summaryrefslogtreecommitdiff
blob: 241eb105689ad03ea02065de9ae78cb4805f43d3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-99999999.ebuild,v 1.2 2006/02/14 03:37:59 pebenito Exp $

POLICY_TYPES="strict targeted"
OPTS="MONOLITHIC=n DISTRO=gentoo QUIET=y"

IUSE=""

ECVS_SERVER="cvs.sf.net:/cvsroot/serefpolicy"
ECVS_MODULE="refpolicy"
ECVS_USER="anonymous"

inherit eutils cvs

DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
LICENSE="GPL-2"
SLOT="0"

KEYWORDS="~x86 ~ppc ~sparc ~amd64 ~mips ~alpha"
#KEYWORDS="x86 ppc sparc amd64 mips alpha"

RDEPEND=">=sys-apps/policycoreutils-1.28"
DEPEND="${RDEPEND}
	sys-devel/m4
	>=sys-apps/checkpolicy-1.28"

S=${WORKDIR}/

src_unpack() {
	cvs_src_unpack

	cd ${S}
	for i in ${POLICY_TYPES}; do
		einfo "Unpacking sources for ${i} policy"
		cp -a refpolicy ${i}
		cp ${FILESDIR}/modules.conf.${i} ${i}/policy/modules.conf
	done
}

src_compile() {
	for i in ${POLICY_TYPES}; do
		cd ${S}/${i}
#		make ${OPTS} TYPE=${i} NAME=${i} conf \
#			|| die "${i} modules.conf update failed"

		make ${OPTS} TYPE=${i} NAME=${i} base \
			|| die "${i} compile failed"
	done
}

src_install() {
	OPTS="${OPTS} DESTDIR=${D}"

	for i in ${POLICY_TYPES}; do
		cd ${S}/${i}
		make ${OPTS} TYPE=${i} NAME=${i} install \
			|| die "${i} install failed."

		make ${OPTS} TYPE=${i} NAME=${i} install-headers \
			|| die "${i} headers install failed."

		echo "run_init_t" > ${D}/etc/selinux/${i}/contexts/run_init_type
	done

	dodoc doc/Makefile.example doc/example.{te,fc,if}

	insinto /etc/selinux
	doins ${FILESDIR}/semanage.conf
	doins ${FILESDIR}/config
}

pkg_postinst() {
	# workaround bugs in libsemanage
	for i in ${POLICY_TYPES}; do
		# libsemanage won't make this on its own
		mkdir -p /etc/selinux/${i}/policy

		# currently seusers cannot be inferred.  for now
		# inject one into the module store
		if [ ! -f /etc/selinux/${i}/modules/active/seusers ]; then
			mkdir -p /etc/selinux/${i}/modules/active
			echo "root:root:" > /etc/selinux/${i}/modules/active/seusers
			echo "__default__:user_u:" >> /etc/selinux/${i}/modules/active/seusers
		fi
	done

	if has "loadpolicy" $FEATURES ; then
		for i in ${POLICY_TYPES}; do
			einfo "Inserting base module into ${i} module store."

			cd /usr/share/selinux/${i}
			semodule -s ${i} -b base.pp
		done
	else
		echo
		echo
		eerror "Policy has not been loaded.  It is strongly suggested"
		eerror "that the policy be loaded before continuing!!"
		echo
		einfo "Automatic policy loading can be enabled by adding"
		einfo "\"loadpolicy\" to the FEATURES in make.conf."
		echo
		echo
		ebeep 4
		epause 4
	fi
}