diff options
| author |   Jason Zaman <perfinion@gentoo.org> | 2015-04-23 13:14:18 +0000 |
|---|---|---|
| committer | Jason Zaman <perfinion@gentoo.org> | 2015-04-23 13:14:18 +0000 |
| commit | aa688dfc76e2ae1030250fdb305ecdcd6869ec30 (patch) | |
| tree | 7b3c0da3181d2e6f2de6fbabbbee4fdbe6f67288 /sys-libs | |
| parent | Clean old versions, thanks to Andreis Vinogradovs (diff) | |
| download | gentoo-2-aa688dfc76e2ae1030250fdb305ecdcd6869ec30.tar.gz gentoo-2-aa688dfc76e2ae1030250fdb305ecdcd6869ec30.tar.bz2 gentoo-2-aa688dfc76e2ae1030250fdb305ecdcd6869ec30.zip | |
rev bump with migration patch
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0x7EF137EC935B0EAF)
Diffstat (limited to 'sys-libs')
4 files changed, 344 insertions, 285 deletions
diff --git a/sys-libs/libsemanage/ChangeLog b/sys-libs/libsemanage/ChangeLog index 26b0ff4de3e1..5734c4b6edb2 100644 --- a/sys-libs/libsemanage/ChangeLog +++ b/sys-libs/libsemanage/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-libs/libsemanage # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/ChangeLog,v 1.90 2015/04/18 21:58:59 perfinion Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/ChangeLog,v 1.91 2015/04/23 13:14:18 perfinion Exp $ + +*libsemanage-2.4-r1 (23 Apr 2015) + + 23 Apr 2015; Jason Zaman <perfinion@gentoo.org> + +files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch, + +libsemanage-2.4-r1.ebuild, + -files/0002-semanage_migrate_store-Python3-support.patch: + rev bump with migration patch 18 Apr 2015; Jason Zaman <perfinion@gentoo.org> -libsemanage-2.3-r3.ebuild, -libsemanage-2.4_rc6-r2.ebuild, -libsemanage-2.4_rc7.ebuild: diff --git a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch b/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch new file mode 100644 index 000000000000..8e523dcbf7e3 --- /dev/null +++ b/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch @@ -0,0 +1,208 @@ +From 9caebebd598de737f27cdc8d5253a2cebd67d5a9 Mon Sep 17 00:00:00 2001 +From: Jason Zaman <jason@perfinion.com> +Date: Wed, 22 Apr 2015 18:27:09 +0400 +Subject: [PATCH] libsemanage: do not copy contexts in semanage_migrate_store + +The modules from the old store were previously copied to the new one +using setfscreatecon and shutil.copy2(). Now that refpolicy has rules +about the new policy location[1], copying the contexts is redundant. + +More importantly, the setcreatefscon caused a constraint violation[2] +which made the migration fail. In python3, shutil.copy2() copies xattrs +as well which again causes problems. shutil.copy() is enough for our +needs here as it will copy the file and permissions in both py2 and 3. +We do not need the extra things that copy2() does (mtime, xattr, etc). + +[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html + +[2] +type=AVC msg=audit(1429438272.872:1869): avc: denied { create } for pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0 + constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-) or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED +allow semanage_t semanage_store_t:dir create; + +Signed-off-by: Jason Zaman <jason@perfinion.com> +--- + libsemanage/utils/semanage_migrate_store | 77 ++++++++------------------------ + 1 file changed, 18 insertions(+), 59 deletions(-) + +diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store +index 03b492e..2f85e9c 100755 +--- a/libsemanage/utils/semanage_migrate_store ++++ b/libsemanage/utils/semanage_migrate_store +@@ -8,7 +8,6 @@ import shutil + import sys + from optparse import OptionParser + +-import bz2 + import ctypes + + sepol = ctypes.cdll.LoadLibrary('libsepol.so') +@@ -21,41 +20,20 @@ except: + exit(1) + + +- +- +-# For some reason this function doesn't exist in libselinux :\ +-def copy_with_context(src, dst): ++def copy_file(src, dst): + if DEBUG: + print("copying %s to %s" % (src, dst)) + try: +- con = selinux.lgetfilecon_raw(src)[1] +- except: +- print("Could not get file context of %s" % src, file=sys.stderr) +- exit(1) +- +- try: +- selinux.setfscreatecon_raw(con) +- except: +- print("Could not set fs create context: %s" %con, file=sys.stderr) +- exit(1) +- +- try: +- shutil.copy2(src, dst) ++ shutil.copy(src, dst) + except OSError as the_err: + (err, strerr) = the_err.args + print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr) + exit(1) + +- try: +- selinux.setfscreatecon_raw(None) +- except: +- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) + +-def create_dir_from(src, dst, mode): ++def create_dir(dst, mode): + if DEBUG: print("Making directory %s" % dst) + try: +- con = selinux.lgetfilecon_raw(src)[1] +- selinux.setfscreatecon_raw(con) + os.makedirs(dst, mode) + except