From 60bb9b13fa4b69eeb072f41a078f7790f338991f Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@gentoo.org>
Date: Sun, 17 Jun 2007 20:42:02 +0000
Subject: add 2007.0 selinux profile

---
 profiles/selinux/2007.0/alpha/parent                 |  2 ++
 profiles/selinux/2007.0/amd64/hardened/make.defaults |  5 +++++
 profiles/selinux/2007.0/amd64/hardened/package.mask  | 20 ++++++++++++++++++++
 profiles/selinux/2007.0/amd64/hardened/parent        |  1 +
 profiles/selinux/2007.0/amd64/parent                 |  2 ++
 profiles/selinux/2007.0/make.defaults                |  5 +++++
 profiles/selinux/2007.0/mips/parent                  |  2 ++
 profiles/selinux/2007.0/packages                     | 19 +++++++++++++++++++
 profiles/selinux/2007.0/parent                       |  1 +
 profiles/selinux/2007.0/ppc/parent                   |  2 ++
 profiles/selinux/2007.0/sparc64/parent               |  2 ++
 profiles/selinux/2007.0/x86/hardened/make.defaults   |  5 +++++
 profiles/selinux/2007.0/x86/hardened/package.mask    | 20 ++++++++++++++++++++
 profiles/selinux/2007.0/x86/hardened/parent          |  1 +
 profiles/selinux/2007.0/x86/parent                   |  2 ++
 profiles/selinux/use.force                           |  1 +
 16 files changed, 90 insertions(+)
 create mode 100644 profiles/selinux/2007.0/alpha/parent
 create mode 100644 profiles/selinux/2007.0/amd64/hardened/make.defaults
 create mode 100644 profiles/selinux/2007.0/amd64/hardened/package.mask
 create mode 100644 profiles/selinux/2007.0/amd64/hardened/parent
 create mode 100644 profiles/selinux/2007.0/amd64/parent
 create mode 100644 profiles/selinux/2007.0/make.defaults
 create mode 100644 profiles/selinux/2007.0/mips/parent
 create mode 100644 profiles/selinux/2007.0/packages
 create mode 100644 profiles/selinux/2007.0/parent
 create mode 100644 profiles/selinux/2007.0/ppc/parent
 create mode 100644 profiles/selinux/2007.0/sparc64/parent
 create mode 100644 profiles/selinux/2007.0/x86/hardened/make.defaults
 create mode 100644 profiles/selinux/2007.0/x86/hardened/package.mask
 create mode 100644 profiles/selinux/2007.0/x86/hardened/parent
 create mode 100644 profiles/selinux/2007.0/x86/parent
 create mode 100644 profiles/selinux/use.force

(limited to 'profiles/selinux')

