policycoreutils: enable mcstransd

mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels, policycoreutils includes mcstransd whose version is newer than that from http://mcstrans.sourcearchive.com/ Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Roy Li <rongqing.li@windriver.com> 2015-01-26 15:38:39 +0800
committer: Joe MacDonald <joe_macdonald@mentor.com> 2015-08-07 14:51:31 -0400
commit: 4eeed5b532c9b8336d3d53581de93e5959251ca0 (patch)
tree: 74be1853c51adabefae6db97832e79818d7fe508
parent: aef47ac6a69acea9416f56b0a369bb1e30272c20 (diff)
download: meta-selinux-4eeed5b532c9b8336d3d53581de93e5959251ca0.tar.gz
5 files changed, 126 insertions, 4 deletions
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 4846683..9871339 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -16,11 +16,14 @@ PAM_SRC_URI = "file://pam.d/newrole \
               file://pam.d/run_init \
 "
-DEPENDS += "libsepol libselinux libsemanage"
+DEPENDS += "libsepol libselinux libsemanage libcap"
 EXTRA_DEPENDS = "libcap-ng libcgroup setools"
 DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
-inherit selinux
+inherit selinux systemd pythonnative update-rc.d
+PROVIDES += "mcstrans"
 DEPENDS += "${@target_selinux(d, 'libpam audit')}"
 RDEPENDS_${BPN}-audit2allow = "\
@@ -116,7 +119,6 @@ RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
 WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
 ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
-inherit pythonnative
 PACKAGES =+ "\
        ${PN}-audit2allow \
@@ -140,8 +142,31 @@ PACKAGES =+ "\
        ${PN}-sestatus \
        ${PN}-setfiles \
        ${PN}-setsebool \
+        mcstrans \
+        mcstrans-doc \
        system-config-selinux \
 "
+PKGV_mcstrans = "0.3.2"
+PKGV_mcstrans-doc = "0.3.2"
+SUMMARY_mcstrans = "Daemon to translate SELinux MCS/MLS sensitivity labels"
+DESCRIPTION_mcstrans = "\
+        Security-enhanced Linux is a feature of the Linux kernel and a number \
+        of utilities with enhanced security functionality designed to add \
+        mandatory access controls to Linux.  The Security-enhanced Linux \
+        kernel contains new architectural components originally developed to \
+        improve the security of the Flask operating system. These \
+        architectural components provide general support for the enforcement \
+        of many kinds of mandatory access control policies, including those \
+        based on the concepts of Type Enforcement®, Role-based Access \
+        Control, and Multi-level Security. \
+         \
+        mcstrans provides an translation daemon to translate SELinux categories \
+        from internal representations to user defined representation. \
+        "
+SUMMARY_mcstrans-doc = "${SUMMARY_mcstrans} man pages and examples"
+DESCRIPTION_mcstrans-doc = "${DESCRIPTION_mcstrans} \
+        This package contains man pages and examples. \
+        "
 FILES_${PN}-audit2allow = "\
        ${bindir}/audit2allow \
        ${bindir}/audit2why \
@@ -211,6 +236,23 @@ FILES_${PN}-setsebool += "\
        ${sbindir}/setsebool \
        ${datadir}/bash-completion/completions/setsebool \
 "
+FILES_mcstrans = "\
+        ${base_sbindir}/mcstransd \
+        ${sbindir}/untranscon \
+        ${sbindir}/transcon \
+        ${sysconfdir}/init.d/mcstrans \
+        ${systemd_unitdir}/system/mcstrans.service \
+        ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
+        ${sysconfdir}/tmpfiles.d/setrans.conf \
+"
+FILES_mcstrans-doc = "\
+    /usr/share/man/man8/mcstransd.8 \
+    /usr/share/man/man8/mcs.8 \
+    /usr/share/man/man8/setrans.conf.8 \
+    ${datadir}/mcstrans \
+"
 FILES_system-config-selinux = " \
    ${bindir}/sepolgen \
    ${datadir}/system-config-selinux/* \
@@ -251,7 +293,24 @@ do_compile_prepend() {
 do_install_prepend() {
        export PYTHON=python
-        export SEMODULE_PATH=${sbindir}
+        export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
+}
+do_install_append_class-target() {
+        install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
+        install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+                install -d ${D}${sysconfdir}/tmpfiles.d
+                echo "d ${localstatedir}/run/setrans - - - -" \
+                    > ${D}${sysconfdir}/tmpfiles.d/setrans.conf
+        else
+                install -d ${D}${sysconfdir}/default/volatiles
+                echo "d root root 0755 /var/run/setrans none" \
+                        >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
+        fi
+        install -d ${D}${datadir}/mcstrans
+        cp -r mcstrans/share/* ${D}${datadir}/mcstrans/.