OSError as the_err: + (err, stderr) = the_err.args +@@ -65,28 +43,18 @@ def create_dir_from(src, dst, mode): + print("Error creating %s" % dst, file=sys.stderr) + exit(1) + +- try: +- selinux.setfscreatecon_raw(None) +- except: +- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) + +-def create_file_from(src, dst): ++def create_file(dst): + if DEBUG: print("Making file %s" % dst) + try: +- con = selinux.lgetfilecon_raw(src)[1] +- selinux.setfscreatecon_raw(con) + open(dst, 'a').close() + except OSError as the_err: + (err, stderr) = the_err.args + print("Error creating %s" % dst, file=sys.stderr) + exit(1) + +- try: +- selinux.setfscreatecon_raw(None) +- except: +- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) + +-def copy_module(store, name, con, base): ++def copy_module(store, name, base): + if DEBUG: print("Install module %s" % name) + (file, ext) = os.path.splitext(name) + if ext != ".pp": +@@ -94,8 +62,6 @@ def copy_module(store, name, con, base): + print("warning: %s has invalid extension, skipping" % name, file=sys.stderr) + return + try: +- selinux.setfscreatecon_raw(con) +- + if base: + root = oldstore_path(store) + else: +@@ -105,7 +71,7 @@ def copy_module(store, name, con, base): + + os.mkdir("%s/%s" % (bottomdir, file)) + +- copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) ++ copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) + + # This is the ext file that will eventually be used to choose a compiler + efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600) +@@ -116,15 +82,11 @@ def copy_module(store, name, con, base): + print("Error installing module %s" % name, file=sys.stderr) + exit(1) + +- try: +- selinux.setfscreatecon_raw(None) +- except: +- print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) + +-def disable_module(file, root, name, disabledmodules): ++def disable_module(file, name, disabledmodules): + if DEBUG: print("Disabling %s" % name) + (disabledname, disabledext) = os.path.splitext(file) +- create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname)) ++ create_file("%s/%s" % (disabledmodules, disabledname)) + + def migrate_store(store): + +@@ -138,17 +100,14 @@ def migrate_store(store): + print("Migrating from %s to %s" % (oldstore, newstore)) + + # Build up new directory structure +- create_dir_from(oldstore, "%s/%s" % (newroot_path(), store), 0o755) +- create_dir_from(oldstore, newstore, 0o700) +- create_dir_from(oldstore, newmodules, 0o700) +- create_dir_from(oldstore, bottomdir, 0o700) +- create_dir_from(oldstore, disabledmodules, 0o700) +- +- # use whatever the file context of bottomdir is for the module directories +- con = selinux.lgetfilecon_raw(bottomdir)[1] ++ create_dir("%s/%s" % (newroot_path(), store), 0o755) ++ create_dir(newstore, 0o700) ++ create_dir(newmodules, 0o700) ++ create_dir(bottomdir, 0o700) ++ create_dir(disabledmodules, 0o700) + + # Special case for base since it was in a different location +- copy_module(store, "base.pp", con, 1) ++ copy_module(store, "base.pp", 1) + + # Dir structure built, start copying files + for root, dirs, files in os.walk(oldstore): +@@ -161,7 +120,7 @@ def migrate_store(store): + newname = "seusers.local" + else: + newname = name +- copy_with_context(os.path.join(root, name), os.path.join(newstore, newname)) ++ copy_file(os.path.join(root, name), os.path.join(newstore, newname)) + + elif root == oldmodules: + # This should be the modules directory +@@ -171,9 +130,9 @@ def migrate_store(store): + print("Error installing module %s, name conflicts with base" % name, file=sys.stderr) + exit(1) + elif ext == ".disabled": +- disable_module(file, root, name, disabledmodules) ++ disable_module(file, name, disabledmodules) + else: +- copy_module(store, name, con, 0) ++ copy_module(store, name, 0) + + def rebuild_policy(): + # Ok, the modules are loaded, lets try to rebuild the policy +@@ -287,7 +246,7 @@ if __name__ == "__main__": + "preserve_tunables" ] + + +- create_dir_from(oldroot_path(), newroot_path(), 0o755) ++ create_dir(newroot_path(), 0o755) + + stores = None + if TYPE is not None: +-- +2.0.5 + diff --git a/sys-libs/libsemanage/files/0002-semanage_migrate_store-Python3-support.patch b/sys-libs/libsemanage/files/0002-semanage_migrate_store-Python3-support.patch deleted file mode 100644 index 40f821ae20d7..000000000000 --- a/sys-libs/libsemanage/files/0002-semanage_migrate_store-Python3-support.patch +++ /dev/null @@ -1,284 +0,0 @@ -From 877acdb31ff4261f0fcd03a8fb9ada76703802f3 Mon Sep 17 00:00:00 2001 -From: Jason Zaman <jason@perfinion.com> -Date: Thu, 20 Nov 2014 00:18:59 +0400 -Subject: [PATCH 2/2] semanage_migrate_store: Python3 support - -Mainly used the 2to3 conversion tool. Also added in a __future__ -import so that the script continues to work on Python 2. - -Tested on 2.7, 3.3, 3.4. Should work on 2.6 too but untested. - -Signed-off-by: Jason Zaman <jason@perfinion.com> -Acked-by: Steve Lawrence <slawrence@tresys.com> ---- - libsemanage/utils/semanage_migrate_store | 86 +++++++++++++++++--------------- - 1 file changed, 45 insertions(+), 41 deletions(-) - -diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store -index cbc4f31..0371e49 100755 ---- a/libsemanage/utils/semanage_migrate_store -+++ b/libsemanage/utils/semanage_migrate_store -@@ -1,6 +1,7 @@ - #!