in kernels newer than the policy (SELinux policy capability).</flag>
</use>
</pkgmetadata>

143
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r14.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20200818-r2.ebuild vendored
View File

@ -1,79 +1,70 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20141203-r5.ebuild,v 1.3 2015/06/05 16:10:26 perfinion Exp $
EAPI="5"
inherit eutils systemd
EAPI="7"
# flatcar changes
inherit systemd
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
inherit git-2
KEYWORDS=""
inherit git-r3
else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2"
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
KEYWORDS="amd64 x86"
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
fi
IUSE="+peer_perms +open_perms +ubac +unconfined doc"
IUSE="doc +unknown-perms systemd +ubac +unconfined"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
LICENSE="GPL-2"
SLOT="0"
RDEPEND=">=sys-apps/policycoreutils-2.3
virtual/udev
!<=sec-policy/selinux-base-policy-2.20120725"
DEPEND="${RDEPEND}
sys-devel/m4
>=sys-apps/checkpolicy-2.3"
# flatcar changes
RDEPEND=">=sys-apps/policycoreutils-2.8
>=sys-apps/checkpolicy-2.8
"
DEPEND="${RDEPEND}"
BDEPEND="sys-devel/m4"
# flatcar changes
PATCHES=(
"${FILESDIR}"/0001-policy-modules-kernel-all-more-actions-for-kernel.patch
"${FILESDIR}"/0001-policy-ms-MCS-restricts-relabelfrom.patch
)
S=${WORKDIR}/
#src_unpack() {
# git-2_src_unpack
#}
src_prepare() {
if [[ ${PV} != 9999* ]]; then
# Apply the gentoo patches to the policy. These patches are only necessary
# for base policies, or for interface changes on modules.
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}" \
EPATCH_FORCE="yes" \
epatch
einfo "Applying SELinux policy updates ... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
epatch "${FILESDIR}/kernel_mcs.diff"
epatch "${FILESDIR}/mcs_create.diff"
epatch "${FILESDIR}/mcs_range_target.diff"
# flatcar changes
eapply -p0 "${PATCHES[@]}"
eapply_user
cd "${S}/refpolicy"
make bare
epatch_user
cd "${S}/refpolicy" || die
emake bare
}
src_configure() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
# Update the SELinux refpolicy capabilities based on the users' USE flags.
if ! use peer_perms; then
sed -i -e '/network_peer_controls/d' \
"${S}/refpolicy/policy/policy_capabilities"
fi
if ! use open_perms; then
sed -i -e '/open_perms/d' \
"${S}/refpolicy/policy/policy_capabilities"
if use unknown-perms; then
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
|| die "Failed to allow Unknown Permissions Handling"
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
|| die "Failed to allow Unknown Permissions Handling"
fi
if ! use ubac; then
@ -81,20 +72,28 @@ src_configure() {
|| die "Failed to disable User Based Access Control"
fi
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
if use systemd; then
sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
|| die "Failed to enable SystemD"
fi
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
# Prepare initial configuration
cd "${S}/refpolicy";
make conf || die "Make conf failed"
cd "${S}/refpolicy" || die
emake conf
# Setup the policies based on the types delivered by the end user.
# These types can be "targeted", "strict", "mcs" and "mls".
for i in ${POLICY_TYPES}; do
cp -a "${S}/refpolicy" "${S}/${i}"
cd "${S}/${i}";
cp -a "${S}/refpolicy" "${S}/${i}" || die
cd "${S}/${i}" || die
#cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
# flatcar changes: it's required to run polkit without segfault
# we need to pass this argument now before the compilation of the policy
sed -i "s/allow_execmem = false/allow_execmem = true/" "${S}/${i}/policy/booleans.conf" || die
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
"${S}/${i}/build.conf" || die "build.conf setup failed."
@ -124,10 +123,12 @@ src_compile() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
emake base UNK_PERMS=allow BINDIR="${ROOT}/usr/bin" || die "${i} compile failed"
cd "${S}/${i}" || die
# flatcar changes
emake base BINDIR="${ROOT}/usr/bin" NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux \
LD_LIBRARY_PATH="${ROOT}/usr/lib64:${LD_LIBRARY_PATH}" -C "${S}"/${i}
if use doc; then
make html || die
emake html
fi
done
}
@ -136,25 +137,21 @@ src_install() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
cd "${S}/${i}" || die
emake DESTDIR="${D}" install
emake DESTDIR="${D}" install-headers
make DESTDIR="${D}" install \
|| die "${i} install failed."
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
make DESTDIR="${D}" install-headers \
|| die "${i} headers install failed."
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
cp "${FILESDIR}/booleans" "${D}/etc/selinux/${i}/booleans"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
# libsemanage won't make this on its own
keepdir "/etc/selinux/${i}/policy"
if use doc; then
dohtml doc/html/*;
docinto ${i}/html
dodoc -r doc/html/*;
fi
insinto /usr/share/selinux/devel;
@ -162,27 +159,29 @@ src_install() {
done
# flatcar changes
systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/selinux-base.conf"
systemd-tmpfiles --root="${D}" --create selinux-base.conf
docinto /
dodoc doc/Makefile.example doc/example.{te,fc,if}
doman man/man8/*.8;
# flatcar changes
insinto /usr/lib/selinux
doins "${FILESDIR}/config"
insinto /etc/selinux/mcs/contexts
doins "${FILESDIR}/lxc_contexts"
# flatcar changes
mkdir -p "${D}/usr/lib/selinux"
for i in ${POLICY_TYPES}; do
mv "${D}/etc/selinux/${i}" "${D}/usr/lib/selinux"
dosym "../../usr/lib/selinux/${i}" "/etc/selinux/${i}"
done
}
pkg_preinst() {
has_version "<${CATEGORY}/${PN}-2.20101213-r13"
previous_less_than_r13=$?
insinto /usr/share/portage/config/sets
doins "${FILESDIR}/selinux.conf"
}

153
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20210203-r1.ebuild vendored Normal file
View File

@ -0,0 +1,153 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
inherit git-r3
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi
IUSE="doc +unknown-perms systemd +ubac +unconfined"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
LICENSE="GPL-2"
SLOT="0"
RDEPEND=">=sys-apps/policycoreutils-2.8"
DEPEND="${RDEPEND}"
BDEPEND="
>=sys-apps/checkpolicy-2.8
sys-devel/m4"
S=${WORKDIR}/
src_prepare() {
if [[ ${PV} != 9999* ]]; then
einfo "Applying SELinux policy updates ... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
eapply_user
cd "${S}/refpolicy" || die
emake bare
}
src_configure() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
# Update the SELinux refpolicy capabilities based on the users' USE flags.
if use unknown-perms; then
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
|| die "Failed to allow Unknown Permissions Handling"
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
|| die "Failed to allow Unknown Permissions Handling"
fi
if ! use ubac; then
sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
|| die "Failed to disable User Based Access Control"
fi
if use systemd; then
sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
|| die "Failed to enable SystemD"
fi
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
# Prepare initial configuration
cd "${S}/refpolicy" || die
emake conf
# Setup the policies based on the types delivered by the end user.
# These types can be "targeted", "strict", "mcs" and "mls".
for i in ${POLICY_TYPES}; do
cp -a "${S}/refpolicy" "${S}/${i}" || die
cd "${S}/${i}" || die
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
"${S}/${i}/build.conf" || die "build.conf setup failed."
if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
then
# MCS/MLS require additional settings
sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
|| die "failed to set type to mls"
fi
if [ "${i}" == "targeted" ]; then
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
"${S}/${i}/config/appconfig-standard/seusers" \
|| die "targeted seusers setup failed."
fi
if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
"${S}/${i}/config/appconfig-${i}/seusers" \
|| die "policy seusers setup failed."
fi
done
}
src_compile() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}" || die
emake base
if use doc; then
emake html
fi
done
}
src_install() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}" || die
emake DESTDIR="${D}" install
emake DESTDIR="${D}" install-headers
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
# libsemanage won't make this on its own
keepdir "/etc/selinux/${i}/policy"
if use doc; then
docinto ${i}/html
dodoc -r doc/html/*;
fi
insinto /usr/share/selinux/devel;
doins doc/policy.xml;
done
docinto /
dodoc doc/Makefile.example doc/example.{te,fc,if}
doman man/man8/*.8;
insinto /etc/selinux
doins "${FILESDIR}/config"
insinto /usr/share/portage/config/sets
doins "${FILESDIR}/selinux.conf"
}

116
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-9999.ebuild vendored
View File

@ -1,75 +1,57 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-9999.ebuild,v 1.18 2015/04/21 10:34:30 perfinion Exp $
EAPI="5"
inherit eutils
EAPI="7"
if [[ ${PV} == 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
inherit git-r3
KEYWORDS=""
else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
KEYWORDS="~amd64 ~x86"
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi
IUSE="+peer_perms +open_perms +ubac +unconfined doc"
IUSE="doc +unknown-perms systemd +ubac +unconfined"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
LICENSE="GPL-2"
SLOT="0"
RDEPEND=">=sys-apps/policycoreutils-2.3
virtual/udev
!<=sec-policy/selinux-base-policy-2.20120725"
DEPEND="${RDEPEND}
sys-devel/m4
>=sys-apps/checkpolicy-2.3"
RDEPEND=">=sys-apps/policycoreutils-2.8"
DEPEND="${RDEPEND}"
BDEPEND="
>=sys-apps/checkpolicy-2.8
sys-devel/m4"
S=${WORKDIR}/
#src_unpack() {
# git-2_src_unpack
#}
src_prepare() {
if [[ ${PV} != 9999* ]]; then
# Apply the gentoo patches to the policy. These patches are only necessary
# for base policies, or for interface changes on modules.
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
EPATCH_SUFFIX="patch" \
EPATCH_SOURCE="${WORKDIR}" \
EPATCH_FORCE="yes" \
epatch
einfo "Applying SELinux policy updates ... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
cd "${S}/refpolicy"
make bare
eapply_user
epatch_user
cd "${S}/refpolicy" || die
emake bare
}
src_configure() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
# Update the SELinux refpolicy capabilities based on the users' USE flags.
if ! use peer_perms; then
sed -i -e '/network_peer_controls/d' \
"${S}/refpolicy/policy/policy_capabilities"
fi
if ! use open_perms; then
sed -i -e '/open_perms/d' \
"${S}/refpolicy/policy/policy_capabilities"
if use unknown-perms; then
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
|| die "Failed to allow Unknown Permissions Handling"
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
|| die "Failed to allow Unknown Permissions Handling"
fi
if ! use ubac; then
@ -77,20 +59,24 @@ src_configure() {
|| die "Failed to disable User Based Access Control"
fi
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
if use systemd; then
sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
|| die "Failed to enable SystemD"
fi
echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
# Prepare initial configuration
cd "${S}/refpolicy";
make conf || die "Make conf failed"
cd "${S}/refpolicy" || die
emake conf
# Setup the policies based on the types delivered by the end user.
# These types can be "targeted", "strict", "mcs" and "mls".
for i in ${POLICY_TYPES}; do
cp -a "${S}/refpolicy" "${S}/${i}"
cd "${S}/${i}";
cp -a "${S}/refpolicy" "${S}/${i}" || die
cd "${S}/${i}" || die
#cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
"${S}/${i}/build.conf" || die "build.conf setup failed."
@ -120,10 +106,10 @@ src_compile() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
emake base || die "${i} compile failed"
cd "${S}/${i}" || die
emake base
if use doc; then
make html || die
emake html
fi
done
}
@ -132,23 +118,21 @@ src_install() {
[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
for i in ${POLICY_TYPES}; do
cd "${S}/${i}"
cd "${S}/${i}" || die
make DESTDIR="${D}" install \
|| die "${i} install failed."
emake DESTDIR="${D}" install
emake DESTDIR="${D}" install-headers
make DESTDIR="${D}" install-headers \
|| die "${i} headers install failed."
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
# libsemanage won't make this on its own
keepdir "/etc/selinux/${i}/policy"
if use doc; then
dohtml doc/html/*;
docinto ${i}/html
dodoc -r doc/html/*;
fi
insinto /usr/share/selinux/devel;
@ -156,18 +140,14 @@ src_install() {
done
systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/selinux-base.conf"
systemd-tmpfiles --root="${D}" --create selinux-base.conf
docinto /
dodoc doc/Makefile.example doc/example.{te,fc,if}
doman man/man8/*.8;
insinto /usr/lib/selinux
insinto /etc/selinux
doins "${FILESDIR}/config"
}
pkg_preinst() {
has_version "<${CATEGORY}/${PN}-2.20101213-r13"
previous_less_than_r13=$?
insinto /usr/share/portage/config/sets
doins "${FILESDIR}/selinux.conf"
}

284
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/ChangeLog vendored
View File

@ -1,284 +0,0 @@
# ChangeLog for sec-policy/selinux-unconfined
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-unconfined/ChangeLog,v 1.55 2015/06/05 16:10:22 perfinion Exp $
05 Jun 2015; Jason Zaman <perfinion@gentoo.org>
selinux-unconfined-2.20141203-r5.ebuild:
Stabilize policy 2.20141203-r5
*selinux-unconfined-2.20141203-r6 (05 Jun 2015)
05 Jun 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-unconfined-2.20141203-r6.ebuild:
Release of 2.20141203-r6
15 Apr 2015; Jason Zaman <perfinion@gentoo.org>
selinux-unconfined-2.20141203-r4.ebuild:
Stabilize policy 2.20141203-r4
*selinux-unconfined-2.20141203-r5 (15 Apr 2015)
15 Apr 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-unconfined-2.20141203-r5.ebuild:
Release of 2.20141203-r5
22 Mar 2015; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20141203-r3.ebuild:
Stabilize 2.20141203-r3 policies
*selinux-unconfined-2.20141203-r4 (22 Mar 2015)
22 Mar 2015; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20141203-r4.ebuild, selinux-unconfined-9999.ebuild:
Release of 2.20141203-r4
*selinux-unconfined-2.20141203-r3 (29 Jan 2015)
29 Jan 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-unconfined-2.20141203-r3.ebuild,
selinux-unconfined-2.20141203-r2.ebuild:
Release of 2.20141203-r3, stable 2.20141203-r2
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-unconfined-2.20140311-r1.ebuild,
-selinux-unconfined-2.20140311-r2.ebuild,
-selinux-unconfined-2.20140311-r3.ebuild,
-selinux-unconfined-2.20140311-r4.ebuild:
Remove old ebuilds
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20141203-r1.ebuild:
Stabilize 2.20141203-r1
*selinux-unconfined-2.20141203-r2 (21 Dec 2014)
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20141203-r2.ebuild:
Release of 2.20141203-r2
07 Dec 2014; Jason Zaman <perfinion@gentoo.org>
selinux-unconfined-2.20140311-r7.ebuild:
Stabilize 2.20140311-r7
*selinux-unconfined-2.20141203-r1 (07 Dec 2014)
07 Dec 2014; Jason Zaman <perfinion@gentoo.org>
+selinux-unconfined-2.20141203-r1.ebuild:
Release of 2.20141203-r1
01 Nov 2014; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20140311-r6.ebuild:
Stabilize rev 6
*selinux-unconfined-2.20140311-r7 (01 Nov 2014)
01 Nov 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20140311-r7.ebuild:
Bump revision r7 of SELinux policies
01 Nov 2014; Sven Vermeulen <swift@gentoo.org> selinux-unconfined-9999.ebuild:
Add KEYWORDS logic in -9999 ebuilds for ease of copying
22 Aug 2014; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20140311-r5.ebuild:
Stabilize r5 policies
*selinux-unconfined-2.20140311-r6 (21 Aug 2014)
21 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20140311-r6.ebuild:
Release of 2.20140311-r6
*selinux-unconfined-2.20140311-r5 (09 Aug 2014)
09 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20140311-r5.ebuild:
Bump towards r5 (fixes duplicate context for hiawatha)
08 Aug 2014; Sven Vermeulen <swift@gentoo.org> selinux-unconfined-9999.ebuild:
Make 9999 ebuilds EAPI=5 and transform to make master for version bumps
05 Aug 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-unconfined-2.20130424-r1.ebuild,
-selinux-unconfined-2.20130424-r2.ebuild,
-selinux-unconfined-2.20130424-r3.ebuild,
-selinux-unconfined-2.20130424-r4.ebuild:
Remove obsolete ebuilds
*selinux-unconfined-2.20140311-r4 (01 Aug 2014)
01 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20140311-r4.ebuild,
selinux-unconfined-2.20140311-r3.ebuild:
Stabilization of r3, and make r4 available for testing
29 May 2014; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20140311-r2.ebuild:
Stabilize 2.20140311-r2
*selinux-unconfined-2.20140311-r3 (29 May 2014)
29 May 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20140311-r3.ebuild:
Bump to 2.20140311-r3
19 Apr 2014; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20140311-r1.ebuild:
Stabilize r1 policies
*selinux-unconfined-2.20140311-r2 (19 Apr 2014)
19 Apr 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20140311-r2.ebuild:
Release of 2.20140311-r2
24 Mar 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-unconfined-2.20120725-r11.ebuild,
-selinux-unconfined-2.20120725-r12.ebuild,
-selinux-unconfined-2.20120725-r5.ebuild,
-selinux-unconfined-2.20120725-r7.ebuild,
-selinux-unconfined-2.20120725-r8.ebuild,
-selinux-unconfined-2.20120725-r9.ebuild:
Remove older SELinux policy ebuilds
*selinux-unconfined-2.20140311-r1 (21 Mar 2014)
21 Mar 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20140311-r1.ebuild:
New upstream refpolicy release
12 Jan 2014; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20130424-r4.ebuild:
Stabilize 2.20130424-r4
*selinux-unconfined-2.20130424-r4 (11 Dec 2013)
11 Dec 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20130424-r4.ebuild:
Release of 2.20130424-r4
*selinux-unconfined-2.20130424-r3 (26 Sep 2013)
26 Sep 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20130424-r3.ebuild:
Release 2.20130424-r3, fixing bugs #480628, #482196, #475432, #485304, #480870
and #428322
15 Aug 2013; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20130424-r2.ebuild:
Stabilize r2 of policies
*selinux-unconfined-2.20130424-r2 (20 Jul 2013)
20 Jul 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20130424-r2.ebuild:
Pushing out rev 2
16 Jun 2013; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20130424-r1.ebuild:
Stabilize 20130424 policies
*selinux-unconfined-2.20130424-r1 (06 May 2013)
06 May 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20130424-r1.ebuild:
Adding 20130424 release
29 Mar 2013; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20120725-r12.ebuild:
Stabilize r12, fixes 455080, 453724, 461880, 453722, 452166, 458876, 457618,
456910, 456194, 453990 and 460152
*selinux-unconfined-2.20120725-r12 (09 Mar 2013)
09 Mar 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20120725-r12.ebuild:
Pushing out rev 12
23 Feb 2013; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20120725-r11.ebuild:
Stabilization
*selinux-unconfined-2.20120725-r11 (26 Jan 2013)
26 Jan 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-unconfined-2.20120725-r11.ebuild:
Bumping selinux-unconfined to revision 11
13 Jan 2013; Sven Vermeulen <swift@gentoo.org>
selinux-unconfined-2.20120725-r9.ebuild:
Stabilizing r9
*selinux-unconfined-2.20120725-r9 (21 Dec 2012)
21 Dec 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120725-r9.ebuild:
Bumping to revision 9
17 Dec 2012; Sven Vermeulen <swift@gentoo.org> -selinux-unconfined-2.20120215-r1.ebuild,
-selinux-unconfined-2.20120215-r14.ebuild,
-selinux-unconfined-2.20120215-r15.ebuild,
-selinux-unconfined-2.20120215-r2.ebuild,
-selinux-unconfined-2.20120215.ebuild:
Removing older ebuilds
13 Dec 2012; Sven Vermeulen <swift@gentoo.org> selinux-unconfined-2.20120725-r8.ebuild:
Stabilization
*selinux-unconfined-2.20120725-r8 (03 Dec 2012)
03 Dec 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120725-r8.ebuild:
Bumping to revision 8
*selinux-unconfined-2.20120725-r7 (18 Nov 2012)
18 Nov 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120725-r7.ebuild:
Pushing out rev 7
*selinux-unconfined-9999 (13 Oct 2012)
13 Oct 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-9999.ebuild:
Adding live ebuild
04 Oct 2012; Sven Vermeulen <swift@gentoo.org> selinux-unconfined-2.20120725-r5.ebuild:
Stabilization
*selinux-unconfined-2.20120725-r5 (21 Sep 2012)
21 Sep 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120725-r5.ebuild:
Introducing policy for 2.20120725, rev5
30 Jul 2012; Sven Vermeulen <swift@gentoo.org> selinux-unconfined-2.20120215-r14.ebuild:
Stabilization of revision 14 of the SELinux policy modules
*selinux-unconfined-2.20120215-r15 (26 Jul 2012)
26 Jul 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120215-r15.ebuild:
Bump to rev15
*selinux-unconfined-2.20120215-r14 (16 Jul 2012)
16 Jul 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120215-r14.ebuild:
Bumping to rev14
*selinux-unconfined-2.20120215-r2 (27 Jun 2012)
27 Jun 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120215-r2.ebuild:
Bump to revision 13
*selinux-unconfined-2.20120215-r1 (20 May 2012)
20 May 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120215-r1.ebuild:
Bumping to rev 9
29 Apr 2012; Sven Vermeulen <swift@gentoo.org> selinux-unconfined-2.20120215.ebuild:
Stabilizing revision 7
31 Mar 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120215.ebuild,
+metadata.xml:
Bumping to 2.20120215 policies
*selinux-unconfined-2.20120215 (31 Mar 2012)
31 Mar 2012; Sven Vermeulen <swift@gentoo.org> +selinux-unconfined-2.20120215.ebuild,
+metadata.xml:
Initial SELinux policy for unconfined domain

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/Manifest vendored
View File

@ -1,2 +1,4 @@
DIST patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2 299602 SHA256 e8518004942a6c57170a609683e22b1410c93a2a195829c41dc8fbc703d941b5 SHA512 ce6484fbca1d2d074e50d1a3953392bd3ce0a4617df98fbac37747b469b4f160a9331586dfe1c3ddccb1ccbee24876a2f05ab49e37c8492a48baf83c2d01d140 WHIRLPOOL 1fd7b956e98e95a64c3a713a944d4531259bd156a7feabf6a89c4b5f33ac846377730eede97889e85183be086f282ebd18e860214f6ca3f01b40f2323470ee04
DIST refpolicy-2.20141203.tar.bz2 680243 SHA256 f438209c430d8a2d4ddcbe4bdd3edb46f6af7dc4913637af0b73c635e40c1522 SHA512 682e4280c5799e4c12ec7594afc1389f67be35055748d2e0dbdc3419159a16c96d4946ca6178daee8370515951f8653b2e452efe8c962b8d7f9bc192f0b15a0c WHIRLPOOL 74bca232534e7af9051bb1ab9f77c1ff6c425781cf4561f781d6e9a40cc5ca0d9add540249ea5493e8782a9372aea296ead6c165c6c440ae1509eb319d151ee5
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/metadata.xml vendored
View File

@ -1,6 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<longdescription>Gentoo SELinux policy for unconfined domains</longdescription>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
</pkgmetadata>

17
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r14.ebuild vendored
View File

@ -1,17 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r5.ebuild,v 1.2 2015/06/05 16:10:22 perfinion Exp $
EAPI="5"
IUSE=""
MODS="unconfined"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for unconfined"
if [[ $PV == 9999* ]] ; then
KEYWORDS=""
else
KEYWORDS="amd64 x86"
fi

15
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20200818-r2.ebuild vendored Normal file
View File

@ -0,0 +1,15 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="unconfined"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for unconfined"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
fi

15
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20210203-r1.ebuild vendored Normal file
View File

@ -0,0 +1,15 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="unconfined"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for unconfined"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi

12
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-9999.ebuild vendored
View File

@ -1,7 +1,7 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-unconfined/selinux-unconfined-9999.ebuild,v 1.4 2015/03/22 13:47:24 swift Exp $
EAPI="5"
EAPI="7"
IUSE=""
MODS="unconfined"
@ -10,8 +10,6 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for unconfined"
if [[ $PV == 9999* ]] ; then
KEYWORDS=""
else
KEYWORDS="~amd64 ~x86"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi

308
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/ChangeLog vendored
View File

