mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-25 00:11:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1947 from mjg59/selinux_enforce

Browse Source 
sec-policy: Permit execmem in selinux policy
This commit is contained in:
Matthew Garrett 2016-05-05 23:05:11 +01:00
commit c60a99dce7
6 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass vendored
View File

@ -90,7 +90,7 @@ HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]]; if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]];
then then
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2" http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2"
elif [[ "${BASEPOL}" != "9999" ]]; elif [[ "${BASEPOL}" != "9999" ]];
then then
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2" SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2"

2
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r9.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r10.ebuild vendored
View File

@ -15,7 +15,7 @@ if [[ ${PV} == 9999* ]]; then
KEYWORDS="" KEYWORDS=""
else else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-2.20141203-r9.tar.bz2"
KEYWORDS="amd64 x86" KEYWORDS="amd64 x86"
fi fi

1
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/booleans vendored Normal file
View File

@ -0,0 +1 @@
allow_execmem = true

3
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r9.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r10.ebuild vendored
View File

@ -15,7 +15,7 @@ if [[ ${PV} == 9999* ]]; then
KEYWORDS="" KEYWORDS=""
else else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2"
KEYWORDS="amd64 x86" KEYWORDS="amd64 x86"
fi fi
@ -148,6 +148,7 @@ src_install() {
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
cp "${FILESDIR}/booleans" "${D}/etc/selinux/${i}/booleans"
# libsemanage won't make this on its own # libsemanage won't make this on its own
keepdir "/etc/selinux/${i}/policy" keepdir "/etc/selinux/${i}/policy"

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r9.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r10.ebuild vendored
View File

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r9.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r10.ebuild vendored
View File