From: "Anthony G. Basile" <blueness@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/
Date: Sun, 7 Aug 2011 10:58:53 +0000 (UTC) [thread overview]
Message-ID: <5ea47f6885807940d516a8004b835611694bcc14.blueness@gentoo> (raw)
commit: 5ea47f6885807940d516a8004b835611694bcc14
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 7 10:58:47 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Aug 7 10:58:47 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=5ea47f68
sec-policy/selinux-base-policy: moved to tree
---
sec-policy/selinux-base-policy/ChangeLog | 554 --------------------
sec-policy/selinux-base-policy/files/config | 15 -
sec-policy/selinux-base-policy/files/modules.conf | 49 --
...ndle-selinux-base-policy-2.20101213-r22.tar.bz2 | Bin 18955 -> 0 bytes
sec-policy/selinux-base-policy/metadata.xml | 14 -
.../selinux-base-policy-2.20101213-r22.ebuild | 147 ------
6 files changed, 0 insertions(+), 779 deletions(-)
diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
deleted file mode 100644
index cf666ff..0000000
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ /dev/null
@@ -1,554 +0,0 @@
-# ChangeLog for sec-policy/selinux-base-policy
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.80 2011/07/11 01:59:36 blueness Exp $
-
- 03 Aug 2011; <swift@gentoo.org>
- files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2:
- Fix patchbundle issue with portage patch
-
-*selinux-base-policy-2.20101213-r22 (02 Aug 2011)
-
- 02 Aug 2011; <swift@gentoo.org> +selinux-base-policy-2.20101213-r22.ebuild,
- +files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2, +files/config,
- +files/modules.conf, +metadata.xml:
- Support cron-triggered portage administration tasks, add pan policy
-
-*selinux-base-policy-2.20101213-r20 (19 Jul 2011)
-
- 19 Jul 2011; <swift@gentoo.org> -selinux-base-policy-2.20101213-r19.ebuild,
- +selinux-base-policy-2.20101213-r20.ebuild,
- -files/patchbundle-selinux-base-policy-2.20101213-r19.tar.bz2,
- +files/patchbundle-selinux-base-policy-2.20101213-r20.tar.bz2:
- Start with -r20 series
-
- 11 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
- -files/selinux-base-policy-20070329.diff,
- -selinux-base-policy-20080525.ebuild,
- -selinux-base-policy-20080525-r1.ebuild, -files/modules.conf.strict,
- -files/modules.conf.strict.20070928, -files/modules.conf.strict.20080525,
- -files/modules.conf.targeted, -files/modules.conf.targeted.20070928,
- -files/modules.conf.targeted.20080525:
- Removed all pre 2.20xx base policies
-
-*selinux-base-policy-2.20101213-r18 (10 Jul 2011)
-
- 10 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
- +selinux-base-policy-2.20101213-r18.ebuild:
- Bump to r18, improve support for openrc, allow portage to work with
- NFS-mounted locations, fix firefox plugin support, fix postgres init
- script support, fix syslog startup issue
-
- 03 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
- selinux-base-policy-2.20101213-r16.ebuild,
- selinux-base-policy-2.20101213-r17.ebuild,
- -files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2,
- -files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2:
- Moved patchbundles out of ${FILESDIR}, bug #370927
-
- 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- -selinux-base-policy-2.20101213-r11.ebuild,
- -selinux-base-policy-2.20101213-r12.ebuild,
- -files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
- -files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
- Removed deprecated versions
-
-*selinux-base-policy-2.20101213-r17 (30 Jun 2011)
-
- 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- +selinux-base-policy-2.20101213-r17.ebuild,
- +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2:
- Add support for zabbix
-
- 02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- selinux-base-policy-2.20101213-r16.ebuild:
- Stable amd64 x86
-
- 20 May 2011; Anthony G. Basile <blueness@gentoo.org>
- -selinux-base-policy-2.20101213-r5.ebuild,
- -selinux-base-policy-2.20101213-r6.ebuild,
- -selinux-base-policy-2.20101213-r7.ebuild,
- -selinux-base-policy-2.20101213-r9.ebuild,
- -selinux-base-policy-2.20101213-r10.ebuild,
- -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
- -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
- -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
- -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2,
- -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
- Removed deprecated revisions of base policy 2.20101213
-
-*selinux-base-policy-2.20101213-r16 (20 May 2011)
-
- 20 May 2011; Anthony G. Basile <blueness@gentoo.org>
- +selinux-base-policy-2.20101213-r16.ebuild,
- +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml:
- Drop obsoleted policy builds, add openrc support (rc-update, rc-status),
- correct file contexts for /lib64, make UBAC optional (#257111 and #306393),
- use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream
-
-*selinux-base-policy-2.20101213-r12 (16 Apr 2011)
-*selinux-base-policy-2.20101213-r11 (16 Apr 2011)
-
- 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org>
- +selinux-base-policy-2.20101213-r11.ebuild,
- +selinux-base-policy-2.20101213-r12.ebuild,
- +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2,
- +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2:
- Added new patchbundles for rev bumps to base policy 2.20101213
-
-*selinux-base-policy-2.20101213-r10 (07 Mar 2011)
-*selinux-base-policy-2.20101213-r9 (07 Mar 2011)
-
- 07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
- +selinux-base-policy-2.20101213-r9.ebuild,
- +selinux-base-policy-2.20101213-r10.ebuild,
- +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2,
- +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2:
- Added new patchbundles for rev bumps to base policy 2.20101213
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
- +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2,
- +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2,
- +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2:
- Added patchbundle for base policy 2.20101213.