@ -1,308 +0,0 @@
# ChangeLog for sec-policy/selinux-virt
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-virt/ChangeLog,v 1.63 2015/06/05 16:10:23 perfinion Exp $
05 Jun 2015; Jason Zaman <perfinion@gentoo.org>
selinux-virt-2.20141203-r5.ebuild:
Stabilize policy 2.20141203-r5
*selinux-virt-2.20141203-r6 (05 Jun 2015)
05 Jun 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-virt-2.20141203-r6.ebuild:
Release of 2.20141203-r6
15 Apr 2015; Jason Zaman <perfinion@gentoo.org>
selinux-virt-2.20141203-r4.ebuild:
Stabilize policy 2.20141203-r4
*selinux-virt-2.20141203-r5 (15 Apr 2015)
15 Apr 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-virt-2.20141203-r5.ebuild:
Release of 2.20141203-r5
22 Mar 2015; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20141203-r3.ebuild:
Stabilize 2.20141203-r3 policies
*selinux-virt-2.20141203-r4 (22 Mar 2015)
22 Mar 2015; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20141203-r4.ebuild, selinux-virt-9999.ebuild:
Release of 2.20141203-r4
*selinux-virt-2.20141203-r3 (29 Jan 2015)
29 Jan 2015; Jason Zaman <perfinion@gentoo.org>
+selinux-virt-2.20141203-r3.ebuild, selinux-virt-2.20141203-r2.ebuild:
Release of 2.20141203-r3, stable 2.20141203-r2
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-virt-2.20140311-r1.ebuild, -selinux-virt-2.20140311-r2.ebuild,
-selinux-virt-2.20140311-r3.ebuild, -selinux-virt-2.20140311-r4.ebuild:
Remove old ebuilds
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20141203-r1.ebuild:
Stabilize 2.20141203-r1
*selinux-virt-2.20141203-r2 (21 Dec 2014)
21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20141203-r2.ebuild:
Release of 2.20141203-r2
07 Dec 2014; Jason Zaman <perfinion@gentoo.org>
selinux-virt-2.20140311-r7.ebuild:
Stabilize 2.20140311-r7
*selinux-virt-2.20141203-r1 (07 Dec 2014)
07 Dec 2014; Jason Zaman <perfinion@gentoo.org>
+selinux-virt-2.20141203-r1.ebuild:
Release of 2.20141203-r1
01 Nov 2014; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20140311-r6.ebuild:
Stabilize rev 6
*selinux-virt-2.20140311-r7 (01 Nov 2014)
01 Nov 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20140311-r7.ebuild:
Bump revision r7 of SELinux policies
01 Nov 2014; Sven Vermeulen <swift@gentoo.org> selinux-virt-9999.ebuild:
Add KEYWORDS logic in -9999 ebuilds for ease of copying
22 Aug 2014; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20140311-r5.ebuild:
Stabilize r5 policies
*selinux-virt-2.20140311-r6 (21 Aug 2014)
21 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20140311-r6.ebuild:
Release of 2.20140311-r6
*selinux-virt-2.20140311-r5 (09 Aug 2014)
09 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20140311-r5.ebuild:
Bump towards r5 (fixes duplicate context for hiawatha)
08 Aug 2014; Sven Vermeulen <swift@gentoo.org> selinux-virt-9999.ebuild:
Make 9999 ebuilds EAPI=5 and transform to make master for version bumps
05 Aug 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-virt-2.20130424-r1.ebuild, -selinux-virt-2.20130424-r2.ebuild,
-selinux-virt-2.20130424-r3.ebuild, -selinux-virt-2.20130424-r4.ebuild:
Remove obsolete ebuilds
*selinux-virt-2.20140311-r4 (01 Aug 2014)
01 Aug 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20140311-r4.ebuild, selinux-virt-2.20140311-r3.ebuild:
Stabilization of r3, and make r4 available for testing
29 May 2014; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20140311-r2.ebuild:
Stabilize 2.20140311-r2
*selinux-virt-2.20140311-r3 (29 May 2014)
29 May 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20140311-r3.ebuild:
Bump to 2.20140311-r3
19 Apr 2014; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20140311-r1.ebuild:
Stabilize r1 policies
*selinux-virt-2.20140311-r2 (19 Apr 2014)
19 Apr 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20140311-r2.ebuild:
Release of 2.20140311-r2
24 Mar 2014; Sven Vermeulen <swift@gentoo.org>
-selinux-virt-2.20120725-r11.ebuild, -selinux-virt-2.20120725-r12.ebuild,
-selinux-virt-2.20120725-r5.ebuild, -selinux-virt-2.20120725-r7.ebuild,
-selinux-virt-2.20120725-r8.ebuild, -selinux-virt-2.20120725-r9.ebuild:
Remove older SELinux policy ebuilds
*selinux-virt-2.20140311-r1 (21 Mar 2014)
21 Mar 2014; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20140311-r1.ebuild:
New upstream refpolicy release
12 Jan 2014; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20130424-r4.ebuild:
Stabilize 2.20130424-r4
*selinux-virt-2.20130424-r4 (11 Dec 2013)
11 Dec 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20130424-r4.ebuild:
Release of 2.20130424-r4
*selinux-virt-2.20130424-r3 (26 Sep 2013)
26 Sep 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20130424-r3.ebuild:
Release 2.20130424-r3, fixing bugs #480628, #482196, #475432, #485304, #480870
and #428322
15 Aug 2013; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20130424-r2.ebuild:
Stabilize r2 of policies
*selinux-virt-2.20130424-r2 (20 Jul 2013)
20 Jul 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20130424-r2.ebuild:
Pushing out rev 2
16 Jun 2013; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20130424-r1.ebuild:
Stabilize 20130424 policies
*selinux-virt-2.20130424-r1 (06 May 2013)
06 May 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20130424-r1.ebuild:
Adding 20130424 release
29 Mar 2013; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20120725-r12.ebuild:
Stabilize r12, fixes 455080, 453724, 461880, 453722, 452166, 458876, 457618,
456910, 456194, 453990 and 460152
*selinux-virt-2.20120725-r12 (09 Mar 2013)
09 Mar 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20120725-r12.ebuild:
Pushing out rev 12
23 Feb 2013; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20120725-r11.ebuild:
Stabilization
*selinux-virt-2.20120725-r11 (26 Jan 2013)
26 Jan 2013; Sven Vermeulen <swift@gentoo.org>
+selinux-virt-2.20120725-r11.ebuild:
Bumping selinux-virt to revision 11
13 Jan 2013; Sven Vermeulen <swift@gentoo.org>
selinux-virt-2.20120725-r9.ebuild:
Stabilizing r9
*selinux-virt-2.20120725-r9 (21 Dec 2012)
21 Dec 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20120725-r9.ebuild:
Bumping to revision 9
17 Dec 2012; Sven Vermeulen <swift@gentoo.org> -selinux-virt-2.20120215-r1.ebuild,
-selinux-virt-2.20120215-r14.ebuild, -selinux-virt-2.20120215-r15.ebuild,
-selinux-virt-2.20120215.ebuild:
Removing older ebuilds
13 Dec 2012; Sven Vermeulen <swift@gentoo.org> selinux-virt-2.20120725-r8.ebuild:
Stabilization
*selinux-virt-2.20120725-r8 (03 Dec 2012)
03 Dec 2012; Sven Vermeulen +files/fix-qemu-is-optional-r8.patch,
+selinux-virt-2.20120725-r8.ebuild:
Bumping to revision 8
*selinux-virt-2.20120725-r7 (18 Nov 2012)
18 Nov 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20120725-r7.ebuild:
Pushing out rev 7
*selinux-virt-9999 (13 Oct 2012)
13 Oct 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-9999.ebuild:
Adding live ebuild
04 Oct 2012; Sven Vermeulen <swift@gentoo.org> selinux-virt-2.20120725-r5.ebuild:
Stabilization
*selinux-virt-2.20120725-r5 (21 Sep 2012)
21 Sep 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20120725-r5.ebuild:
Introducing policy for 2.20120725, rev5
30 Jul 2012; Sven Vermeulen <swift@gentoo.org> selinux-virt-2.20120215-r14.ebuild:
Stabilization of revision 14 of the SELinux policy modules
*selinux-virt-2.20120215-r15 (26 Jul 2012)
26 Jul 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20120215-r15.ebuild:
Bump to rev15
*selinux-virt-2.20120215-r14 (16 Jul 2012)
16 Jul 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20120215-r14.ebuild:
Bumping to rev14
*selinux-virt-2.20120215-r1 (27 Jun 2012)
27 Jun 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20120215-r1.ebuild:
Bump to revision 13
13 May 2012; Sven Vermeulen <swift@gentoo.org> -selinux-virt-2.20110726.ebuild,
-selinux-virt-2.20110726-r1.ebuild:
Removing deprecated ebuilds (cleanup)
29 Apr 2012; Sven Vermeulen <swift@gentoo.org> selinux-virt-2.20120215.ebuild:
Stabilizing revision 7
*selinux-virt-2.20120215 (31 Mar 2012)
31 Mar 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20120215.ebuild:
Bumping to 2.20120215 policies
23 Feb 2012; Sven Vermeulen <swift@gentoo.org> selinux-virt-2.20110726-r1.ebuild:
Stabilizing
*selinux-virt-2.20110726-r1 (14 Jan 2012)
14 Jan 2012; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20110726-r1.ebuild:
Fix bug #330767 to support libvirt better in gentoo
12 Nov 2011; Sven Vermeulen <swift@gentoo.org> -selinux-virt-2.20101213.ebuild:
Removing old policies
23 Oct 2011; Sven Vermeulen <swift@gentoo.org> selinux-virt-2.20110726.ebuild:
Stabilization (tracker #384231)
*selinux-virt-2.20110726 (28 Aug 2011)
28 Aug 2011; Sven Vermeulen <swift@gentoo.org> +selinux-virt-2.20110726.ebuild:
Updating policy builds to refpolicy 20110726
02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
selinux-virt-2.20101213.ebuild:
Stable amd64 x86
06 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
selinux-virt-2.20101213.ebuild:
Fixed unquoted variable.
05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog:
Initial commit to portage.
01 Jan 2011; Chris Richards <gizmo@www.giz-works.com>
+selinux-virt-2.20101213.ebuild, +metadata.xml:
New upstream release
*selinux-virt-2.20101213 (01 Jan 2011)
01 Jan 2011; Chris Richards <gizmo@www.giz-works.com>
+selinux-virt-2.20101213.ebuild, +metadata.xml:
Initial commit

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/Manifest vendored
View File

@ -1,2 +1,4 @@
DIST patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2 299602 SHA256 e8518004942a6c57170a609683e22b1410c93a2a195829c41dc8fbc703d941b5 SHA512 ce6484fbca1d2d074e50d1a3953392bd3ce0a4617df98fbac37747b469b4f160a9331586dfe1c3ddccb1ccbee24876a2f05ab49e37c8492a48baf83c2d01d140 WHIRLPOOL 1fd7b956e98e95a64c3a713a944d4531259bd156a7feabf6a89c4b5f33ac846377730eede97889e85183be086f282ebd18e860214f6ca3f01b40f2323470ee04
DIST refpolicy-2.20141203.tar.bz2 680243 SHA256 f438209c430d8a2d4ddcbe4bdd3edb46f6af7dc4913637af0b73c635e40c1522 SHA512 682e4280c5799e4c12ec7594afc1389f67be35055748d2e0dbdc3419159a16c96d4946ca6178daee8370515951f8653b2e452efe8c962b8d7f9bc192f0b15a0c WHIRLPOOL 74bca232534e7af9051bb1ab9f77c1ff6c425781cf4561f781d6e9a40cc5ca0d9add540249ea5493e8782a9372aea296ead6c165c6c440ae1509eb319d151ee5
DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc

15
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/fix-qemu-is-optional-r8.patch vendored
View File

@ -1,15 +0,0 @@
--- contrib/virt.te 2012-11-25 21:35:09.181247450 +0100
+++ contrib/virt.te 2012-11-25 21:34:09.223216815 +0100
@@ -281,7 +281,11 @@
userdom_search_user_home_dirs(virt_domain)
userdom_read_all_users_state(virt_domain)
-qemu_exec(virt_domain)
+ifdef(`distro_gentoo',`
+ optional_policy(`
+ qemu_exec(virt_domain)
+ ')
+')
tunable_policy(`virt_use_execmem',`
allow virt_domain self:process { execmem execstack };

17
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.patch vendored
View File

@ -1,17 +1,19 @@
diff -u contrib.orig/virt.te contrib/virt.te
--- modules/contrib.orig/virt.te 2016-02-20 13:18:44.670955920 -0800
+++ modules/contrib/virt.te 2016-02-20 13:22:24.186318856 -0800
@@ -1299,3 +1299,32 @@
index 256ea58..f72fbba 100644
--- services/virt.te
+++ services/virt.te
@@ -1378,3 +1378,35 @@ sysnet_dns_name_resolve(virtlogd_t)
virt_append_log(virtlockd_t)
virt_read_config(virtlockd_t)
virt_manage_log(virtlogd_t)
virt_read_config(virtlogd_t)
+
+require {
+ type kernel_t;
+ type kernel_t;
+ type tmpfs_t;
+ type var_lib_t;
+}
+allow kernel_t svirt_lxc_net_t:process transition;
+allow initrc_t svirt_lxc_net_t:process transition;
+allow kernel_t svirt_lxc_net_t:process2 nnp_transition;
+fs_manage_tmpfs_chr_files(svirt_lxc_net_t)
+fs_manage_tmpfs_dirs(svirt_lxc_net_t)
+fs_manage_tmpfs_files(svirt_lxc_net_t)
@ -33,4 +35,5 @@ diff -u contrib.orig/virt.te contrib/virt.te
+allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };
+allow svirt_lxc_net_t var_lib_t:file { entrypoint execute execute_no_trans };
+allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open append };
+allow svirt_lxc_net_t initrc_t:fifo_file { getattr ioctl read write open append };
+

6
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/metadata.xml vendored
View File

@ -1,6 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<longdescription>Gentoo SELinux policy for virt</longdescription>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
</pkgmetadata>

19
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r14.ebuild vendored
View File

@ -1,19 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-virt/selinux-virt-2.20141203-r5.ebuild,v 1.2 2015/06/05 16:10:23 perfinion Exp $
EAPI="5"
IUSE=""
MODS="virt"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
POLICY_PATCH="${FILESDIR}/virt.diff"
if [[ $PV == 9999* ]] ; then
KEYWORDS=""
else
KEYWORDS="amd64 x86"
fi

18
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20200818-r2.ebuild vendored Normal file
View File

@ -0,0 +1,18 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="virt"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
# flatcar changes
POLICY_PATCH="${FILESDIR}/virt.patch"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="amd64 -arm ~arm64 ~mips x86"
fi

15
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20210203-r1.ebuild vendored Normal file
View File

@ -0,0 +1,15 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
IUSE=""
MODS="virt"
inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi

12
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-9999.ebuild vendored
View File

@ -1,7 +1,7 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-virt/selinux-virt-9999.ebuild,v 1.4 2015/03/22 13:47:21 swift Exp $
EAPI="5"
EAPI="7"
IUSE=""
MODS="virt"
@ -10,8 +10,6 @@ inherit selinux-policy-2
DESCRIPTION="SELinux policy for virt"
if [[ $PV == 9999* ]] ; then
KEYWORDS=""
else
KEYWORDS="~amd64 ~x86"
if [[ ${PV} != 9999* ]] ; then
KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
fi

3
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/Manifest vendored
View File

@ -1 +1,2 @@
DIST checkpolicy-2.4.tar.gz 65238 SHA256 9bbdac28a88de4c405c769730863f3adcd266adbfa45881a5de67e3a4895bcd4 SHA512 8c5c22d9510305e7f518d1a5818f5b36895210f48835d8d24a43b2d34e79881cebcc8cd588bb663c0613a4f878db125c22a4b4df3d0f63b8fb8f88350abc61cc WHIRLPOOL b717428b4411e526cc47ed2be88d7e7e4d48153404b90d50e510fd0cc10cc0452661d0b6b0cc200bb09ae1cc040ae59aae68a8c748611db3ca4cd262f8e8f932
DIST checkpolicy-3.1.tar.gz 69072 BLAKE2B 31cb5ef52533b0a62f954e770278fc5766a961d87fb86260b04abe562bcd90d0025b33931c6ad54096c64ab54150c7562c112eac80eb2f60dbcdda57f4cacfe2 SHA512 2276a5a0919286049d2ceba386ef5f6de523745b588bb81cb4fed5eced5fd0b8070249b7a3ae5a85e2abb9369a86318f727d4073aad14ab75c43750a46069168
DIST checkpolicy-3.2.tar.gz 69035 BLAKE2B 263c582c8ed3c38822513899f3591edfc5d0132977451503a8b45d2074b5a1c5ce03973353b3ceaad44da913b4e35546cfef1988b68bd517618efdb942f994ec SHA512 133639595c2acc66c02b5a637c5e0c60d80ce2bae04f4a709d9fafabd31f9497d1a6e3334904b985c2a1bd94a7a7e3df782c2af2ae41d1fd79b69156a835edeb

54
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/checkpolicy-2.4-r2.ebuild vendored
View File

@ -1,54 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/checkpolicy/checkpolicy-2.4.ebuild,v 1.3 2015/05/10 09:07:48 perfinion Exp $
EAPI="5"
inherit toolchain-funcs eutils
MY_P="${P//_/-}"
SEPOL_VER="${PV}"
SEMNG_VER="${PV}"
DESCRIPTION="SELinux policy compiler"
HOMEPAGE="http://userspace.selinuxproject.org"
SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 x86"
IUSE="debug"
DEPEND=">=sys-libs/libsepol-${SEPOL_VER}
>=sys-libs/libsemanage-${SEMNG_VER}
sys-devel/flex
sys-devel/bison"
RDEPEND=">=sys-libs/libsemanage-${SEMNG_VER}"
S="${WORKDIR}/${MY_P}"
src_prepare() {
epatch_user
}
src_compile() {
emake CC="$(tc-getCC)" YACC="bison -y" \
INCLUDEDIR="${ROOT}\$(PREFIX)/include" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
LDLIBS="${ROOT}\$(LIBDIR)/libsepol.a -lfl"
}
src_install() {
emake DESTDIR="${D}" install
if use debug; then
dobin "${S}/test/dismod"
dobin "${S}/test/dispol"
fi
}
pkg_postinst() {
einfo "This checkpolicy can compile version `checkpolicy -V |cut -f 1 -d ' '` policy."
}

65
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/checkpolicy-3.1.ebuild vendored Normal file
View File

@ -0,0 +1,65 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
MY_P="${P//_/-}"
MY_RELEASEDATE="20200710"
SEPOL_VER="${PV}"
SEMNG_VER="${PV}"
DESCRIPTION="SELinux policy compiler"
HOMEPAGE="http://userspace.selinuxproject.org"
if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="debug"
DEPEND=">=sys-libs/libsepol-${SEPOL_VER}"
BDEPEND="sys-devel/flex
sys-devel/bison"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}"
src_compile() {
# flatcar changes
emake \
CC="$(tc-getCC)" \
YACC="bison -y" \
PREFIX="/usr" \
LIBDIR="${ROOT:-/}\$(PREFIX)/$(get_libdir)" \
INCLUDEDIR="${ROOT}\$(PREFIX)/include"
}
src_install() {
# flatcar changes
# we remove the `default` behavior to override
# the LIBSEPOLA variable in order to fix cross compile
emake DESTDIR="${D}" \
LIBSEPOLA="${ROOT:-/}/usr/$(get_libdir)/libsepol.a" \
install
if use debug; then
dobin "${S}/test/dismod"
dobin "${S}/test/dispol"
fi
}
pkg_postinst() {
if ! tc-is-cross-compiler; then
einfo "This checkpolicy can compile version `checkpolicy -V | cut -f 1 -d ' '` policy."
fi
}

50
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/checkpolicy-3.2.ebuild vendored Normal file
View File

@ -0,0 +1,50 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
DESCRIPTION="SELinux policy compiler"
HOMEPAGE="http://userspace.selinuxproject.org"
if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="debug"
DEPEND=">=sys-libs/libsepol-${PV}"
BDEPEND="sys-devel/flex
sys-devel/bison"
RDEPEND=">=sys-libs/libsepol-${PV}"
src_compile() {
emake \
CC="$(tc-getCC)" \
YACC="bison -y" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
src_install() {
default
if use debug; then
dobin "${S}/test/dismod"
dobin "${S}/test/dispol"
fi
}
pkg_postinst() {
if ! tc-is-cross-compiler; then
einfo "This checkpolicy can compile version `checkpolicy -V | cut -f 1 -d ' '` policy."
fi
}

50
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/checkpolicy-9999.ebuild vendored Normal file
View File

@ -0,0 +1,50 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
inherit toolchain-funcs
DESCRIPTION="SELinux policy compiler"
HOMEPAGE="http://userspace.selinuxproject.org"
if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="debug"
DEPEND=">=sys-libs/libsepol-${PV}"
BDEPEND="sys-devel/flex
sys-devel/bison"
RDEPEND=">=sys-libs/libsepol-${PV}"
src_compile() {
emake \
CC="$(tc-getCC)" \
YACC="bison -y" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
src_install() {
default
if use debug; then
dobin "${S}/test/dismod"
dobin "${S}/test/dispol"
fi
}
pkg_postinst() {
if ! tc-is-cross-compiler; then
einfo "This checkpolicy can compile version `checkpolicy -V | cut -f 1 -d ' '` policy."
fi
}

6
sdk_container/src/third_party/coreos-overlay/sys-apps/checkpolicy/metadata.xml vendored
View File

@ -1,6 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<longdescription>SELinux policy compilier</longdescription>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
</pkgmetadata>

2
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest vendored
View File

@ -1 +1 @@
DIST dbus-1.10.32.tar.gz 2000784 BLAKE2B 490dfa33bf7e26d68e6dfb01c41a720623a28936fd635b8becbbb1dad6b58579fba2d7f75ed57ee0588c4a87ab9c0d07b0005f0ae7cf5b68df5e277cc6f8de07 SHA512 c0cdf99a72fe191ce45767121d67772854c6ec5df3939f2aec76b4ecc3905162d57548c2f02d8073b81c3b4d71277745b7aac8489c364064bd2cf723ce6bbbcd
DIST dbus-1.12.20.tar.gz 2095511 BLAKE2B b467526e7e0281db7b8c7c178469fe006dab29ccb1ea197c02495bd297e8de766230b68ed86c4a7e05dbe09ca30ce941a15e0bf8030fe0df66c04febf0534b3b SHA512 0964683bc6859374cc94e42e1ec0cdb542cca67971c205fcba4352500b6c0891665b0718e7d85eb060c81cb82e3346c313892bc02384da300ddd306c7eef0056

122
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.10.32.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.20-r1.ebuild vendored
View File

@ -1,10 +1,10 @@
# Copyright 1999-2017 Gentoo Foundation
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
PYTHON_COMPAT=( python{2_7,3_{4,5,6}} )
EAPI=7
inherit autotools ltprune linux-info flag-o-matic python-any-r1 readme.gentoo-r1 systemd virtualx user multilib-minimal
PYTHON_COMPAT=( python3_7 )
inherit autotools flag-o-matic linux-info python-any-r1 readme.gentoo-r1 systemd virtualx multilib-minimal
DESCRIPTION="A message bus system, a simple way for applications to talk to each other"
HOMEPAGE="https://dbus.freedesktop.org/"
@ -12,40 +12,43 @@ SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.gz"
LICENSE="|| ( AFL-2.1 GPL-2 )"
SLOT="0"
# Flatcar: stabilize amd64 and arm64
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
IUSE="debug doc elogind selinux static-libs systemd test user-session X"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="debug doc elogind kernel_linux selinux static-libs systemd test user-session X"
RESTRICT="!test? ( test )"
#RESTRICT="test"
REQUIRED_USE="?? ( elogind systemd )"
REQUIRED_USE="
?? ( elogind systemd )
test? ( debug )
BDEPEND="
acct-user/messagebus
app-text/xmlto
app-text/docbook-xml-dtd:4.4
sys-devel/autoconf-archive
virtual/pkgconfig
doc? ( app-doc/doxygen )
"
CDEPEND="
>=dev-libs/expat-2
selinux? ( sys-libs/libselinux )
COMMON_DEPEND="
>=dev-libs/expat-2.1.0
elogind? ( sys-auth/elogind )
selinux? ( sys-libs/libselinux )
systemd? ( sys-apps/systemd:0= )
X? (
x11-libs/libX11
x11-libs/libXt
)
)
"
DEPEND="${CDEPEND}
app-text/xmlto
app-text/docbook-xml-dtd:4.4
virtual/pkgconfig
doc? ( app-doc/doxygen )
DEPEND="${COMMON_DEPEND}
dev-libs/expat
test? (
>=dev-libs/glib-2.36:2
${PYTHON_DEPS}
)
>=dev-libs/glib-2.40:2
)
"
# Flatcar: drop dependency on sec-policy/selinux-dbus, to avoid pulling in
# unnecessary ebuilds into rootfs
RDEPEND="${COMMON_DEPEND}
acct-user/messagebus
"
# Flatcar: drop dependency on sec-policy/selinux-dbus, to avoid pulling in
# unnecessary ebuilds into rootfs.
RDEPEND="${CDEPEND}"
DOC_CONTENTS="
Some applications require a session bus in addition to the system
@ -57,12 +60,10 @@ TBD="${WORKDIR}/${P}-tests-build"
PATCHES=(
"${FILESDIR}/${PN}-enable-elogind.patch"
"${FILESDIR}/${PN}-daemon-optional.patch" # bug #653136
)
pkg_setup() {
enewgroup messagebus
enewuser messagebus -1 -1 -1 messagebus
use test && python-any-r1_pkg_setup
if use kernel_linux; then
@ -80,12 +81,26 @@ src_prepare() {
default
if [[ ${CHOST} == *-solaris* ]]; then
# fix standards conflict, due to gcc being c99 by default nowadays
sed -i \
-e 's/_XOPEN_SOURCE=500/_XOPEN_SOURCE=600/' \
configure.ac || die
fi
# required for bug 263909, cross-compile so don't remove eautoreconf
eautoreconf
}
src_configure() {
local rundir=$(usex kernel_linux /run /var/run)
sed -e "s;@rundir@;${EPREFIX}${rundir};g" "${FILESDIR}"/dbus.initd.in \
> "${T}"/dbus.initd || die
multilib-minimal_src_configure
}
multilib_src_configure() {
local docconf myconf
local docconf myconf testconf
# so we can get backtraces from apps
case ${CHOST} in
@ -101,8 +116,6 @@ multilib_src_configure() {
# not on an SELinux profile.
myconf=(
--localstatedir="${EPREFIX}/var"
--docdir="${EPREFIX}/usr/share/doc/${PF}"
--htmldir="${EPREFIX}/usr/share/doc/${PF}/html"
$(use_enable static-libs static)
$(use_enable debug verbose-mode)
--disable-asserts
@ -119,12 +132,12 @@ multilib_src_configure() {
--disable-modular-tests
$(use_enable debug stats)
--with-session-socket-dir="${EPREFIX}"/tmp
--with-system-pid-file="${EPREFIX}"/var/run/dbus.pid
--with-system-socket="${EPREFIX}"/var/run/dbus/system_bus_socket
--with-system-pid-file="${EPREFIX}${rundir}"/dbus.pid
--with-system-socket="${EPREFIX}${rundir}"/dbus/system_bus_socket
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
--with-dbus-user=messagebus
$(use_with X x)
)
)
if [[ ${CHOST} == *-darwin* ]]; then
myconf+=(
@ -144,15 +157,12 @@ multilib_src_configure() {
--disable-doxygen-docs
)
myconf+=(
--disable-daemon
--disable-selinux
--disable-libaudit
--disable-elogind
--disable-systemd
--without-x
# expat is used for the daemon only
# fake the check for multilib library build
ac_cv_lib_expat_XML_ParserCreate_MM=yes
)
fi
@ -162,12 +172,15 @@ multilib_src_configure() {
if multilib_is_native_abi && use test; then
mkdir "${TBD}" || die
cd "${TBD}" || die
einfo "Running configure in ${TBD}"
ECONF_SOURCE="${S}" econf "${myconf[@]}" \
$(use_enable test asserts) \
$(use_enable test checks) \
$(use_enable test embedded-tests) \
testconf=(
$(use_enable test asserts)
$(use_enable test checks)
$(use_enable test embedded-tests)
$(use_enable test stats)
$(has_version dev-libs/dbus-glib && echo --enable-modular-tests)
)
einfo "Running configure in ${TBD}"
ECONF_SOURCE="${S}" econf "${myconf[@]}" "${testconf[@]}"
fi
}
@ -205,7 +218,7 @@ multilib_src_install() {
}
multilib_src_install_all() {
newinitd "${FILESDIR}"/dbus.initd-r1 dbus
newinitd "${T}"/dbus.initd dbus
if use X; then
# dbus X session script (#77504)
@ -223,10 +236,13 @@ multilib_src_install_all() {
# let the init script create the /var/run/dbus directory
rm -rf "${ED}"/var/run
dodoc AUTHORS ChangeLog HACKING NEWS README doc/TODO
# https://bugs.gentoo.org/761763
rm -rf "${ED}"/usr/lib/sysusers.d
dodoc AUTHORS ChangeLog NEWS README doc/TODO
readme.gentoo_create_doc
prune_libtool_files --all
find "${ED}" -name '*.la' -delete || die
}
pkg_postinst() {
@ -254,16 +270,4 @@ pkg_postinst() {
elog "the following to your environment:"
elog " DBUS_SESSION_BUS_ADDRESS=\"launchd:env=DBUS_LAUNCHD_SESSION_BUS_SOCKET\""
fi
if use user-session; then
ewarn "You have enabled user-session. Please note this can cause"
ewarn "bogus behaviors in several dbus consumers that are not prepared"
ewarn "for this dbus activation method yet."
ewarn
ewarn "See the following link for background on this change:"
ewarn "https://lists.freedesktop.org/archives/systemd-devel/2015-January/027711.html"
ewarn
ewarn "Known issues are tracked here:"
ewarn "https://bugs.gentoo.org/show_bug.cgi?id=576028"
fi
}

75
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-daemon-optional.patch vendored Normal file
View File

@ -0,0 +1,75 @@
From 3c08d28fbae8b0ef3839ef26f8d2a713a9a684f9 Mon Sep 17 00:00:00 2001
From: Andreas Sturmlechner <asturm@gentoo.org>
Date: Thu, 21 Feb 2019 23:53:19 +0100
Subject: [PATCH] Make dbus daemon build optional
---
bus/Makefile.am | 2 ++
configure.ac | 17 ++++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/bus/Makefile.am b/bus/Makefile.am
index 9ae3071..26a770c 100644
--- a/bus/Makefile.am
+++ b/bus/Makefile.am
@@ -70,6 +70,7 @@ agentdir=$(LAUNCHD_AGENT_DIR)
agent_DATA=org.freedesktop.dbus-session.plist
endif
+if DBUS_DAEMON
if DBUS_BUS_ENABLE_KQUEUE
DIR_WATCH_SOURCE=dir-watch-kqueue.c
else
@@ -241,6 +242,7 @@ test_bus_LDADD = \
$(top_builddir)/dbus/libdbus-internal.la \
$(DBUS_BUS_LIBS) \
$(NULL)
+endif DBUS_DAEMON
install-data-hook:
$(mkinstalldirs) $(DESTDIR)$(dbusdatadir)/session.d
diff --git a/configure.ac b/configure.ac
index be6b065..854e846 100644
--- a/configure.ac
+++ b/configure.ac
@@ -202,6 +202,7 @@ AC_ARG_ENABLE([apparmor],
[enable_apparmor=$enableval],
[enable_apparmor=auto])
AC_ARG_ENABLE(libaudit,AS_HELP_STRING([--enable-libaudit],[build audit daemon support for SELinux]),enable_libaudit=$enableval,enable_libaudit=auto)
+AC_ARG_ENABLE(daemon, AS_HELP_STRING([--enable-daemon],[build with the dbus daemon]),enable_daemon=$enableval,enable_daemon=yes)
AC_ARG_ENABLE(inotify, AS_HELP_STRING([--enable-inotify],[build with inotify support (linux only)]),enable_inotify=$enableval,enable_inotify=auto)
AC_ARG_ENABLE(kqueue, AS_HELP_STRING([--enable-kqueue],[build with kqueue support]),enable_kqueue=$enableval,enable_kqueue=auto)
AC_ARG_ENABLE(console-owner-file, AS_HELP_STRING([--enable-console-owner-file],[enable console owner file]),enable_console_owner_file=$enableval,enable_console_owner_file=auto)
@@ -830,7 +831,20 @@ AC_CHECK_FUNCS(getpeerucred getpeereid)
AC_CHECK_FUNCS(pipe2 accept4)
-PKG_CHECK_MODULES([EXPAT], [expat])
+# dbusdaemon checks
+if test x$enable_daemon = xno ; then
+ have_daemon=no
+else
+ have_daemon=yes
+fi
+
+dnl check if daemon shall be built
+if test x$have_daemon = xyes; then
+ AC_DEFINE(DBUS_DAEMON,1,[Use daemon])
+ PKG_CHECK_MODULES([EXPAT], [expat])
+fi
+
+AM_CONDITIONAL(DBUS_DAEMON, test x$have_daemon = xyes)
save_cflags="$CFLAGS"
save_libs="$LIBS"
@@ -1824,6 +1838,7 @@ echo "
Building bus stats API: ${enable_stats}
Building SELinux support: ${have_selinux}
Building AppArmor support: ${have_apparmor}
+ Building daemon: ${have_daemon}
Building inotify support: ${have_inotify}
Building kqueue support: ${have_kqueue}
Building systemd support: ${have_systemd}
--
2.20.1

10
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus.initd-r1 → sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus.initd.in vendored
View File

@ -1,15 +1,15 @@
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License, v2 or later
extra_started_commands="reload"
description="An IPC message bus daemon"
pidfile="/var/run/dbus.pid"
pidfile="@rundir@/dbus.pid"
command="/usr/bin/dbus-daemon"
command_args="--system"
dbus_socket="/var/run/dbus/system_bus_socket"
dbus_socket="@rundir@/dbus/system_bus_socket"
depend() {
need localmount
@ -20,7 +20,7 @@ start_pre() {
/usr/bin/dbus-uuidgen --ensure=/etc/machine-id
# We need to test if /var/run/dbus exists, since script will fail if it does not
checkpath -q -d /var/run/dbus
checkpath -q -d "@rundir@/dbus"
}
stop_post() {
@ -29,7 +29,7 @@ stop_post() {
reload() {
ebegin "Reloading D-BUS messagebus config"
/usr/bin/dbus-send --print-reply --system --type=method_call \
dbus-send --print-reply --system --type=method_call \
--dest=org.freedesktop.DBus \
/ org.freedesktop.DBus.ReloadConfig > /dev/null
eend $?

