Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Vermeulen <sven.vermeulen@siphos.be>2011-09-13 20:39:20 +0200
committerSven Vermeulen <sven.vermeulen@siphos.be>2011-09-13 20:39:20 +0200
commit0594c0971ad706b82729dc109c7ffe5f3bb83246 (patch)
tree61f788ddf66942d3e51304046034b07c85aea907
parentSupport semanage permissive feature (diff)
downloadhardened-dev-0594c0971ad706b82729dc109c7ffe5f3bb83246.tar.gz
hardened-dev-0594c0971ad706b82729dc109c7ffe5f3bb83246.tar.bz2
hardened-dev-0594c0971ad706b82729dc109c7ffe5f3bb83246.zip
Fix puppet calls to portage interfaces
Diffstat
-rw-r--r--sec-policy/selinux-puppet/ChangeLog35
-rw-r--r--sec-policy/selinux-puppet/Manifest6
-rw-r--r--sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch14
-rw-r--r--sec-policy/selinux-puppet/metadata.xml6
-rw-r--r--sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild14
5 files changed, 75 insertions, 0 deletions
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
new file mode 100644
index 00000000..e213c5b5
--- /dev/null
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -0,0 +1,35 @@
+# ChangeLog for sec-policy/selinux-puppet
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.4 2011/08/28 21:13:11 swift Exp $
+
+*selinux-puppet-2.20110726-r2 (13 Sep 2011)
+
+ 13 Sep 2011; <swift@gentoo.org> +files/puppet_support_gentoo_calls-r2.patch,
+ +selinux-puppet-2.20110726-r2.ebuild, +metadata.xml:
+ Fix calls to portage-related interfaces
+
+*selinux-puppet-2.20110726-r1 (28 Aug 2011)
+
+ 28 Aug 2011; <swift@gentoo.org> +selinux-puppet-2.20110726-r1.ebuild:
+ Updating policy builds to refpolicy 20110726
+
+*selinux-puppet-2.20101213-r3 (25 Jul 2011)
+*selinux-puppet-2.20101213-r2 (25 Jul 2011)
+*selinux-puppet-2.20101213-r1 (25 Jul 2011)
+
+ 25 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+ +files/fix-services-puppet-r1.patch, +files/fix-services-puppet-r2.patch,
+ +files/fix-services-puppet-r3.patch, +selinux-puppet-2.20101213-r1.ebuild,
+ +selinux-puppet-2.20101213-r2.ebuild, +selinux-puppet-2.20101213-r3.ebuild:
+ r3: Allow puppet to call portage domains and ensure that this is supported
+ through the system_r role
+ r2: Revert ugly initrc hack introduced in r1
+ r1: Extend puppet rights
+
+ 02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ selinux-puppet-2.20101213.ebuild:
+ Stable amd64 x86
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog:
+ Initial commit to portage.
+
diff --git a/sec-policy/selinux-puppet/Manifest b/sec-policy/selinux-puppet/Manifest
new file mode 100644
index 00000000..b5440160
--- /dev/null
+++ b/sec-policy/selinux-puppet/Manifest
@@ -0,0 +1,6 @@
+AUX puppet_support_gentoo_calls-r2.patch 437 RMD160 5d4188e6d6b15bdf902cff75c3760847d3395793 SHA1 9840f06c5220899b28fa217f42ee7149d172deec SHA256 ac83b6c479980308dd8c71cb07796957e4d1b047b366d6ffbcc092637c656090
+DIST patchbundle-selinux-base-policy-2.20110726-r4.tar.bz2 22332 RMD160 c18b980e7773e4e8c9ed8dac9f39f7af75a4ecfc SHA1 7bf4e803407e0809b14223e9d6a7c393519c060e SHA256 65a035ba4c25080495ea86736243326adf106ce68c0328a98f9f16702bcb4cf8
+DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f4fdc8d3f SHA1 cc27b06c3f541d8f2c57c52804ab6893afcd9db2 SHA256 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb
+EBUILD selinux-puppet-2.20110726-r2.ebuild 452 RMD160 32d61357a6129533c93cbe9959e67c8365c4b0e1 SHA1 6853542dce94881ad799696a33387ca1785710fb SHA256 44884d5331826c159228ae04fa2d45c0639600acb36c2ee72b121e5af8aa4b40
+MISC ChangeLog 1415 RMD160 f98ec4298f1a0a0850dfcb44d85f4ac118d89b03 SHA1 c69ea4a2cedd1a717b9ee3ac66653af2e4b2746f SHA256 976049f5d0f612b17fc34d82db21f2f0095cf851016d996b36de8e1fd1ec832e
+MISC metadata.xml 230 RMD160 5d5194ac8c13d1c054b3df43791bb3f5544aec02 SHA1 8653f0a6bb377d4a07ff59d75e1f2694b9867c4b SHA256 29b1c0521994399dc36bdc4fac4b4b7d1169b537602be0486896018c744d96cf
diff --git a/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch b/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch
new file mode 100644
index 00000000..e38af568
--- /dev/null
+++ b/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch
@@ -0,0 +1,14 @@
+--- refpolicy/policy/modules/services/puppet.te 2011-09-13 20:32:33.901017683 +0200
++++ refpolicy/policy/modules/services/puppet.te 2011-09-13 20:10:30.591017645 +0200
+@@ -183,8 +183,9 @@
+
+ optional_policy(`
+ init_exec_rc(puppet_t)
+- portage_run(puppet_t, system_r)
+- portage_fetch_run(puppet_t, system_r)
++ portage_domtrans(puppet_t)
++ portage_domtrans_fetch(puppet_t)
++ portage_domtrans_gcc_config(puppet_t)
+ ')
+
+ optional_policy(`
diff --git a/sec-policy/selinux-puppet/metadata.xml b/sec-policy/selinux-puppet/metadata.xml
new file mode 100644
index 00000000..9c13f0a1
--- /dev/null
+++ b/sec-policy/selinux-puppet/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>Gentoo SELinux policy for puppet</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild
new file mode 100644
index 00000000..56a7c932
--- /dev/null
+++ b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild
@@ -0,0 +1,14 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r1.ebuild,v 1.1 2011/08/28 21:13:11 swift Exp $
+EAPI="4"
+
+IUSE=""
+MODS="puppet"
+BASEPOL="2.20110726-r4"
+POLICY_PATCH="${FILESDIR}/puppet_support_gentoo_calls-r2.patch"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for puppet"
+KEYWORDS="~amd64 ~x86"