diff --git a/profiles/selinux/2007.0/alpha/parent b/profiles/selinux/2007.0/alpha/parent
new file mode 100644
index 000000000000..e1dd07cf6dfc
--- /dev/null
+++ b/profiles/selinux/2007.0/alpha/parent
@@ -0,0 +1,2 @@
+../../../default-linux/alpha/2007.0
+..
diff --git a/profiles/selinux/2007.0/amd64/hardened/make.defaults b/profiles/selinux/2007.0/amd64/hardened/make.defaults
new file mode 100644
index 000000000000..6d5ba1fbfe34
--- /dev/null
+++ b/profiles/selinux/2007.0/amd64/hardened/make.defaults
@@ -0,0 +1,5 @@
+# Copyright 1999-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/amd64/hardened/make.defaults,v 1.1 2007/06/17 20:42:02 pebenito Exp $
+
+USE="hardened pic"
diff --git a/profiles/selinux/2007.0/amd64/hardened/package.mask b/profiles/selinux/2007.0/amd64/hardened/package.mask
new file mode 100644
index 000000000000..024d56112bb0
--- /dev/null
+++ b/profiles/selinux/2007.0/amd64/hardened/package.mask
@@ -0,0 +1,20 @@
+# Copyright 2006 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/amd64/hardened/package.mask,v 1.1 2007/06/17 20:42:02 pebenito Exp $
+
+# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
+# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
+# library).  After that, may still need to be masked on x86 as some
+# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
+# If you want to play with it, unmask in /etc/portage/package.unmask
+# but be prepared to rebuild anything you build with gcc-4, later.
+# 2006-01-11 kevquinn
+=sys-devel/gcc-4*
+
+# Mask off glibc-2.4 until the approach for SSP compatibilty is
+# resolved in a way that doesn't break running systems, and we
+# have a sensible upgrade path.  Advise having a static busybox
+# around if you try it in a live system.
+# 2006-03-13 kevquinn
+=sys-libs/glibc-2.4*
+
diff --git a/profiles/selinux/2007.0/amd64/hardened/parent b/profiles/selinux/2007.0/amd64/hardened/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/selinux/2007.0/amd64/hardened/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/selinux/2007.0/amd64/parent b/profiles/selinux/2007.0/amd64/parent
new file mode 100644
index 000000000000..40530019bc22
--- /dev/null
+++ b/profiles/selinux/2007.0/amd64/parent
@@ -0,0 +1,2 @@
+../../../default-linux/amd64/2007.0
+..
diff --git a/profiles/selinux/2007.0/make.defaults b/profiles/selinux/2007.0/make.defaults
new file mode 100644
index 000000000000..62e0aebb4713
--- /dev/null
+++ b/profiles/selinux/2007.0/make.defaults
@@ -0,0 +1,5 @@
+USE="selinux"
+
+FEATURES="sesandbox sfperms loadpolicy"
+
+PORTAGE_T="portage_t.merge"
diff --git a/profiles/selinux/2007.0/mips/parent b/profiles/selinux/2007.0/mips/parent
new file mode 100644
index 000000000000..347a87360c1f
--- /dev/null
+++ b/profiles/selinux/2007.0/mips/parent
@@ -0,0 +1,2 @@
+../../../default-linux/mips/2007.0
+..
diff --git a/profiles/selinux/2007.0/packages b/profiles/selinux/2007.0/packages
new file mode 100644
index 000000000000..152eeb252a00
--- /dev/null
+++ b/profiles/selinux/2007.0/packages
@@ -0,0 +1,19 @@
+##############################################################################
+# SELinux required versionings
+
+>=sys-libs/libsepol-1.16.3
+>=sys-libs/libselinux-1.34.0
+>=sys-libs/libsemanage-1.10.0
+>=sys-apps/policycoreutils-1.34.1
+>=sys-apps/checkpolicy-1.34.0
+
+>=sec-policy/selinux-base-policy-20070329
+
+# appropriate version with multiple inheritance
+>=sys-apps/portage-2.1.2
+
+# Critical xattr fixes:
+>=sys-boot/grub-0.94
+>=sys-boot/grub-static-0.94
+
+##############################################################################
diff --git a/profiles/selinux/2007.0/parent b/profiles/selinux/2007.0/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/selinux/2007.0/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/selinux/2007.0/ppc/parent b/profiles/selinux/2007.0/ppc/parent
new file mode 100644
index 000000000000..5269213a8893
--- /dev/null
+++ b/profiles/selinux/2007.0/ppc/parent
@@ -0,0 +1,2 @@
+../../../default-linux/ppc/ppc32/2007.0
+..
diff --git a/profiles/selinux/2007.0/sparc64/parent b/profiles/selinux/2007.0/sparc64/parent
new file mode 100644
index 000000000000..c71124eb2efe
--- /dev/null
+++ b/profiles/selinux/2007.0/sparc64/parent
@@ -0,0 +1,2 @@
+../../../default-linux/sparc/sparc64/2007.0/
+..
diff --git a/profiles/selinux/2007.0/x86/hardened/make.defaults b/profiles/selinux/2007.0/x86/hardened/make.defaults
new file mode 100644
index 000000000000..69c45761b893
--- /dev/null
+++ b/profiles/selinux/2007.0/x86/hardened/make.defaults
@@ -0,0 +1,5 @@
+# Copyright 1999-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/x86/hardened/make.defaults,v 1.1 2007/06/17 20:42:02 pebenito Exp $
+
+USE="hardened pic"
diff --git a/profiles/selinux/2007.0/x86/hardened/package.mask b/profiles/selinux/2007.0/x86/hardened/package.mask
new file mode 100644
index 000000000000..183677ce6144
--- /dev/null
+++ b/profiles/selinux/2007.0/x86/hardened/package.mask
@@ -0,0 +1,20 @@
+# Copyright 2006 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/x86/hardened/package.mask,v 1.1 2007/06/17 20:42:02 pebenito Exp $
+
+# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
+# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
+# library).  After that, may still need to be masked on x86 as some
+# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
+# If you want to play with it, unmask in /etc/portage/package.unmask
+# but be prepared to rebuild anything you build with gcc-4, later.
+# 2006-01-11 kevquinn
+=sys-devel/gcc-4*
+
+# Mask off glibc-2.4 until the approach for SSP compatibilty is
+# resolved in a way that doesn't break running systems, and we
+# have a sensible upgrade path.  Advise having a static busybox
+# around if you try it in a live system.
+# 2006-03-13 kevquinn
+=sys-libs/glibc-2.4*
+
diff --git a/profiles/selinux/2007.0/x86/hardened/parent b/profiles/selinux/2007.0/x86/hardened/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/selinux/2007.0/x86/hardened/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/selinux/2007.0/x86/parent b/profiles/selinux/2007.0/x86/parent
new file mode 100644
index 000000000000..4506987a1e05
--- /dev/null
+++ b/profiles/selinux/2007.0/x86/parent
@@ -0,0 +1,2 @@
+../../../default-linux/x86/2007.0
+..
diff --git a/profiles/selinux/use.force b/profiles/selinux/use.force
new file mode 100644
index 000000000000..a651b206dcf2
--- /dev/null
+++ b/profiles/selinux/use.force
@@ -0,0 +1 @@
+selinux
-- 
cgit v1.2.3-65-gdbad