804
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/ChangeLog vendored
View File

@ -1,804 +0,0 @@
# ChangeLog for sys-apps/policycoreutils
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.154 2015/06/09 15:38:25 swift Exp $
*policycoreutils-9999 (09 Jun 2015)
09 Jun 2015; Sven Vermeulen <swift@gentoo.org> +policycoreutils-9999.ebuild:
Adding policycoreutils-9999 to better support upstream integrations
10 May 2015; Jason Zaman <perfinion@gentoo.org> policycoreutils-2.4.ebuild:
stabilize selinux 2.4 userland
09 May 2015; Jason Zaman <perfinion@gentoo.org> policycoreutils-2.4.ebuild:
ewarn has been moved to libsemanage
18 Apr 2015; Jason Zaman <perfinion@gentoo.org>
-policycoreutils-2.3-r2.ebuild, -policycoreutils-2.4_rc6-r1.ebuild,
-policycoreutils-2.4_rc7.ebuild:
Drop old RCs
04 Mar 2015; Sven Vermeulen <swift@gentoo.org> policycoreutils-2.4.ebuild:
Fix build failure on x32 (bug #541618)
06 Feb 2015; Jason Zaman <perfinion@gentoo.org> policycoreutils-2.3-r3.ebuild:
Stablize 2.3-r3
*policycoreutils-2.4 (04 Feb 2015)
04 Feb 2015; Jason Zaman <perfinion@gentoo.org> +policycoreutils-2.4.ebuild:
Version bump
*policycoreutils-2.4_rc7 (06 Dec 2014)
*policycoreutils-2.3-r3 (06 Dec 2014)
06 Dec 2014; Jason Zaman <perfinion@gentoo.org>
+policycoreutils-2.3-r3.ebuild, +policycoreutils-2.4_rc7.ebuild,
-policycoreutils-2.4_rc2.ebuild, -policycoreutils-2.4_rc5.ebuild,
-policycoreutils-2.4_rc6.ebuild,
files/0020-disable-autodetection-of-pam-and-audit.patch,
files/0030-make-inotify-check-use-flag-triggered.patch,
policycoreutils-2.4_rc6-r1.ebuild:
version bump and ebuild clean up, drop old RC
*policycoreutils-2.4_rc6-r1 (22 Nov 2014)
22 Nov 2014; Jason Zaman <perfinon@gentoo.org>
+files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch,
+policycoreutils-2.4_rc6-r1.ebuild:
add patch from upstream to fix missing roletypes
*policycoreutils-2.4_rc6 (14 Nov 2014)
14 Nov 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.4_rc6.ebuild:
Bump to rc6
*policycoreutils-2.4_rc5 (29 Oct 2014)
29 Oct 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.4_rc5.ebuild, -policycoreutils-2.4_rc4.ebuild,
policycoreutils-2.4_rc2.ebuild:
Bump to 2.4_rc5
*policycoreutils-2.4_rc4 (07 Oct 2014)
07 Oct 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.4_rc4.ebuild:
Bump to 2.4-rc4
*policycoreutils-2.4_rc2 (21 Sep 2014)
21 Sep 2014; Sven Vermeulen <swift@gentoo.org>
+files/0010-remove-sesandbox-support.patch,
+files/0020-disable-autodetection-of-pam-and-audit.patch,
+files/0030-make-inotify-check-use-flag-triggered.patch,
+files/0040-reverse-access-check-in-run_init.patch,
+files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch,
+files/0110-build-mcstrans-bug-472912.patch,
+files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch,
+policycoreutils-2.4_rc2.ebuild, policycoreutils-2.3-r2.ebuild:
Noved to github; also add in masked 2.4 series
05 Aug 2014; Sven Vermeulen <swift@gentoo.org>
-policycoreutils-2.2.5-r2.ebuild, -policycoreutils-2.3-r1.ebuild,
-policycoreutils-2.3.ebuild, metadata.xml:
Remove obsoleted ebuilds
30 Jul 2014; Sven Vermeulen <swift@gentoo.org> policycoreutils-2.3-r2.ebuild:
Fix bug #514194 - Stabilization of SELinux userspace 2.3
*policycoreutils-2.3-r2 (28 May 2014)
28 May 2014; Sven Vermeulen <swift@gentoo.org> +policycoreutils-2.3-r2.ebuild:
Fix selocal attribute validation
*policycoreutils-2.3-r1 (26 May 2014)
26 May 2014; Sven Vermeulen <swift@gentoo.org> +policycoreutils-2.3-r1.ebuild:
Fix selocal to support dontaudit as well. Also verify types, attributes and
roles before adding them.
10 May 2014; Sven Vermeulen <swift@gentoo.org>
-policycoreutils-2.1.14-r1.ebuild, -policycoreutils-2.1.14-r2.ebuild,
-policycoreutils-2.1.14-r3.ebuild, -policycoreutils-2.1.14-r4.ebuild,
-policycoreutils-2.1.14-r5.ebuild, -policycoreutils-2.2.1-r1.ebuild,
-policycoreutils-2.2.5-r1.ebuild, -policycoreutils-2.2.5-r3.ebuild,
-policycoreutils-2.3_rc1.ebuild, -policycoreutils-2.3_rc1-r1.ebuild,
-files/policycoreutils-extra-1.21-fix-python3.patch:
Spring cleanup
10 May 2014; Sven Vermeulen <swift@gentoo.org>
policycoreutils-2.2.5-r4.ebuild:
Stabilize to work around vulnerability CVE-2014-3215
*policycoreutils-2.3 (09 May 2014)
09 May 2014; Sven Vermeulen <swift@gentoo.org> +policycoreutils-2.3.ebuild:
Bump to 2.3
*policycoreutils-2.3_rc1-r1 (09 May 2014)
09 May 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.2.5-r4.ebuild, +policycoreutils-2.3_rc1-r1.ebuild:
Do not build seunshare/sesandbox, cfr bug #509896
*policycoreutils-2.3_rc1 (28 Apr 2014)
28 Apr 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.3_rc1.ebuild:
2.3-rc1 release
*policycoreutils-2.2.5-r3 (19 Apr 2014)
19 Apr 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.2.5-r3.ebuild, policycoreutils-2.2.5-r1.ebuild:
Fix bug #507992 - Do not push out restorecond init script if restorecond
should not be installed
20 Jan 2014; Sven Vermeulen <swift@gentoo.org>
policycoreutils-2.2.5-r2.ebuild:
Stabilize for amd64 and x86
*policycoreutils-2.1.14-r5 (12 Jan 2014)
12 Jan 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.14-r5.ebuild:
Backport BUILD_DIR change to 2.1.14 (needed to have runscript_selinux follow
USE flag info)
*policycoreutils-2.2.5-r2 (12 Jan 2014)
12 Jan 2014; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.2.5-r2.ebuild:
Use python builddir locations for installation, otherwise a non-built
directory will be used, dismissing all configuration variables mentioned
earlier
23 Dec 2013; Sven Vermeulen <swift@gentoo.org>
-policycoreutils-2.1.13-r3.ebuild, -policycoreutils-2.1.13-r4.ebuild,
-policycoreutils-2.1.13-r5.ebuild, -policycoreutils-2.1.13-r6.ebuild,
-policycoreutils-2.1.13-r7.ebuild, -policycoreutils-2.1.13-r8.ebuild,
-policycoreutils-2.1.13-r9.ebuild, -policycoreutils-2.1.13-r10.ebuild,
-policycoreutils-2.1.13-r11.ebuild:
Cleanup old versions
*policycoreutils-2.2.5-r1 (10 Dec 2013)
10 Dec 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.2.5-r1.ebuild:
Adding 2.2.5 release
*policycoreutils-2.2.1-r1 (04 Nov 2013)
04 Nov 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.2.1-r1.ebuild:
New policycoreutils release
04 Nov 2013; Sven Vermeulen <swift@gentoo.org>
policycoreutils-2.1.14-r4.ebuild:
Stabilize
*policycoreutils-2.1.14-r4 (13 Aug 2013)
13 Aug 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.14-r4.ebuild:
Document setfiles in rlpkg, improve selocal resilience
07 Jul 2013; Sven Vermeulen <swift@gentoo.org>
-policycoreutils-2.1.10-r5.ebuild:
Summer cleaning
*policycoreutils-2.1.14-r3 (07 Jul 2013)
07 Jul 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.14-r3.ebuild:
Switch to python-r1 eclass, add in mcstrans (bug #472912)
16 Jun 2013; Sven Vermeulen <swift@gentoo.org>
policycoreutils-2.1.14-r2.ebuild:
Stabilization
10 May 2013; Sven Vermeulen <swift@gentoo.org> metadata.xml:
Add in CPE data for policycoreutils, historical CVEs use redhat as
application vendor
*policycoreutils-2.1.14-r2 (07 May 2013)
07 May 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.14-r2.ebuild:
Fix bugs 467268 (yum bindings), 468832 (key error), 468830 (mls range
dependency)
*policycoreutils-2.1.14-r1 (25 Apr 2013)
25 Apr 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.14-r1.ebuild:
New upstream release
*policycoreutils-2.1.13-r11 (19 Apr 2013)
19 Apr 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.13-r11.ebuild:
Add selocal command to policycoreutils
*policycoreutils-2.1.13-r10 (16 Apr 2013)
16 Apr 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.13-r10.ebuild:
Fix bugs #463222 (newrole O_RDWR) and #464808 (hardcoded python3.1 in rlpkg)
16 Apr 2013; Sven Vermeulen <swift@gentoo.org>
-policycoreutils-2.1.10-r1.ebuild, -policycoreutils-2.1.10-r3.ebuild,
-policycoreutils-2.1.10-r4.ebuild, -policycoreutils-2.1.10.ebuild:
Some cleanup (older release unstables)
16 Apr 2013; Sven Vermeulen <swift@gentoo.org>
policycoreutils-2.1.13-r9.ebuild:
Stabilize policycoreutils-2.1.13-r9
*policycoreutils-2.1.13-r9 (19 Mar 2013)
19 Mar 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.13-r9.ebuild:
Fix bug #457786 - Link runscript_selinux with crypt
*policycoreutils-2.1.13-r8 (10 Mar 2013)
10 Mar 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.13-r8.ebuild:
Adding selinux_gentoo init script for initramfs and cpu/online support
(#456914)
*policycoreutils-2.1.13-r7 (09 Mar 2013)
09 Mar 2013; Sven Vermeulen <swift@gentoo.org>
+policycoreutils-2.1.13-r7.ebuild:
Update policycoreutils-extras to fix build failure when not building with PAM
support, see bug #457786
*policycoreutils-2.1.13-r6 (30 Dec 2012)
30 Dec 2012; Sven Vermeulen +policycoreutils-2.1.13-r6.ebuild,
policycoreutils-2.1.13-r5.ebuild:
Stabilize r5, get r6 available as well which fixes rlpkg to include zfs
support
*policycoreutils-2.1.13-r5 (17 Nov 2012)
17 Nov 2012; <swift@gentoo.org> policycoreutils-2.1.13-r4.ebuild,
+policycoreutils-2.1.13-r5.ebuild:
Stabilization, move sesandbox support to next release
*policycoreutils-2.1.13-r4 (14 Oct 2012)
14 Oct 2012; <swift@gentoo.org> +policycoreutils-2.1.13-r4.ebuild:
Remove support for python3 until upstream supports it
13 Oct 2012; <swift@gentoo.org> policycoreutils-2.1.13-r3.ebuild:
Supporting user-provided patches using epatch_user
*policycoreutils-2.1.13-r3 (09 Oct 2012)
09 Oct 2012; <swift@gentoo.org> +policycoreutils-2.1.13-r3.ebuild:
Introducing new upstream release
06 Oct 2012; <swift@gentoo.org> policycoreutils-2.1.10-r5.ebuild:
Stabilize
*policycoreutils-2.1.10-r5 (08 Sep 2012)
08 Sep 2012; <swift@gentoo.org> +policycoreutils-2.1.10-r5.ebuild:
Fix bug #427596 and #430806
10 Jul 2012; <swift@gentoo.org> policycoreutils-2.1.10-r3.ebuild:
Stabilization, drop libcgroup dependency along the way
*policycoreutils-2.1.10-r4 (10 Jul 2012)
10 Jul 2012; <swift@gentoo.org> +policycoreutils-2.1.10-r4.ebuild:
Support refpolicy style audit2allow (#417199)
26 Jun 2012; Mike Gilbert <floppym@gentoo.org>
policycoreutils-2.1.10-r1.ebuild, policycoreutils-2.1.10-r3.ebuild,
policycoreutils-2.1.10.ebuild:
Restrict pypy per Arfrever.
*policycoreutils-2.1.10-r3 (25 Jun 2012)
25 Jun 2012; <swift@gentoo.org>
+files/policycoreutils-extra-1.21-fix-python3.patch,
+policycoreutils-2.1.10-r3.ebuild:
Improve support for python3, fixes bug #416301
13 May 2012; <swift@gentoo.org> -policycoreutils-2.1.0-r1.ebuild,
-policycoreutils-2.1.0-r2.ebuild:
Removing obsoleted ebuilds
*policycoreutils-2.1.10-r1 (29 Apr 2012)
29 Apr 2012; <swift@gentoo.org> policycoreutils-2.1.10.ebuild,
+policycoreutils-2.1.10-r1.ebuild:
Remove dependency on libcgroup (but drop sesandbox support along the way)
29 Apr 2012; <swift@gentoo.org> policycoreutils-2.1.10.ebuild:
Stabilization
*policycoreutils-2.1.10 (31 Mar 2012)
31 Mar 2012; <swift@gentoo.org> +policycoreutils-2.1.10.ebuild, metadata.xml:
Bump to version 2.1.10
26 Feb 2012; <swift@gentoo.org> policycoreutils-2.1.0-r2.ebuild:
Stabilization
14 Jan 2012; <swift@gentoo.org> +policycoreutils-2.1.0-r2.ebuild,
metadata.xml:
Mark audit as a local USE flag
*policycoreutils-2.1.0-r2 (14 Jan 2012)
14 Jan 2012; <swift@gentoo.org> +policycoreutils-2.1.0-r2.ebuild:
Override auto-detection of pam and audit, use USE flags for this
12 Nov 2011; <swift@gentoo.org> -policycoreutils-2.0.82.ebuild,
-policycoreutils-2.0.82-r1.ebuild, -policycoreutils-2.0.85.ebuild,
-policycoreutils-2.1.0.ebuild:
removing obsoleted ebuilds
23 Oct 2011; <swift@gentoo.org> policycoreutils-2.1.0-r1.ebuild:
Stabilization (tracker #384231)
23 Oct 2011; <swift@gentoo.org> policycoreutils-2.0.82-r1.ebuild:
Stabilize 2.0.82-r1 to fix #372807
*policycoreutils-2.1.0-r1 (17 Sep 2011)
17 Sep 2011; <swift@gentoo.org> +policycoreutils-2.1.0-r1.ebuild:
Add /var/lib/selinux directory, needed for 'semodule permissive' support (bug
#381755)
02 Sep 2011; <swift@gentoo.org> policycoreutils-2.0.85.ebuild,
policycoreutils-2.1.0.ebuild:
Update patch locations to dev.g.o instead of files/ folder
12 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
-policycoreutils-2.0.55.ebuild, -policycoreutils-2.0.69.ebuild,
-policycoreutils-2.0.69-r1.ebuild, -policycoreutils-2.0.69-r2.ebuild,
-files/policycoreutils-2.0.69-setfiles.diff:
Removed deprecated versions
*policycoreutils-2.1.0 (03 Aug 2011)
03 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
+policycoreutils-2.1.0.ebuild:
Bump to 20110727 SELinux userspace release
*policycoreutils-2.0.85 (15 Jul 2011)
15 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+policycoreutils-2.0.85.ebuild,
+files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz,
+files/policycoreutils-2.0.85-sesandbox.patch.gz:
Add fix for bug #374897 and initial support for python3
08 Jul 2011; Samuli Suominen <ssuominen@gentoo.org>
policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
policycoreutils-2.0.69-r1.ebuild, policycoreutils-2.0.69-r2.ebuild:
Convert from "useq" to "use".
*policycoreutils-2.0.82-r1 (30 Jun 2011)
30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+policycoreutils-2.0.82-r1.ebuild:
Overwrite invalid .po files with valid ones, fixes bug #372807
16 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
policycoreutils-2.0.82.ebuild:
Drop use_nls dependency on gettext. Its mandatory. See bug #299681.
Also put gettext in COMMON_DEPS, it is more than a RDEPEND.
28 May 2011; Anthony G. Basile <blueness@gentoo.org>
policycoreutils-2.0.82.ebuild:
Stable amd64 x86
16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
Updated metadata info.
08 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
policycoreutils-2.0.82.ebuild:
Set SUPPORT_PYTHON_ABIS (bug #353762). Fix dependencies. Fix installation
with FEATURES="multilib-strict".
*policycoreutils-2.0.82 (05 Feb 2011)
05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+policycoreutils-2.0.82.ebuild:
New upstream release.
*policycoreutils-2.0.69-r2 (05 Feb 2011)
05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+policycoreutils-2.0.69-r2.ebuild,
+files/policycoreutils-2.0.69-setfiles.diff:
Fixed bug #300613
04 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
policycoreutils-2.0.69-r1.ebuild:
Delete calls to deprecated python_version().
*policycoreutils-2.0.69-r1 (20 Sep 2009)
20 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-2.0.69-r1.ebuild:
Update rlpkg for ext4 and btrfs.
14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-2.0.69.ebuild:
Fix libsemanage DEP.
02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild:
Add python_need_rebuild.
*policycoreutils-2.0.69 (02 Aug 2009)
02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-2.0.69.ebuild:
New upstream release.
18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
-policycoreutils-1.34.15.ebuild, policycoreutils-2.0.55.ebuild:
Mark stable. Remove old ebuilds.
*policycoreutils-2.0.55 (03 Oct 2008)
03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-2.0.55.ebuild:
Initial commit of policycoreutils 2.0.
29 May 2008; Ali Polatel <hawking@gentoo.org>
policycoreutils-1.34.15.ebuild:
python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
26 May 2008; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.34.15.ebuild:
Fix libsemanage dependency.
13 May 2008; Chris PeBenito <pebenito@gentoo.org>
-files/policycoreutils-1.28-quietlp.diff,
-files/policycoreutils-1.32-quietlp.diff,
-files/policycoreutils-unsigned-char-ppc.diff,
-policycoreutils-1.28.ebuild, -policycoreutils-1.30-r1.ebuild,
-policycoreutils-1.34.1.ebuild, -policycoreutils-1.34.11.ebuild,
policycoreutils-1.34.15.ebuild:
Mark 1.34.15 stable, clear old ebuilds.
*policycoreutils-1.34.15 (29 Jan 2008)
29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.34.15.ebuild:
New upstream bugfix release.
19 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.34.11.ebuild:
Fix quoting in unpack.
*policycoreutils-1.34.11 (18 Oct 2007)
18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.34.11.ebuild:
New upstream release.
04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.34.1.ebuild:
Mark stable.
*policycoreutils-1.34.1 (15 Feb 2007)
15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.34.1.ebuild:
New upstream release.
24 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.30.30.ebuild:
Fix glibc handling.
09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.30.30.ebuild:
Stable to make repoman happy.
*policycoreutils-1.30.30 (05 Oct 2006)
05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-1.32-quietlp.diff, +policycoreutils-1.30.30.ebuild:
Add SVN snapshot and updated extras in preparation for reference policy.
31 Jul 2006; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.30-r1.ebuild:
Mark stable, long overdue.
*policycoreutils-1.30-r1 (28 Mar 2006)
28 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
-policycoreutils-1.30.ebuild, +policycoreutils-1.30-r1.ebuild:
Fix install location of python site packages.
22 Feb 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
Alpha stable
19 Feb 2006; Joshua Kinard <kumba@gentoo.org> policycoreutils-1.28.ebuild:
Marked stable on mips.
*policycoreutils-1.30 (18 Mar 2006)
18 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.30.ebuild:
New upstream release.
05 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-unsigned-char-ppc.diff,
policycoreutils-1.28.ebuild:
Add patch to fix #121689.
17 Jan 2006; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.28.ebuild:
Mark stable, x86, amd64, ppc, sparc.
14 Jan 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
Added ~alpha
15 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.22.ebuild, policycoreutils-1.24-r2.ebuild,
policycoreutils-1.28.ebuild:
Tighten up versioning to try to prevent mismatch problems as seen in #112348.
*policycoreutils-1.28 (09 Dec 2005)
09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-1.28-quietlp.diff, -policycoreutils-1.24-r1.ebuild,
+policycoreutils-1.28.ebuild:
New upstream release.
*policycoreutils-1.24-r2 (08 Dec 2005)
08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.24-r2.ebuild:
Add compatability symlink for genhomedircon.
*policycoreutils-1.24-r1 (09 Sep 2005)
09 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.24-r1.ebuild:
Update for fixed selinuxconfig source policy path.
11 Jul 2005; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.22.ebuild, policycoreutils-1.24.ebuild:
Fix RDEPEND for building stages. Libsepol is required now.
*policycoreutils-1.24 (25 Jun 2005)
25 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-1.24-genhomedircon-quiet.diff,
-policycoreutils-1.20-r1.ebuild, +policycoreutils-1.24.ebuild:
New upstream release.
10 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
mips stable
01 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
Added ~mips.
01 May 2005; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.22.ebuild:
Mark stable.
*policycoreutils-1.22 (13 Mar 2005)
13 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-1.22-genhomedircon-quiet.diff,
+policycoreutils-1.22.ebuild:
New upstream release.
*policycoreutils-1.20-r1 (13 Feb 2005)
13 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
-policycoreutils-1.16.ebuild, +policycoreutils-1.20-r1.ebuild,
-policycoreutils-1.20.ebuild:
Add back some tools deleted from upstream libselinux.
*policycoreutils-1.20 (07 Jan 2005)
07 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.18-r1.ebuild, +policycoreutils-1.20.ebuild:
New upstream release. Mark 1.18-r1 stable.
*policycoreutils-1.18-r1 (03 Jan 2005)
03 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-nonls.diff, +policycoreutils-1.18-r1.ebuild:
Make pam and nls optional for embedded systems use.
22 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.18.ebuild:
Ensure a few dirs and perms during stage1 build.
15 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.18.ebuild:
Fix libsepol dep.
*policycoreutils-1.18 (14 Nov 2004)
14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.18.ebuild:
New upstream release.
*policycoreutils-1.16 (07 Sep 2004)
07 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-1.16-genhomedircon-compat.diff,
+policycoreutils-1.16.ebuild:
New upstream release.
08 Aug 2004; Tom Martin <slarti@gentoo.org> policycoreutils-1.12-r1.ebuild,
policycoreutils-1.12-r2.ebuild, policycoreutils-1.14.ebuild,
policycoreutils-1.4-r1.ebuild:
Typo in DESCRIPTION: utilites -> utilities. Bug 59717.
06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.14.ebuild:
Bump extras to fix free() bug in runscript_selinux.so.
*policycoreutils-1.12-r2 (06 Jul 2004)
06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+files/runscript-selinux.diff, +policycoreutils-1.12-r2.ebuild:
Fix free() error in runscript_selinux.so.
03 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.14.ebuild:
Update extras.
*policycoreutils-1.14 (02 Jul 2004)
02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+files/policycoreutils-1.14-genhomedircon-compat.diff,
+policycoreutils-1.14.ebuild:
New upstream version.
*policycoreutils-1.12-r1 (28 Jun 2004)
28 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.12-r1.ebuild:
Add toggle_bool to extras.
11 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
-policycoreutils-1.10-r1.ebuild, policycoreutils-1.12.ebuild:
Mark stable
*policycoreutils-1.12 (14 May 2004)
14 May 2004; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.12.ebuild:
New upstream release.
*policycoreutils-1.10-r1 (28 Apr 2004)
28 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+policycoreutils-1.10-r1.ebuild, -policycoreutils-1.10.ebuild,
-policycoreutils-1.8.ebuild:
Update extras and mark stable.
*policycoreutils-1.10 (20 Apr 2004)
08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.4-r1.ebuild, policycoreutils-1.8.ebuild:
More specific versioning for libselinux.
08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.8.ebuild:
Mark stable for 2004.1
15 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.8.ebuild:
Update extras.
*policycoreutils-1.8 (12 Mar 2004)
12 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.8.ebuild:
New upstream release.
*policycoreutils-1.6 (24 Feb 2004)
24 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.4-r1.ebuild, policycoreutils-1.6.ebuild:
New upstream release. Mark 1.4-r1 stable.
*policycoreutils-1.4-r1 (09 Feb 2004)
09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.4-r1.ebuild:
Move extras to mirrors, and add runscript_selinux.so.
31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> files/rlpkg:
Switch to portageq from inline python. Add missing quotes for completeness.
16 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.4.ebuild:
Mark stable.
*policycoreutils-1.4 (06 Dec 2003)
06 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.4.ebuild:
New upstream version.
*policycoreutils-1.2-r2 (23 Nov 2003)
23 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.2-r2.ebuild:
Bump to add /sbin/seinit.
29 Oct 2003; Joshua Brindle <method@gentoo.org>
policycoreutils-1.2-r1.ebuild:
added sparc
*policycoreutils-1.2-r1 (20 Oct 2003)
20 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.2-r1.ebuild:
Remove unneeded -lattr linking from Makefiles.
07 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.2.ebuild:
Mark stable.
*policycoreutils-1.2 (03 Oct 2003)
03 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.2.ebuild, files/policycoreutils-1.2-gentoo.diff:
New upstream version.
29 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.1-r1.ebuild:
Add build USE flag; when asserted, only setfiles is built and merged.
22 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.1-r1.ebuild:
Move selinux-base-policy RDEPEND to checkpolicy. No longer RDEPEND on
checkpolicy.
22 Sep 2003; <paul@gentoo.org> metadata.xml:
Fix metadata.xml
24 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.1-r1.ebuild, policycoreutils-1.1.ebuild:
Mark stable
*policycoreutils-1.1-r1 (18 Aug 2003)
18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
files/avc_enforcing, files/avc_toggle,
files/policycoreutils-1.1-setfiles.diff:
Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
scripts for ease of use for old API users. Use package description from RPM
spec file in metadata.xml long description.
*policycoreutils-1.1 (14 Aug 2003)
14 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.1.ebuild:
New upstream version
10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
policycoreutils-1.0.ebuild, files/rlpkg:
Add mkinitrd RDEP, add rlpkg.
*policycoreutils-1.0 (03 Aug 2003)
03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
policycoreutils-1.0.ebuild, files/policycoreutils-1.0-gentoo.diff:
Initial commit

44
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/Manifest vendored
View File

