rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Remove ifdef strict policy from upstream

Browse Source
This commit is contained in:
Daniel J Walsh 2007-06-22 19:21:00 +00:00
parent 56187c2f8a
commit a4ec9b75e1
5 changed files with 4581 additions and 2492 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
booleans-targeted.conf
View File

@ -1,6 +1,6 @@
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
# #
allow_execmem = true allow_execmem = false
# Allow making a modified private filemapping executable (text relocation). # Allow making a modified private filemapping executable (text relocation).
# #
@ -8,7 +8,7 @@ allow_execmod = false
# Allow making the stack executable via mprotect.Also requires allow_execmem. # Allow making the stack executable via mprotect.Also requires allow_execmem.
# #
allow_execstack = true allow_execstack = false
# Allow ftpd to read cifs directories. # Allow ftpd to read cifs directories.
# #
@ -242,3 +242,6 @@ samba_domain_controller = false
# #
samba_run_unconfined = true samba_run_unconfined = true
# Allows XServer to execute writable memory
#
allow_xserver_execmem = true

44
modules-targeted.conf
View File

@ -378,13 +378,6 @@ gpm = base
# #
ethereal = module ethereal = module
# Layer: apps
# Module: evolution
#
# Evolution email client
#
evolution = module
# Layer: services # Layer: services
# Module: fail2ban # Module: fail2ban
# #
@ -674,6 +667,14 @@ lvm = base
# #
mailman = base mailman = base
# Layer: services
# Module: mailscanner
#
# Anti-Virus and Anti-Spam Filter
#
mailscanner = module
# Layer: kernel # Layer: kernel
# Module: mcs # Module: mcs
# Required in base # Required in base
@ -1252,13 +1253,6 @@ tzdata = base
# #
userhelper = module userhelper = module
# Layer: apps
# Module: thunderbird
#
# Thunderbird email client
#
thunderbird = module
# Layer: services # Layer: services
# Module: tor # Module: tor
# #
@ -1405,7 +1399,7 @@ terminal = base
# #
# Manage temporary directory sizes and file ages # Manage temporary directory sizes and file ages
# #
tmpreaper = off tmpreaper = module
# Layer: admin # Layer: admin
# Module: amtu # Module: amtu
@ -1470,3 +1464,23 @@ rpcbind = module
# #
vmware = module vmware = module
# Layer: users
# Module: guest
#
# Minimally privs guest account on tty logins
#
guest = module
# Layer: users
# Module: logadm
#
# Minimally prived root role for managing logging system
#
logadm = module
# Layer: users
# Module: webadm
#
# Minimally prived root role for managing apache
#
webadm = module