-
-*selinux-base-policy-2.20101213-r7 (05 Feb 2011)
-*selinux-base-policy-2.20101213-r6 (05 Feb 2011)
-*selinux-base-policy-2.20101213-r5 (05 Feb 2011)
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
- +selinux-base-policy-2.20101213-r5.ebuild,
- +selinux-base-policy-2.20101213-r6.ebuild,
- +selinux-base-policy-2.20101213-r7.ebuild:
- New upstream policy.
-
-*selinux-base-policy-2.20091215 (16 Dec 2009)
-
- 16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-2.20091215.ebuild:
- New upstream release.
-
-*selinux-base-policy-20080525-r1 (14 Sep 2009)
-
- 14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20080525-r1.ebuild:
- Update old base policy to support ext4.
-
- 14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- -selinux-base-policy-20070329.ebuild,
- -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild:
- Mark 20080525 stable, clear old ebuilds.
-
-*selinux-base-policy-2.20090814 (14 Aug 2009)
-
- 14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-2.20090814.ebuild:
- Git version of refpolicy for misc fixes including some cron problems.
-
-*selinux-base-policy-2.20090730 (03 Aug 2009)
-
- 03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-2.20090730.ebuild:
- New upstream release.
-
- 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild,
- selinux-base-policy-20080525.ebuild:
- Drop alpha, mips, ppc, sparc selinux support.
-
-*selinux-base-policy-20080525 (25 May 2008)
-
- 25 May 2008; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20080525.ebuild:
- New SVN snapshot.
-
- 16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
- -selinux-base-policy-20051022-r1.ebuild,
- -selinux-base-policy-20061114.ebuild:
- Remove old ebuilds.
-
- 03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20070928.ebuild:
- Mark stable.
-
-*selinux-base-policy-20070928 (26 Nov 2007)
-
- 26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20070928.ebuild:
- New SVN snapshot.
-
- 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20070329.ebuild:
- Mark stable.
-
- 30 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
- +files/selinux-base-policy-20070329.diff,
- selinux-base-policy-20070329.ebuild:
- Compile fix.
-
-*selinux-base-policy-20070329 (29 Mar 2007)
-
- 29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20070329.ebuild:
- New SVN snapshot.
-
- 22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
- Redigest for Manifest2
-
-*selinux-base-policy-20061114 (15 Nov 2006)
-
- 15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20061114.ebuild:
- New SVN snapshot.
-
- 25 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20061015.ebuild:
- Fix to have default POLICY_TYPES if it is empty.
-
- 21 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20061015.ebuild:
- Fix xml generation failure to die.
-
-*selinux-base-policy-20061015 (15 Oct 2006)
-
- 15 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- -selinux-base-policy-20061008.ebuild,
- +selinux-base-policy-20061015.ebuild:
- Update for testing fixes.
-
-*selinux-base-policy-20061008 (08 Oct 2006)
-
- 08 Oct 2006; Chris PeBenito <pebenito@gentoo.org> -files/semanage.conf,
- +selinux-base-policy-20061008.ebuild,
- -selinux-base-policy-99999999.ebuild:
- First mainstream reference policy testing release.