@ -1,41 +1,3 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
AUX 0001-policycoreutils-pp-add-roletype-statements-for-both-.patch 2157 SHA256 799b93fde622a168e0c7b1a0a1ec1a0a65873379e1245ec42859c00a06ca1372 SHA512 fb96bcf8bf045092be98dfce3c2d010984428f2a302e53c72af236eb1466465a27c6fba00e0912cafb28159e3d233fd82220c2456a2b8df36ba2d1286b9752fa WHIRLPOOL e1a829e0710e045c7a7ba622f4c79e8ff9d59c370b838e45ccca95416845d92a6d690cd65be2c99aa020ec7a6db2692988db7b5d72823d42f977124b35abcb17
AUX 0010-remove-sesandbox-support.patch 747 SHA256 af6969721dede49f4de4e1db8e98e8400a8f0e3ec0b55aee9295aea0d6ba3b9a SHA512 b7b54191d2b8703393dd23a7fcccbdc3e2b7234acd962e994c8549eebae6cae3b6f62055b47a2d5db94510739abfb2fa365090c452422b6fbc02ad625ebe4859 WHIRLPOOL 1ed396c3346123af9fc8a5e911a6c241e2b64d7424b2d5194b0cc7c6b44a960c70afde3d04a508ecf525af038a52c739bc424230db34fcb52096304b2cda2771
AUX 0020-disable-autodetection-of-pam-and-audit.patch 3924 SHA256 5f322dcc8c24838ec30c1df3aa69876063989fd07389c60ef64802c6fe25e91e SHA512 0efcbe36fdaa369cb1837767e872189f9f18b58d738b38c304ef31c568e60d602cfb5f87328a3b1f209840e2ab102f2d0ee8c4e918b2866c0ca978f33252ad33 WHIRLPOOL 669a451f98f39607e6a5a235e67ab432e480327dfe8204c2fcbb7455f571da4a64e91d76926c34e7fc25cec393ed6fbabb33e46c00e4f7a30848f304ed96b61f
AUX 0030-make-inotify-check-use-flag-triggered.patch 650 SHA256 1cf0d985c865d9afe134e598c50b40420e4a48f4fde6e5d1916a880b8c393a75 SHA512 9ae10652ae14abd8930690363d41d9cacf0d0003ff21cf75dfc52a4ab7a4ab3d1fa9f1dc6994de9ae874483297478d79ee071dae766dfabf07ba70092bd11ba4 WHIRLPOOL ebf776adb8115db80418313ee8ad80f8d03b71358b1aa790ac690cd81b3646f0818da6bbf5d2f570c4be4150e6a2b475ff848622239f65e1479f29c9eb6a44f1
AUX 0040-reverse-access-check-in-run_init.patch 500 SHA256 5e1bb9b3124efee30502992cb16720f44d8abd3eeacaa8b70cea5cfa116dc9dc SHA512 2935f303a84f5a18d58eb98bab2101772d6b787a2fe8299cbba1deb0dacc313ae04c60bb731fae255e24c52b5923aa861925c31be8898aa37d2d7687a7725040 WHIRLPOOL 3022f8703ea851c2b90e93965dce0669a2d3b33ef61ee09ed9aed775f07858c6b5474b8e0f0e6186609af4e05234c042aa376ea242b4245a95a1cd08ba19cbd3
AUX 0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch 519 SHA256 63d4952efdf1fa8510485900e17f3bcb356086dda9440e3f4dd9fbcad83ec027 SHA512 c49b440ca07003688e115ea792188f37e5456d8afde0ee3be7a49af8c51ca7089e85e64ad237fbdc3c34685a58022f695f00fe443face1052f8181829678a256 WHIRLPOOL 1a246957e0aebf5129117644eb202a123ae8e43cca19b961796cc3940253e92c479819911a681d2434f794693115843cf351f04f9610e46171bef7048b59a8d1
AUX 0110-build-mcstrans-bug-472912.patch 2509 SHA256 c89ee8947ba7d04c7df30eef7fee91233188da90718c05a93c07112eb272dd8d SHA512 97a6c17e8232dc62dd5beaf101efa1e0462eedfb9fb4eff93d96171bbd866bd12b19ada1c512eef20ba732813e6f009276debbe5385ece373dd3bad1b7e61765 WHIRLPOOL fdb2509aab5e98ed11a942457711132e5888a25c0426bde59a84fb8bd8dc3f065f0e6daba77730e94a114c1e1431a1cee17a6ccf305946a5abed328f027c0bd1
AUX 0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch 483 SHA256 572d141797d2a164b50b081fd6167f3acd93f62cc878c8859f731580243deb7d SHA512 a8a81158924aa527038696a98503144e50ed941ba1afbf52d26fc5bb9373c7ac6fd3f864070ff717c5b45ddba0470bc43b142f02da134559af8896c15084234f WHIRLPOOL 17836a74dcd4ce605891f6bd1eeeca61d6ed1534d3f6d3e1c65d1ddd7096460cbf75eac868d2c7ef112c85f745c2b1af7ca2abf02644351c3ebbfbbffc90a99b
DIST patchbundle-policycoreutils-2.2.5-gentoo-r1.tar.gz 7287 SHA256 cb6915c46a5e6789f95ac254d34b1d890055b31ded61596ffb5bf925aa8c446a SHA512 be6eeaf4927d80f2c198ecc4fbe88a3e960380a0de532155eff3a12157df0615e7b3ffbc09e984df08fb32ce5b62f75147559a093b620a98d9ff836ad07b18b0 WHIRLPOOL de7e0348abc45713ede926d79f26bb8590c41db6f984ff8f29a01b933f6e3c38531682f10a0d7de73f8b26994ac9a476bd9d54fc36fb45689f7ad9eca5206f09
DIST patchbundle-policycoreutils-3.tar.gz 7294 SHA256 44db261c87f583a7620690fc5041d8a21b1c935e741fe7b594aa2cc958e3deb7 SHA512 24e4c73e97441a1042618f6a4179d71672c81f821ffc2f97a54116bf6b33a93bd7f3e2030dbdb362da5e2a7d8936604e5b0283261c7b2447cc4f7594966c73bc WHIRLPOOL d38416ff9707d7d2bbf04f5d582944a87d27de06f3d70677341d38dacc6501dd78ef01fd8a7bb044d49b1f2a8c95181e2cb1b4b81dae49819409dbcf9d7abcb7
DIST policycoreutils-2.2.5.tar.gz 4948944 SHA256 bbf850a8c3c2f371f439d6525663eecdd3a737acd594d2f27f8d8f3a07830cc4 SHA512 88a32fbbede56f3e717394f134212ed9df9b06cbb5532168ccc03ef2a465f4320b54a561348ea5c319b5b641f7661565ad29fbdc5aae50190a6d21d076cf2c3f WHIRLPOOL 0eb0e0c7e1fc1514cb28bbda7a10066ad23a9ccfecc92dee606e3f0e71632e07fe1c4ba7ac89993adf15e9520fc9e527e16d623d56b4e96cc882bf82dea4cb14
DIST policycoreutils-2.3.tar.gz 4984980 SHA256 864cfaee58b5d2f15b140c354e59666e57143293c89f2b2e85bc0d0e4beefcd2 SHA512 3256849d13856ec47ac85470632a57e26952c5dafffb51df4eb8e32467196ff3ef725cc582798727fe45fd6284c1893d12eae2c89088ae1758ad39faec385659 WHIRLPOOL 1dd9bfd67ebb744b8c47144966f09d8361e9018e8d941355080c274b9ac891c18eb95771f3dc8b136683224bc5f12f3fb58fa00666b5815d65e7141c31d9293d
DIST policycoreutils-2.4.tar.gz 5004280 SHA256 b819f876f12473783ccce9f63b9a79cd77177477cd6d46818441f808cc4c3479 SHA512 0eb0ea569c1699ed78e5e9798d9f182b3a8bfa6dcd387bcc78923755b3a1cad982673db88857745154d3769d44402b87e52d5fe3024874001f61f783aa25cce6 WHIRLPOOL d101080973ef6248617b5bca9d8b76e59008061b3411aec4ed95343af09b941a34acb3bb0001da5468595c4c37684ab6f34204e18ccb3cbbd5b3d31df0cb5e7f
DIST policycoreutils-extra-1.31.tar.bz2 16080 SHA256 ad0a78d96fd01aa51fe774e1701bd23934cd72182b2bad68112006f0ea17cc7b SHA512 520f93f1a2ce3c60a1d192b09cb9a968d207fbc6ab1f01861be95a50b65264f706335620ccbca48ce38f81581a4cf5128e5db9e5b0564460c9f05f04038abfba WHIRLPOOL 56e713b9bd8f1af1496f383f45f1ef8d373b3f45148237bfd28c016f4becaa87d932b363d165b46c657ea3a08503e7bc60b1c5a5a2a814a659770bedf33d4202
DIST policycoreutils-extra-1.33.tar.bz2 16191 SHA256 743c3930277102f5545907314b21e98955e88be7972e30264c6cb5dca370b788 SHA512 3f6f19ae33d5b1043f2979fb3e79bc061767f7051cbd0981e5c5663b4391fa29544b2184b384c9fce7b4100623bc776748d77a01865dcee78b0756d73ee10886 WHIRLPOOL e74b9c3a6dff563b81bf3ce85119fbdfc658191ac063763f2916a7dcd90584f98cbccd1d6cd5ef3aecb00366a82c949c62ab9b907cb98800cb53d3e9ab63b492
EBUILD policycoreutils-2.2.5-r4.ebuild 4708 SHA256 2287c153ef9ce72a15e1fb0d681942c79c26393dfa00436b414389334606b5e4 SHA512 d69a0cd51e9e995f59535e6e72a3e62d4a5e3f75aeb8a98f9e6dd6ce7f02b4ca19d479395bcfccdeba7b932c484bc90308a3f563d621c0f3f626c4aa5b927c5a WHIRLPOOL c34a44c55bc221274f3f19e8f72fbf1d649b16978d6d080ff66ba47185b0bc7e069431a818ebce1fd23ef590f656fa23e86ebef42bca870050ff2a792bf20072
EBUILD policycoreutils-2.3-r3.ebuild 4388 SHA256 2b87e99e95421c093aed5fca66c6506261ded68dccc11d309f7e106947664093 SHA512 b00da0cb9bae1f3aa4149b178bf904a90133b7aa7985635c342cb0f5a9e135b3ebb82e14cfdc224684820c1d4085cb8532023793440eaa5e1df8f3f130887b35 WHIRLPOOL 3c8fb7ed0c0ca20985b2f6556a95e623cd04bf83c53822cacfd7702bab50ac55f025ddb15d20799292f4dfdeee702112abf80e269b5493eac128eb9f2df3dfa7
EBUILD policycoreutils-2.4.ebuild 4495 SHA256 f58265fbd9bd64bba47eef2ef7f65d6a7a62c1fea0b6754f6a48bb879156dc36 SHA512 43a099ac242de40c42132f697e248da84cde5c38ca64be38c4cb8729153a8921597a082d095a6d312b0e6422b6345099460039798c0f626533141e1bf841138b WHIRLPOOL 8d5757ae72043247b9501510bb561d6f8ae516ae54ee97a9b3e9ad68f61626cef9463b73a278d043b472988f7499baf26ef16e3619f7a7efb0e1c9264125f74d
EBUILD policycoreutils-9999.ebuild 5262 SHA256 0bf3f18e901197cfecd321bee41a7eff1e041a657a4e1824d3678728e11d1117 SHA512 e00c2cc009bfd413267723f08e265ef3f5746591d639f5273a4d50ffc601cd60f7db63aa54803bcc536cb543ccc4a78033bdd044ad0ae15d72191603de923189 WHIRLPOOL 218f9ee27401591352d69daf1d3a7ccaa596fc2c5ebd32842fcea33d96f15e90de0ce81346bbb671d9b8f9222f91dbad17a9535af35e06d5f453e2323ebaf4db
MISC ChangeLog 26573 SHA256 ed7d9b9bc3fd89f29cb06c58cd1274191dd2e530a3b8dd83cb2da259d09d1824 SHA512 5e326782bd849516aa8afeed38c0bb9ec52049fc15dda4ab45d5ea84a54f576bf998b02bbe5f73b8c26c26eb388c064dc1e81fa2208f5989b4203ab4cf7adb6b WHIRLPOOL 8b57bc4114ca783c3bd492bfae5875124fd07c4225e64b5ccd7974d0c6e1e576e88bbbd8dde9ae5c0fb0a8aa7850124074c6bc634da87c0d05678c145be2ef00
MISC metadata.xml 971 SHA256 9d2157deddd1a457ff3d7b1232ec23e71367852b743ef6b4b8290349c3c9c698 SHA512 79fbbb6285a75f84fdd103ed704d62ede2695e7b8fe03f989ac4a065261a5e870675c1186173c1d4a65b88ac98f8bc2153146010513926e1a1b53efa52564a03 WHIRLPOOL eadde5fe3a3a2a71031d46f7e7c602f8069138914e62c44dff4be09afb8e23391a36d7c358a011722151437ee51be9f404ee1360a2d918078de3f783ff7e062f
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0
iQIcBAEBCAAGBQJVdwhsAAoJEC7dUkA7aK9HC2wQAJHJi9AsOmlUnFokVxMMkXSy
SWR7FpmMv+fbqJOL6o1ZX11xBVKN6poqC3blCwr3Pv98iENqCbluJgzANiWFUmTd
OS06d4Q0USfUPl3GSylEPRNIbqxoIlD24vdolN7TnU5WfxRvp5klYUAsYoTIQnmy
LViUoBZMzgJZnoUbN7by2geHvkb5U8B1aEawkSAZq+s4M/dFlMtkgYD/DNAk/ZFV
jNhde9bxcvxmmfV6+er2bUplzeTZtwh8wg/6Toh/dOa0kNCtbVMlzNvU9JbAjlK5
r/1UsCE0aHrQvRSt5BNJ1DT7vUzyrYre+Wq11ox1HQBNXdwk/rDtTzRi9U/RVVSM
I9f0OC2RSCVX/E39jjI7jwGUeAwgkVXqcOm7I4s6ThSpyZsi+VjdyMRwYJH3jUEN
4xfT3hR1nGfPeXkBoGUqVf8n1x3tlzFManweFfxs+HZOBcUkGQh5AcDk4YDihsOM
8mZD6R0aGkAOXzfWQMZHLUzwOdd+07FezFFfby7tYtyvbjmU5xosz1PcoyY85Kqm
wey41drfr61lLedyufgmW4lAYAtNnUEn3bIeiwuvjSPl+J8BYhjSel/zPsPww0Ti
kVyHB0FYagF18FR0Dg3ISYfyWJqjpf+gJQRjRhxPSTGQqcX69oRTjNR6Dds3IJE9
UetIWSxlDBewq0kZxEOr
=/Evg
-----END PGP SIGNATURE-----
DIST policycoreutils-3.1.tar.gz 2817914 BLAKE2B ef68bb5f9cf577164ead44803b6be2bd6401c9e923d2c775c7c8c47f0e803749feaec4247fec5cc1cb766314954402fd2506370bb397f746437ecfcf65b384f3 SHA512 0592f218563a99ba95d2cfd07fdc3761b61c1cc3c01a17ab89ad840169e1a7d4083521d5cacc72d1b76911d516bf592db7a3f90d9ef0cc11ceed007e4580e140
DIST policycoreutils-extra-1.37.tar.bz2 8809 BLAKE2B a7f6122c2e27f54b018174e962bd7f4c14af04e09bbb5300bde6967ea7f2dc5cd03b5787919a4e7f5288bcbc6747922962b5bd3b588ab1e3a035fbff4910d8f5 SHA512 0a85cd7cf279256b5e1927f9dfdd89626a1c8b77b0aeb62b496e7e8d1dccbaa315e39f9308fb2df7270f0bc1c10787b19990e7365cad74b47b61e30394c8b23f
DIST policycoreutils-3.2.tar.gz 2817961 BLAKE2B 747cbd7b84ffa9153067340f8f1dc5a652eaf85b037a6e10e116d3d0b31c8e7c9794bc6a46ae212848bef4887478ac167e359a387bebac49e0acd08b727808ce SHA512 d16781d2d61b8b78d6fc242f2b5c3a03f47ea524fb61655823b6b0f0327ff376c65fe7bdf7a53f5863c01e599cf4a7050f21fda0fe6a8f2c2c16f89b156a4346

61
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch vendored
View File

@ -1,61 +0,0 @@
From 7a09af2123bc0d86787ef82fc2ff43810f1712c0 Mon Sep 17 00:00:00 2001
From: Steve Lawrence <slawrence@tresys.com>
Date: Wed, 19 Nov 2014 11:21:42 -0500
Subject: [PATCH 1/2] policycoreutils: pp: add roletype statements for both
declared and required type/typeattributes
Currently, roletype statements are only added for types when they are
declared (not required). This means that in policy like:
require {
type foo_t;
}
type bar_t;
role staff_r types foo_t, bar_t;
only bar_t is associated with staff_r. This patch moves the code that
generates roletype statements for types to outside the SCOPE_DECL check
so that roletype statements are generated for all types, regardless of
the required/declared scope. It further moves the code outside of the
type/typeattribute flavor check so that roletype statements are also
generated for typeattributes.
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reviewed-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Tested-by: Jason Zaman <jason@perfinion.com>
---
policycoreutils/hll/pp/pp.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c
index b1ef27f..4b9f310 100644
--- a/policycoreutils/hll/pp/pp.c
+++ b/policycoreutils/hll/pp/pp.c
@@ -2083,6 +2083,11 @@ static int type_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN
cil_println(indent, "(typeattributeset " GEN_REQUIRE_ATTR " %s)", key);
}
+ rc = roletype_role_in_ancestor_to_cil(pdb, decl_stack, key, indent);
+ if (rc != 0) {
+ goto exit;
+ }
+
switch(type->flavor) {
case TYPE_TYPE:
if (scope == SCOPE_DECL) {
@@ -2090,11 +2095,6 @@ static int type_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN
// object_r is implicit in checkmodule, but not with CIL,
// create it as part of base
cil_println(indent, "(roletype " DEFAULT_OBJECT " %s)", key);
-
- rc = roletype_role_in_ancestor_to_cil(pdb, decl_stack, key, indent);
- if (rc != 0) {
- goto exit;
- }
}
if (type->flags & TYPE_FLAGS_PERMISSIVE) {
--
2.0.4

9
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch vendored
View File

@ -1,9 +0,0 @@
diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
--- policycoreutils-2.4-rc2.orig/Makefile 2014-08-28 20:13:23.212622408 +0200
+++ policycoreutils-2.4-rc2/Makefile 2014-08-28 20:14:24.136624808 +0200
@@ -1,4 +1,4 @@
-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)

108
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch vendored
View File

@ -1,108 +0,0 @@
diff -uNr policycoreutils-2.2.1.orig/newrole/Makefile policycoreutils-2.2.1/newrole/Makefile
--- policycoreutils-2.2.1.orig/newrole/Makefile 2013-11-04 21:37:27.197018032 +0100
+++ policycoreutils-2.2.1/newrole/Makefile 2013-11-04 21:37:47.602018075 +0100
@@ -4,8 +4,8 @@
MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
LOCALEDIR = /usr/share/locale
-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
+PAMH ?= no
+AUDITH ?= no
# Enable capabilities to permit newrole to generate audit records.
# This will make newrole a setuid root program.
# The capabilities used are: CAP_AUDIT_WRITE.
@@ -24,7 +24,7 @@
EXTRA_OBJS =
override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
LDLIBS += -lselinux -L$(PREFIX)/lib
-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
+ifeq ($(PAMH), yes)
override CFLAGS += -DUSE_PAM
EXTRA_OBJS += hashtab.o
LDLIBS += -lpam -lpam_misc
@@ -32,7 +32,7 @@
override CFLAGS += -D_XOPEN_SOURCE=500
LDLIBS += -lcrypt
endif
-ifeq ($(AUDITH), /usr/include/libaudit.h)
+ifeq ($(AUDITH), yes)
override CFLAGS += -DUSE_AUDIT
LDLIBS += -laudit
endif
@@ -49,7 +49,7 @@
IS_SUID=y
endif
ifeq ($(IS_SUID),y)
- MODE := 4555
+ MODE := 0555
LDLIBS += -lcap-ng
else
MODE := 0555
@@ -66,7 +66,7 @@
test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
install -m $(MODE) newrole $(BINDIR)
install -m 644 newrole.1 $(MANDIR)/man1/
-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
+ifeq ($(PAMH), yes)
test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
ifeq ($(LSPP_PRIV),y)
install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
diff -uNr policycoreutils-2.2.1.orig/run_init/Makefile policycoreutils-2.2.1/run_init/Makefile
--- policycoreutils-2.2.1.orig/run_init/Makefile 2013-11-04 21:37:27.115018032 +0100
+++ policycoreutils-2.2.1/run_init/Makefile 2013-11-04 21:37:47.603018075 +0100
@@ -5,20 +5,20 @@
MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
LOCALEDIR ?= /usr/share/locale
-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
+PAMH ?= no
+AUDITH ?= no
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
LDLIBS += -lselinux -L$(PREFIX)/lib
-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
+ifeq ($(PAMH), yes)
override CFLAGS += -DUSE_PAM
LDLIBS += -lpam -lpam_misc
else
override CFLAGS += -D_XOPEN_SOURCE=500
LDLIBS += -lcrypt
endif
-ifeq ($(AUDITH), /usr/include/libaudit.h)
+ifeq ($(AUDITH), yes)
override CFLAGS += -DUSE_AUDIT
LDLIBS += -laudit
endif
@@ -38,7 +38,7 @@
install -m 755 open_init_pty $(SBINDIR)
install -m 644 run_init.8 $(MANDIR)/man8/
install -m 644 open_init_pty.8 $(MANDIR)/man8/
-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
+ifeq ($(PAMH), yes)
install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
endif
diff -uNr policycoreutils-2.2.1.orig/setfiles/Makefile policycoreutils-2.2.1/setfiles/Makefile
--- policycoreutils-2.2.1.orig/setfiles/Makefile 2013-11-04 21:37:27.198018032 +0100
+++ policycoreutils-2.2.1/setfiles/Makefile 2013-11-04 21:37:47.603018075 +0100
@@ -3,7 +3,7 @@
SBINDIR ?= $(DESTDIR)/sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
+AUDITH ?= no
PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
@@ -12,7 +12,7 @@
override CFLAGS += -I$(PREFIX)/include
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
-ifeq ($(AUDITH), /usr/include/libaudit.h)
+ifeq ($(AUDITH), yes)
override CFLAGS += -DUSE_AUDIT
LDLIBS += -laudit
endif

14
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch vendored
View File

@ -1,14 +0,0 @@
diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
--- policycoreutils-2.4-rc2.orig/Makefile 2014-08-28 20:22:45.230644554 +0200
+++ policycoreutils-2.4-rc2/Makefile 2014-08-28 20:27:08.642654934 +0200
@@ -1,8 +1,8 @@
SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
+INOTIFYH ?= no
-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
+ifeq (${INOTIFYH}, yes)
SUBDIRS += restorecond
endif

12
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0040-reverse-access-check-in-run_init.patch vendored
View File

@ -1,12 +0,0 @@
diff -uNr policycoreutils-2.2.1.orig/run_init/run_init.c policycoreutils-2.2.1/run_init/run_init.c
--- policycoreutils-2.2.1.orig/run_init/run_init.c 2013-11-04 21:40:27.490018417 +0100
+++ policycoreutils-2.2.1/run_init/run_init.c 2013-11-04 21:40:57.088018480 +0100
@@ -406,7 +406,7 @@
new_context);
exit(-1);
}
- if (! access("/usr/sbin/open_init_pty", X_OK)) {
+ if (access("/usr/sbin/open_init_pty", X_OK) != 0) {
if (execvp(argv[1], argv + 1)) {
perror("execvp");
exit(-1);

11
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch vendored
View File

@ -1,11 +0,0 @@
diff -uNr policycoreutils-2.2.1.orig/load_policy/Makefile policycoreutils-2.2.1/load_policy/Makefile
--- policycoreutils-2.2.1.orig/load_policy/Makefile 2013-11-04 21:41:28.289018546 +0100
+++ policycoreutils-2.2.1/load_policy/Makefile 2013-11-04 21:43:31.118018808 +0100
@@ -19,7 +19,6 @@
test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
install -m 644 load_policy.8 $(MANDIR)/man8/
-mkdir -p $(USRSBINDIR)
- -ln -sf $(SBINDIR)/load_policy $(USRSBINDIR)/load_policy
clean:
-rm -f $(TARGETS) *.o

64
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch vendored
View File

@ -1,64 +0,0 @@
diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile
--- policycoreutils-2.4-rc2.orig/Makefile 2014-08-28 20:31:19.563664821 +0200
+++ policycoreutils-2.4-rc2/Makefile 2014-08-28 20:32:25.900667435 +0200
@@ -1,4 +1,4 @@
-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
+SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll mcstrans
INOTIFYH ?= n
diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile policycoreutils-2.4-rc2/mcstrans/src/Makefile
--- policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile 2014-08-28 20:31:19.562664821 +0200
+++ policycoreutils-2.4-rc2/mcstrans/src/Makefile 2014-08-28 20:33:39.345670329 +0200
@@ -1,23 +1,10 @@
ARCH = $(shell uname -i)
-ifeq "$(ARCH)" "x86_64"
- # In case of 64 bit system, use these lines
- LIBDIR=/usr/lib64
-else
-ifeq "$(ARCH)" "i686"
- # In case of 32 bit system, use these lines
- LIBDIR=/usr/lib
-else
-ifeq "$(ARCH)" "i386"
- # In case of 32 bit system, use these lines
- LIBDIR=/usr/lib
-endif
-endif
-endif
# Installation directories.
PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(DESTDIR)/sbin
INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+LIBDIR ?= $(PREFIX)/lib
PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile policycoreutils-2.4-rc2/mcstrans/utils/Makefile
--- policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile 2014-08-28 20:31:19.556664821 +0200
+++ policycoreutils-2.4-rc2/mcstrans/utils/Makefile 2014-08-28 20:34:14.145671701 +0200
@@ -3,22 +3,7 @@
BINDIR ?= $(PREFIX)/sbin
ARCH = $(shell uname -i)
-ifeq "$(ARCH)" "x86_64"
- # In case of 64 bit system, use these lines
- LIBDIR=/usr/lib64
-else
-ifeq "$(ARCH)" "i686"
- # In case of 32 bit system, use these lines
- LIBDIR=/usr/lib
-else
-ifeq "$(ARCH)" "i386"
- # In case of 32 bit system, use these lines
- LIBDIR=/usr/lib
-endif
-endif
-endif
-
-
+LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Wall
override CFLAGS += -I../src -D_GNU_SOURCE
LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a

11
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch vendored
View File

@ -1,11 +0,0 @@
diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c
--- policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c 2014-08-28 21:26:25.125795076 +0200
+++ policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c 2014-08-28 21:27:03.509796589 +0200
@@ -11,6 +11,7 @@
#include <syslog.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
+#include <selinux/av_permissions.h>
#include "mcstrans.h"
/* Define data structures */

11
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/policycoreutils-3.1-0001-newrole-not-suid.patch vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/newrole/Makefile
+++ b/newrole/Makefile
@@ -50,7 +50,7 @@ ifeq ($(NAMESPACE_PRIV),y)
IS_SUID=y
endif
ifeq ($(IS_SUID),y)
- MODE := 4555
+ MODE := 0555
override LDLIBS += -lcap-ng
else
MODE := 0555

10
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/metadata.xml vendored
View File

@ -1,7 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
<longdescription>
Policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
@ -15,9 +18,10 @@
permissive.
</longdescription>
<use>
<flag name='audit'>Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag>
<flag name="audit">Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:redhat:policycoreutils</remote-id>
<remote-id type="cpe">cpe:/a:redhat:policycoreutils</remote-id>
<remote-id type="github">SELinuxProject/selinux</remote-id>
</upstream>
</pkgmetadata>

196
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-2.4-r2.ebuild vendored
View File

