summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Vermeulen <swift@gentoo.org>2015-08-30 10:34:24 +0200
committerSven Vermeulen <swift@gentoo.org>2015-08-30 10:34:24 +0200
commit8f2aa45db35bbf3a74f8db09ece9edac60e79ee4 (patch)
treead4934234f6a7e3b09ed99d5f2b18e94eaa89e3c
parentdev-ruby/kramdown: version bump (diff)
downloadgentoo-8f2aa45db35bbf3a74f8db09ece9edac60e79ee4.zip
gentoo-8f2aa45db35bbf3a74f8db09ece9edac60e79ee4.tar.gz
gentoo-8f2aa45db35bbf3a74f8db09ece9edac60e79ee4.tar.bz2
selinux-policy-2.eclass: Enable CIL support
Recent SELinux userspace supports a new intermediate policy language called CIL. This enables using .cil files in our policy ebuilds. Gentoo-Bug: 558958
-rw-r--r--eclass/selinux-policy-2.eclass24
1 files changed, 17 insertions, 7 deletions
diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass
index d582b2d..92f2f82 100644
--- a/eclass/selinux-policy-2.eclass
+++ b/eclass/selinux-policy-2.eclass
@@ -198,6 +198,7 @@ selinux-policy-2_src_prepare() {
for i in ${MODS}; do
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+ modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.cil) $modfiles"
if [ ${add_interfaces} -eq 1 ];
then
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.if) $modfiles"
@@ -239,7 +240,7 @@ selinux-policy-2_src_compile() {
# @FUNCTION: selinux-policy-2_src_install
# @DESCRIPTION:
-# Install the built .pp files in the correct subdirectory within
+# Install the built .pp (or copied .cil) files in the correct subdirectory within
# /usr/share/selinux.
selinux-policy-2_src_install() {
local BASEDIR="/usr/share/selinux"
@@ -248,7 +249,11 @@ selinux-policy-2_src_install() {
for j in ${MODS}; do
einfo "Installing ${i} ${j} policy package"
insinto ${BASEDIR}/${i}
- doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
+ if [ -f "${S}/${i}/${j}.pp" ] ; then
+ doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
+ elif [ -f "${S}/${i}/${j}.cil" ] ; then
+ doins "${S}"/${i}/${j}.cil || die "Failed to add ${j}.cil to ${i}"
+ fi
if [[ "${POLICY_FILES[@]}" == *"${j}.if"* ]];
then
@@ -261,14 +266,11 @@ selinux-policy-2_src_install() {
# @FUNCTION: selinux-policy-2_pkg_postinst
# @DESCRIPTION:
-# Install the built .pp files in the SELinux policy stores, effectively
+# Install the built .pp (or copied .cil) files in the SELinux policy stores, effectively
# activating the policy on the system.
selinux-policy-2_pkg_postinst() {
# build up the command in the case of multiple modules
local COMMAND
- for i in ${MODS}; do
- COMMAND="-i ${i}.pp ${COMMAND}"
- done
for i in ${POLICY_TYPES}; do
if [ "${i}" == "strict" ] && [ "${MODS}" = "unconfined" ];
@@ -279,7 +281,14 @@ selinux-policy-2_pkg_postinst() {
einfo "Inserting the following modules into the $i module store: ${MODS}"
cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
- semodule -s ${i} ${COMMAND}
+ for j in ${MODS} ; do
+ if [ -f "${j}.pp" ] ; then
+ COMMAND="${j}.pp ${COMMAND}"
+ elif [ -f "${j}.cil" ] ; then
+ COMMAND="${j}.cil ${COMMAND}"
+ fi
+ done
+ semodule -s ${i} -i ${COMMAND}
if [ $? -ne 0 ];
then
ewarn "SELinux module load failed. Trying full reload...";
@@ -313,6 +322,7 @@ selinux-policy-2_pkg_postinst() {
else
einfo "SELinux modules loaded succesfully."
fi
+ COMMAND="";
done
# Relabel depending packages