summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio Pettenò <flameeyes@gentoo.org>2010-04-25 20:25:57 +0000
committerDiego Elio Pettenò <flameeyes@gentoo.org>2010-04-25 20:25:57 +0000
commit03d0b4b5cb9404386dc785d88a0d40a85bbdfa67 (patch)
treebde9b95c2748abd1dc4ffc52a11b228994fc9393
parentversion bump (diff)
downloadgentoo-2-03d0b4b5cb9404386dc785d88a0d40a85bbdfa67.tar.gz
gentoo-2-03d0b4b5cb9404386dc785d88a0d40a85bbdfa67.tar.bz2
gentoo-2-03d0b4b5cb9404386dc785d88a0d40a85bbdfa67.zip
Make sure that SElinux packages are not unmasked in the wild, only unmask them in the selinux profile.
-rw-r--r--profiles/ChangeLog7
-rw-r--r--profiles/package.mask75
-rw-r--r--profiles/selinux/package.mask75
3 files changed, 154 insertions, 3 deletions
diff --git a/profiles/ChangeLog b/profiles/ChangeLog
index b702f7ccd21c..3449378b6ae7 100644
--- a/profiles/ChangeLog
+++ b/profiles/ChangeLog
@@ -1,11 +1,16 @@
# ChangeLog for profile directory
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v 1.4136 2010/04/25 18:25:24 halcy0n Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/ChangeLog,v 1.4137 2010/04/25 20:25:56 flameeyes Exp $
#
# This ChangeLog should include records for all changes in profiles directory.
# Only typo fixes which don't affect portage/repoman behaviour could be avoided
# here. If in doubt put a record here!
+ 25 Apr 2010; Diego E. Pettenò <flameeyes@gentoo.org> package.mask,
+ selinux/package.mask:
+ Make sure that SElinux packages are not unmasked in the wild, only unmask
+ them in the selinux profile.
+
25 Apr 2010; Mark Loeser <halcy0n@gentoo.org> package.mask:
Block all revisions of tar-1.23 for now as well
diff --git a/profiles/package.mask b/profiles/package.mask
index e50ab2387b29..54e2d45bd5fc 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -1,5 +1,5 @@
####################################################################
-# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.11492 2010/04/25 18:25:24 halcy0n Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.11493 2010/04/25 20:25:56 flameeyes Exp $
#
# When you add an entry to the top of this file, add your name, the date, and
# an explanation of why something is getting masked. Please be extremely
@@ -31,6 +31,79 @@
#--- END OF EXAMPLES ---
+# Diego E. Pettenò <flameeyes@gentoo.org> (25 Apr 2010)
+# on behalf of QA team <qa@gentoo.org
+#
+# Mask SElinux packages on all the profile and unmask it only for
+# selinux itself; automagic dependencies can break systems otherwise
+#
+# Please keep this mask in sync between profiles/package.mask and
+# selinux/package.mask (with - prefix there).
+sys-libs/libselinux
+sec-policy/selinux-acpi
+sec-policy/selinux-apache
+sec-policy/selinux-arpwatch
+sec-policy/selinux-asterisk
+sec-policy/selinux-audio-entropyd
+sec-policy/selinux-avahi
+sec-policy/selinux-base-policy
+sec-policy/selinux-bind
+sec-policy/selinux-bluez
+sec-policy/selinux-clamav
+sec-policy/selinux-clockspeed
+sec-policy/selinux-courier-imap
+sec-policy/selinux-cups
+sec-policy/selinux-cyrus-sasl
+sec-policy/selinux-daemontools
+sec-policy/selinux-dante
+sec-policy/selinux-dbus
+sec-policy/selinux-desktop
+sec-policy/selinux-dhcp
+sec-policy/selinux-distcc
+sec-policy/selinux-djbdns
+sec-policy/selinux-dnsmasq
+sec-policy/selinux-ftpd
+sec-policy/selinux-games
+sec-policy/selinux-gnupg
+sec-policy/selinux-gpm
+sec-policy/selinux-hal
+sec-policy/selinux-inetd
+sec-policy/selinux-ipsec-tools
+sec-policy/selinux-jabber-server
+sec-policy/selinux-kerberos
+sec-policy/selinux-logrotate
+sec-policy/selinux-lpd
