From: Schantl Stefan Date: Sat, 6 Nov 2010 18:15:08 +0000 (+0100) Subject: libsemanage: New package. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3002f9ae1b61e4f4802bc1aa4089ae7a2cec6751;p=ipfire-3.x.git libsemanage: New package. --- diff --git a/pkgs/core/libsemanage/libsemanage.nm b/pkgs/core/libsemanage/libsemanage.nm new file mode 100644 index 000000000..c3438e985 --- /dev/null +++ b/pkgs/core/libsemanage/libsemanage.nm @@ -0,0 +1,69 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = libsemanage +PKG_VER = 2.0.45 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Libraries +PKG_URL = http://www.selinuxproject.org +PKG_LICENSE = LGPLv2+ +PKG_SUMMARY = SELinux binary policy manipulation library. + +PKG_BUILD_DEPS+= bison flex libselinux-devel libsepol-devel \ + python-devel swig ustr-devel + +define PKG_DESCRIPTION + libsemanage provides an API for the manipulation of SELinux \ + binary policies. +endef + +PKG_TARBALL = $(THISAPP).tgz + +PKG_PACKAGES += $(PKG_NAME_REAL)-devel python-selinux-manage + +# Package information for python-selinux-manage +PKG_SUMMARY-python-selinux-manage = SELinux manage python bindings. +PKG_DESCRIPTION-selinux-manage = SELinux python bindings for libsemanage. + +define PKG_FILES-python-selinux-manage + /usr/lib/python* +endef + +define STAGE_BUILD + cd $(DIR_APP) && make clean + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" swigify + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" all + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" pywrap +endef + +define STAGE_INSTALL_CMDS + cd $(DIR_APP) && make install-pywrap DESTDIR=$(BUILDROOT) + + # Install our config file + cp -vf $(DIR_SOURCE)/semanage.conf $(BUILDROOT)/etc/selinux/semanage.conf +endef diff --git a/pkgs/core/libsemanage/patches/libsemanage-rhat.patch b/pkgs/core/libsemanage/patches/libsemanage-rhat.patch new file mode 100644 index 000000000..a1f53c5d2 --- /dev/null +++ b/pkgs/core/libsemanage/patches/libsemanage-rhat.patch @@ -0,0 +1,24 @@ +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.44/src/genhomedircon.c +--- nsalibsemanage/src/genhomedircon.c 2009-09-17 08:59:43.000000000 -0400 ++++ libsemanage-2.0.44/src/genhomedircon.c 2010-02-24 14:57:23.000000000 -0500 +@@ -310,6 +310,10 @@ + } + if (strcmp(pwbuf->pw_dir, "/") == 0) + continue; ++ if (strcmp(pwbuf->pw_dir, "/root") == 0) { ++ continue; ++ } ++ + if (semanage_str_count(pwbuf->pw_dir, '/') <= 1) + continue; + if (!(path = strdup(pwbuf->pw_dir))) { +@@ -803,6 +807,9 @@ + * /root */ + continue; + } ++ if (strcmp(pwent->pw_dir, "/root") == 0) { ++ continue; ++ } + if (push_user_entry(&head, name, seuname, + prefix, pwent->pw_dir) != STATUS_SUCCESS) { + *errors = STATUS_ERR; diff --git a/pkgs/core/libsemanage/semanage.conf b/pkgs/core/libsemanage/semanage.conf new file mode 100644 index 000000000..d2f9c59be --- /dev/null +++ b/pkgs/core/libsemanage/semanage.conf @@ -0,0 +1,48 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False