blob: 43d51c2ae21f25a764c83a81ee2e83fd0579ab4c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/eclass/selinux-policy.eclass,v 1.12 2004/10/08 01:36:47 pebenito Exp $
# Eclass for installing SELinux policy, and optionally
# reloading the policy
inherit eutils
ECLASS="selinux-policy"
INHERITED="$INHERITED $ECLASS"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
SRC_URI="mirror://gentoo/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/${PN/selinux-}"
IUSE=""
RDEPEND=">=sec-policy/selinux-base-policy-20030729"
[ -z "${POLICYDIR}" ] && POLICYDIR="/etc/security/selinux/src/policy"
SAVENAME="`date +%Y%m%d%H%M`-${PN}.tar.bz2"
SAVEDIR="`echo "${POLICYDIR}" | cut -d/ -f6`"
selinux-policy_src_compile() {
cd ${S}
einfo "Backup of policy source is \"${SAVENAME}\"."
debug-print "POLICYDIR is \"${POLICYDIR}\""
debug-print "SAVEDIR is \"${SAVEDIR}\""
# create a backup of the current policy
tar -C /etc/security/selinux/src --exclude policy.12 --exclude tmp \
--exclude policy.conf -jcf ${SAVENAME} ${SAVEDIR}/
}
selinux-policy_src_install() {
cd ${S}
insinto /etc/security/selinux/src/policy-backup
doins ${SAVENAME}
if [ -n "${TEFILES}" ]; then
debug-print "TEFILES is \"${TEFILES}\""
insinto ${POLICYDIR}/domains/program
doins ${TEFILES} || die
fi
if [ -n "${FCFILES}" ]; then
debug-print "FCFILES is \"${FCFILES}\""
insinto ${POLICYDIR}/file_contexts/program
doins ${FCFILES} || die
fi
if [ -n "${MACROS}" ]; then
debug-print "MACROS is \"${MACROS}\""
insinto ${POLICYDIR}/macros/program
doins ${MACROS} || die
fi
}
selinux-policy_pkg_postinst() {
if has "loadpolicy" $FEATURES ; then
if [ -x /usr/bin/checkpolicy -a -x /usr/sbin/load_policy -a -x /usr/sbin/setfiles ]; then
# only do this if all tools are installed
ebegin "Automatically loading policy"
make -C ${POLICYDIR} load
eend $?
ebegin "Regenerating file contexts"
[ -f ${POLICYDIR}/file_contexts/file_contexts ] && \
rm -f ${POLICYDIR}/file_contexts/file_contexts
make -C ${POLICYDIR} file_contexts/file_contexts &> /dev/null
# do a test relabel to make sure file
# contexts work (doesnt change any labels)
echo "/etc/passwd" | /usr/sbin/setfiles \
${POLICYDIR}/file_contexts/file_contexts -sqn
eend $?
fi
else
echo
echo
eerror "Policy has not been loaded. It is strongly suggested"
eerror "that the policy be loaded before continuing!!"
echo
einfo "Automatic policy loading can be enabled by adding"
einfo "\"loadpolicy\" to the FEATURES in make.conf."
echo
echo
ebeep 4
epause 4
fi
}
EXPORT_FUNCTIONS src_compile src_install pkg_postinst
|