-
- 29 Sep 2006; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-99999999.ebuild:
- Fix for new SVN location. Fixes 147781.
-
- 22 Feb 2006; Stephen Bennett <spb@gentoo.org>
- selinux-base-policy-20051022-r1.ebuild:
- Alpha stable
-
-*selinux-base-policy-99999999 (02 Feb 2006)
-
- 02 Feb 2006; Chris PeBenito <pebenito@gentoo.org> +files/config,
- +files/modules.conf.strict, +files/modules.conf.targeted,
- +files/semanage.conf, +selinux-base-policy-99999999.ebuild:
- Add experimental policy for testing reference policy. Requires portage fix
- from bug #110857.
-
- 02 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
- -selinux-base-policy-20050322.ebuild,
- -selinux-base-policy-20050618.ebuild,
- -selinux-base-policy-20050821.ebuild,
- -selinux-base-policy-20051022.ebuild:
- Clean out old ebuilds.
-
- 14 Jan 2006; Stephen Bennett <spb@gentoo.org>
- selinux-base-policy-20051022-r1.ebuild:
- Added ~alpha
-
-*selinux-base-policy-20051022-r1 (08 Dec 2005)
-
- 08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20051022-r1.ebuild:
- Change to use compatability genhomedircon. Newer policycoreutils (1.28)
- breaks the backwards compatability this policy uses.
-
-*selinux-base-policy-20051022 (22 Oct 2005)
-
- 22 Oct 2005; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20051022.ebuild:
- Very trivial fixes.
-
- 08 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20050821.ebuild:
- Mark stable.
-
-*selinux-base-policy-20050821 (21 Aug 2005)
-
- 21 Aug 2005; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20050821.ebuild:
- Minor updates for 2.6.12.
-
- 21 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20050618.ebuild:
- Mark stable.
-
-*selinux-base-policy-20050618 (18 Jun 2005)
-
- 18 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
- -selinux-base-policy-20041123.ebuild,
- -selinux-base-policy-20050306.ebuild,
- +selinux-base-policy-20050618.ebuild:
- New release to support 2.6.12 features.
-
- 10 May 2005; Stephen Bennett <spb@gentoo.org>
- selinux-base-policy-20050322.ebuild:
- mips stable
-
- 01 May 2005; Stephen Bennett <spb@gentoo.org>
- selinux-base-policy-20050322.ebuild:
- Added ~mips.
-
-*selinux-base-policy-20050322 (23 Mar 2005)
-
- 23 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20050322.ebuild:
- New release.
-
-*selinux-base-policy-20050306 (06 Mar 2005)
-
- 06 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20050306.ebuild:
- Fix bad samba_domain dummy macro. Add policies needed for udev support.
-
-*selinux-base-policy-20050224 (24 Feb 2005)
-
- 24 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20050224.ebuild:
- New release.
-
- 19 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20041123.ebuild:
- Mark stable.
-
-*selinux-base-policy-20041123 (23 Nov 2004)
-
- 23 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20041123.ebuild:
- New release with 1.18 merge.
-
-*selinux-base-policy-20041023 (23 Oct 2004)
-
- 23 Oct 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20041023.ebuild:
- New release with 1.16 merge. Tcpd and inetd have been deprecated since they
- are not in the base system anymore, and probably no one uses them anyway.
-
-*selinux-base-policy-20040906 (06 Sep 2004)
-
- 06 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20040906.ebuild:
- New release with 1.14 merge, which has policy 18 (fine-grained netlink)
- features.
-
- 05 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild,
- -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild,
- selinux-base-policy-20040702.ebuild:
- Remove old builds, switch to epause and ebeep in remaining builds.
-
-*selinux-base-policy-20040702 (02 Jul 2004)
-
- 02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20040702.ebuild:
- Same as 20040629, except with updated flask headers, which will come out in
- 2.6.8.
-
-*selinux-base-policy-20040629 (29 Jun 2004)
-
- 29 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20040629.ebuild:
- Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its
- ablility to modify all files. Minor fixes: portage_r works again, syslog-ng
- breakage fixed, put back manual PaX policy for pageexec/segmexec.
-
- 16 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040604.ebuild:
- Mark stable.
-
- 10 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild,
- selinux-base-policy-20040604.ebuild:
- Add src_compile() stub
-
-*selinux-base-policy-20040604 (04 Jun 2004)
-
- 04 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20040604.ebuild:
- New release including 1.12 NSA policy, and experimental sesandbox.