@ -1,196 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.4.ebuild,v 1.4 2015/05/10 09:08:19 perfinion Exp $
EAPI="5"
PYTHON_COMPAT=( python2_7 )
PYTHON_REQ_USE="xml"
inherit multilib python-r1 toolchain-funcs eutils systemd
MY_P="${P//_/-}"
EXTRAS_VER="1.33"
SEMNG_VER="${PV}"
SELNX_VER="${PV}"
SEPOL_VER="${PV}"
IUSE="audit extra nls pam dbus python"
DESCRIPTION="SELinux core utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz
extra? ( mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2 )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 x86"
DEPEND=">=sys-libs/libselinux-${SELNX_VER}[python?]
>=sys-libs/glibc-2.4
>=sys-libs/libcap-1.10-r10
>=sys-libs/libsemanage-${SEMNG_VER}[python?]
sys-libs/libcap-ng
>=sys-libs/libsepol-${SEPOL_VER}
nls? ( sys-devel/gettext )
python? (
dev-python/ipy[${PYTHON_USEDEP}]
)
dbus? (
sys-apps/dbus
dev-libs/dbus-glib
)
audit? ( >=sys-process/audit-1.5.1 )
pam? ( sys-libs/pam )
python? (
${PYTHON_DEPS}
)"
### libcgroup -> seunshare
### dbus -> restorecond
# pax-utils for scanelf used by rlpkg
RDEPEND="${DEPEND}
python? (
dev-python/sepolgen
)
app-admin/setools
app-misc/pax-utils"
S="${WORKDIR}/${MY_P}"
S1="${WORKDIR}/${MY_P}"
S2="${WORKDIR}/policycoreutils-extra"
src_prepare() {
epatch "${FILESDIR}/0010-remove-sesandbox-support.patch"
epatch "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch"
epatch "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch"
epatch "${FILESDIR}/0040-reverse-access-check-in-run_init.patch"
epatch "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch"
epatch "${FILESDIR}/0110-build-mcstrans-bug-472912.patch"
epatch "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch"
# rlpkg is more useful than fixfiles
sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
|| die "fixfiles sed 1 failed"
sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
|| die "fixfiles sed 2 failed"
epatch_user
find -name Makefile -exec sed s/-Werror//g -i '{}' +
if use python ; then
python_copy_sources
# Our extra code is outside the regular directory, so set it to the extra
# directory. We really should optimize this as it is ugly, but the extra
# code is needed for Gentoo at the same time that policycoreutils is present
# (so we cannot use an additional package for now).
if use extra ; then
S="${S2}"
python_copy_sources
fi
else
for dir in audit2allow gui scripts \
semanage sepolicy sepolgen-ifgen
do
sed -e "s/ $dir / /" -i Makefile || die
done
fi
use nls || sed -e "s/ po / /" -i Makefile || die
}
src_compile() {
building() {
emake -C "${BUILD_DIR}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit)" \
PAMH="$(usex pam)" \
INOTIFYH="$(usex dbus)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
DESTDIR="${ROOT}" \
PYLIBVER="${EPYTHON}" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
if use python ; then
S="${S1}" # Regular policycoreutils
python_foreach_impl building
if use extra ; then
S="${S2}" # Extra set
python_foreach_impl building
fi
else
BUILD_DIR="${S1}"
building
if use extra ; then
BUILD_DIR="${S2}"
building
fi
fi
}
src_install() {
# Python scripts are present in many places. There are no extension modules.
installation-policycoreutils() {
einfo "Installing policycoreutils"
emake -C "${BUILD_DIR}" DESTDIR="${D}" AUDITH="$(usex audit)" PAMH="$(usex pam)" INOTIFYH="$(usex dbus)" SESANDBOX="n" AUDIT_LOG_PRIV="y" PYLIBVER="${EPYTHON}" install
if use python ; then
python_optimize
fi
}
installation-extras() {
einfo "Installing policycoreutils-extra"
emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install
if use python ; then
python_optimize
fi
}
if use python ; then
S="${S1}" # policycoreutils
python_foreach_impl installation-policycoreutils
if use extra ; then
S="${S2}" # extras
python_foreach_impl installation-extras
S="${S1}" # back for later
fi
else
BUILD_DIR="${S1}"
installation-policycoreutils
if use extra ; then
BUILD_DIR="${S2}"
installation-extras
fi
fi
# remove redhat-style init script
rm -fR "${D}/etc/rc.d"
# compatibility symlinks
if use extra ; then
dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
fi
# location for policy definitions
dodir /usr/lib/selinux/policy
dosym ../../usr/lib/selinux/policy /var/lib/selinux
if use python ; then
# Set version-specific scripts
for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
python_replicate_script "${ED}/usr/bin/${pyscript}"
done
python_replicate_script "${ED}/usr/sbin/semanage"
use extra && python_replicate_script "${ED}/usr/sbin/rlpkg"
fi
dodir /usr/share/doc/${PF}/mcstrans/examples
cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples"
}
pkg_postinst() {
# The selinux_gentoo init script is no longer needed with recent OpenRC
use extra && elog "The selinux_gentoo init script will be removed in future versions since it is not needed with OpenRC 0.13."
}

225
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild vendored Normal file
View File

@ -0,0 +1,225 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_6 )
PYTHON_REQ_USE="xml"
inherit multilib python-r1 toolchain-funcs bash-completion-r1
MY_P="${P//_/-}"
MY_RELEASEDATE="20200710"
EXTRAS_VER="1.37"
SEMNG_VER="${PV}"
SELNX_VER="${PV}"
SEPOL_VER="${PV}"
# flatcar changes: nls, extra
IUSE="audit extra nls pam python split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DESCRIPTION="SELinux core utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
S1="${WORKDIR}/${MY_P}/${PN}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz
https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
KEYWORDS="amd64 ~arm64 ~mips x86"
S1="${WORKDIR}/${MY_P}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
fi
LICENSE="GPL-2"
SLOT="0"
# flatcar changes: remove setools. Since 4.x setools is written in python
# so it's not shipped anymore with Flatcar OS
DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python?,${PYTHON_USEDEP}]
>=sys-libs/libsemanage-${SEMNG_VER}:=[python?,${PYTHON_USEDEP}]
>=sys-libs/libsepol-${SEPOL_VER}:=
sys-libs/libcap-ng:=
audit? ( >=sys-process/audit-1.5.1[python?,${PYTHON_USEDEP}] )
pam? ( sys-libs/pam:= )
python? ( ${PYTHON_DEPS} )"
# Avoid dependency loop in the cross-compile case, bug #755173
# (Still exists in native)
BDEPEND="sys-devel/gettext"
# pax-utils for scanelf used by rlpkg
RDEPEND="${DEPEND}
app-misc/pax-utils"
PDEPEND="sys-apps/semodule-utils
python? ( sys-apps/selinux-python )"
src_unpack() {
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
default
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
fi
}
src_prepare() {
S="${S1}"
cd "${S}" || die "Failed to switch to ${S}"
if [[ ${PV} != 9999 ]] ; then
# If needed for live ebuilds please use /etc/portage/patches
eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch"
fi
# rlpkg is more useful than fixfiles
sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
|| die "fixfiles sed 1 failed"
sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
|| die "fixfiles sed 2 failed"
eapply_user
sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
# flatcar changes
if use python; then
python_copy_sources
# Our extra code is outside the regular directory, so set it to the extra
# directory. We really should optimize this as it is ugly, but the extra
# code is needed for Gentoo at the same time that policycoreutils is present
# (so we cannot use an additional package for now).
if use extra ; then
S="${S2}"
python_copy_sources
fi
fi
# flatcar changes
# Skip building unneeded parts.
if ! use python ; then
for dir in audit2allow gui scripts semanage sepolicy sepolgen-ifgen; do
sed -e "s/ $dir / /" -i Makefile || die
done
fi
use nls || sed -e "s/ po / /" -i Makefile || die
}
src_compile() {
building() {
emake -C "${BUILD_DIR}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
# flatcar changes
if use python; then
S="${S1}" # Regular policycoreutils
python_foreach_impl building
if use extra ; then
S="${S2}" # Extra set
python_foreach_impl building
fi
else
BUILD_DIR="${S1}"
building
if use extra ; then
BUILD_DIR="${S2}"
building
fi
fi
}
src_install() {
# Python scripts are present in many places. There are no extension modules.
installation-policycoreutils() {
einfo "Installing policycoreutils"
emake -C "${BUILD_DIR}" DESTDIR="${D}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
install
# flatcar changes
if use python; then
python_optimize
fi
}
installation-extras() {
einfo "Installing policycoreutils-extra"
emake -C "${BUILD_DIR}" \
DESTDIR="${D}" \
SHLIBDIR="${D}$(get_libdir)/rc" \
install
# flatcar changes
if use python; then
python_optimize
fi
}
# flatcar changes
if use python; then
S="${S1}" # policycoreutils
python_foreach_impl installation-policycoreutils
if use extra ; then
S="${S2}"
installation-extras
S="${S1}" # back for later
fi
else
BUILD_DIR="${S1}"
installation-policycoreutils
if use extra ; then
BUILD_DIR="${S2}"
installation-extras
fi
fi
# remove redhat-style init script
rm -fR "${D}/etc/rc.d" || die
# compatibility symlinks
# flatcar changes:
# use split-usr && dosym ../../sbin/setfiles /usr/sbin/setfiles
bashcomp_alias setsebool getsebool
# location for policy definitions
# flatcar changes:
dodir /usr/lib/selinux/policy
dosym ../../usr/lib/selinux/policy /var/lib/selinux
keepdir /usr/lib/selinux/policy
# Set version-specific scripts
# flatcar changes
if use python; then
# Set version-specific scripts
for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
python_replicate_script "${ED}/usr/bin/${pyscript}"
done
python_replicate_script "${ED}/usr/sbin/semanage"
use extra && python_replicate_script "${ED}/usr/sbin/rlpkg"
fi
}
pkg_postinst() {
for POLICY_TYPE in ${POLICY_TYPES} ; do
# There have been some changes to the policy store, rebuilding now.
# https://marc.info/?l=selinux&m=143757277819717&w=2
einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
done
}

162
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.2.ebuild vendored Normal file
View File

@ -0,0 +1,162 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_6 )
PYTHON_REQ_USE="xml"
inherit multilib python-r1 toolchain-funcs bash-completion-r1
EXTRAS_VER="1.37"
IUSE="audit pam split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DESCRIPTION="SELinux core utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
S1="${WORKDIR}/${PN}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz
https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
KEYWORDS="~amd64 ~arm64 ~mips ~x86"
S1="${WORKDIR}/${P}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
fi
LICENSE="GPL-2"
SLOT="0"
DEPEND=">=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
>=sys-libs/libsepol-${PV}:=
sys-libs/libcap-ng:=
>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
pam? ( sys-libs/pam:= )
${PYTHON_DEPS}"
# Avoid dependency loop in the cross-compile case, bug #755173
# (Still exists in native)
BDEPEND="sys-devel/gettext"
# pax-utils for scanelf used by rlpkg
RDEPEND="${DEPEND}
app-misc/pax-utils"
PDEPEND="sys-apps/semodule-utils
sys-apps/selinux-python"
src_unpack() {
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
default
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
fi
}
src_prepare() {
S="${S1}"
cd "${S}" || die "Failed to switch to ${S}"
if [[ ${PV} != 9999 ]] ; then
# If needed for live ebuilds please use /etc/portage/patches
eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch"
fi
# rlpkg is more useful than fixfiles
sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
|| die "fixfiles sed 1 failed"
sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
|| die "fixfiles sed 2 failed"
eapply_user
sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
python_copy_sources
# Our extra code is outside the regular directory, so set it to the extra
# directory. We really should optimize this as it is ugly, but the extra
# code is needed for Gentoo at the same time that policycoreutils is present
# (so we cannot use an additional package for now).
S="${S2}"
python_copy_sources
}
src_compile() {
building() {
emake -C "${BUILD_DIR}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
S="${S1}" # Regular policycoreutils
python_foreach_impl building
S="${S2}" # Extra set
python_foreach_impl building
}
src_install() {
# Python scripts are present in many places. There are no extension modules.
installation-policycoreutils() {
einfo "Installing policycoreutils"
emake -C "${BUILD_DIR}" DESTDIR="${D}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
install
python_optimize
}
installation-extras() {
einfo "Installing policycoreutils-extra"
emake -C "${BUILD_DIR}" \
DESTDIR="${D}" \
install
python_optimize
}
S="${S1}" # policycoreutils
python_foreach_impl installation-policycoreutils
S="${S2}" # extras
python_foreach_impl installation-extras
S="${S1}" # back for later
# remove redhat-style init script
rm -fR "${D}/etc/rc.d" || die
# compatibility symlinks
use split-usr && dosym ../../sbin/setfiles /usr/sbin/setfiles
bashcomp_alias setsebool getsebool
# location for policy definitions
dodir /var/lib/selinux
keepdir /var/lib/selinux
# Set version-specific scripts
for pyscript in rlpkg; do
python_replicate_script "${ED}/usr/sbin/${pyscript}"
done
}
pkg_postinst() {
for POLICY_TYPE in ${POLICY_TYPES} ; do
# There have been some changes to the policy store, rebuilding now.
# https://marc.info/?l=selinux&m=143757277819717&w=2
einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
done
}

162
sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-9999.ebuild vendored Normal file
View File

@ -0,0 +1,162 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_6 )
PYTHON_REQ_USE="xml"
inherit multilib python-r1 toolchain-funcs bash-completion-r1
EXTRAS_VER="1.37"
IUSE="audit pam split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DESCRIPTION="SELinux core utilities"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
S1="${WORKDIR}/${PN}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${PV}/${P}.tar.gz
https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
KEYWORDS="~amd64 ~arm64 ~mips ~x86"
S1="${WORKDIR}/${P}"
S2="${WORKDIR}/policycoreutils-extra"
S="${S1}"
fi
LICENSE="GPL-2"
SLOT="0"
DEPEND=">=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
>=sys-libs/libsepol-${PV}:=
sys-libs/libcap-ng:=
>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
pam? ( sys-libs/pam:= )
${PYTHON_DEPS}"
# Avoid dependency loop in the cross-compile case, bug #755173
# (Still exists in native)
BDEPEND="sys-devel/gettext"
# pax-utils for scanelf used by rlpkg
RDEPEND="${DEPEND}
app-misc/pax-utils"
PDEPEND="sys-apps/semodule-utils
sys-apps/selinux-python"
src_unpack() {
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
default
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
fi
}
src_prepare() {
S="${S1}"
cd "${S}" || die "Failed to switch to ${S}"
if [[ ${PV} != 9999 ]] ; then
# If needed for live ebuilds please use /etc/portage/patches
eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch"
fi
# rlpkg is more useful than fixfiles
sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
|| die "fixfiles sed 1 failed"
sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
|| die "fixfiles sed 2 failed"
eapply_user
sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
python_copy_sources
# Our extra code is outside the regular directory, so set it to the extra
# directory. We really should optimize this as it is ugly, but the extra
# code is needed for Gentoo at the same time that policycoreutils is present
# (so we cannot use an additional package for now).
S="${S2}"
python_copy_sources
}
src_compile() {
building() {
emake -C "${BUILD_DIR}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)"
}
S="${S1}" # Regular policycoreutils
python_foreach_impl building
S="${S2}" # Extra set
python_foreach_impl building
}
src_install() {
# Python scripts are present in many places. There are no extension modules.
installation-policycoreutils() {
einfo "Installing policycoreutils"
emake -C "${BUILD_DIR}" DESTDIR="${D}" \
AUDIT_LOG_PRIVS="y" \
AUDITH="$(usex audit y n)" \
PAMH="$(usex pam y n)" \
SESANDBOX="n" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
install
python_optimize
}
installation-extras() {
einfo "Installing policycoreutils-extra"
emake -C "${BUILD_DIR}" \
DESTDIR="${D}" \
install
python_optimize
}
S="${S1}" # policycoreutils
python_foreach_impl installation-policycoreutils
S="${S2}" # extras
python_foreach_impl installation-extras
S="${S1}" # back for later
# remove redhat-style init script
rm -fR "${D}/etc/rc.d" || die
# compatibility symlinks
use split-usr && dosym ../../sbin/setfiles /usr/sbin/setfiles
bashcomp_alias setsebool getsebool
# location for policy definitions
dodir /var/lib/selinux
keepdir /var/lib/selinux
# Set version-specific scripts
for pyscript in rlpkg; do
python_replicate_script "${ED}/usr/sbin/${pyscript}"
done
}
pkg_postinst() {
for POLICY_TYPE in ${POLICY_TYPES} ; do
# There have been some changes to the policy store, rebuilding now.
# https://marc.info/?l=selinux&m=143757277819717&w=2
einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
done
}

648
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/ChangeLog vendored
View File

@ -1,648 +0,0 @@
# ChangeLog for sys-libs/libselinux
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sys-libs/libselinux/ChangeLog,v 1.144 2015/06/09 15:35:39 swift Exp $
*libselinux-9999 (09 Jun 2015)
09 Jun 2015; Sven Vermeulen <swift@gentoo.org> +libselinux-9999.ebuild:
Adding libselinux-9999 to better support upstream integrations
10 May 2015; Jason Zaman <perfinion@gentoo.org> libselinux-2.4.ebuild:
stabilize selinux 2.4 userland
18 Apr 2015; Jason Zaman <perfinion@gentoo.org> -libselinux-2.3-r1.ebuild,
-libselinux-2.4_rc6.ebuild, -libselinux-2.4_rc7.ebuild:
Drop old RCs
08 Apr 2015; Michał Górny <mgorny@gentoo.org> libselinux-2.2.2-r5.ebuild,
libselinux-2.3-r1.ebuild, libselinux-2.3-r2.ebuild, libselinux-2.4.ebuild,
libselinux-2.4_rc6.ebuild, libselinux-2.4_rc7.ebuild:
Drop old Python implementations
04 Mar 2015; Sven Vermeulen <swift@gentoo.org> libselinux-2.4.ebuild:
Fix build failure on x32 (bug #541618)
*libselinux-2.4 (04 Feb 2015)
04 Feb 2015; Jason Zaman <perfinion@gentoo.org> +libselinux-2.4.ebuild:
Version bump
26 Jan 2015; Agostino Sarubbo <ago@gentoo.org> libselinux-2.3-r2.ebuild:
Stable for x86, wrt bug #535682
22 Jan 2015; Agostino Sarubbo <ago@gentoo.org> libselinux-2.3-r2.ebuild:
Stable for amd64, wrt bug #535682
*libselinux-2.4_rc7 (06 Dec 2014)
06 Dec 2014; Jason Zaman <perfinion@gentoo.org> +libselinux-2.4_rc7.ebuild,
-libselinux-2.4_rc2.ebuild, -libselinux-2.4_rc5.ebuild:
version bump and ebuild clean up, drop old RC
*libselinux-2.3-r2 (04 Dec 2014)
04 Dec 2014; Jason Zaman <perfinion@gentoo.org> +libselinux-2.3-r2.ebuild,
libselinux-2.4_rc6.ebuild:
Call python_optimize, bug 531638
*libselinux-2.4_rc6 (14 Nov 2014)
14 Nov 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.4_rc6.ebuild:
Bump to rc6, add python3_4 to PYTHON_COMPAT (fixes bug 529176); rc6 also fixes
unconfined issue when USE=-unconfined is set
*libselinux-2.4_rc5 (29 Oct 2014)
29 Oct 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.4_rc5.ebuild,
-libselinux-2.4_rc4.ebuild:
Bump to 2.4_rc5
*libselinux-2.4_rc4 (07 Oct 2014)
07 Oct 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.4_rc4.ebuild:
Bump to 2.4-rc4
*libselinux-2.4_rc2 (21 Sep 2014)
21 Sep 2014; Sven Vermeulen <swift@gentoo.org>
+files/0005-use-ruby-include-with-rubylibver.patch,
+files/0006-build-related-fixes-bug-500674.patch, +libselinux-2.4_rc2.ebuild,
libselinux-2.3-r1.ebuild:
Noved to github; also add in masked 2.4 series
16 Sep 2014; Brian Dolbec <dolsen@gentoo.org> libselinux-2.3-r1.ebuild:
Add python-3.4 target, needed for dep of portage. Tested and
confirmed working by perfinion.
05 Aug 2014; Sven Vermeulen <swift@gentoo.org> -libselinux-2.2.2-r4.ebuild,
-libselinux-2.3.ebuild, -libselinux-2.3_rc1-r1.ebuild,
-libselinux-2.3_rc1.ebuild:
Remove obsoleted ebuilds
30 Jul 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.3-r1.ebuild:
Fix bug #514194 - Stabilization of SELinux userspace 2.3
14 Jul 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.2.2-r5.ebuild:
Stabilize (fix segfault with setfiles)
09 Jul 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.2.2-r5.ebuild:
Fix bug #516608 - Backport pcre version fix from libselinux-2.3
*libselinux-2.3-r1 (09 Jul 2014)
09 Jul 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.3-r1.ebuild:
Fix bug #516608 (segfault with setfiles)
18 Jun 2014; Michał Górny <mgorny@gentoo.org> libselinux-2.3.ebuild:
Update dependencies to require guaranteed EAPI=5 or multilib ebuilds, bug
#513718.
07 Jun 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.3.ebuild:
Update libpcre and libsepol deps to include MULTILIB_USEDEP
10 May 2014; Sven Vermeulen <swift@gentoo.org>
-files/libselinux-2.1.9-mountsys.patch,
-files/libselinux-2.1.9-support_ruby19.patch,
-files/libselinux-2.1.12-mountsys.patch:
Removing unused patches in files dir
10 May 2014; Sven Vermeulen <swift@gentoo.org> -libselinux-2.1.13-r1.ebuild,
-libselinux-2.1.13-r2.ebuild, -libselinux-2.1.13-r3.ebuild,
-libselinux-2.1.13-r4.ebuild, -libselinux-2.2-r1.ebuild,
-libselinux-2.2.1-r1.ebuild, -libselinux-2.2.2-r1.ebuild,
-libselinux-2.2.2-r2.ebuild:
Spring cleanup
*libselinux-2.3 (09 May 2014)
09 May 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.3.ebuild:
Bump to 2.3
30 Apr 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.2.2-r5.ebuild:
Fix bug #509004 by stabilizing r5 (enable ruby bindings)
*libselinux-2.2.2-r5 (29 Apr 2014)
*libselinux-2.3_rc1-r1 (29 Apr 2014)
29 Apr 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.2.2-r5.ebuild,
+libselinux-2.3_rc1-r1.ebuild:
Add USE=ruby support, now without ruby-ng eclass calls, fixes bug #509004
*libselinux-2.3_rc1 (28 Apr 2014)
28 Apr 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.3_rc1.ebuild:
2.3-rc1 release
21 Apr 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.2.2-r4.ebuild:
Stabilize 2.2.2-r4
23 Mar 2014; Sven Vermeulen <swift@gentoo.org> -libselinux-2.2.2-r3.ebuild,
-files/libselinux-2.2.2-build.patch:
Dropping incorrect builds
*libselinux-2.2.2-r4 (23 Mar 2014)
23 Mar 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.2.2-r4.ebuild:
Fix bug #504832 - audit2why.so failures due to dynamic linking
*libselinux-2.2.2-r3 (08 Mar 2014)
08 Mar 2014; Mike Frysinger <vapier@gentoo.org>
+files/libselinux-2.2.2-build.patch, +libselinux-2.2.2-r3.ebuild:
Clean up linking behavior #500674 by SpanKY.
04 Mar 2014; Samuli Suominen <ssuominen@gentoo.org>
libselinux-2.2.2-r2.ebuild:
Fix installation of python site-packages w/ multilib-strict by passing LIBDIR
to "make install" phase wrt #502954
*libselinux-2.2.2-r2 (04 Mar 2014)
04 Mar 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.2.2-r2.ebuild:
Fix bug #502544 - Honor multilib dir in pkgconfig file
*libselinux-2.2.2-r1 (02 Feb 2014)
02 Feb 2014; Sven Vermeulen <swift@gentoo.org> +libselinux-2.2.2-r1.ebuild:
Fix bug #480960 (multilib support). Drop ruby eclass as it messes with
defaults and I do not understand it. Bump to 2.2.2 release
02 Feb 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.2.1-r1.ebuild:
Support python 3.3, see bug 499604
02 Feb 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.2.1-r1.ebuild:
Stabilize for amd64 and x86
20 Jan 2014; Sven Vermeulen <swift@gentoo.org> libselinux-2.2-r1.ebuild:
Stabilize for x86 and amd64
23 Dec 2013; Sven Vermeulen <swift@gentoo.org> -libselinux-2.1.12.ebuild,
-libselinux-2.1.12-r1.ebuild, -libselinux-2.1.12-r2.ebuild,
-libselinux-2.1.12-r3.ebuild:
Cleaning old version
*libselinux-2.2.1-r1 (10 Dec 2013)
10 Dec 2013; Sven Vermeulen <swift@gentoo.org> +libselinux-2.2.1-r1.ebuild:
Adding 2.2.1 release
*libselinux-2.2-r1 (04 Nov 2013)
04 Nov 2013; Sven Vermeulen <swift@gentoo.org> +libselinux-2.2-r1.ebuild:
New libselinux release
27 Oct 2013; Sven Vermeulen <swift@gentoo.org> libselinux-2.1.13-r4.ebuild:
Fix bug 488102 - Only call ruby-ng pkg_setup if USE=ruby is set
05 Sep 2013; Michał Górny <mgorny@gentoo.org> libselinux-2.1.13-r4.ebuild:
Clean up PYTHON_COMPAT from old implementations.
20 Aug 2013; Sven Vermeulen <swift@gentoo.org> libselinux-2.1.13-r4.ebuild:
Stabilize, the issue with file_contexts.local is important to get in stable
10 Aug 2013; Sven Vermeulen <swift@gentoo.org> libselinux-2.1.13-r4.ebuild:
Create (parent) directories for local file
*libselinux-2.1.13-r4 (28 Jul 2013)
28 Jul 2013; Sven Vermeulen <swift@gentoo.org> +libselinux-2.1.13-r4.ebuild:
Migrate to python-r1, fix bug #473502
07 Jul 2013; Sven Vermeulen <swift@gentoo.org> -libselinux-2.1.9.ebuild,
-libselinux-2.1.9-r1.ebuild, -libselinux-2.1.9-r2.ebuild,
-libselinux-2.1.9-r3.ebuild:
Summer cleaning
*libselinux-2.1.13-r3 (23 Jun 2013)
23 Jun 2013; Sven Vermeulen <swift@gentoo.org> +libselinux-2.1.13-r3.ebuild:
Fix bug 473714 (add libpthread in Libs)
16 Jun 2013; Sven Vermeulen <swift@gentoo.org> libselinux-2.1.13-r2.ebuild:
Stabilization
*libselinux-2.1.13-r2 (25 Apr 2013)
25 Apr 2013; Sven Vermeulen <swift@gentoo.org> +libselinux-2.1.13-r1.ebuild,
+libselinux-2.1.13-r2.ebuild:
Fix bug #467258 - add selinux_current_policy_path
*libselinux-2.1.13-r1 (25 Apr 2013)
25 Apr 2013; Sven Vermeulen <swift@gentoo.org> +libselinux-2.1.13-r1.ebuild:
New upstream release
16 Apr 2013; Sven Vermeulen <swift@gentoo.org> libselinux-2.1.12-r3.ebuild:
Stabilize libselinux-2.1.12-r3
*libselinux-2.1.12-r3 (29 Mar 2013)
29 Mar 2013; Sven Vermeulen <swift@gentoo.org> +libselinux-2.1.12-r3.ebuild:
Fix error return codes (bug #462626) and Python3 failure if built with swig-1
(bug #463410)
30 Dec 2012; Sven Vermeulen libselinux-2.1.12-r2.ebuild:
Stabilize
*libselinux-2.1.12-r2 (03 Dec 2012)
03 Dec 2012; <swift@gentoo.org> +libselinux-2.1.12-r2.ebuild:
Fix bugs #444372 and #443928
17 Nov 2012; <swift@gentoo.org> libselinux-2.1.12-r1.ebuild:
Stabilize
17 Nov 2012; <swift@gentoo.org> libselinux-2.1.9-r3.ebuild:
Stabilize
*libselinux-2.1.12-r1 (29 Oct 2012)
29 Oct 2012; <swift@gentoo.org> +libselinux-2.1.12-r1.ebuild:
Adding support for static-libs and RDEPEND on libpcre[static-libs] when
needed. See bug #436752. Also updates patching method and adds
Requires.private towards libpcre.
13 Oct 2012; <swift@gentoo.org> libselinux-2.1.12.ebuild:
Supporting user-provided patches using epatch_user
*libselinux-2.1.12 (09 Oct 2012)
*libselinux-2.1.9-r3 (09 Oct 2012)
09 Oct 2012; <swift@gentoo.org> +libselinux-2.1.9-r3.ebuild,
+files/libselinux-2.1.9-support_ruby19.patch, +libselinux-2.1.12.ebuild,
+files/libselinux-2.1.12-mountsys.patch:
Introducing upstream version and fix for ruby19
06 Oct 2012; <swift@gentoo.org> libselinux-2.1.9-r2.ebuild:
Stabilize
03 Oct 2012; Mike Frysinger <vapier@gentoo.org> libselinux-2.1.9-r2.ebuild:
Fix /usr/lib handling in utils subdir too.
*libselinux-2.1.9-r2 (08 Sep 2012)
08 Sep 2012; <swift@gentoo.org> +libselinux-2.1.9-r2.ebuild:
Fix bugs #429456 and #417303
06 Aug 2012; Patrick Lauer <patrick@gentoo.org> libselinux-2.1.9-r1.ebuild:
Restricting python ABIs that don't work
10 Jul 2012; <swift@gentoo.org> libselinux-2.1.9-r1.ebuild:
Stabilization
26 Jun 2012; Mike Gilbert <floppym@gentoo.org> libselinux-2.1.9-r1.ebuild,
libselinux-2.1.9.ebuild:
Restrict pypy per Arfrever.
13 May 2012; <swift@gentoo.org> -libselinux-2.1.0.ebuild:
Removing obsoleted ebuild
*libselinux-2.1.9-r1 (13 May 2012)
13 May 2012; <swift@gentoo.org> +libselinux-2.1.9-r1.ebuild,
+files/libselinux-2.1.9-mountsys.patch:
Mount /sys before trying to mount /sys/fs/selinux from within the policy load
functions, bug #414779
29 Apr 2012; <swift@gentoo.org> libselinux-2.1.9.ebuild:
Stabilization
*libselinux-2.1.9 (31 Mar 2012)
31 Mar 2012; <swift@gentoo.org> +libselinux-2.1.9.ebuild:
Bump to version 2.1.9
12 Nov 2011; <swift@gentoo.org> -libselinux-2.0.94.ebuild,
-libselinux-2.0.98.ebuild:
Remove deprecated ebuilds
23 Oct 2011; <swift@gentoo.org> libselinux-2.1.0.ebuild:
Stabilization (tracker #384231)
12 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
-libselinux-2.0.71.ebuild, -libselinux-2.0.85.ebuild,
-files/libselinux-2.0.85-headers.patch, -files/compat.py:
Removed deprecated versions
*libselinux-2.1.0 (03 Aug 2011)
03 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
+libselinux-2.1.0.ebuild:
Bump to 20110727 SELinux userspace release
*libselinux-2.0.98 (15 Jul 2011)
15 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+libselinux-2.0.98.ebuild:
Bump to 2.0.98 - proxy for SwifT
28 May 2011; Anthony G. Basile <blueness@gentoo.org>
libselinux-2.0.94.ebuild:
Stable amd64 x86
13 Feb 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
Updated metadata.xml to reflect new selinux herd.
06 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
libselinux-2.0.94.ebuild:
Add "python" USE flag.
05 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
libselinux-2.0.94.ebuild:
Set SUPPORT_PYTHON_ABIS (bug #353763). Respect AR and CC.
*libselinux-2.0.94 (05 Feb 2011)
05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+libselinux-2.0.94.ebuild:
New upstream release.
29 Sep 2010; Mike Frysinger <vapier@gentoo.org> libselinux-2.0.85.ebuild,
+files/libselinux-2.0.85-headers.patch:
Fix by Chris Richards for building with glibc-2.12 #338302.
16 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
libselinux-2.0.71.ebuild, libselinux-2.0.85.ebuild:
Delete calls to deprecated python_version().
02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
libselinux-2.0.71.ebuild, libselinux-2.0.85.ebuild:
Add python_need_rebuild.
*libselinux-2.0.85 (02 Aug 2009)
02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+libselinux-2.0.85.ebuild:
New upstream release.
18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
-libselinux-1.34.14.ebuild, libselinux-2.0.71.ebuild:
Mark stable. Remove old ebuilds.
*libselinux-2.0.71 (03 Oct 2008)
03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
+libselinux-2.0.71.ebuild:
Initial commit of 2.0 libselinux.
29 May 2008; Ali Polatel <hawking@gentoo.org> libselinux-1.34.14.ebuild:
python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
13 May 2008; Chris PeBenito <pebenito@gentoo.org>
-libselinux-1.28-r1.ebuild, -libselinux-1.30.ebuild,
-libselinux-1.34.0.ebuild, -libselinux-1.34.13.ebuild,
libselinux-1.34.14.ebuild:
Mark 1.34.14 stable, clear old ebuilds.
11 May 2008; Chris PeBenito <pebenito@gentoo.org>
libselinux-1.34.0.ebuild, libselinux-1.34.13.ebuild,
libselinux-1.34.14.ebuild:
Fix bug #221501.
*libselinux-1.34.14 (29 Jan 2008)
29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
+libselinux-1.34.14.ebuild:
New upstream bugfix release.
*libselinux-1.34.13 (18 Oct 2007)
18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+libselinux-1.34.13.ebuild:
New upstream release.
04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
libselinux-1.34.0.ebuild:
Mark stable.
16 Feb 2007; Stephen Bennett <spb@gentoo.org> libselinux-1.34.0.ebuild:
Add missing swig depend. Bug #167007
*libselinux-1.34.0 (15 Feb 2007)
15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
+libselinux-1.34.0.ebuild:
New upstream release.
23 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
libselinux-1.30.29.ebuild:
Fix depend for glibc
09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
libselinux-1.30.29.ebuild:
Stable to make repoman happy.
*libselinux-1.30.29 (05 Oct 2006)
05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+libselinux-1.30.29.ebuild:
Add SVN snapshot.
31 Jul 2006; Chris PeBenito <pebenito@gentoo.org> libselinux-1.30.ebuild:
Mark stable, long overdue.
07 Apr 2006; Chris PeBenito <pebenito@gentoo.org> libselinux-1.30.ebuild:
Split python wrapper compile into a separate emake to ensure the main
library is built before trying to build the wrapper. Fixes bug #129074.
22 Mar 2006; Chris PeBenito <pebenito@gentoo.org> -libselinux-1.24.ebuild,
-libselinux-1.28.ebuild, libselinux-1.28-r1.ebuild:
Mark 1.28-r1 stable, clean out old ebuilds.
*libselinux-1.30 (18 Mar 2006)
18 Mar 2006; Chris PeBenito <pebenito@gentoo.org> +libselinux-1.30.ebuild:
New upstream release.
22 Feb 2006; Stephen Bennett <spb@gentoo.org> libselinux-1.28.ebuild:
Alpha stable
*libselinux-1.28-r1 (20 Feb 2006)
20 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/compat.py,
+libselinux-1.28-r1.ebuild:
Add python-selinux compatability aliases to swig wrapper.
19 Feb 2006; Joshua Kinard <kumba@gentoo.org> libselinux-1.28.ebuild:
Marked stable on mips.
09 Feb 2006; Chris PeBenito <pebenito@gentoo.org> libselinux-1.28.ebuild:
Move python_version out of global scope.
29 Jan 2006; Chris PeBenito <pebenito@gentoo.org> libselinux-1.28.ebuild:
Add python version handling to fix #120829, and add -fPIC to LDFLAGS to
hopefully fix #119271.
17 Jan 2006; Chris PeBenito <pebenito@gentoo.org> libselinux-1.28.ebuild:
Mark stable, x86, amd64, ppc, sparc.
14 Jan 2006; Stephen Bennett <spb@gentoo.org> libselinux-1.28.ebuild:
Added ~alpha
15 Dec 2005; Chris PeBenito <pebenito@gentoo.org> libselinux-1.28.ebuild:
Tighten up versioning to try to prevent mismatch problems as seen in #112348.
*libselinux-1.28 (09 Dec 2005)
09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
-files/libselinux-1.22.diff, -libselinux-1.22-r1.ebuild,
+libselinux-1.28.ebuild:
New upstream release.
09 Sep 2005; Chris PeBenito <pebenito@gentoo.org> libselinux-1.24.ebuild:
Mark stable.
*libselinux-1.24 (25 Jun 2005)
25 Jun 2005; Chris PeBenito <pebenito@gentoo.org> -libselinux-1.20.ebuild,
-libselinux-1.22.ebuild, +libselinux-1.24.ebuild:
New upstream release.
13 May 2005; Chris PeBenito <pebenito@gentoo.org>
libselinux-1.22-r1.ebuild:
Mark stable.
10 May 2005; Stephen Bennett <spb@gentoo.org> libselinux-1.22.ebuild:
mips stable
*libselinux-1.22-r1 (08 May 2005)
08 May 2005; Chris PeBenito <pebenito@gentoo.org>
+files/libselinux-1.22.diff, +libselinux-1.22-r1.ebuild:
A couple fixes, including one for bug #91921.
01 May 2005; Stephen Bennett <spb@gentoo.org> libselinux-1.22.ebuild:
Mark ~mips.
01 May 2005; Chris PeBenito <pebenito@gentoo.org> libselinux-1.22.ebuild:
Mark stable.
*libselinux-1.22 (13 Mar 2005)
13 Mar 2005; Chris PeBenito <pebenito@gentoo.org> +libselinux-1.22.ebuild:
New upstream release.
13 Feb 2005; Chris PeBenito <pebenito@gentoo.org> libselinux-1.20.ebuild:
Mark stable.
*libselinux-1.20 (07 Jan 2005)
07 Jan 2005; Chris PeBenito <pebenito@gentoo.org> libselinux-1.18.ebuild,
+libselinux-1.20.ebuild:
New upstream release. Mark 1.18 stable.
03 Jan 2005; Chris PeBenito <pebenito@gentoo.org> libselinux-1.16.ebuild,
libselinux-1.18.ebuild:
Switch to libc virtual for DEP since uclibc now has xattr support.
*libselinux-1.18 (14 Nov 2004)
14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+files/selinuxconfig.c.diff, +libselinux-1.18.ebuild:
New upstream release.
*libselinux-1.16 (07 Sep 2004)
07 Sep 2004; Chris PeBenito <pebenito@gentoo.org> +libselinux-1.16.ebuild:
New upstream release.
*libselinux-1.14 (02 Jul 2004)
02 Jul 2004; Chris PeBenito <pebenito@gentoo.org> +libselinux-1.14.ebuild:
New upstream version.
11 Jun 2004; Chris PeBenito <pebenito@gentoo.org> -libselinux-1.10.ebuild,
libselinux-1.12.ebuild:
Mark stable
*libselinux-1.12 (14 May 2004)
14 May 2004; Chris PeBenito <pebenito@gentoo.org> +libselinux-1.12.ebuild:
New upstream release.
*libselinux-1.10 (17 Apr 2004)
17 Apr 2004; Chris PeBenito <pebenito@gentoo.org> +libselinux-1.10.ebuild:
New upstream version.
08 Apr 2004; Chris PeBenito <pebenito@gentoo.org> libselinux-1.8.ebuild:
Mark stable for 2004.1
*libselinux-1.8 (12 Mar 2004)
12 Mar 2004; Chris PeBenito <pebenito@gentoo.org> libselinux-1.8.ebuild:
New upstream release.
*libselinux-1.6 (24 Feb 2004)
24 Feb 2004; Chris PeBenito <pebenito@gentoo.org> libselinux-1.6.ebuild:
New upstream release.
16 Dec 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.4.ebuild:
Mark stable.
*libselinux-1.4 (06 Dec 2003)
06 Dec 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.4.ebuild:
New upstream version.
29 Oct 2003; Joshua Brindle <method@gentoo.org> libselinux-1.2-r2.ebuild:
added sparc
*libselinux-1.2-r2 (20 Oct 2003)
20 Oct 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.2-r2.ebuild,
files/libselinux-1.2-attr.diff:
Compile against sys-apps/attr only if linux-headers are older than 2.4.20.
*libselinux-1.2-r1 (07 Oct 2003)
07 Oct 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.2-r1.ebuild,
files/libselinux-1.2-gentoo.diff:
Move libraries to /lib, to fix problems with having a separate /usr during
booting.
*libselinux-1.2 (03 Oct 2003)
03 Oct 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.2.ebuild,
files/libselinux-1.2-const.diff:
New upstream version.
22 Sep 2003; <paul@gentoo.org> metadata.xml:
Fix metadata.xml
21 Aug 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.1-r1.ebuild:
Add a dep for portage. The newer versions have labelling support for the old
API.
18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.1-r1.ebuild,
metadata.xml:
Fix license, this is public-domain, not GPL-2. Use package description in RPM
spec file as metadata.xml long description.
15 Aug 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.0.ebuild,
libselinux-1.1-r1.ebuild, files/libselinux-1.0-gentoo.diff:
Mark stable
*libselinux-1.1-r1 (14 Aug 2003)
14 Aug 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.1-r1.ebuild,
libselinux-1.1.ebuild, files/libselinux-1.1-linkfix.diff:
Add fix for a random linking problem that causes libselinux to work
incorrectly.
*libselinux-1.1 (14 Aug 2003)
14 Aug 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.1.ebuild,
files/libselinux-1.1-gentoo.diff:
New upstream version
04 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
files/libselinux-1.0-gentoo.diff:
Add on a NSA nullbyte patch to the gentoo patch
*libselinux-1.0 (03 Aug 2003)
03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> libselinux-1.0.ebuild,
metadata.xml, files/libselinux-1.0-gentoo.diff:
Initial commit

