Merge pull request #1947 from mjg59/selinux_enforce

sec-policy: Permit execmem in selinux policy
This commit is contained in:
Matthew Garrett 2016-05-05 23:05:11 +01:00
commit c60a99dce7
6 changed files with 5 additions and 3 deletions

View File

@ -90,7 +90,7 @@ HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]]; if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]];
then then
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2" http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2"
elif [[ "${BASEPOL}" != "9999" ]]; elif [[ "${BASEPOL}" != "9999" ]];
then then
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2" SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2"

View File

@ -15,7 +15,7 @@ if [[ ${PV} == 9999* ]]; then
KEYWORDS="" KEYWORDS=""
else else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-2.20141203-r9.tar.bz2"
KEYWORDS="amd64 x86" KEYWORDS="amd64 x86"
fi fi

View File

@ -0,0 +1 @@
allow_execmem = true

View File

@ -15,7 +15,7 @@ if [[ ${PV} == 9999* ]]; then
KEYWORDS="" KEYWORDS=""
else else
SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2" http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2"
KEYWORDS="amd64 x86" KEYWORDS="amd64 x86"
fi fi
@ -148,6 +148,7 @@ src_install() {
echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
cp "${FILESDIR}/booleans" "${D}/etc/selinux/${i}/booleans"
# libsemanage won't make this on its own # libsemanage won't make this on its own
keepdir "/etc/selinux/${i}/policy" keepdir "/etc/selinux/${i}/policy"