-
- 15 May 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040509.ebuild:
- Mark stable.
-
-*selinux-base-policy-20040509 (09 May 2004)
-
- 09 May 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20040509.ebuild:
- A few small cleanups. Make PaX non exec pages macro based on arch. Large
- portage update, get rid of portage_exec_fetch_t, portage will setexec. Add
- global_ssp tunable.
-
-*selinux-base-policy-20040418 (18 Apr 2004)
-
- 18 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- +selinux-base-policy-20040418.ebuild:
- New release for checkpolicy 1.10
-
-*selinux-base-policy-20040414 (14 Apr 2004)
-
- 14 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild:
- Minor updates
-
-*selinux-base-policy-20040408 (08 Apr 2004)
-
- 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040408.ebuild:
- New update. Users.fc is now deprecated, as the contexts for user directories
- is now automatically generated. Portage fetching of distfiles now has a
- subdomain, for dropping priviledges.
-
- 28 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040225.ebuild:
- Mark stable.
-
-*selinux-base-policy-20040225 (25 Feb 2004)
-
- 25 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040225.ebuild:
- New support for PaX ACL hooks. Addition of tunable.te for configurable policy
- options. Rewrite of portage.te. Now auto-transition for sysadm is default, can
- reenable portage_r by tunable.te. Makefile update from NSA CVS.
-
-*selinux-base-policy-20040209 (09 Feb 2004)
-
- 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040209.ebuild:
- Minor revision to add XFS labeling and policy for integrated
- runscript-run_init.
-
- 07 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040202.ebuild:
- Mark x86 stable.
-
-*selinux-base-policy-20040202 (02 Feb 2004)
-
- 02 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20040202.ebuild:
- A few misc fixes. Allow portage to update bootloader code, such as in lilo or
- grub postinst. This requires checkpolicy 1.4-r1.
-
-*selinux-base-policy-20031225 (25 Dec 2003)
-
- 25 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20031225.ebuild:
- New release, with merged NSA 1.4 policy. One critical note, this policy
- requires pam 0.77. Much work has been done to minimize access to /etc/shadow,
- and one requirement is in the patch for pam 0.77. If you do not use this pam
- version or newer, you will be unable to authenticate in enforcing. Since
- devfs no longer is usable in SELinux, it's policy has been removed. You
- should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc),
- load the policy, and relabel.
-
- 27 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20031010-r1.ebuild:
- Mark stable. Add build USE flag for stage building.
-
-*selinux-base-policy-20031010-r1 (12 Nov 2003)
-
- 12 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20031010-r1.ebuild,
- files/selinux-base-policy-20031010-cvs.diff:
- Add fixes from policy cvs for compilers, so non x86 and ppc compilers can
- work. Also portage update as a side effect of updated setfiles code in
- portage, from bug 31748.
-
- 28 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20031010.ebuild:
- Mark stable
-
-*selinux-base-policy-20031010 (10 Oct 2003)
-
- 10 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20031010.ebuild:
- New release for new API. Massive cleanups all over the place.
-
-*selinux-base-policy-20030817 (17 Aug 2003)
-
- 17 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030817.ebuild:
- Initial commit of new API policy
-
- 10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030729-r1.ebuild:
- Mark stable
-
-*selinux-base-policy-20030729-r1 (31 Jul 2003)
-
- 31 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030729-r1.ebuild:
- New rev that handles an empty POLICYDIR sanely.
-
-*selinux-base-policy-20030729 (29 Jul 2003)
-
- 29 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030729.ebuild:
- Make the ebuild use POLICYDIR. Important fix so portage can load policy so
- selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when
- merging baselayout.
-
-*selinux-base-policy-20030720 (20 Jul 2003)
-
- 20 Jul 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030720.ebuild:
- Many fixes, including the syslog fix. File contexts have changed, so a relabel
- is needed. You may encounter problems relabeling /usr/portage, as its file
- context has changed, as files should not have the same type as a domain.
- Relabelling in permissive will fix this, or temporarily give portage_t a
- file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to
- users.fc, since all users with SELinux identities should have their home
- directories have the correct identity, not the generic identity.
-
- 06 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030604.ebuild:
- Mark stable
-
-*selinux-base-policy-20030604 (04 Jun 2003)
-
- 04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030604.ebuild:
- Fix broken 20030603
-
- 04 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030603.ebuild:
- Pulling 20030603, as there are problems, 20030604 later today
-
-*selinux-base-policy-20030603 (03 Jun 2003)
-
- 03 Jun 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030603.ebuild:
- Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies
- as they are not appropriate for the base policy, and untested.