37
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/Manifest vendored
View File

@ -1,35 +1,2 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
AUX 0005-use-ruby-include-with-rubylibver.patch 634 SHA256 ca87111f9eb48b45b7271f4863ad4fbae99b64fd28a457cb15920250b0ded834 SHA512 6755c06e39a924dacc8cd21e8b56138938b55a54e76baddd2243bb4ec2cb99a92ca9d825f2f789ea84e87b1d795334a6b936e627d45b097ff724f00eb566c118 WHIRLPOOL 76a35b23454c941c32efdb2ed87a3fa3b044929d24acdcec53ab36f7d300bc94d6d8165a7b55483cc26ad21b4415aa47cb1540c07c498d3eeef2717f60a8ec3c
AUX 0006-build-related-fixes-bug-500674.patch 2846 SHA256 68084a13ed0366c279e37c6ce24703d0ddcbc46b2b4b88bb8af286b77df4212d SHA512 7eff094adfc4d276e72705735b3f73b2b8a4f78be153db749939cbf6c8df2246cf45d4eda0041696642ae22d3e1715f1fdc8b6351c13eb6003e48043fa38200b WHIRLPOOL dc2b99d5345e21f18de44dc56cb7996c5b567c932e4d3a2e6808a21233f582868333cc0d7c0eb2299b8d71a0cd46d2c0e88bfc6d351211b6374762b7863d72f6
DIST libselinux-2.2.2.tar.gz 171013 SHA256 30ab363416806da907b86b97f1d31c252473e3200358bb1570f563c8312b5a3e SHA512 1270cba11ec0795a2cea3706ac5547655d0e65dcd2141932000526f3d0c781b6ae114051b2bb53950b8ef207a318335329280b9fc9fd81796e8e4a27cf6ae841 WHIRLPOOL a444e44225ced35b126bbd2e8924aaf5c9f4da7abb9663d20a32b97babe750245c22d75e2238de0958b73295cf582b8aec39e23312886b96417120c600ed37dc
DIST libselinux-2.3.tar.gz 171254 SHA256 0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2 SHA512 8cfcd20ab0b43ffbb32389e0498b21e43cde643dcdf471a2354f1ca557f11641d250871ed5e71b9dde4c5f47ac1048746fe514f8f6cfad668fa179ed5136e802 WHIRLPOOL e975a391559aca3f8b251d2aa484cf8e344d09caa43ff56dd929e75a0ad195cf8d9a88b950679f589f4deb74aea0d22be4e7ad00b11eacc080288df0b5ac7ccb
DIST libselinux-2.4.tar.gz 165931 SHA256 46043091f4c5ba4f43e8d3715f30d665a2d571c9126c1f03945c9ea4ed380f7b SHA512 f7c7ceabcc6ca7bb5cb24fd04b8ea4771af7e509a11ce601fb50d52bd14b291ab6136b7f5193912d02b61b132a2fdd1666f229478598d0b20b99bdea0f5e69d6 WHIRLPOOL d1499818fc885c3bd07785d41466b4ea4bcf56fafe8cbc9bd1a517fe0d2d528b10911fa6df08756ca63aebc411fd69c7f01283685c8a858a81301e203dfd3ec2
DIST patchbundle-libselinux-2.2.2-r5.tar.gz 2304 SHA256 ad77f499c05ec3b5707cb9db518a891dd9c84ccb77db07e686c87e5799e1802c SHA512 a01db39a7aade27b0127dd0e2f3185587ff4d913b7b1be7beac36dc2d3e1007de5e6bae8a11bc84567385420fff064ba54892d8e113c8fd54ad3c598dde7648d WHIRLPOOL 5886d9de6fcf073d54ca5e0eac3f8b4754c44382e7044debb223f94ecc81ea0e26b7638037eef17eb6f8ce4cc5046a4bb9f93b9b7767480908ee5b2ced0413ac
DIST patchbundle-libselinux-4.tar.gz 2631 SHA256 91bf43c84ce3d3178c8d21fdcf97380a635fa2465d1611fe4e0e3838a586c78c SHA512 bd2f9762f095e3dbc67e77ee04968cb8e87d460fdf10feff91cb1ce6027e19a660bb57617887e44608d39720e8f95500c451c4b284d58c0a756a04b08fa305c2 WHIRLPOOL 07a6a69d33c46c443907aae2ae4f3646a0360565e28d0a50cbcf81f8b5d8c259812d3e086841fc21c2a8104ce9863fc6c9c1d32e28ea08ebc7baf2d45af3509f
EBUILD libselinux-2.2.2-r5.ebuild 2525 SHA256 1dd1041a0d3a310b8f9e37996dd8fbcc81f7ebdcde9b2ff6e073f88238493224 SHA512 02044a7244c47a9f36be9b8572f9ac0e992f1e0c68d8a658e2ccaa9d3b6c2d88d63ddae9071517cf011ab572a476847363670728f0a8b2cfd7d259ce95904242 WHIRLPOOL 27e0e4b5955bbd3b5bb217d8013f61fea766531205d9d2d5af431835bf623d0b0d8cb1360a0f7dd55f0cd2c8a2f0451878d1e3c76c9df8d80c12aa3867bbada3
EBUILD libselinux-2.3-r2.ebuild 3970 SHA256 967b3f19eee57afc9c5202f391c3ce56b0e02da7e3fe71661a16adfe5bf27d88 SHA512 105767af31686286fdd19dc26a5695c593fa6607b947beff211b4953420afdd7fbca08832bff2a3d27826a1f0c84c4e6c9b0ca2b2a071b590bdc906d63d816bf WHIRLPOOL e50c5e10d69e0ac964572bb2798b6cc8bfa21f84faa2737680798cb38717250ee8eb3b099db8a2bbfadfbb8bdf089af691bcbabc459348cd1df09bde0de987f1
EBUILD libselinux-2.4.ebuild 4022 SHA256 08ee10428e7e67ec7163257f01d3fe84960c78ee3bca780ae51ee15b66ecb588 SHA512 9cd6749ed3e4048dc3df8cfd8d2a434b7ffdd8587966df5c1a601582afbce400d1a3e8d5d9af835f81e09b75c9b706550da68019ceb5e9b6afdd1fe77e0ef43c WHIRLPOOL ecc28319c32c64b22c7b2168be6ca542a9d272b4061562b6d00b4cbf9202468a674f6e2c5763afe47504434b7d6c284e859bac53fe0a77662564516e9f2d6b8d
EBUILD libselinux-9999.ebuild 4309 SHA256 cf461b2942bd4fddca4c089cd7a6429380b6427820caf9ed1a6ae146a02a31b1 SHA512 99f32876ad848d56e1cdc248583f57cf296689a89cae727e86d03b81dfef83a168f568d10db77d17bd0b9a28c2383d914bf7d6c6a829c83a033bd0f939810c09 WHIRLPOOL cd97fb9b7e3140f226b92bedd49795d462de43bc27ecac934798634d95df17481177fbd2924e2f18be8a407e8cb07c93afe9b06972088b5c49f3549b2f532aed
MISC ChangeLog 21667 SHA256 3c8ecd29df3b5dd6b0b751dde592c1be7ad4d3c58fc6abc4ff5ddf1fa0dff484 SHA512 d9599d12aa78d4b97f74d989132b5def6d3ad3f34792457795bea1b3bdc1a06f0532cafb3d932339dbf7576fa68bd2422af1e5f5cccb36f74d0ca09dfc6145e1 WHIRLPOOL e5901ad1fbcf84db8c915e51d56da7f72d3703410113e82cddaf08979bf79a4886a5618cfa922a1f564ad2fb14694e6f46a97b3519a31e33d983f84e2ca414fe
MISC metadata.xml 493 SHA256 dca22a8d4937b58859c409d8844957d119d7b67626ad6fb78710cf8f0eb8d746 SHA512 9791ff1b9f5a01451a2e2e2f2abbb21d27e44dfd2663b081e0c06c61172043997cd65ac891da74e9ae90d48ddb06ec41ab69146e584d1eb1d627d84a1b1af58a WHIRLPOOL c458ad5c3943f92d09bd5df029fda4ef436ac34c1d2f2f3597c88de41d9d09c6182c602ca4d0f138cf9ae13b41b6a53ac06a6846fe3356b02be8c881bd6e9f2c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0
iQJ8BAEBCgBmBQJVfyvsXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmiTJEP/Ro3thaEYBwVvkTWO/GQZwQv
NxRB9/Jz/8GvK8AYILnWt/k9UyMaVN115t3p/ul/GqJi9qCIgESUXi8BQk9ZZTdi
Kbhp4Kc6+c37p0UIQFqndI46cY9pmt3kPgiRqTLGnIik4+pZIi16Q8wt/uFEn+xH
KT7YSEGnY48m6BK+I3zkUCmS7Gm9jPIEMPzHlhes+nTapwPlk62RJWEbfrS6eLXY
xiXzQvSw/yquULiAL3av4BGgWg7VeZGgXSfpbWa5IOhKUokqDBMGZUH9ymd0OV6M
+wZmE0l+6ojBtCj0Ke8HnYQqpwKNaudukSYJerqnr4Lh/MpVUHkaajH3hUavjWij
F3JifJ1E3VgA6ay1Q44XSo7bcMgwCy4/Su/cKSr+AdBJaLiwMLpcVat1R+1ih95A
W3UeHUXQ40BrHXPUgFNDzpkYh4VONk/m+GSy6b4tPRyJuMDB0HnfE3FoiXPjBzf5
dNKznyYV6LZ8hV7ziS4toC2hPS4uEsQZS6ImHfySKOCvuvynf/+r3BtBktIWHI6D
jccEpWNwsDGx95JWtqGfQ3+IB3MLeALbsFH2AY2n/HjYiJrUXrgAbz9R/IfFArrn
tIaoSI6RDcnHuO8qrjmJstUgwEUBrZ/LNZgrEbQdM7pZkcow8rhctLx/+LCzv0xw
GLNreFQ1lB4iUUTR4ko1
=rhsU
-----END PGP SIGNATURE-----
DIST libselinux-3.1.tar.gz 204703 BLAKE2B 72ff2d99dd6640405e804f58bdfbf05e152615ea92f902b3942602af13dc17080afeabb942ed33ae6b3f528870f4b11584e533848e455a97bf8f7151a8d44646 SHA512 57730cddd2d4751556d9e1f207c0f85119c81848f0620c16239e997150989e3f9a586a8c23861fd51ed89f7e084ad441190a58a288258a49a95f7beef7dbbb13
DIST libselinux-3.2.tar.gz 206380 BLAKE2B 544eaaa87b9738c61929abe48713b530a8909eaea017890040f2fe299af86f09b6eb2cf4c9a68e06268ba09923b2b67703ac7a2b973906acb45f698e9ccaeed2 SHA512 18129ac0b9936e1f66021f1b311cf1c1e27a01e50cb70f08a3e1c642c5251e4538aec25a8427778569dfecf5333cf1fb84f1a59afdce8019328d0cff7e5833c5

12
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/files/0005-use-ruby-include-with-rubylibver.patch vendored
View File

@ -1,12 +0,0 @@
diff -uNr libselinux-2.2.2.orig/src/Makefile libselinux-2.2.2/src/Makefile
--- libselinux-2.2.2.orig/src/Makefile 2013-11-06 20:56:30.000000000 +0100
+++ libselinux-2.2.2/src/Makefile 2013-11-25 21:02:05.327561766 +0100
@@ -16,7 +16,7 @@
PYLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
RUBYPLATFORM ?= $(shell $(RUBY) -e 'print RUBY_PLATFORM')
-RUBYINC ?= $(shell pkg-config --cflags ruby)
+RUBYINC ?= $(shell pkg-config --cflags ruby-$(RUBYLIBVER))
RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
LIBBASE ?= $(shell basename $(LIBDIR))

67
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/files/0006-build-related-fixes-bug-500674.patch vendored
View File

@ -1,67 +0,0 @@
https://bugs.gentoo.org/500674
random fixes:
- make sure PCRE_CFLAGS get used
- use PCRE_LIBS via pkg-config
- move LDFLAGS to before objects, not after
- do not hardcode -L$(LIBDIR) (let the toolchain handle it)
- do not hardcode -I$(INCLUDEDIR) (let the toolchain handle it)
--- a/src/Makefile
+++ b/src/Makefile
@@ -75,7 +75,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
-Werror -Wno-aggregate-return -Wno-redundant-decls
-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+override CFLAGS += -I../include $(PCRE_CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
-Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
@@ -104,17 +104,17 @@ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(CFLAGS) -shared -o $@ $< -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux
$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
- $(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux
$(LIBA): $(OBJS)
$(AR) rcs $@ $^
$(RANLIB) $@
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl $(PCRE_LIBS) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
@@ -127,7 +127,7 @@ $(AUDIT2WHYLOBJ): audit2why.c
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
- $(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -24,11 +24,12 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
-fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
-Werror -Wno-aggregate-return -Wno-redundant-decls
override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS)
-LDLIBS += -L../src -lselinux -L$(LIBDIR)
+LDLIBS += -L../src -lselinux
TARGETS=$(patsubst %.c,%,$(wildcard *.c))
-sefcontext_compile: LDLIBS += -lpcre
+sefcontext_compile: CFLAGS += $(PCRE_CFLAGS)
+sefcontext_compile: LDLIBS += $(PCRE_LIBS)
ifeq ($(DISABLE_AVC),y)
UNUSED_TARGETS+=compute_av compute_create compute_member compute_relabel

103
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/files/0007-fix-setexeccon-on-exec.patch vendored
View File

@ -1,103 +0,0 @@
diff -ur libselinux-2.4.orig/src/procattr.c libselinux-2.4/src/procattr.c
--- libselinux-2.4.orig/src/procattr.c 2015-02-02 06:38:10.000000000 -0800
+++ libselinux-2.4/src/procattr.c 2015-09-08 15:38:39.152239654 -0700
@@ -11,8 +11,6 @@
#define UNSET (char *) -1
-static __thread pid_t cpid;
-static __thread pid_t tid;
static __thread char *prev_current = UNSET;
static __thread char * prev_exec = UNSET;
static __thread char * prev_fscreate = UNSET;
@@ -24,15 +22,6 @@
static int destructor_key_initialized = 0;
static __thread char destructor_initialized;
-extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden")));
-extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
-
-static int __selinux_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void))
-{
- return __register_atfork (prepare, parent, child,
- &__dso_handle == NULL ? NULL : __dso_handle);
-}
-
static pid_t gettid(void)
{
return syscall(__NR_gettid);
@@ -52,14 +41,6 @@
free(prev_sockcreate);
}
-static void free_procattr(void)
-{
- procattr_thread_destructor(NULL);
- tid = 0;
- cpid = getpid();
- prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = UNSET;
-}
-
void __attribute__((destructor)) procattr_destructor(void);
void hidden __attribute__((destructor)) procattr_destructor(void)
@@ -79,7 +60,6 @@
static void init_procattr(void)
{
if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
- __selinux_atfork(NULL, NULL, free_procattr);
destructor_key_initialized = 1;
}
}
@@ -88,21 +68,26 @@
{
int fd, rc;
char *path;
-
- if (cpid != getpid())
- free_procattr();
+ pid_t tid;
if (pid > 0)
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
else {
- if (!tid)
- tid = gettid();
+ rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
+ if (rc < 0)
+ return -1;
+ fd = open(path, flags | O_CLOEXEC);
+ if (fd >= 0 || errno != ENOENT)
+ goto out;
+ free(path);
+ tid = gettid();
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
}
if (rc < 0)
return -1;
fd = open(path, flags | O_CLOEXEC);
+out:
free(path);
return fd;
}
@@ -120,9 +105,6 @@
__selinux_once(once, init_procattr);
init_thread_destructor();
- if (cpid != getpid())
- free_procattr();
-
switch (attr[0]) {
case 'c':
prev_context = prev_current;
@@ -220,9 +202,6 @@
__selinux_once(once, init_procattr);
init_thread_destructor();
- if (cpid != getpid())
- free_procattr();
-
switch (attr[0]) {
case 'c':
prev_context = &prev_current;

49
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/files/0008-do-not-define-gettid-for-glibc-2.30-and-above.patch vendored
View File

