diff options
-rw-r--r-- | testing/refpolicy/APKBUILD | 62 | ||||
-rw-r--r-- | testing/refpolicy/Makefile.devel | 22 |
2 files changed, 84 insertions, 0 deletions
diff --git a/testing/refpolicy/APKBUILD b/testing/refpolicy/APKBUILD new file mode 100644 index 0000000000..5d40218191 --- /dev/null +++ b/testing/refpolicy/APKBUILD @@ -0,0 +1,62 @@ +# Maintainer: Tycho Andersen <tycho@docker.com> +pkgname=refpolicy +pkgver=20170204 +pkgrel=0 +pkgdesc="SELinux policy reference" +url="https://github.com/TresysTechnology/refpolicy/wiki" +arch="noarch" +license="GPLv2" +depends="" +depends_dev="" +makedepends="$depends_dev checkpolicy python gawk" +install="" +subpackages="$pkgname-doc" +source="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-2.$pkgver.tar.bz2 + Makefile.devel" +builddir="$srcdir/refpolicy" + +# refpolicy config +monolithic=n +distro=gentoo +# unknown perms here means what to do with perms that are unknown to the +# current userspace, because the kernel version is newer. By default, we deny. +unknown_perms=deny + +# These are somewhat related to what is in the CentOS spec file, although they +# are slightly differnet in what they install. +# +# https://selinuxproject.org/page/NB_RefPolicy#Reference_Policy_Build_Options_-_build.conf +# are the build options: M{L,C}S_CATS are the number of categories for m{l,c}s policies. +make_cmds() { + make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 bare || return 1 + make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 conf || return 1 +} + +install_cmds() { + make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" base.pp + make validate UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" modules + make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install + make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install-appconfig + make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install-docs + make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install-headers +} + +build() { + cd "$builddir" + make_cmds targeted mcs $unknown_perms || return 1 +} + +package() { + cd "$builddir" + install_cmds targeted mcs $unknown_perms || return 1 + mkdir -p $pkgdir/usr/share/selinux/devel || return 1 + cp -r "$pkgdir/usr/share/selinux/targeted/include" "$pkgdir/usr/share/selinux/devel/include" + cp $srcdir/Makefile.devel "$pkgdir/usr/share/selinux/devel/Makefile" || return 1 + install -m 644 doc/example.* "$pkgdir/usr/share/selinux/devel" || return 1 + install -m 644 doc/policy.* "$pkgdir/usr/share/selinux/devel" || return 1 + # TODO: libselinux needs to build the python bindings for this to work + # sepolicy manpage -a -p "$pkgdir/usr/share/man/man8/" -w -r "$pkgdir" || return 1 +} + +sha512sums="30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f refpolicy-2.20170204.tar.bz2 +01bd5f58e05feba2f318f6b80fb4c6cbe405691f947fee48566ad75c935d6e824ccfda5de88c5dad74b531ed28c18615d8ef4e2c2371d71c776b78767eb33740 Makefile.devel" diff --git a/testing/refpolicy/Makefile.devel b/testing/refpolicy/Makefile.devel new file mode 100644 index 0000000000..b1c6bfe71f --- /dev/null +++ b/testing/refpolicy/Makefile.devel @@ -0,0 +1,22 @@ +# installation paths +SHAREDIR := /usr/share/selinux + +AWK ?= gawk +NAME ?= $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)) + +ifeq ($(MLSENABLED),) + MLSENABLED := 1 +endif + +ifeq ($(MLSENABLED),1) + NTYPE = mcs +endif + +ifeq ($(NAME),mls) + NTYPE = mls +endif + +TYPE ?= $(NTYPE) + +HEADERDIR := $(SHAREDIR)/devel/include +include $(HEADERDIR)/Makefile |