-
-*selinux-base-policy-20030522 (22 May 2003)
-
- 22 May 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030522.ebuild:
- The policy is in pretty good shape now. I've been able to run in enforcing mode
- with little problem. I've also been able to successfully merge and unmerge
- packages in enforcing mode, with few exceptions (why does mysql need to run ps
- during configure?).
-
-*selinux-base-policy-20030514 (14 May 2003)
-
- 14 May 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030514.ebuild:
- Many improvements in many areas. Of note, rlogind policies were removed. Klogd
- is being merged into syslogd. The portage policy is much more complete, but
- still needs work. Its suggested that all changes be merged in, policy
- reloaded, then relabel.
-
-*selinux-base-policy-20030419 (19 Apr 2003)
-
- 23 Apr 2003; Chris PeBenito <pebenito@gentoo.org>
- selinux-base-policy-20030419.ebuild:
- Marking stable for selinux-small stable usage
-
- 19 Apr 2003; Chris PeBenito <pebenito@gentoo.org> Manifest,
- selinux-base-policy-20030419.ebuild:
- Initial commit. Base policies for SELinux, with Gentoo-specifics
-
diff --git a/sec-policy/selinux-base-policy/files/config b/sec-policy/selinux-base-policy/files/config
deleted file mode 100644
index 55933ea..0000000
--- a/sec-policy/selinux-base-policy/files/config
+++ /dev/null
@@ -1,15 +0,0 @@
-# This file controls the state of SELinux on the system on boot.
-
-# SELINUX can take one of these three values:
-# enforcing - SELinux security policy is enforced.
-# permissive - SELinux prints warnings instead of enforcing.
-# disabled - No SELinux policy is loaded.
-SELINUX=permissive
-
-# SELINUXTYPE can take one of these four values:
-# targeted - Only targeted network daemons are protected.
-# strict - Full SELinux protection.
-# mls - Full SELinux protection with Multi-Level Security
-# mcs - Full SELinux protection with Multi-Category Security
-# (mls, but only one sensitivity level)
-SELINUXTYPE=strict
diff --git a/sec-policy/selinux-base-policy/files/modules.conf b/sec-policy/selinux-base-policy/files/modules.conf
deleted file mode 100644
index fcb3fd8..0000000
--- a/sec-policy/selinux-base-policy/files/modules.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-application = base
-authlogin = base
-bootloader = base
-clock = base
-consoletype = base
-corecommands = base
-corenetwork = base
-cron = base
-devices = base
-dmesg = base
-domain = base
-files = base
-filesystem = base
-fstools = base
-getty = base
-hostname = base
-hotplug = base
-init = base
-iptables = base
-kernel = base
-libraries = base
-locallogin = base
-logging = base
-lvm = base
-miscfiles = base
-mcs = base
-mls = base
-modutils = base
-mount = base
-mta = base
-netutils = base
-nscd = base
-portage = base
-raid = base
-rsync = base
-selinux = base
-selinuxutil = base
-ssh = base
-staff = base
-storage = base
-su = base
-sysadm = base
-sysnetwork = base
-terminal = base
-ubac = base
-udev = base
-userdomain = base
-usermanage = base
-unprivuser = base
diff --git a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2 b/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2
deleted file mode 100644
index 2f2e880..0000000
Binary files a/sec-policy/selinux-base-policy/files/patchbundle-selinux-base-policy-2.20101213-r22.tar.bz2 and /dev/null differ
diff --git a/sec-policy/selinux-base-policy/metadata.xml b/sec-policy/selinux-base-policy/metadata.xml
deleted file mode 100644
index 393f3bb..0000000
--- a/sec-policy/selinux-base-policy/metadata.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>selinux</herd>
- <longdescription>
- Gentoo SELinux base policy. This contains policy for a system at the end of system installation.
- There is no extra policy in this package.