6941
policy-20070525.patch
View File

File diff suppressed because it is too large Load Diff

3
securetty_types-targeted
View File

@ -0,0 +1,3 @@
sysadm_tty_device_t
user_tty_device_t
staff_tty_device_t

78
selinux-policy.spec
View File

@ -4,13 +4,16 @@
%if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1} %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
%define BUILD_TARGETED 1 %define BUILD_TARGETED 1
%endif %endif
%if %{?BUILD_OLPC:0}%{!?BUILD_OLPC:1}
%define BUILD_OLPC 0
%endif
%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} %if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
%define BUILD_MLS 1 %define BUILD_MLS 1
%endif %endif
%define POLICYVER 21 %define POLICYVER 21
%define libsepolver 2.0.1-2 %define libsepolver 2.0.3-2
%define POLICYCOREUTILSVER 2.0.7-5 %define POLICYCOREUTILSVER 2.0.21-1
%define CHECKPOLICYVER 2.0.1-2 %define CHECKPOLICYVER 2.0.3-1
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.0.1 Version: 3.0.1
@ -26,6 +29,10 @@ Source4: setrans-targeted.conf
Source5: modules-mls.conf Source5: modules-mls.conf
Source6: booleans-mls.conf Source6: booleans-mls.conf
Source8: setrans-mls.conf Source8: setrans-mls.conf
Source9: modules-olpc.conf
Source10: booleans-olpc.conf
Source11: setrans-olpc.conf
Source12: securetty_types-olpc
Source13: policygentool Source13: policygentool
Source14: securetty_types-targeted Source14: securetty_types-targeted
Source15: securetty_types-mls Source15: securetty_types-mls
@ -68,6 +75,7 @@ SELinux Policy development package
%post devel %post devel
[ -x /usr/sbin/sepolgen-ifgen ] && /usr/sbin/sepolgen-ifgen > /dev/null [ -x /usr/sbin/sepolgen-ifgen ] && /usr/sbin/sepolgen-ifgen > /dev/null
exit 0
%define setupCmds() \ %define setupCmds() \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \
@ -132,7 +140,10 @@ install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf %{buildroot}%{_sysconfdir}/seli
%ghost %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ %ghost %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
%config %{_sysconfdir}/selinux/%1/contexts/files/media \ %config %{_sysconfdir}/selinux/%1/contexts/files/media \
%dir %{_sysconfdir}/selinux/%1/contexts/users \ %dir %{_sysconfdir}/selinux/%1/contexts/users \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
%define saveFileContext() \ %define saveFileContext() \
if [ -s /etc/selinux/config ]; then \ if [ -s /etc/selinux/config ]; then \
@ -143,7 +154,7 @@ if [ -s /etc/selinux/config ]; then \
fi \ fi \
fi fi
%define rebuildpolicy() \ %define loadpolicy() \
( cd /usr/share/selinux/%1; \ ( cd /usr/share/selinux/%1; \
semodule -b base.pp %{expand:%%moduleList %1} -s %1; \ semodule -b base.pp %{expand:%%moduleList %1} -s %1; \
);\ );\
@ -161,7 +172,7 @@ fi;
%description %description
SELinux Reference Policy - modular. SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2312. Based off of reference policy: Checked out revision 2336.
%prep %prep
%setup -q -n serefpolicy-%{version} %setup -q -n serefpolicy-%{version}
@ -185,17 +196,24 @@ make clean
%if %{BUILD_TARGETED} %if %{BUILD_TARGETED}
# Build targeted policy # Build targeted policy
# Commented out because only targeted ref policy currently builds # Commented out because only targeted ref policy currently builds
%setupCmds targeted targeted-mcs y y %setupCmds targeted targeted-mcs n y
%installCmds targeted targeted-mcs y y %installCmds targeted targeted-mcs n y
%endif %endif
%if %{BUILD_MLS} %if %{BUILD_MLS}
# Build mls policy # Build mls policy
%setupCmds mls strict-mls y y %setupCmds mls strict-mls n y
%installCmds mls strict-mls y y %installCmds mls strict-mls n y
%endif %endif
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs %if %{BUILD_OLPC}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
%setupCmds olpc targeted-mcs n y
%installCmds olpc targeted-mcs n y
%endif
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
mkdir %{buildroot}%{_usr}/share/selinux/devel/ mkdir %{buildroot}%{_usr}/share/selinux/devel/
mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
install -m 755 ${RPM_SOURCE_DIR}/policygentool %{buildroot}%{_usr}/share/selinux/devel/ install -m 755 ${RPM_SOURCE_DIR}/policygentool %{buildroot}%{_usr}/share/selinux/devel/
@ -251,6 +269,7 @@ if [ $1 = 0 ]; then
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
fi fi
fi fi
exit 0
%if %{BUILD_TARGETED} %if %{BUILD_TARGETED}
%package targeted %package targeted
@ -269,14 +288,42 @@ SELinux Reference policy targeted base module.
%saveFileContext targeted %saveFileContext targeted
%post targeted %post targeted
%rebuildpolicy targeted %loadpolicy targeted
%relabel targeted %relabel targeted
exit 0
%triggerpostun targeted -- selinux-policy-targeted <= 2.0.7 %triggerpostun targeted -- selinux-policy-targeted < 3.0.1
%rebuildpolicy targeted semanage login -m -s "system_u" __default__ 2> /dev/null
semanage user -a -P unconfined -R "unconfined_r system_r" unconfined_u 2> /dev/null
restorecon -R /root 2> /dev/null
exit 0
%files targeted %files targeted
%fileList targeted %fileList targeted
%endif
%if %{BUILD_OLPC}
%package olpc
Summary: SELinux olpc base policy
Group: System Environment/Base
Provides: selinux-policy-base
Prereq: policycoreutils >= %{POLICYCOREUTILSVER}
Prereq: coreutils
Prereq: selinux-policy = %{version}-%{release}
%description olpc
SELinux Reference policy olpc base module.
%pre olpc
%saveFileContext olpc
%post olpc
%loadpolicy olpc
%relabel olpc
exit 0
%files olpc
%fileList olpc
%endif %endif
@ -298,8 +345,9 @@ SELinux Reference policy mls base module.
%saveFileContext mls %saveFileContext mls
%post mls %post mls
%rebuildpolicy mls %loadpolicy mls
%relabel mls %relabel mls
exit 0
%files mls %files mls
%fileList mls %fileList mls