/usr/bin/python -E - - -+from __future__ import print_function - import os - import errno - import shutil -@@ -16,7 +17,7 @@ try: - import selinux - import semanage - except: -- print >> sys.stderr, "You must install libselinux-python and libsemanage-python before running this tool" -+ print("You must install libselinux-python and libsemanage-python before running this tool", file=sys.stderr) - exit(1) - - -@@ -25,100 +26,103 @@ except: - # For some reason this function doesn't exist in libselinux :\ - def copy_with_context(src, dst): - if DEBUG: -- print "copying %s to %s" % (src, dst) -+ print("copying %s to %s" % (src, dst)) - try: - con = selinux.lgetfilecon_raw(src)[1] - except: -- print >> sys.stderr, "Could not get file context of %s" % src -+ print("Could not get file context of %s" % src, file=sys.stderr) - exit(1) - - try: - selinux.setfscreatecon_raw(con) - except: -- print >> sys.stderr, "Could not set fs create context: %s" %con -+ print("Could not set fs create context: %s" %con, file=sys.stderr) - exit(1) - - try: - shutil.copy2(src, dst) -- except OSError as (err, strerr): -- print >> sys.stderr, "Could not copy %s to %s, %s" %(src, dst, strerr) -+ except OSError as the_err: -+ (err, strerr) = the_err.args -+ print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr) - exit(1) - - try: - selinux.setfscreatecon_raw(None) - except: -- print >> sys.stderr, "Could not reset fs create context. May need to relabel system." -+ print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) - - def create_dir_from(src, dst, mode): -- if DEBUG: print "Making directory %s" % dst -+ if DEBUG: print("Making directory %s" % dst) - try: - con = selinux.lgetfilecon_raw(src)[1] - selinux.setfscreatecon_raw(con) - os.makedirs(dst, mode) -- except OSError as (err, stderr): -+ except OSError as the_err: -+ (err, stderr) = the_err.args - if err == errno.EEXIST: - pass - else: -- print >> sys.stderr, "Error creating %s" % dst -+ print("Error creating %s" % dst, file=sys.stderr) - exit(1) - - try: - selinux.setfscreatecon_raw(None) - except: -- print >> sys.stderr, "Could not reset fs create context. May need to relabel system." -+ print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) - - def create_file_from(src, dst): -- if DEBUG: print "Making file %s" % dst -+ if DEBUG: print("Making file %s" % dst) - try: - con = selinux.lgetfilecon_raw(src)[1] - selinux.setfscreatecon_raw(con) - open(dst, 'a').close() -- except OSError as (err, stderr): -- print >> sys.stderr, "Error creating %s" % dst -+ except OSError as the_err: -+ (err, stderr) = the_err.args -+ print("Error creating %s" % dst, file=sys.stderr) - exit(1) - - try: - selinux.setfscreatecon_raw(None) - except: -- print >> sys.stderr, "Could not reset fs create context. May need to relabel system." -+ print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) - - def copy_module(store, name, con, base): -- if DEBUG: print "Install module %s" % name -+ if DEBUG: print("Install module %s" % name) - (file, ext) = os.path.splitext(name) - if ext != ".pp": - # Stray non-pp file in modules directory, skip -- print >> sys.stderr, "warning: %s has invalid extension, skipping" % name -+ print("warning: %s has invalid extension, skipping" % name, file=sys.stderr) - return - try: - selinux.setfscreatecon_raw(con) -- -+ - if base: - root = oldstore_path(store) - else: - root = oldmodules_path(store) - - bottomdir = bottomdir_path(store) -- -+ - os.mkdir("%s/%s" % (bottomdir, file)) - - copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) - - # This is the ext file that will eventually be used to choose a compiler -- efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0600) -+ efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600) - efile.write("pp") - efile.close() - - except: -- print >> sys.stderr, "Error installing module %s" % name -+ print("Error installing module %s" % name, file=sys.stderr) - exit(1) - - try: - selinux.setfscreatecon_raw(None) - except: -- print >> sys.stderr, "Could not reset fs create context. May need to relabel system." -+ print("Could not reset fs create context. May need to relabel system.", file=sys.stderr) - - def disable_module(file, root, name, disabledmodules): -- if DEBUG: print "Disabling %s" % name -+ if DEBUG: print("Disabling %s" % name) - (disabledname, disabledext) = os.path.splitext(file) - create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname)) - -@@ -131,14 +135,14 @@ def migrate_store(store): - newmodules = newmodules_path(store); - bottomdir = bottomdir_path(store); - -- print "Migrating from %s to %s" % (oldstore, newstore) -+ print("Migrating from %s to %s" % (oldstore, newstore)) - - # Build up new directory structure -- create_dir_from(selinux.selinux_policy_root(), "%s/%s" % (newroot_path(), store), 0755) -- create_dir_from(oldmodules, newstore, 0700) -- create_dir_from(oldstore, newmodules, 0700) -- create_dir_from(oldstore, bottomdir, 0700) -- create_dir_from(oldstore, disabledmodules, 0700) -+ create_dir_from(selinux.selinux_policy_root(), "%s/%s" % (newroot_path(), store), 0o755) -+ create_dir_from(oldmodules, newstore, 0o700) -+ create_dir_from(oldstore, newmodules, 0o700) -+ create_dir_from(oldstore, bottomdir, 0o700) -+ create_dir_from(oldstore, disabledmodules, 0o700) - - # use whatever the file context of bottomdir is for the module directories - con = selinux.lgetfilecon_raw(bottomdir)[1] -@@ -149,7 +153,7 @@ def migrate_store(store): - # Dir structure built, start copying files - for root, dirs, files in os.walk(oldstore): - if root == oldstore: -- # This is the top level directory, need to move -+ # This is the top level directory, need to move - for name in files: - # Check to see if it is in TOPPATHS and copy if so - if name in TOPPATHS: -@@ -164,7 +168,7 @@ def migrate_store(store): - for name in files: - (file, ext) = os.path.splitext(name) - if name == "base.pp": -- print >> sys.stderr, "Error installing module %s, name conflicts with base" % name -+ print("Error installing module %s, name conflicts with base" % name, file=sys.stderr) - exit(1) - elif ext == ".disabled": - disable_module(file, root, name, disabledmodules) -@@ -173,32 +177,32 @@ def migrate_store(store): - - def rebuild_policy(): - # Ok, the modules are loaded, lets try to rebuild the policy -- print "Attempting to rebuild policy from %s" % newroot_path() -+ print("Attempting to rebuild policy from %s" % newroot_path()) - - curstore = selinux.selinux_getpolicytype()[1] - - handle = semanage.semanage_handle_create() - if not handle: -- print >> sys.stderr, "Could not create semanage handle" -+ print("Could not create semanage handle", file=sys.stderr) - exit(1) - - semanage.semanage_select_store(handle, curstore, semanage.SEMANAGE_CON_DIRECT) - - if not semanage.semanage_is_managed(handle): - semanage.semanage_handle_destroy(handle) -- print >> sys.stderr, "SELinux policy is not managed or store cannot be accessed." -+ print("SELinux policy is not managed or store cannot be accessed.", file=sys.stderr) - exit(1) - - rc = semanage.semanage_access_check(handle) - if rc < semanage.SEMANAGE_CAN_WRITE: - semanage.semanage_handle_destroy(handle) -- print >> sys.stderr, "Cannot write to policy store." -+ print("Cannot write to policy store.", file=sys.stderr) - exit(1) - - rc = semanage.semanage_connect(handle) - if rc < 0: - semanage.semanage_handle_destroy(handle) -- print >> sys.stderr, "Could not establish semanage connection" -+ print("Could not establish semanage connection", file=sys.stderr) - exit(1) - - semanage.semanage_set_rebuild(handle, 1) -@@ -206,12 +210,12 @@ def rebuild_policy(): - rc = semanage.semanage_begin_transaction(handle) - if rc < 0: - semanage.semanage_handle_destroy(handle) -- print >> sys.stderr, "Could not begin transaction" -+ print("Could not begin transaction", file=sys.stderr) - exit(1) - - rc = semanage.semanage_commit(handle) - if rc < 0: -- print >> sys.stderr, "Could not commit transaction" -+ print("Could not commit transaction", file=sys.stderr) - - semanage.semanage_handle_destroy(handle) - -@@ -283,7 +287,7 @@ if __name__ == "__main__": - "preserve_tunables" ] - - -- create_dir_from(oldroot_path(), newroot_path(), 0755) -+ create_dir_from(oldroot_path(), newroot_path(), 0o755) - - stores = None - if TYPE is not None: -@@ -299,14 +303,14 @@ if __name__ == "__main__": - - if os.path.isdir(newstore_path(store)): - # store has already been migrated, but old modules dir still exits -- print >> sys.stderr, "warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store -+ print("warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store, file=sys.stderr) - continue - - migrate_store(store) - - if CLEAN is True: - def remove_error(function, path, execinfo): -- print >> sys.stderr, "warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store) -+ print("warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store), file=sys.stderr) - shutil.rmtree(oldmodules_path(store), onerror=remove_error) - - if NOREBUILD is False: --- -2.0.4 - diff --git a/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild b/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild new file mode 100644 index 000000000000..d3b3bf305fce --- /dev/null +++ b/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild @@ -0,0 +1,127 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/libsemanage-2.4-r1.ebuild,v 1.1 2015/04/23 13:14:18 perfinion Exp $ + +EAPI="5" +PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) + +inherit multilib python-r1 toolchain-funcs eutils multilib-minimal + +MY_P="${P//_/-}" + +SEPOL_VER="${PV}" +SELNX_VER="${PV}" + +DESCRIPTION="SELinux kernel and policy management library" +HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" +SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20150202/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="python" + +RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}] + >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}] + >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] + >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}] + " +DEPEND="${RDEPEND} + sys-devel/bison + sys-devel/flex + python? ( + >=dev-lang/swig-2.0.4-r1 + virtual/pkgconfig + ${PYTHON_DEPS} + )" + +# tests are not meant to be run outside of the +# full SELinux userland repo +RESTRICT="test" + +S="${WORKDIR}/${MY_P}" + +src_prepare() { + echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" + echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" + echo "# or debugging of policy." >> "${S}/src/semanage.conf" + echo "save-linked=false" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" + echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" + echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" + echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" + echo "# would catch." >> "${S}/src/semanage.conf" + echo "expand-check=1" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" + echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" + echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" + echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" + echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" + echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" + echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" + echo "bzip-small=true" >> "${S}/src/semanage.conf" + + epatch "${FILESDIR}/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch" + + epatch_user + + multilib_copy_sources +} + +multilib_src_compile() { + emake \ + AR="$(tc-getAR)" \ + CC="$(tc-getCC)" \ + LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ + all + + if multilib_is_native_abi && use python; then + building_py() { + python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH + emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@" + } + python_foreach_impl building_py swigify + python_foreach_impl building_py pywrap + fi +} + +multilib_src_install() { + emake \ + LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" \ + DESTDIR="${ED}" install + + if multilib_is_native_abi && use python; then + installation_py() { + emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap + python_optimize # bug 531638 + } + python_foreach_impl installation_py + fi +} + +pkg_postinst() { + # Migrate the SELinux semanage configuration store if not done already + local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' /etc/selinux/config); + if [ -n "${selinuxtype}" ] && [ ! -d /var/lib/selinux/${mcs}/active ] ; then + ewarn "Since the 2.4 SELinux userspace, the policy module store is moved" + ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now." + ewarn "If there are any issues, it can be done manually by running:" + ewarn "/usr/libexec/selinux/semanage_migrate_store" + ewarn "For more information, please see" + ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration" + fi + + # Run the store migration without rebuilds + for POLICY_TYPE in ${POLICY_TYPES} ; do + if [ ! -d "${ROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then + einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)." + /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}" + fi + done +} |