+sec-policy/selinux-munin
+sec-policy/selinux-mysql
+sec-policy/selinux-nfs
+sec-policy/selinux-ntop
+sec-policy/selinux-ntp
+sec-policy/selinux-openldap
+sec-policy/selinux-openvpn
+sec-policy/selinux-pcmcia
+sec-policy/selinux-portmap
+sec-policy/selinux-postfix
+sec-policy/selinux-postgresql
+sec-policy/selinux-ppp
+sec-policy/selinux-privoxy
+sec-policy/selinux-procmail
+sec-policy/selinux-publicfile
+sec-policy/selinux-pyzor
+sec-policy/selinux-qmail
+sec-policy/selinux-razor
+sec-policy/selinux-samba
+sec-policy/selinux-screen
+sec-policy/selinux-snmpd
+sec-policy/selinux-snort
+sec-policy/selinux-spamassassin
+sec-policy/selinux-squid
+sec-policy/selinux-stunnel
+sec-policy/selinux-sudo
+sec-policy/selinux-tcpd
+sec-policy/selinux-tftpd
+sec-policy/selinux-ucspi-tcp
+sec-policy/selinux-wireshark
+
# Peter Volkov <pva@gentoo.org> (25 Apr 2010)
# Beta version, for tests. See bug 316583#c12
=sys-devel/autogen-5.10.2_pre1
diff --git a/profiles/selinux/package.mask b/profiles/selinux/package.mask
index 5726236dc9e2..22384c2729b6 100644
--- a/profiles/selinux/package.mask
+++ b/profiles/selinux/package.mask
@@ -1,4 +1,77 @@
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/package.mask,v 1.49 2010/04/08 13:47:54 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/package.mask,v 1.50 2010/04/25 20:25:57 flameeyes Exp $
# >=sci-libs/acml-3.6 requires gcc-4.2.
>=sci-libs/acml-3.6
+
+# Diego E. Pettenò <flameeyes@gentoo.org> (25 Apr 2010)
+# on behalf of QA team <qa@gentoo.org
+#
+# Mask SElinux packages on all the profile and unmask it only for
+# selinux itself; automagic dependencies can break systems otherwise
+#
+# Please keep this mask in sync between profiles/package.mask and
+# selinux/package.mask (with - prefix there).
+-sys-libs/libselinux
+-sec-policy/selinux-acpi
+-sec-policy/selinux-apache
+-sec-policy/selinux-arpwatch
+-sec-policy/selinux-asterisk
+-sec-policy/selinux-audio-entropyd
+-sec-policy/selinux-avahi
+-sec-policy/selinux-base-policy
+-sec-policy/selinux-bind
+-sec-policy/selinux-bluez
+-sec-policy/selinux-clamav
+-sec-policy/selinux-clockspeed
+-sec-policy/selinux-courier-imap
+-sec-policy/selinux-cups
+-sec-policy/selinux-cyrus-sasl
+-sec-policy/selinux-daemontools
+-sec-policy/selinux-dante
+-sec-policy/selinux-dbus
+-sec-policy/selinux-desktop
+-sec-policy/selinux-dhcp
+-sec-policy/selinux-distcc
+-sec-policy/selinux-djbdns
+-sec-policy/selinux-dnsmasq
+-sec-policy/selinux-ftpd
+-sec-policy/selinux-games
+-sec-policy/selinux-gnupg
+-sec-policy/selinux-gpm
+-sec-policy/selinux-hal
+-sec-policy/selinux-inetd
+-sec-policy/selinux-ipsec-tools
+-sec-policy/selinux-jabber-server
+-sec-policy/selinux-kerberos
+-sec-policy/selinux-logrotate
+-sec-policy/selinux-lpd
+-sec-policy/selinux-munin
+-sec-policy/selinux-mysql
+-sec-policy/selinux-nfs
+-sec-policy/selinux-ntop
+-sec-policy/selinux-ntp
+-sec-policy/selinux-openldap
+-sec-policy/selinux-openvpn
+-sec-policy/selinux-pcmcia
+-sec-policy/selinux-portmap
+-sec-policy/selinux-postfix
+-sec-policy/selinux-postgresql
+-sec-policy/selinux-ppp
+-sec-policy/selinux-privoxy
+-sec-policy/selinux-procmail
+-sec-policy/selinux-publicfile
+-sec-policy/selinux-pyzor
+-sec-policy/selinux-qmail
+-sec-policy/selinux-razor
+-sec-policy/selinux-samba
+-sec-policy/selinux-screen
+-sec-policy/selinux-snmpd
+-sec-policy/selinux-snort
+-sec-policy/selinux-spamassassin
+-sec-policy/selinux-squid
+-sec-policy/selinux-stunnel
+-sec-policy/selinux-sudo
+-sec-policy/selinux-tcpd
+-sec-policy/selinux-tftpd
+-sec-policy/selinux-ucspi-tcp
+-sec-policy/selinux-wireshark