diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-04-16 13:25:34 +0000 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-04-16 13:25:34 +0000 |
| commit | 170a24b625d481b23554ddaf80221e28fd51049e (patch) | |
| tree | 0bcbd3aad83d5fc05248abfb78f456a917da22fa /sec-policy/selinux-ldap | |
| parent | Removed maskings and unmaskings for sec-policy/selinux-hal. (diff) | |
| download | gentoo-2-170a24b625d481b23554ddaf80221e28fd51049e.tar.gz gentoo-2-170a24b625d481b23554ddaf80221e28fd51049e.tar.bz2 gentoo-2-170a24b625d481b23554ddaf80221e28fd51049e.zip | |
Initial commit to tree, renames selinux-openldap
(Portage version: 2.1.9.42/cvs/Linux x86_64)
Diffstat (limited to 'sec-policy/selinux-ldap')
| -rw-r--r-- | sec-policy/selinux-ldap/ChangeLog | 109 | ||||
| -rw-r--r-- | sec-policy/selinux-ldap/files/fix-services-ldap-r1.patch | 43 | ||||
| -rw-r--r-- | sec-policy/selinux-ldap/metadata.xml | 6 | ||||
| -rw-r--r-- | sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild | 17 |
4 files changed, 175 insertions, 0 deletions
diff --git a/sec-policy/selinux-ldap/ChangeLog b/sec-policy/selinux-ldap/ChangeLog new file mode 100644 index 000000000000..ad940efdc36d --- /dev/null +++ b/sec-policy/selinux-ldap/ChangeLog @@ -0,0 +1,109 @@ +# ChangeLog for sec-policy/selinux-ldap +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-ldap/ChangeLog,v 1.1 2011/04/16 13:25:34 blueness Exp $ + + 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> + +files/fix-services-ldap-r1.patch, +selinux-ldap-2.20101213-r1.ebuild, + +metadata.xml: + Initial commit to tree, renames selinux-openldap + +*selinux-ldap-2.20101213-r1 (14 Mar 2011) + + 14 Mar 2011; <swift@gentoo.org> +files/fix-services-ldap-r1.patch, + +selinux-ldap-2.20101213-r1.ebuild, +metadata.xml: + Fix file contexts, enable ldap administration + +*selinux-openldap-2.20101213 (05 Feb 2011) + + 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> + +selinux-openldap-2.20101213.ebuild: + New upstream policy. + +*selinux-openldap-2.20091215 (16 Dec 2009) + + 16 Dec 2009; Chris PeBenito <pebenito@gentoo.org> + +selinux-openldap-2.20091215.ebuild: + New upstream release. + + 14 Aug 2009; Chris PeBenito <pebenito@gentoo.org> + -selinux-openldap-20070329.ebuild, -selinux-openldap-20070928.ebuild, + selinux-openldap-20080525.ebuild: + Mark 20080525 stable, clear old ebuilds. + +*selinux-openldap-2.20090730 (03 Aug 2009) + + 03 Aug 2009; Chris PeBenito <pebenito@gentoo.org> + +selinux-openldap-2.20090730.ebuild: + New upstream release. + + 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org> + selinux-openldap-20070329.ebuild, selinux-openldap-20070928.ebuild, + selinux-openldap-20080525.ebuild: + Drop alpha, mips, ppc, sparc selinux support. + +*selinux-openldap-20080525 (25 May 2008) + + 25 May 2008; Chris PeBenito <pebenito@gentoo.org> + +selinux-openldap-20080525.ebuild: + New SVN snapshot. + + 16 Mar 2008; Chris PeBenito <pebenito@gentoo.org> + -selinux-openldap-20050626.ebuild, -selinux-openldap-20051122.ebuild, + -selinux-openldap-20061114.ebuild: + Remove old ebuilds. + + 03 Feb 2008; Chris PeBenito <pebenito@gentoo.org> + selinux-openldap-20070928.ebuild: + Mark stable. + +*selinux-openldap-20070928 (26 Nov 2007) + + 26 Nov 2007; Chris PeBenito <pebenito@gentoo.org> + +selinux-openldap-20070928.ebuild: + New SVN snapshot. + + 29 Aug 2007; Christian Heim <phreak@gentoo.org> metadata.xml: + Removing kaiowas from metadata due to his retirement (see #61930 for + reference). + + 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org> + selinux-openldap-20070329.ebuild: + Mark stable. + +*selinux-openldap-20070329 (29 Mar 2007) + + 29 Mar 2007; Chris PeBenito <pebenito@gentoo.org> + +selinux-openldap-20070329.ebuild: + New SVN snapshot. + + 22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog: + Redigest for Manifest2 + +*selinux-openldap-20061114 (15 Nov 2006) + + 15 Nov 2006; Chris PeBenito <pebenito@gentoo.org> + +selinux-openldap-20061114.ebuild: + New SVN snapshot. + +*selinux-openldap-20061008 (10 Oct 2006) + + 10 Oct 2006; Chris PeBenito <pebenito@gentoo.org> + +selinux-openldap-20061008.ebuild: + First mainstream reference policy testing release. + + 02 Dec 2005; petre rodan <kaiowas@gentoo.org> + selinux-openldap-20051122.ebuild: + mark stable on amd64 mips ppc sparc x86 + +*selinux-openldap-20051122 (28 Nov 2005) + + 28 Nov 2005; petre rodan <kaiowas@gentoo.org> + selinux-openldap-20050626.ebuild, +selinux-openldap-20051122.ebuild: + marked stable on amd64 mips ppc sparc x86, merge with upstream + +*selinux-openldap-20050626 (26 Jun 2005) + + 26 Jun 2005; petre rodan <kaiowas@gentoo.org> +metadata.xml, + +selinux-openldap-20050626.ebuild: + initial commit + diff --git a/sec-policy/selinux-ldap/files/fix-services-ldap-r1.patch b/sec-policy/selinux-ldap/files/fix-services-ldap-r1.patch new file mode 100644 index 000000000000..f459b06167b8 --- /dev/null +++ b/sec-policy/selinux-ldap/files/fix-services-ldap-r1.patch @@ -0,0 +1,43 @@ +--- services/ldap.te 2010-09-10 17:05:45.000000000 +0200 ++++ services/ldap.te 2011-03-12 22:10:48.814999997 +0100 +@@ -42,11 +42,12 @@ + # cjp: why net_raw? + allow slapd_t self:capability { kill setgid setuid net_raw dac_override dac_read_search }; + dontaudit slapd_t self:capability sys_tty_config; +-allow slapd_t self:process setsched; ++allow slapd_t self:process { setsched signal }; + allow slapd_t self:fifo_file rw_fifo_file_perms; + allow slapd_t self:udp_socket create_socket_perms; + #slapd needs to listen and accept needed by ldapsearch (slapd needs to accept from ldapseach) + allow slapd_t self:tcp_socket create_stream_socket_perms; ++allow slapd_t self:unix_stream_socket listen; + + allow slapd_t slapd_cert_t:dir list_dir_perms; + read_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t) +@@ -114,6 +115,7 @@ + + userdom_dontaudit_use_unpriv_user_fds(slapd_t) + userdom_dontaudit_search_user_home_dirs(slapd_t) ++userdom_use_user_terminals(slapd_t) + + optional_policy(` + kerberos_keytab_template(slapd, slapd_t) +--- services/ldap.fc 2010-08-03 15:11:06.000000000 +0200 ++++ services/ldap.fc 2011-03-12 18:57:10.880999997 +0100 +@@ -8,7 +8,16 @@ + /usr/lib/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0) + ') + ++ifdef(`distro_gentoo',` ++/usr/lib(64)?/openldap/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0) ++') ++ + /var/lib/ldap(/.*)? gen_context(system_u:object_r:slapd_db_t,s0) ++ifdef(`distro_gentoo',` ++/var/lib/openldap-data(/.*)? gen_context(system_u:object_r:slapd_db_t,s0) ++/var/lib/openldap-ldbm(/.*)? gen_context(system_u:object_r:slapd_db_t,s0) ++/var/lib/openldap-slurpd(/.*)? gen_context(system_u:object_r:slapd_db_t,s0) ++') + /var/lib/ldap/replog(/.*)? gen_context(system_u:object_r:slapd_replog_t,s0) + + /var/run/ldapi -s gen_context(system_u:object_r:slapd_var_run_t,s0) diff --git a/sec-policy/selinux-ldap/metadata.xml b/sec-policy/selinux-ldap/metadata.xml new file mode 100644 index 000000000000..d873bf1f89a8 --- /dev/null +++ b/sec-policy/selinux-ldap/metadata.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>selinux</herd> + <longdescription>Gentoo SELinux policy for openldap</longdescription> +</pkgmetadata> diff --git a/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild b/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild new file mode 100644 index 000000000000..f7a60d9be9a2 --- /dev/null +++ b/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild @@ -0,0 +1,17 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-ldap/selinux-ldap-2.20101213-r1.ebuild,v 1.1 2011/04/16 13:25:34 blueness Exp $ + +MODS="ldap" +IUSE="" + +inherit selinux-policy-2 + +DESCRIPTION="SELinux policy for OpenLDAP server" + +KEYWORDS="~amd64 ~x86" +RDEPEND="!<=sec-policy/selinux-openldap-2.20101213 + >=sys-apps/policycoreutils-1.30.30 + >=sec-policy/selinux-base-policy-${PV}" + +POLICY_PATCH="${FILESDIR}/fix-services-ldap-r1.patch" |