@ -1,49 +0,0 @@
See https://github.com/SELinuxProject/selinux/commit/707e4b8610733b5c9eaac0f00239778f3edb23c2
(original patch ported to work with Flatcar libselinux version)
libselinux: Do not define gettid() if glibc >= 2.30 is used
Since version 2.30 glibc implements gettid() system call wrapper, see
https://sourceware.org/bugzilla/show_bug.cgi?id=6399
Fixes:
cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -c -o procattr.o procattr.c
procattr.c:28:14: error: static declaration of gettid follows non-static declaration
28 | static pid_t gettid(void)
| ^~~~~~
In file included from /usr/include/unistd.h:1170,
from procattr.c:2:
/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of gettid was here
34 | extern __pid_t gettid (void) __THROW;
| ^~~~~~
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
--- a/src/procattr.c
+++ b/src/procattr.c
@@ -22,10 +22,24 @@ static pthread_key_t destructor_key;
static int destructor_key_initialized = 0;
static __thread char destructor_initialized;
+/* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and
+ * has a definition for it */
+#ifdef __BIONIC__
+ #define OVERRIDE_GETTID 0
+#elif !defined(__GLIBC_PREREQ)
+ #define OVERRIDE_GETTID 1
+#elif !__GLIBC_PREREQ(2,30)
+ #define OVERRIDE_GETTID 1
+#else
+ #define OVERRIDE_GETTID 0
+#endif
+
+#if OVERRIDE_GETTID
static pid_t gettid(void)
{
return syscall(__NR_gettid);
}
+#endif
static void procattr_thread_destructor(void __attribute__((unused)) *unused)
{

144
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/libselinux-2.4.ebuild vendored
View File

@ -1,144 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-libs/libselinux/libselinux-2.4.ebuild,v 1.4 2015/05/10 09:01:52 perfinion Exp $
EAPI="5"
PYTHON_COMPAT=( python2_7 python3_4 python3_5 python3_6 )
USE_RUBY="ruby19 ruby20"
# No, I am not calling ruby-ng
inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
MY_P="${P//_/-}"
SEPOL_VER="${PV}"
DESCRIPTION="SELinux userland library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
LICENSE="public-domain"
SLOT="0"
KEYWORDS="amd64 x86"
IUSE="python ruby static-libs ruby_targets_ruby19 ruby_targets_ruby20"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
>=dev-libs/libpcre-8.33-r1[static-libs?,${MULTILIB_USEDEP}]
python? ( ${PYTHON_DEPS} )
ruby? (
ruby_targets_ruby19? ( dev-lang/ruby:1.9 )
ruby_targets_ruby20? ( dev-lang/ruby:2.0 )
)"
DEPEND="${RDEPEND}
virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )"
S="${WORKDIR}/${MY_P}"
src_prepare() {
epatch "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
epatch "${FILESDIR}/0006-build-related-fixes-bug-500674.patch"
epatch "${FILESDIR}/0007-fix-setexeccon-on-exec.patch"
epatch "${FILESDIR}/0008-do-not-define-gettid-for-glibc-2.30-and-above.patch"
epatch_user
multilib_copy_sources
}
multilib_src_compile() {
tc-export PKG_CONFIG RANLIB
local PCRE_CFLAGS=$(${PKG_CONFIG} libpcre --cflags)
local PCRE_LIBS=$(${PKG_CONFIG} libpcre --libs)
export PCRE_{CFLAGS,LIBS}
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
all
if multilib_is_native_abi && use python; then
building() {
python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
emake \
CC="$(tc-getCC)" \
PYINC="-I${PYTHON_INCLUDEDIR}" \
PYTHONLIBDIR="${PYTHON_LIBPATH}" \
PYPREFIX="${EPYTHON##*/}" \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
pywrap
}
python_foreach_impl building
fi
if multilib_is_native_abi && use ruby; then
building() {
einfo "Calling rubywrap for ${1}"
# Clean up .lo file to force rebuild
test -f src/selinuxswig_ruby_wrap.lo && rm src/selinuxswig_ruby_wrap.lo
emake \
CC="$(tc-getCC)" \
RUBY=${1} \
RUBYINSTALL=$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]') \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
building ${RUBYTARGET}
done
fi
}
multilib_src_install() {
LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
emake DESTDIR="${D}" install
if multilib_is_native_abi && use python; then
installation() {
LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation
fi
if multilib_is_native_abi && use ruby; then
installation() {
einfo "Calling install-rubywrap for ${1}"
# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
rm src/selinuxswig_ruby_wrap.lo
LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" \
RUBY=${1} \
RUBYINSTALL="${D}/$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]')" \
install-rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
installation ${RUBYTARGET}
done
fi
use static-libs || rm "${D}"/usr/lib*/*.a
}
pkg_postinst() {
# Fix bug 473502
for POLTYPE in ${POLICY_TYPES};
do
mkdir -p /etc/selinux/${POLTYPE}/contexts/files
touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local
# Fix bug 516608
for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE};
done
done
}

159
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/libselinux-3.1-r1.ebuild vendored Normal file
View File

@ -0,0 +1,159 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_6 )
USE_RUBY="ruby25 ruby26 ruby27"
# No, I am not calling ruby-ng
inherit python-r1 toolchain-funcs multilib-minimal
MY_P="${P//_/-}"
SEPOL_VER="${PV}"
MY_RELEASEDATE="20200710"
DESCRIPTION="SELinux userland library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]] ; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="public-domain"
SLOT="0"
IUSE="pcre2 python ruby static-libs ruby_targets_ruby25 ruby_targets_ruby26 ruby_targets_ruby27"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}:=[${MULTILIB_USEDEP}]
!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
python? ( ${PYTHON_DEPS} )
ruby? (
ruby_targets_ruby25? ( dev-lang/ruby:2.5 )
ruby_targets_ruby26? ( dev-lang/ruby:2.6 )
ruby_targets_ruby27? ( dev-lang/ruby:2.7 )
)
elibc_musl? ( sys-libs/fts-standalone )"
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )
ruby? ( >=dev-lang/swig-2.0.9 )"
src_prepare() {
eapply_user
multilib_copy_sources
}
multilib_src_compile() {
tc-export AR CC PKG_CONFIG RANLIB
emake \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
all
if multilib_is_native_abi && use python; then
building() {
emake \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
pywrap
}
python_foreach_impl building
fi
if multilib_is_native_abi && use ruby; then
building() {
einfo "Calling rubywrap for ${1}"
# Clean up .lo file to force rebuild
rm -f src/selinuxswig_ruby_wrap.lo || die
emake \
RUBY=${1} \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
building ${RUBYTARGET}
done
fi
}
multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install
if multilib_is_native_abi && use python; then
installation() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation
fi
if multilib_is_native_abi && use ruby; then
installation() {
einfo "Calling install-rubywrap for ${1}"
# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
rm src/selinuxswig_ruby_wrap.lo
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
RUBY=${1} \
USE_PCRE2="$(usex pcre2 y n)" \
install-rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
installation ${RUBYTARGET}
done
fi
use static-libs || rm "${D}"/usr/lib*/*.a || die
}
pkg_postinst() {
# Fix bug 473502
for POLTYPE in ${POLICY_TYPES};
do
mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
# Fix bug 516608
for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
# flatcar changes:
# since libselinux is installed under `/build/amd64-usr`, we need to
# specify abspath to the binary `sefcontext_compile`, as well as abspath
# to the policy files.
if [[ -f "${ROOT}/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
${ROOT}/usr/sbin/sefcontext_compile ${ROOT}/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
|| die "Failed to recompile contexts"
fi
done
done
}

156
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/libselinux-3.2.ebuild vendored Normal file
View File

@ -0,0 +1,156 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="7"
PYTHON_COMPAT=( python3_6 )
USE_RUBY="ruby25 ruby26 ruby27"
# No, I am not calling ruby-ng
inherit python-r1 toolchain-funcs multilib-minimal
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux userland library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="public-domain"
SLOT="0"
IUSE="pcre2 python ruby static-libs ruby_targets_ruby25 ruby_targets_ruby26 ruby_targets_ruby27"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
python? ( ${PYTHON_DEPS} )
ruby? (
ruby_targets_ruby25? ( dev-lang/ruby:2.5 )
ruby_targets_ruby26? ( dev-lang/ruby:2.6 )
ruby_targets_ruby27? ( dev-lang/ruby:2.7 )
)
elibc_musl? ( sys-libs/fts-standalone )"
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )
ruby? ( >=dev-lang/swig-2.0.9 )"
src_prepare() {
eapply_user
multilib_copy_sources
}
multilib_src_compile() {
tc-export AR CC PKG_CONFIG RANLIB
local -x CFLAGS="${CFLAGS} -fno-semantic-interposition"
emake \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
all
if multilib_is_native_abi && use python; then
building() {
emake \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
pywrap
}
python_foreach_impl building
fi
if multilib_is_native_abi && use ruby; then
building() {
einfo "Calling rubywrap for ${1}"
# Clean up .lo file to force rebuild
rm -f src/selinuxswig_ruby_wrap.lo || die
emake \
RUBY=${1} \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
building ${RUBYTARGET}
done
fi
}
multilib_src_install() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install
if multilib_is_native_abi && use python; then
installation() {
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation
fi
if multilib_is_native_abi && use ruby; then
installation() {
einfo "Calling install-rubywrap for ${1}"
# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
rm src/selinuxswig_ruby_wrap.lo
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
RUBY=${1} \
USE_PCRE2="$(usex pcre2 y n)" \
install-rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
use ruby_targets_${RUBYTARGET} || continue
installation ${RUBYTARGET}
done
fi
use static-libs || rm "${D}"/usr/lib*/*.a || die
}
pkg_postinst() {
# Fix bug 473502
for POLTYPE in ${POLICY_TYPES};
do
mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
# Fix bug 516608
for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
if [[ -f "/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
|| die "Failed to recompile contexts"
fi
done
done
}

117
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/libselinux-9999.ebuild vendored
View File

@ -1,85 +1,76 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-libs/libselinux/libselinux-9999.ebuild,v 1.1 2015/06/09 15:35:39 swift Exp $
EAPI="5"
PYTHON_COMPAT=( python2_7 python3_4 python3_5 python3_6 )
USE_RUBY="ruby19 ruby20"
EAPI="7"
PYTHON_COMPAT=( python3_6 )
USE_RUBY="ruby25 ruby26 ruby27"
# No, I am not calling ruby-ng
inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
inherit python-r1 toolchain-funcs multilib-minimal
MY_P="${P//_/-}"
SEPOL_VER="${PV}"
MY_RELEASEDATE="20150202"
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux userland library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]] ; then
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~x86"
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="public-domain"
SLOT="0"
IUSE="pcre2 python ruby static-libs ruby_targets_ruby25 ruby_targets_ruby26 ruby_targets_ruby27"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
IUSE="python ruby static-libs ruby_targets_ruby19 ruby_targets_ruby20"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
>=dev-libs/libpcre-8.33-r1[static-libs?,${MULTILIB_USEDEP}]
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
!pcre2? ( >=dev-libs/libpcre-8.33-r1:=[static-libs?,${MULTILIB_USEDEP}] )
pcre2? ( dev-libs/libpcre2:=[static-libs?,${MULTILIB_USEDEP}] )
python? ( ${PYTHON_DEPS} )
ruby? (
ruby_targets_ruby19? ( dev-lang/ruby:1.9 )
ruby_targets_ruby20? ( dev-lang/ruby:2.0 )
)"
DEPEND="${RDEPEND}
virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )"
ruby_targets_ruby25? ( dev-lang/ruby:2.5 )
ruby_targets_ruby26? ( dev-lang/ruby:2.6 )
ruby_targets_ruby27? ( dev-lang/ruby:2.7 )
)
elibc_musl? ( sys-libs/fts-standalone )"
DEPEND="${RDEPEND}"
BDEPEND="virtual/pkgconfig
python? ( >=dev-lang/swig-2.0.9 )
ruby? ( >=dev-lang/swig-2.0.9 )"
src_prepare() {
if [[ ${PV} != 9999 ]] ; then
# If needed for live builds, place them in /etc/portage/patches
epatch "${FILESDIR}/0005-use-ruby-include-with-rubylibver.patch"
epatch "${FILESDIR}/0006-build-related-fixes-bug-500674.patch"
epatch "${FILESDIR}/0007-fix-setexeccon-on-exec.patch"
fi
epatch_user
eapply_user
multilib_copy_sources
}
multilib_src_compile() {
tc-export PKG_CONFIG RANLIB
local PCRE_CFLAGS=$(${PKG_CONFIG} libpcre --cflags)
local PCRE_LIBS=$(${PKG_CONFIG} libpcre --libs)
export PCRE_{CFLAGS,LIBS}
tc-export AR CC PKG_CONFIG RANLIB
local -x CFLAGS="${CFLAGS} -fno-semantic-interposition"
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
LDFLAGS="-fPIC ${LDFLAGS} -pthread" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
all
if multilib_is_native_abi && use python; then
building() {
python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
emake \
CC="$(tc-getCC)" \
PYINC="-I${PYTHON_INCLUDEDIR}" \
PYTHONLIBDIR="${PYTHON_LIBPATH}" \
PYPREFIX="${EPYTHON##*/}" \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
pywrap
}
python_foreach_impl building
@ -89,14 +80,14 @@ multilib_src_compile() {
building() {
einfo "Calling rubywrap for ${1}"
# Clean up .lo file to force rebuild
test -f src/selinuxswig_ruby_wrap.lo && rm src/selinuxswig_ruby_wrap.lo
rm -f src/selinuxswig_ruby_wrap.lo || die
emake \
CC="$(tc-getCC)" \
RUBY=${1} \
RUBYINSTALL=$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]') \
LDFLAGS="-fPIC ${LDFLAGS} -lpthread" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
FTS_LDLIBS="$(usex elibc_musl '-lfts' '')" \
rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
@ -108,12 +99,19 @@ multilib_src_compile() {
}
multilib_src_install() {
LIBDIR="\$(PREFIX)/$(get_libdir)" SHLIBDIR="\$(DESTDIR)/$(get_libdir)" \
emake DESTDIR="${D}" install
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install
if multilib_is_native_abi && use python; then
installation() {
LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" install-pywrap
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
USE_PCRE2="$(usex pcre2 y n)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation
@ -124,9 +122,11 @@ multilib_src_install() {
einfo "Calling install-rubywrap for ${1}"
# Forcing (re)build here as otherwise the resulting SO file is used for all ruby versions
rm src/selinuxswig_ruby_wrap.lo
LIBDIR="\$(PREFIX)/$(get_libdir)" emake DESTDIR="${D}" \
emake DESTDIR="${D}" \
LIBDIR="\$(PREFIX)/$(get_libdir)" \
SHLIBDIR="/$(get_libdir)" \
RUBY=${1} \
RUBYINSTALL="${D}/$(${1} -e 'print RbConfig::CONFIG["vendorarchdir"]')" \
USE_PCRE2="$(usex pcre2 y n)" \
install-rubywrap
}
for RUBYTARGET in ${USE_RUBY}; do
@ -136,18 +136,21 @@ multilib_src_install() {
done
fi
use static-libs || rm "${D}"/usr/lib*/*.a
use static-libs || rm "${D}"/usr/lib*/*.a || die
}
pkg_postinst() {
# Fix bug 473502
for POLTYPE in ${POLICY_TYPES};
do
mkdir -p /etc/selinux/${POLTYPE}/contexts/files
touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local
mkdir -p /etc/selinux/${POLTYPE}/contexts/files || die
touch /etc/selinux/${POLTYPE}/contexts/files/file_contexts.local || die
# Fix bug 516608
for EXPRFILE in file_contexts file_contexts.homedirs file_contexts.local ; do
sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE};
if [[ -f "/etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE}" ]]; then
sefcontext_compile /etc/selinux/${POLTYPE}/contexts/files/${EXPRFILE} \
|| die "Failed to recompile contexts"
fi
done
done
}

9
sdk_container/src/third_party/coreos-overlay/sys-libs/libselinux/metadata.xml vendored
View File

@ -1,13 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
<longdescription>
Libselinux provides an API for SELinux applications to get and set
process and file security contexts and to obtain security policy
decisions. Required for any applications that use the SELinux API.
</longdescription>
<use>
<flag name="pcre2">Use <pkg>dev-libs/libpcre2</pkg> for fcontext regexes</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:selinuxproject:libselinux</remote-id>
<remote-id type="github">SELinuxProject/selinux</remote-id>
</upstream>
</pkgmetadata>

414
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/ChangeLog vendored
View File

@ -1,414 +0,0 @@
# ChangeLog for sys-libs/libsemanage
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/ChangeLog,v 1.94 2015/06/09 15:36:24 swift Exp $
*libsemanage-9999 (09 Jun 2015)
09 Jun 2015; Sven Vermeulen <swift@gentoo.org> +libsemanage-9999.ebuild:
Adding libsemanage-9999 to better support upstream integrations
10 May 2015; Jason Zaman <perfinion@gentoo.org> libsemanage-2.4-r1.ebuild:
stabilize selinux 2.4 userland
09 May 2015; Jason Zaman <perfinion@gentoo.org> -libsemanage-2.4.ebuild:
drop broken
*libsemanage-2.4-r1 (23 Apr 2015)
23 Apr 2015; Jason Zaman <perfinion@gentoo.org>
+files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch,
+libsemanage-2.4-r1.ebuild,
-files/0002-semanage_migrate_store-Python3-support.patch:
rev bump with migration patch
18 Apr 2015; Jason Zaman <perfinion@gentoo.org> -libsemanage-2.3-r3.ebuild,
-libsemanage-2.4_rc6-r2.ebuild, -libsemanage-2.4_rc7.ebuild:
Drop old RCs
08 Apr 2015; Michał Górny <mgorny@gentoo.org> libsemanage-2.2-r2.ebuild,
libsemanage-2.3-r3.ebuild, libsemanage-2.3-r4.ebuild, libsemanage-2.4.ebuild,
libsemanage-2.4_rc6-r2.ebuild, libsemanage-2.4_rc7.ebuild:
Drop old Python implementations
*libsemanage-2.4 (04 Feb 2015)
04 Feb 2015; Jason Zaman <perfinion@gentoo.org> +libsemanage-2.4.ebuild:
Version bump
26 Jan 2015; Agostino Sarubbo <ago@gentoo.org> libsemanage-2.3-r4.ebuild:
Stable for x86, wrt bug #535684
22 Jan 2015; Agostino Sarubbo <ago@gentoo.org> libsemanage-2.3-r4.ebuild:
Stable for amd64, wrt bug #535684
*libsemanage-2.4_rc7 (06 Dec 2014)
06 Dec 2014; Jason Zaman <perfinion@gentoo.org> +libsemanage-2.4_rc7.ebuild,
-libsemanage-2.3-r2.ebuild, -libsemanage-2.4_rc2.ebuild,
-libsemanage-2.4_rc5.ebuild, -libsemanage-2.4_rc6-r1.ebuild,
-libsemanage-2.4_rc6.ebuild:
version bump and ebuild clean up, drop old RC
*libsemanage-2.3-r4 (04 Dec 2014)
04 Dec 2014; Jason Zaman <perfinion@gentoo.org> +libsemanage-2.3-r4.ebuild,
libsemanage-2.4_rc6-r2.ebuild:
Call python_optimize, bug 531638
*libsemanage-2.4_rc6-r2 (27 Nov 2014)
27 Nov 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.4_rc6-r2.ebuild:
Migrate store as soon as possible, but do not reload policy (bug 530864)
*libsemanage-2.4_rc6-r1 (22 Nov 2014)
22 Nov 2014; Jason Zaman <perfinion@gentoo.org>
+files/0002-semanage_migrate_store-Python3-support.patch,
+libsemanage-2.4_rc6-r1.ebuild:
python3 support for semanage_migrate_store. bug 529252
*libsemanage-2.4_rc6 (14 Nov 2014)
14 Nov 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.4_rc6.ebuild:
Bump to rc6, add python3_4 to PYTHON_COMPAT (fixes bug 529176); rc6 also fixes
unconfined issue when USE=-unconfined is set
01 Nov 2014; Sven Vermeulen <swift@gentoo.org> libsemanage-2.3-r3.ebuild:
Stabilize libsemanage-2.3-r3 (fix for bug #520608)
*libsemanage-2.4_rc5 (29 Oct 2014)
29 Oct 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.4_rc5.ebuild,
-libsemanage-2.4_rc4.ebuild:
Bump to 2.4_rc5
*libsemanage-2.4_rc4 (07 Oct 2014)
07 Oct 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.4_rc4.ebuild:
Bump to 2.4-rc4
*libsemanage-2.4_rc2 (21 Sep 2014)
21 Sep 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.4_rc2.ebuild,
libsemanage-2.3-r2.ebuild, libsemanage-2.3-r3.ebuild:
Noved to github; also add in masked 2.4 series
16 Sep 2014; Brian Dolbec <dolsen@gentoo.org> libsemanage-2.3-r3.ebuild:
Add python-3.4 target. Tested and confirmed working by perfinion.
*libsemanage-2.3-r3 (23 Aug 2014)
23 Aug 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.3-r3.ebuild:
Fix bug #520608 - Install .so in correct multilib location
05 Aug 2014; Sven Vermeulen <swift@gentoo.org> -libsemanage-2.2.ebuild,
-libsemanage-2.3-r1.ebuild, -libsemanage-2.3.ebuild:
Remove obsoleted ebuilds
05 Aug 2014; Sven Vermeulen <swift@gentoo.org> libsemanage-2.2-r2.ebuild:
Stabilize latest libsemanage-2.2
30 Jul 2014; Sven Vermeulen <swift@gentoo.org> libsemanage-2.3-r2.ebuild:
Fix bug #514194 - Stabilization of SELinux userspace 2.3
18 Jun 2014; Michał Górny <mgorny@gentoo.org> libsemanage-2.3-r2.ebuild:
Update dependencies to require guaranteed EAPI=5 or multilib ebuilds, bug
#513718.
*libsemanage-2.3-r2 (02 Jun 2014)
02 Jun 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.3-r2.ebuild:
Update multilib support in libsemanage with thanks to Arfrever
*libsemanage-2.3-r1 (01 Jun 2014)
01 Jun 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.3-r1.ebuild:
Fixing multilib support (bug #506460) with thanks to Sven Eden. Package has
dep on audit-2.2.2 which is p.masked so added same package to p.mask combo
10 May 2014; Sven Vermeulen <swift@gentoo.org> -libsemanage-2.1.10.ebuild,
-libsemanage-2.2-r1.ebuild, -libsemanage-2.3_rc1.ebuild:
Spring cleanup
*libsemanage-2.3 (09 May 2014)
09 May 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.3.ebuild:
Bump to 2.3
*libsemanage-2.3_rc1 (28 Apr 2014)
28 Apr 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.3_rc1.ebuild:
2.3-rc1 release
*libsemanage-2.2-r2 (23 Mar 2014)
23 Mar 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.2-r2.ebuild:
Fix bug #502078 - have SHLIBS use PREFIX, not DESTDIR
02 Feb 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.2-r1.ebuild:
Support multilib
*libsemanage-2.2-r1 (02 Feb 2014)
02 Feb 2014; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.2-r1.ebuild:
Removing ruby support for libsemanage for now (libselinux has it removed as
we)
01 Feb 2014; Sven Vermeulen <swift@gentoo.org> libsemanage-2.2.ebuild:
Adding python3_3 to supported Pythons, see bug #499606
20 Jan 2014; Sven Vermeulen <swift@gentoo.org> libsemanage-2.2.ebuild:
Fix bug #497754 - Add in dep on virtual/pgkconfig
20 Jan 2014; Sven Vermeulen <swift@gentoo.org> libsemanage-2.2.ebuild:
Stabilize for amd64 and x86
23 Dec 2013; Sven Vermeulen <swift@gentoo.org> -libsemanage-2.1.9.ebuild:
Cleanup old version
10 Nov 2013; Sven Vermeulen <swift@gentoo.org> libsemanage-2.2.ebuild:
Adding dependency to audit (bug #490488)
*libsemanage-2.2 (04 Nov 2013)
04 Nov 2013; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.2.ebuild:
New libsemanage release
07 Jul 2013; Sven Vermeulen <swift@gentoo.org> -libsemanage-2.1.6.ebuild,
-libsemanage-2.1.6-r2.ebuild:
Summer cleaning
16 Jun 2013; Sven Vermeulen <swift@gentoo.org> libsemanage-2.1.10.ebuild:
Stabilization
*libsemanage-2.1.10 (25 Apr 2013)
25 Apr 2013; Sven Vermeulen <swift@gentoo.org> +libsemanage-2.1.10.ebuild:
New upstream release
07 Feb 2013; Sven Vermeulen <swift@gentoo.org> libsemanage-2.1.9.ebuild:
Python 2.6 is not supported with libsemanage, see bug #445216
17 Nov 2012; <swift@gentoo.org> libsemanage-2.1.9.ebuild:
Stabilization
13 Oct 2012; <swift@gentoo.org> libsemanage-2.1.9.ebuild:
Supporting user-provided patches using epatch_user
*libsemanage-2.1.9 (09 Oct 2012)
09 Oct 2012; <swift@gentoo.org> +libsemanage-2.1.9.ebuild:
Introduce new upstream version
26 Jun 2012; Mike Gilbert <floppym@gentoo.org> libsemanage-2.1.6-r2.ebuild,
libsemanage-2.1.6.ebuild:
Restrict pypy per Arfrever.
*libsemanage-2.1.6-r2 (25 Jun 2012)
25 Jun 2012; <swift@gentoo.org> +libsemanage-2.1.6-r2.ebuild:
Fix python3 support
13 May 2012; <swift@gentoo.org> -libsemanage-2.1.0.ebuild:
Removing obsoleted ebuild
29 Apr 2012; <swift@gentoo.org> libsemanage-2.1.6.ebuild:
Stabilization
05 Apr 2012; <swift@gentoo.org> libsemanage-2.1.0.ebuild,
libsemanage-2.1.6.ebuild:
Depending on swig-2.0.4-r1 to fix build failures as per bug #409959
*libsemanage-2.1.6 (31 Mar 2012)
31 Mar 2012; <swift@gentoo.org> +libsemanage-2.1.6.ebuild:
Bump to version 2.1.6
12 Nov 2011; <swift@gentoo.org> -libsemanage-2.0.45.ebuild,
-libsemanage-2.0.46.ebuild:
Remove deprecated ebuilds
23 Oct 2011; <swift@gentoo.org> libsemanage-2.1.0.ebuild:
Stabilization (tracker #384231)
17 Sep 2011; <swift@gentoo.org> libsemanage-2.0.45.ebuild,
libsemanage-2.0.46.ebuild:
Adding dependencies on bison and flex as per bug #382583
17 Sep 2011; <swift@gentoo.org> libsemanage-2.1.0.ebuild:
Add dependency for flex and bison
12 Aug 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog:
Fix failed gpg signing of Manifest
12 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
-libsemanage-2.0.27.ebuild, -libsemanage-2.0.33.ebuild,
-libsemanage-2.0.33-r1.ebuild, -files/libsemanage-2.0.33-bzip.diff:
Removed deprecated versions
*libsemanage-2.1.0 (03 Aug 2011)
03 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
+libsemanage-2.1.0.ebuild:
Bump to 20110727 SELinux userspace release
*libsemanage-2.0.46 (15 Jul 2011)
15 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+libsemanage-2.0.46.ebuild:
Bump to 2.0.46 - proxy for SwifT
30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
libsemanage-2.0.45.ebuild:
Only build libsemanage for python-2, fixes bug #369089
28 May 2011; Anthony G. Basile <blueness@gentoo.org>
libsemanage-2.0.27.ebuild, libsemanage-2.0.33.ebuild:
Make RDEPEND explicit
28 May 2011; Anthony G. Basile <blueness@gentoo.org>
libsemanage-2.0.45.ebuild:
Stable amd64 x86
13 Feb 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
Updated metadata.xml to reflect new selinux herd.
06 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
libsemanage-2.0.45.ebuild:
Add "python" and "ruby" USE flags.
05 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
libsemanage-2.0.45.ebuild:
Set SUPPORT_PYTHON_ABIS (bug #353764). Respect AR and CC.
*libsemanage-2.0.45 (05 Feb 2011)
05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+libsemanage-2.0.45.ebuild:
New upstream release.
16 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
libsemanage-2.0.27.ebuild, libsemanage-2.0.33.ebuild,
libsemanage-2.0.33-r1.ebuild:
Delete calls to deprecated python_version().
*libsemanage-2.0.33-r1 (24 Aug 2009)
24 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+libsemanage-2.0.33-r1.ebuild, +files/libsemanage-2.0.33-bzip.diff:
Add patch to make bzip2 compression configurable.
03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
libsemanage-2.0.33.ebuild:
Fix libsepol dependency.
02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
libsemanage-2.0.27.ebuild, libsemanage-2.0.33.ebuild:
Add python_need_rebuild to libsemanage.
*libsemanage-2.0.33 (02 Aug 2009)
02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+libsemanage-2.0.33.ebuild:
New upstream release.
18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
-libsemanage-1.10.9.ebuild, libsemanage-2.0.27.ebuild:
Mark stable. Remove old ebuilds.
*libsemanage-2.0.27 (03 Oct 2008)
03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
+libsemanage-2.0.27.ebuild:
Initial commit of 2.0 libsemanage.
10 Sep 2008; Chris PeBenito <pebenito@gentoo.org>
libsemanage-1.10.9.ebuild:
Tests cannot be run in the ebuild, they are supposed to be ran on the full
SELinux userland repo.
29 May 2008; Ali Polatel <hawking@gentoo.org> libsemanage-1.10.9.ebuild:
python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
26 May 2008; Chris PeBenito <pebenito@gentoo.org>
libsemanage-1.10.9.ebuild:
Fix libsepol dependency.
13 May 2008; Chris PeBenito <pebenito@gentoo.org> -libsemanage-1.4.ebuild,
-libsemanage-1.6.ebuild, -libsemanage-1.10.0.ebuild,
-libsemanage-1.10.5.ebuild, libsemanage-1.10.9.ebuild:
Mark 1.10.9 stable, clear old ebuilds.
*libsemanage-1.10.9 (29 Jan 2008)
29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
+libsemanage-1.10.9.ebuild:
New upstream bugfix release.
*libsemanage-1.10.5 (18 Oct 2007)
18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+libsemanage-1.10.5.ebuild:
New upstream release.
04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
libsemanage-1.10.0.ebuild:
Mark stable.
*libsemanage-1.10.0 (15 Feb 2007)
15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
+libsemanage-1.10.0.ebuild:
New upstream release.
09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
libsemanage-1.6.17-r1.ebuild:
Stable to make repoman happy.
*libsemanage-1.6.17-r1 (08 Oct 2006)
08 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
-libsemanage-1.6.17.ebuild, +libsemanage-1.6.17-r1.ebuild:
Install semanage.conf since this is masked on example policy-based profiles.
*libsemanage-1.6.17 (05 Oct 2006)
05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+libsemanage-1.6.17.ebuild:
Add SVN snapshot.
31 Jul 2006; Chris PeBenito <pebenito@gentoo.org> libsemanage-1.6.ebuild:
Mark stable, long overdue.
27 Apr 2006; Alec Warner <antarus@gentoo.org>
files/digest-libsemanage-1.4, Manifest:
Fixing SHA256 digest, pass four
*libsemanage-1.6 (18 Mar 2006)
18 Mar 2006; Chris PeBenito <pebenito@gentoo.org> +libsemanage-1.6.ebuild:
New upstream release.
22 Feb 2006; Stephen Bennett <spb@gentoo.org> libsemanage-1.4.ebuild:
Alpha stable
19 Feb 2006; Joshua Kinard <kumba@gentoo.org> libsemanage-1.4.ebuild:
Marked stable on mips.
09 Feb 2006; Chris PeBenito <pebenito@gentoo.org> libsemanage-1.4.ebuild:
Set python version to fix compiles on non 2.4 pythons.
17 Jan 2006; Chris PeBenito <pebenito@gentoo.org> libsemanage-1.4.ebuild:
Mark stable, x86, amd64, ppc, sparc.
14 Jan 2006; Stephen Bennett <spb@gentoo.org> libsemanage-1.4.ebuild:
Added ~alpha
15 Dec 2005; Chris PeBenito <pebenito@gentoo.org> libsemanage-1.4.ebuild:
Tighten up versioning to try to prevent mismatch problems as seen in #112348.
*libsemanage-1.4 (09 Dec 2005)
09 Dec 2005; Chris PeBenito <pebenito@gentoo.org> +metadata.xml,
+libsemanage-1.4.ebuild:
Initial commit.

34
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/Manifest vendored
View File

@ -1,32 +1,2 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
AUX 0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch 7190 SHA256 5746fe5b4f85bb2ca4fdd50b29de98a8561c6a88e66dfb067c3e393eb1399b4d SHA512 ad9923ccad7a0d975b850eaeb5a801b3f933c0a26112226fa19112dd8aa07de9766845dfec44680799a577175c3a564e9c222f7b0968871fd1f69c3140ab569b WHIRLPOOL dda70c907d5ec766886f08e43da0a417ac67652f1682e629c06ce175f37d3db63e9ab257874435a26f4bc1ae7436421a5414b89b997f181a4ff9fe6434c77a2d
DIST libsemanage-2.2.tar.gz 138208 SHA256 11f60bfa0f1c6063cd9bd99ce0cb4acc9d6d9e9b8d7743d39e847bcd7803bd75 SHA512 09032b1b322fec7346164939ade118034812cb538ebc72121640d4ac5c89d2a66b59caa465027cfbebb590dee039a26d4345eafedf365d7f6ad0b5e90377d50f WHIRLPOOL 49170c5ee9ff57dcc4a15aa72386f37993f76436f0da25808c60dab2d03ba52932d0d4fa753c326900d83d2fae30f8bcf659251f17327783f2e2be3deb4842f4
DIST libsemanage-2.3.tar.gz 138231 SHA256 03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b SHA512 defe3bbdbe51abdaa13a39f693c33446d8a1a8509ac1eb25c7770da2df6487bcb0ca31259d02b4531d4c81db5e221e94e95bec97f6a1a155e1de2f65e6f0da34 WHIRLPOOL 943d4d300aa8ad49c411b10b41c0c3e751c46dbcbbe129bdd1d2e975e231c58391d6ecdee6b27699fff9f6e6facf5b48fc8d57c2ff68692694c7de430750fac9
DIST libsemanage-2.4.tar.gz 151173 SHA256 1a4cace4ef16786531ec075c0e7b2f961e2fee5dc86c5f983a689058899a6484 SHA512 54f993253b22207b053daf4d34e72c65c72279866416089b6c0f047ef77bca3e307eac0ce6dfe40bd14e2e47e79841b358d5607501779f38d9b5f7c35f3b7729 WHIRLPOOL 7303c06515ed59b5756a87d08aff07671e51d26ce9fa452ca75643dd0ce4658571dc69d86434c943d691a4ab0d90cbdccdaa27e5aaec5fdf8057cf2d5d30631e
EBUILD libsemanage-2.2-r2.ebuild 3201 SHA256 39aa38de07e4b04b7f200a5abcfbc3a4dc033063c4adcb51813486d26f82c1cf SHA512 f1186f33e4685c0b6403e001db853ce845940f2332fc9b389e3fa96c5ff0762bcdc1ec22caacf12e5045d946fdb6c611b29b7ec1807bff72df93935fa7063a75 WHIRLPOOL 4715e92f0be45cbfb58e3a44bc8c1a1e69f6f66a803d816a4975d5be596f5f2dbfe8f3d95499475b7c0090cbe22e0359dcd1c895b8be619440463e638da16871
EBUILD libsemanage-2.3-r4.ebuild 3560 SHA256 e8ccb383ae811fdef8e12f8459a11618269b658b591dd4d57d7537021e361d26 SHA512 dda74556b122d354979db9c5c4883479e56f49e5a2c48a4cd70f112fa22f41daaa75bad63d2a0a94672d17fecf63cc0b6a8dc48d58e0908e851bb98b346036a5 WHIRLPOOL 7b0716d3604b6db85818734c6a148485a8bc3aa0b76f1172e1520dbc5294e75ed8d83cc97c065c9e6cc54b6b22e01ea3cbb094f1e39514208f5fc69ca831f781
EBUILD libsemanage-2.4-r1.ebuild 4678 SHA256 298fc28320dc183d2dda92faa65c070c73b42bf3a91d40c87438a6963a7e1d8a SHA512 abaad53d8b690d7554771fbba5fd540629aab1ae0d0280d753015a951117ec02315764d6fa098d335bf91eb2f9622dea9d7df0305aceab1e233c7ec118534139 WHIRLPOOL 83f3156d63381f8daacb36cd52e12e3ca6bcb31597ffda33a8b1588813b6f9210458e5a5b8641790bb69f58e23fefa34a36ce995799118f22f63c7b26a68eaff
EBUILD libsemanage-9999.ebuild 4949 SHA256 f07183cfa81eeaa9b4c4cd747e9107cf85e15aa2562b4cbff0d886c33574f409 SHA512 991b0c068749f3e50c31ad417b69def8f0db8cdfb8126bb78419ec5053946c9b14ae27496d517be7f30a59d9616ffbe7b2338f3008e67646f4f610ef4edb889d WHIRLPOOL ceaaf2ffeaa88d3c74472b1baf1b22811aa0038f786c891c7ba68761ec7f978bd51718b0ff01da5ea8ba4a54566563c8d52afb33717a12575c6e189f61aa56d4
MISC ChangeLog 13938 SHA256 d7938bb036a37dc37a0d2654be04c655b30cf54cb8c4f019e4f6549ffe3179da SHA512 e006775684003b4a7bd9e77f9fdf173bc1402e3cf05aad684b2e31c1942e8d2a268e7ffa19164a94e04e07f7977c1fdefbaaabf021f4ea4e6e8e8e463f69be3c WHIRLPOOL e87415fff3ee0136db7905a45881fdeed6a46b5dbbbf487fc62adba321a99f747f4eb5c549feb8093ffa22bc8369a60e5370638674a4db2c0aa2a4c020cf4230
MISC metadata.xml 320 SHA256 b26802e71a0f815c4dadc9ec5122bf91ee5007bdd3f508908fb06fb489148ecb SHA512 80b83887b0eb131738dafdc65ba16bdf17793381fe23956ae44393d63333d22c1a45a5ceb8d4ee993825fa06e873e6bdf35f80996951f11924f09ddc28fba43b WHIRLPOOL 0b6f26f333782f25a6cc069dfb5df7bbd63cb9574a1ac29dce9abbd82aee2be4ba6a1146a346402d4e21854f664e9ef70986155d3782c7a9bf25b3a4da853d77
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0
iQJ8BAEBCgBmBQJVfyv1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmiKIcP/iRf32q/kLkjP5VU9lilQKEq
1en9EqcxYrT9Vcy0gaCg2fcsLbFZCSGug68iEkGVsE+xHyG956Yx5nttjeRqJquq
dqJi39wZkXAolr7pbdjmygZLHhOLmzzmg+ypxH45yFvxNEnc3o9Uc1LR8el/cbvC
1zM3cEbOxVVt+VuM9rUzcobSNIL9VHYUw8PU1rDenUXtR92z82I+Y3bIoYHkPm7N
wQYNo9XT2PoiOehlmMIYz4+SLeQa3VrWNhKq8JteZ7eBRxkgYYd1ao6b+zFkAiVD
iz3teuEDvVadr6UWYffYFTMbrak+E8WJE5CjTDrRlyFvJAGEA51h0KnXG5rkZU8I
8pHazXVed1gykS5WJf3mMcMXKwh7UhnpxkkrzFCsX57+LtoxBNyBnVVQDJ/NKj8E
obo05qmba68tnN9LkJwGruBzhBEGHoDwwF9yZ7Qork/6WP+7bW5SKCw+/1v87L3Z
67a8CMAxrjIY4eLhsJbh7KYHeLJNyDqw9X/6BbVwSTPfoQlw4aRzd13B1msVWwhK
eiFYV044z7wmeGfrwO8mxfyNDeQhhCbXPWiup10hlXAEmmMwBqYE8TCSbev88Rd7
JS0MjXXgTaJPWqaJq0MtwNNQpXChPuuqFVkvK6eEZFmN+M/1aCLh0DXJy/3zLxDA
Rc5mnjkZUYqL7sMxXTDs
=1PJr
-----END PGP SIGNATURE-----
DIST libsemanage-3.1.tar.gz 179601 BLAKE2B 69450a4eda1f3728d339f65db1eec9940995fcea5208d17dca531ebc998aefbfec48fe91beffa3490e1502953aa550405fb696635d01b0eb8050c8f00f11106a SHA512 8609ca7d13b5c603677740f2b14558fea3922624af182d20d618237ba11fcf2559fab82fc68d1efa6ff118f064d426f005138521652c761de92cd66150102197
DIST libsemanage-3.2.tar.gz 178839 BLAKE2B c0925812d784923a7a239ba919fc0a0e1d84cb528cbf4a357fb7938d3c06ebd2f0b60cd3eba40b76bf7c2922a081b99b16b32dc16638aa1bfce32553e241fb9f SHA512 6ad670bb298b1bab506217b12a3fda5d2209f4387a11410f0c1b65f765ffb579b0d70795dee19048909e0b72ef904fc318be60d5a01f80ab12742ce07647a084

208
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch vendored
View File

@ -1,208 +0,0 @@
From 9caebebd598de737f27cdc8d5253a2cebd67d5a9 Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Wed, 22 Apr 2015 18:27:09 +0400
Subject: [PATCH] libsemanage: do not copy contexts in semanage_migrate_store
The modules from the old store were previously copied to the new one
using setfscreatecon and shutil.copy2(). Now that refpolicy has rules
about the new policy location[1], copying the contexts is redundant.
More importantly, the setcreatefscon caused a constraint violation[2]
which made the migration fail. In python3, shutil.copy2() copies xattrs
as well which again causes problems. shutil.copy() is enough for our
needs here as it will copy the file and permissions in both py2 and 3.
We do not need the extra things that copy2() does (mtime, xattr, etc).
[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html
[2]
type=AVC msg=audit(1429438272.872:1869): avc: denied { create } for pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0
constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-) or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
allow semanage_t semanage_store_t:dir create;
Signed-off-by: Jason Zaman <jason@perfinion.com>
---
libsemanage/utils/semanage_migrate_store | 77 ++++++++------------------------
1 file changed, 18 insertions(+), 59 deletions(-)
diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
index 03b492e..2f85e9c 100755
--- a/libsemanage/utils/semanage_migrate_store
+++ b/libsemanage/utils/semanage_migrate_store
@@ -8,7 +8,6 @@ import shutil
import sys
from optparse import OptionParser
-import bz2
import ctypes
sepol = ctypes.cdll.LoadLibrary('libsepol.so')
@@ -21,41 +20,20 @@ except:
exit(1)
-
-
-# For some reason this function doesn't exist in libselinux :\
-def copy_with_context(src, dst):
+def copy_file(src, dst):
if DEBUG:
print("copying %s to %s" % (src, dst))
try:
- con = selinux.lgetfilecon_raw(src)[1]
- except:
- print("Could not get file context of %s" % src, file=sys.stderr)
- exit(1)
-
- try:
- selinux.setfscreatecon_raw(con)
- except:
- print("Could not set fs create context: %s" %con, file=sys.stderr)
- exit(1)
-
- try:
- shutil.copy2(src, dst)
+ shutil.copy(src, dst)
except OSError as the_err:
(err, strerr) = the_err.args
print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr)
exit(1)
- try:
- selinux.setfscreatecon_raw(None)
- except:
- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
-def create_dir_from(src, dst, mode):
+def create_dir(dst, mode):
if DEBUG: print("Making directory %s" % dst)
try:
- con = selinux.lgetfilecon_raw(src)[1]
- selinux.setfscreatecon_raw(con)
os.makedirs(dst, mode)
except OSError as the_err:
(err, stderr) = the_err.args
@@ -65,28 +43,18 @@ def create_dir_from(src, dst, mode):
print("Error creating %s" % dst, file=sys.stderr)
exit(1)
- try:
- selinux.setfscreatecon_raw(None)
- except:
- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
-def create_file_from(src, dst):
+def create_file(dst):
if DEBUG: print("Making file %s" % dst)
try:
- con = selinux.lgetfilecon_raw(src)[1]
- selinux.setfscreatecon_raw(con)
open(dst, 'a').close()
except OSError as the_err:
(err, stderr) = the_err.args
print("Error creating %s" % dst, file=sys.stderr)
exit(1)
- try:
- selinux.setfscreatecon_raw(None)
- except:
- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
-def copy_module(store, name, con, base):
+def copy_module(store, name, base):
if DEBUG: print("Install module %s" % name)
(file, ext) = os.path.splitext(name)
if ext != ".pp":
@@ -94,8 +62,6 @@ def copy_module(store, name, con, base):
print("warning: %s has invalid extension, skipping" % name, file=sys.stderr)
return
try:
- selinux.setfscreatecon_raw(con)
-
if base:
root = oldstore_path(store)
else:
@@ -105,7 +71,7 @@ def copy_module(store, name, con, base):
os.mkdir("%s/%s" % (bottomdir, file))
- copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
+ copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
# This is the ext file that will eventually be used to choose a compiler
efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600)
@@ -116,15 +82,11 @@ def copy_module(store, name, con, base):
print("Error installing module %s" % name, file=sys.stderr)
exit(1)
- try:
- selinux.setfscreatecon_raw(None)
- except:
- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
-def disable_module(file, root, name, disabledmodules):
+def disable_module(file, name, disabledmodules):
if DEBUG: print("Disabling %s" % name)
(disabledname, disabledext) = os.path.splitext(file)
- create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname))
+ create_file("%s/%s" % (disabledmodules, disabledname))
def migrate_store(store):
@@ -138,17 +100,14 @@ def migrate_store(store):
print("Migrating from %s to %s" % (oldstore, newstore))
# Build up new directory structure
- create_dir_from(oldstore, "%s/%s" % (newroot_path(), store), 0o755)
- create_dir_from(oldstore, newstore, 0o700)
- create_dir_from(oldstore, newmodules, 0o700)
- create_dir_from(oldstore, bottomdir, 0o700)
- create_dir_from(oldstore, disabledmodules, 0o700)
-
- # use whatever the file context of bottomdir is for the module directories
- con = selinux.lgetfilecon_raw(bottomdir)[1]
+ create_dir("%s/%s" % (newroot_path(), store), 0o755)
+ create_dir(newstore, 0o700)
+ create_dir(newmodules, 0o700)
+ create_dir(bottomdir, 0o700)
+ create_dir(disabledmodules, 0o700)
# Special case for base since it was in a different location
- copy_module(store, "base.pp", con, 1)
+ copy_module(store, "base.pp", 1)
# Dir structure built, start copying files
for root, dirs, files in os.walk(oldstore):
@@ -161,7 +120,7 @@ def migrate_store(store):
newname = "seusers.local"
else:
newname = name
- copy_with_context(os.path.join(root, name), os.path.join(newstore, newname))
+ copy_file(os.path.join(root, name), os.path.join(newstore, newname))
elif root == oldmodules:
# This should be the modules directory
@@ -171,9 +130,9 @@ def migrate_store(store):
print("Error installing module %s, name conflicts with base" % name, file=sys.stderr)
exit(1)
elif ext == ".disabled":
- disable_module(file, root, name, disabledmodules)
+ disable_module(file, name, disabledmodules)
else:
- copy_module(store, name, con, 0)
+ copy_module(store, name, 0)
def rebuild_policy():
# Ok, the modules are loaded, lets try to rebuild the policy
@@ -287,7 +246,7 @@ if __name__ == "__main__":
"preserve_tunables" ]
- create_dir_from(oldroot_path(), newroot_path(), 0o755)
+ create_dir(newroot_path(), 0o755)
stores = None
if TYPE is not None:
--
2.0.5

2
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/files/tmpfiles.d/libsemanage.conf vendored
View File

@ -1 +1,3 @@
#Type Path Mode UID GID Age Argument
d /etc/selinux/ - - - - -
L /etc/selinux/semanage.conf - - - - ../../usr/lib/selinux/semanage.conf

91
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-2.4-r2.ebuild → sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-3.1-r1.ebuild vendored
View File

@ -1,47 +1,57 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild,v 1.2 2015/05/10 09:02:13 perfinion Exp $
EAPI="5"
PYTHON_COMPAT=( python2_7 python3_4 python3_5 python3_6 )
EAPI=7
PYTHON_COMPAT=( python3_6 )
inherit multilib python-r1 toolchain-funcs eutils multilib-minimal systemd
# flatcar changes
inherit python-r1 toolchain-funcs multilib-minimal systemd
MY_P="${P//_/-}"
MY_RELEASEDATE="20200710"
SEPOL_VER="${PV}"
SELNX_VER="${PV}"
DESCRIPTION="SELinux kernel and policy management library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz"
KEYWORDS="amd64 ~arm ~arm64 ~mips x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 x86"
IUSE="python"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
>=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
>=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}]
"
DEPEND="${RDEPEND}
sys-devel/bison
sys-devel/flex
python? ( ${PYTHON_DEPS} )"
DEPEND="${RDEPEND}"
BDEPEND="
python? (
>=dev-lang/swig-2.0.4-r1
virtual/pkgconfig
${PYTHON_DEPS}
)"
)
sys-devel/bison
sys-devel/flex"
# tests are not meant to be run outside of the
# full SELinux userland repo
RESTRICT="test"
S="${WORKDIR}/${MY_P}"
src_prepare() {
eapply_user
echo >> "${S}/src/semanage.conf"
echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
echo "# or debugging of policy." >> "${S}/src/semanage.conf"
@ -64,11 +74,6 @@ src_prepare() {
echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
echo "bzip-small=true" >> "${S}/src/semanage.conf"
echo "handle-unknown=allow" >> "${S}/src/semanage.conf"
epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch"
epatch_user
multilib_copy_sources
}
@ -80,10 +85,14 @@ multilib_src_compile() {
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
all
# flatcar changes
if multilib_is_native_abi && use python; then
building_py() {
python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
"$@"
}
python_foreach_impl building_py swigify
python_foreach_impl building_py pywrap
@ -91,19 +100,45 @@ multilib_src_compile() {
}
multilib_src_install() {
# flatcar changes
emake \
DEFAULT_SEMANAGE_CONF_LOCATION="${ED}/usr/lib/selinux/semanage.conf" \
LIBDIR="${ED}/usr/$(get_libdir)" \
SHLIBDIR="${ED}/usr/$(get_libdir)" \
DEFAULT_SEMANAGE_CONF_LOCATION="/usr/lib/selinux/semanage.conf" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
SHLIBDIR="/usr/$(get_libdir)" \
DESTDIR="${ED}" install
# flatcar changes
if multilib_is_native_abi && use python; then
installation_py() {
emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
# flatcar changes
emake DESTDIR="${ED}" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
SHLIBDIR="${EPREFIX}/usr/$(get_libdir)" \
LIBSEPOLA="${EPREFIX%/}/usr/$(get_libdir)/libsepol.a" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation_py
fi
# flatcar changes
systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/libsemanage.conf"
}
multiib_src_install_all() {
python_setup
python_fix_shebang "${ED}"/usr/libexec/selinux/semanage_migrate_store
}
pkg_postinst() {
# Migrate the SELinux semanage configuration store if not done already
local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null)
if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${selinuxtype}/active ] ; then
ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
ewarn "If there are any issues, it can be done manually by running:"
ewarn "/usr/libexec/selinux/semanage_migrate_store"
ewarn "For more information, please see"
ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
fi
}

127
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-3.2.ebuild vendored Normal file
View File

@ -0,0 +1,127 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_6 )
inherit python-r1 toolchain-funcs multilib-minimal
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux kernel and policy management library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0/2"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
>=sys-libs/libselinux-${PV}:=[${MULTILIB_USEDEP}]
>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
${PYTHON_DEPS}"
DEPEND="${RDEPEND}"
BDEPEND=">=dev-lang/swig-2.0.4-r1
sys-devel/bison
sys-devel/flex
virtual/pkgconfig"
# tests are not meant to be run outside of the
# full SELinux userland repo
RESTRICT="test"
src_prepare() {
eapply_user
echo >> "${S}/src/semanage.conf"
echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
echo "# or debugging of policy." >> "${S}/src/semanage.conf"
echo "save-linked=false" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
echo "# would catch." >> "${S}/src/semanage.conf"
echo "expand-check=1" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf"
echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
echo >> "${S}/src/semanage.conf"
echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
echo "bzip-small=true" >> "${S}/src/semanage.conf"
multilib_copy_sources
}
multilib_src_compile() {
local -x CFLAGS="${CFLAGS} -fno-semantic-interposition"
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
all
if multilib_is_native_abi; then
building_py() {
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
"$@"
}
python_foreach_impl building_py swigify
python_foreach_impl building_py pywrap
fi
}
multilib_src_install() {
emake \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
DESTDIR="${ED}" install
if multilib_is_native_abi; then
installation_py() {
emake DESTDIR="${ED}" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation_py
fi
}
multiib_src_install_all() {
python_setup
python_fix_shebang "${ED}"/usr/libexec/selinux/semanage_migrate_store
}
pkg_postinst() {
# Migrate the SELinux semanage configuration store if not done already
local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null)
if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${selinuxtype}/active ] ; then
ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
ewarn "If there are any issues, it can be done manually by running:"
ewarn "/usr/libexec/selinux/semanage_migrate_store"
ewarn "For more information, please see"
ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
fi
}

96
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/libsemanage-9999.ebuild vendored
View File

@ -1,54 +1,49 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/libsemanage-9999.ebuild,v 1.1 2015/06/09 15:36:24 swift Exp $
EAPI="5"
PYTHON_COMPAT=( python2_7 python3_4 python3_5 python3_6 )
EAPI=7
PYTHON_COMPAT=( python3_6 )
inherit multilib python-r1 toolchain-funcs eutils multilib-minimal systemd
inherit python-r1 toolchain-funcs multilib-minimal
MY_P="${P//_/-}"
MY_RELEASEDATE="20150202"
SEPOL_VER="${PV}"
SELNX_VER="${PV}"
MY_PV="${PV//_/-}"
MY_P="${PN}-${MY_PV}"
DESCRIPTION="SELinux kernel and policy management library"
HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
if [[ ${PV} == 9999 ]] ; then
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
S="${WORKDIR}/${MY_P}/${PN}"
S="${WORKDIR}/${P}/${PN}"
else
SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~x86"
SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
S="${WORKDIR}/${MY_P}"
fi
LICENSE="GPL-2"
SLOT="0"
IUSE="python"
SLOT="0/2"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
>=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
RDEPEND=">=sys-libs/libsepol-${PV}:=[${MULTILIB_USEDEP}]
>=sys-libs/libselinux-${PV}:=[${MULTILIB_USEDEP}]
>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
>=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}]
"
DEPEND="${RDEPEND}
${PYTHON_DEPS}"
DEPEND="${RDEPEND}"
BDEPEND=">=dev-lang/swig-2.0.4-r1
sys-devel/bison
sys-devel/flex
python? (
>=dev-lang/swig-2.0.4-r1
virtual/pkgconfig
${PYTHON_DEPS}
)"
virtual/pkgconfig"
# tests are not meant to be run outside of the
# full SELinux userland repo
RESTRICT="test"
src_prepare() {
eapply_user
echo >> "${S}/src/semanage.conf"
echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
echo "# or debugging of policy." >> "${S}/src/semanage.conf"
@ -71,29 +66,26 @@ src_prepare() {
echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
echo "bzip-small=true" >> "${S}/src/semanage.conf"
echo "handle-unknown=allow" >> "${S}/src/semanage.conf"
if [[ ${PV} != 9999 ]] ; then
# If wanted for live builds, please use /etc/portage/patches
epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch"
fi
epatch_user
multilib_copy_sources
}
multilib_src_compile() {
local -x CFLAGS="${CFLAGS} -fno-semantic-interposition"
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
all
if multilib_is_native_abi && use python; then
if multilib_is_native_abi; then
building_py() {
python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
emake \
AR="$(tc-getAR)" \
CC="$(tc-getCC)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
"$@"
}
python_foreach_impl building_py swigify
python_foreach_impl building_py pywrap
@ -102,18 +94,34 @@ multilib_src_compile() {
multilib_src_install() {
emake \
DEFAULT_SEMANAGE_CONF_LOCATION="${ED}/usr/lib/selinux/semanage.conf" \
LIBDIR="${ED}/usr/$(get_libdir)" \
SHLIBDIR="${ED}/usr/$(get_libdir)" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
DESTDIR="${ED}" install
if multilib_is_native_abi && use python; then
if multilib_is_native_abi; then
installation_py() {
emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
emake DESTDIR="${ED}" \
LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
install-pywrap
python_optimize # bug 531638
}
python_foreach_impl installation_py
fi
systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/libsemanage.conf"
}
multiib_src_install_all() {
python_setup
python_fix_shebang "${ED}"/usr/libexec/selinux/semanage_migrate_store
}
pkg_postinst() {
# Migrate the SELinux semanage configuration store if not done already
local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null)
if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${selinuxtype}/active ] ; then
ewarn "Since the 2.4 SELinux userspace, the policy module store is moved"
ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now."
ewarn "If there are any issues, it can be done manually by running:"
ewarn "/usr/libexec/selinux/semanage_migrate_store"
ewarn "For more information, please see"
ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration"
fi
}

6
sdk_container/src/third_party/coreos-overlay/sys-libs/libsemanage/metadata.xml vendored
View File

@ -1,8 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>selinux</herd>
<longdescription>SELinux policy management libraries</longdescription>
<maintainer type="project">
<email>selinux@gentoo.org</email>
<name>SELinux Team</name>
</maintainer>
<upstream>
<remote-id type="github">SELinuxProject/selinux</remote-id>
</upstream>