- </longdescription>
- <use>
- <flag name='peer_perms'>Enable the labeled networking peer permissions (SELinux policy capability).</flag>
- <flag name='open_perms'>Enable the open permissions for file object classes (SELinux policy capability).</flag>
- <flag name='ubac'>Enable User Based Access Control (UBAC) in the SELinux policy</flag>
- </use>
-</pkgmetadata>
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild
deleted file mode 100644
index 96d033e..0000000
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r22.ebuild
+++ /dev/null
@@ -1,147 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild,v 1.1 2011/07/10 02:30:17 blueness Exp $
-
-EAPI="1"
-IUSE="+peer_perms +open_perms +ubac"
-
-inherit eutils
-
-PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
-#PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
-SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
-#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
-# http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="~amd64 ~x86"
-
-RDEPEND=">=sys-apps/policycoreutils-1.30.30
- >=sys-fs/udev-151"
-DEPEND="${RDEPEND}
- sys-devel/m4
- >=sys-apps/checkpolicy-1.30.12"
-
-S=${WORKDIR}/
-
-src_unpack() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- unpack ${A}
-
- cd "${S}"
- epatch "${PATCHBUNDLE}"
- cd "${S}/refpolicy"
- # Fix bug 257111
- sed -i -e 's:system_crond_t:system_cronjob_t:g' \
- "${S}/refpolicy/config/appconfig-standard/default_contexts"
- sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
- "${S}/refpolicy/config/appconfig-mls/default_contexts"
- sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
- "${S}/refpolicy/config/appconfig-mcs/default_contexts"
-
- if ! use peer_perms; then
- sed -i -e '/network_peer_controls/d' \
- "${S}/refpolicy/policy/policy_capabilities"
- fi
-
- if ! use open_perms; then
- sed -i -e '/open_perms/d' \
- "${S}/refpolicy/policy/policy_capabilities"
- fi
-
- for i in ${POLICY_TYPES}; do
- cp -a "${S}/refpolicy" "${S}/${i}"
-
- cd "${S}/${i}";
- make conf || die "Make conf in ${i} failed"
-
- # Define what we see as "base" and what we want to remain modular
- cp "${FILESDIR}/modules.conf" \
- "${S}/${i}/policy/modules.conf" \
- || die "failed to set up modules.conf"
- if [[ "${i}" == "targeted" ]];
- then
- echo "unconfined = base" >> "${S}/${i}/policy/modules.conf"
- fi
- sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
- -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
- || die "build.conf setup failed."
-
- if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
- then
- # MCS/MLS require additional settings
- sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
- || die "failed to set type to mls"
- fi
-
- if ! use ubac; then
- sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
- fi
-
- echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
-
- if [ "${i}" == "targeted" ]; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-standard/seusers" \
- || die "targeted seusers setup failed."
- fi
- done
-}
-
-src_compile() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}"
- make base || die "${i} compile failed"
- done
-}
-
-src_install() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}"
-
- make DESTDIR="${D}" install \
- || die "${i} install failed."
-
- make DESTDIR="${D}" install-headers \
- || die "${i} headers install failed."
-
- echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
-
- echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
-
- # libsemanage won't make this on its own
- keepdir "/etc/selinux/${i}/policy"
- done
-
- dodoc doc/Makefile.example doc/example.{te,fc,if}
-
- insinto /etc/selinux
- doins "${FILESDIR}/config"
-}
-
-pkg_preinst() {
- has_version "<${CATEGORY}/${PN}-2.20101213-r13"
- previous_less_than_r13=$?
-}
-
-pkg_postinst() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- einfo "Inserting base module into ${i} module store."
-
- cd "/usr/share/selinux/${i}"
- semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
- done
- elog "Updates on policies might require you to relabel files. If you, after"
- elog "installing new SELinux policies, get 'permission denied' errors,"
- elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
-}
next reply other threads:[~2011-08-07 10:59 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-07 10:58 Anthony G. Basile [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-08-03 8:02 [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-base-policy/files/, sec-policy/selinux-base-policy/ Sven Vermeulen
2011-07-24 11:05 Sven Vermeulen
2011-07-21 19:21 Sven Vermeulen
2011-07-17 18:10 Sven Vermeulen
2011-07-07 18:41 Sven Vermeulen
2011-06-30 10:19 Anthony G. Basile
2011-06-29 12:56 Sven Vermeulen
2011-05-15 13:28 Sven Vermeulen
2011-05-14 22:09 Sven Vermeulen
2011-05-13 19:49 Sven Vermeulen
2011-05-02 19:09 Sven Vermeulen
2011-03-02 17:19 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5ea47f6885807940d516a8004b835611694bcc14.blueness@gentoo \
--to=blueness@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox