diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass deleted file mode 100644 index 8327c71399..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass +++ /dev/null @@ -1,289 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v 1.32 2015/04/21 11:19:10 perfinion Exp $ - -# Eclass for installing SELinux policy, and optionally -# reloading the reference-policy based modules. - -# @ECLASS: selinux-policy-2.eclass -# @MAINTAINER: -# selinux@gentoo.org -# @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy -# @DESCRIPTION: -# The selinux-policy-2.eclass supports deployment of the various SELinux modules -# defined in the sec-policy category. It is responsible for extracting the -# specific bits necessary for single-module deployment (instead of full-blown -# policy rebuilds) and applying the necessary patches. -# -# Also, it supports for bundling patches to make the whole thing just a bit more -# manageable. - -# @ECLASS-VARIABLE: MODS -# @DESCRIPTION: -# This variable contains the (upstream) module name for the SELinux module. -# This name is only the module name, not the category! -: ${MODS:="_illegal"} - -# @ECLASS-VARIABLE: BASEPOL -# @DESCRIPTION: -# This variable contains the version string of the selinux-base-policy package -# that this module build depends on. It is used to patch with the appropriate -# patch bundle(s) that are part of selinux-base-policy. -: ${BASEPOL:=${PVR}} - -# @ECLASS-VARIABLE: POLICY_PATCH -# @DESCRIPTION: -# This variable contains the additional patch(es) that need to be applied on top -# of the patchset already contained within the BASEPOL variable. The variable -# can be both a simple string (space-separated) or a bash array. -: ${POLICY_PATCH:=""} - -# @ECLASS-VARIABLE: POLICY_FILES -# @DESCRIPTION: -# When defined, this contains the files (located in the ebuilds' files/ -# directory) which should be copied as policy module files into the store. -# Generally, users would want to include at least a .te and .fc file, but .if -# files are supported as well. The variable can be both a simple string -# (space-separated) or a bash array. -: ${POLICY_FILES:=""} - -# @ECLASS-VARIABLE: POLICY_TYPES -# @DESCRIPTION: -# This variable informs the eclass for which SELinux policies the module should -# be built. Currently, Gentoo supports targeted, strict, mcs and mls. -# This variable is the same POLICY_TYPES variable that we tell SELinux -# users to set in make.conf. Therefore, it is not the module that should -# override it, but the user. -: ${POLICY_TYPES:="targeted strict mcs mls"} - -# @ECLASS-VARIABLE: SELINUX_GIT_REPO -# @DESCRIPTION: -# When defined, this variable overrides the default repository URL as used by -# this eclass. It allows end users to point to a different policy repository -# using a single variable, rather than having to set the packagename_LIVE_REPO -# variable for each and every SELinux policy module package they want to install. -# The default value is Gentoo's hardened-refpolicy repository. -: ${SELINUX_GIT_REPO:="git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git"}; - -# @ECLASS-VARIABLE: SELINUX_GIT_BRANCH -# @DESCRIPTION: -# When defined, this variable sets the Git branch to use of the repository. This -# allows for users and developers to use a different branch for the entire set of -# SELinux policy packages, rather than having to override them one by one with the -# packagename_LIVE_BRANCH variable. -# The default value is the 'master' branch. -: ${SELINUX_GIT_BRANCH:="master"}; - -extra_eclass="" -case ${BASEPOL} in - 9999) extra_eclass="git-r3"; - EGIT_REPO_URI="${SELINUX_GIT_REPO}"; - EGIT_BRANCH="${SELINUX_GIT_BRANCH}"; - EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy";; -esac - -inherit eutils ${extra_eclass} - -IUSE="" - -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" -if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]]; -then - SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 - http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2" -elif [[ "${BASEPOL}" != "9999" ]]; -then - SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2" -else - SRC_URI="" -fi - -LICENSE="GPL-2" -SLOT="0" -S="${WORKDIR}/" -PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2" - -# Modules should always depend on at least the first release of the -# selinux-base-policy for which they are generated. -if [[ -n ${BASEPOL} ]]; -then - RDEPEND=">=sys-apps/policycoreutils-2.0.82 - >=sec-policy/selinux-base-policy-${BASEPOL}" -else - RDEPEND=">=sys-apps/policycoreutils-2.0.82 - >=sec-policy/selinux-base-policy-${PV}" -fi -DEPEND="${RDEPEND} - sys-devel/m4 - >=sys-apps/checkpolicy-2.0.21" - -case "${EAPI:-0}" in - 0|1|2|3|4) die "EAPI<5 is not supported";; - *) : ;; -esac - -EXPORT_FUNCTIONS "src_unpack src_prepare src_compile src_install pkg_postrm" - -# @FUNCTION: selinux-policy-2_src_unpack -# @DESCRIPTION: -# Unpack the policy sources as offered by upstream (refpolicy). -selinux-policy-2_src_unpack() { - if [[ "${BASEPOL}" != "9999" ]]; - then - unpack ${A} - else - git-r3_src_unpack - fi -} - -# @FUNCTION: selinux-policy-2_src_prepare -# @DESCRIPTION: -# Patch the reference policy sources with our set of enhancements. Start with -# the base patchbundle referred to by the ebuilds through the BASEPOL variable, -# then apply the additional patches as offered by the ebuild. -# -# Next, extract only those files needed for this particular module (i.e. the .te -# and .fc files for the given module in the MODS variable). -# -# Finally, prepare the build environments for each of the supported SELinux -# types (such as targeted or strict), depending on the POLICY_TYPES variable -# content. -selinux-policy-2_src_prepare() { - local modfiles - local add_interfaces=0; - - # Create 3rd_party location for user-contributed policies - cd "${S}/refpolicy/policy/modules" && mkdir 3rd_party; - - # Patch the sources with the base patchbundle - if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]]; - then - cd "${S}" - EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ - EPATCH_SUFFIX="patch" \ - EPATCH_SOURCE="${WORKDIR}" \ - EPATCH_FORCE="yes" \ - epatch - fi - - # Call in epatch_user. We do this early on as we start moving - # files left and right hereafter. - epatch_user - - # Copy additional files to the 3rd_party/ location - if [[ "$(declare -p POLICY_FILES 2>/dev/null 2>&1)" == "declare -a"* ]] || - [[ -n ${POLICY_FILES} ]]; - then - add_interfaces=1; - cd "${S}/refpolicy/policy/modules" - for POLFILE in ${POLICY_FILES[@]}; - do - cp "${FILESDIR}/${POLFILE}" 3rd_party/ || die "Could not copy ${POLFILE} to 3rd_party/ location"; - done - fi - - # Apply the additional patches refered to by the module ebuild. - # But first some magic to differentiate between bash arrays and strings - if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]] || - [[ -n ${POLICY_PATCH} ]]; - then - cd "${S}/refpolicy/policy/modules" - for POLPATCH in ${POLICY_PATCH[@]}; - do - epatch "${POLPATCH}" - done - fi - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" - if [ ${add_interfaces} -eq 1 ]; - then - modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.if) $modfiles" - fi - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done -} - -# @FUNCTION: selinux-policy-2_src_compile -# @DESCRIPTION: -# Build the SELinux policy module (.pp file) for just the selected module, and -# this for each SELinux policy mentioned in POLICY_TYPES -selinux-policy-2_src_compile() { - local makeuse="" - for useflag in ${IUSE}; - do - use ${useflag} && makeuse="${makeuse} -D use_${useflag}" - done - - for i in ${POLICY_TYPES}; do - # Support USE flags in builds - export M4PARAM="${makeuse}" - if [[ ${BASEPOL} == 2.20140311* ]]; then - # Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178 - emake -j1 NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed" - else - emake NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed" - fi - done -} - -# @FUNCTION: selinux-policy-2_src_install -# @DESCRIPTION: -# Install the built .pp files in the correct subdirectory within -# /usr/share/selinux. -selinux-policy-2_src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" - - if [[ "${POLICY_FILES[@]}" == *"${j}.if"* ]]; - then - insinto ${BASEDIR}/${i}/include/3rd_party - doins "${S}"/${i}/${j}.if || die "Failed to add ${j}.if to ${i}" - fi - done - done -} - -# @FUNCTION: selinux-policy-2_pkg_postrm -# @DESCRIPTION: -# Uninstall the module(s) from the SELinux policy stores, effectively -# deactivating the policy on the system. -selinux-policy-2_pkg_postrm() { - # Only if we are not upgrading - if [[ -z "${REPLACED_BY_VERSION}" ]]; - then - # build up the command in the case of multiple modules - local COMMAND - for i in ${MODS}; do - COMMAND="-r ${i} ${COMMAND}" - done - - for i in ${POLICY_TYPES}; do - einfo "Removing the following modules from the $i module store: ${MODS}" - - semodule -s ${i} ${COMMAND} - if [ $? -ne 0 ]; - then - ewarn "SELinux module unload failed."; - else - einfo "SELinux modules unloaded succesfully." - fi - done - fi -} -