 }
 do_install_virtclass-native() {
@@ -269,3 +328,18 @@ do_install_append_class-target() {
                install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
        fi
 }
+SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
+INITSCRIPT_PACKAGES = "mcstrans"
+INITSCRIPT_NAME_mcstrans = "mcstrans"
+INITSCRIPT_PARAMS_mcstrans = "defaults"
+pkg_postinst_mcstrans () {
+    if [ -z "$D" ]; then
+        if command -v systemd-tmpfiles >/dev/null; then
+            systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
+        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+            ${sysconfdir}/init.d/populate-volatile.sh update
+        fi
+    fi
+}
diff --git a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch b/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
new file mode 100644
index 0000000..39be80a
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
@@ -0,0 +1,27 @@
+[PATCH] mcstrans: fix the init script
+Upstream-Status: Inappropriate [embedded specific]
+replace daemon with start-stop-daemon, due to not daemon functions
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ mcstrans/src/mcstrans.init | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/mcstrans/src/mcstrans.init b/mcstrans/src/mcstrans.init
+index 2804ec0..c660290 100644
+--- a/mcstrans/src/mcstrans.init
+++ b/mcstrans/src/mcstrans.init
+@@ -51,7 +51,7 @@ start(){
+        fi
+ 
+        unset HOME MAIL USER USERNAME
+-       daemon $prog "$EXTRAOPTIONS"
+       start-stop-daemon --start --quiet --exec $prog -- "$EXTRAOPTIONS"
+        RETVAL=$?
+        echo
+        if test $RETVAL = 0 ; then
+-- 
+1.9.1
diff --git a/recipes-security/selinux/policycoreutils/enable-mcstrans.patch b/recipes-security/selinux/policycoreutils/enable-mcstrans.patch
new file mode 100644
index 0000000..e923903
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils/enable-mcstrans.patch
@@ -0,0 +1,17 @@
+Add the "mcstrans" subdir so it gets built too.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+diff --git a/Makefile b/Makefile
+index 83ebd45..3ae784f 100644
+--- a/Makefile
+++ b/Makefile
+@@ -1,5 +1,7 @@
+ SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui
+ 
+SUBDIRS += mcstrans
+
+ INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
+ 
+ ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
diff --git a/recipes-security/selinux/policycoreutils_2.3.bb b/recipes-security/selinux/policycoreutils_2.3.bb
index 447e6c9..c837266 100644
--- a/recipes-security/selinux/policycoreutils_2.3.bb
+++ b/recipes-security/selinux/policycoreutils_2.3.bb
@@ -13,4 +13,6 @@ SRC_URI += "\
        file://policycoreutils-semanage-edit-user.patch \
        file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
        file://policycoreutils-fix-TypeError-for-seobject.py.patch \
+        file://0001-mcstrans-fix-the-init-script.patch \
+        file://enable-mcstrans.patch \
        "
diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb
index 823edb2..b630797 100644
--- a/recipes-security/selinux/policycoreutils_git.bb
+++ b/recipes-security/selinux/policycoreutils_git.bb
@@ -9,4 +9,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 SRC_URI += "\
        file://policycoreutils-fix-sepolicy-install-path.patch \
        file://policycoreutils-make-O_CLOEXEC-optional.patch \
+        file://0001-mcstrans-fix-the-init-script.patch \
+        file://enable-mcstrans.patch \
        "
author	Roy Li <rongqing.li@windriver.com>	2015-01-26 15:38:39 +0800
committer	Joe MacDonald <joe_macdonald@mentor.com>	2015-08-07 14:51:31 -0400
commit	4eeed5b532c9b8336d3d53581de93e5959251ca0 (patch)
tree	74be1853c51adabefae6db97832e79818d7fe508
parent	aef47ac6a69acea9416f56b0a369bb1e30272c20 (diff)
download	meta-selinux-4eeed5b532c9b8336d3d53581de93e5959251ca0.tar.gz

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 4846683..9871339 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc
@@ -16,11 +16,14 @@ PAM_SRC_URI = "file://pam.d/newrole \
16	file://pam.d/run_init \	16	file://pam.d/run_init \
17	"	17	"
18		18
19	DEPENDS += "libsepol libselinux libsemanage"	19	DEPENDS += "libsepol libselinux libsemanage libcap"
20	EXTRA_DEPENDS = "libcap-ng libcgroup setools"	20	EXTRA_DEPENDS = "libcap-ng libcgroup setools"
21	DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"	21	DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
22		22
23	inherit selinux	23	inherit selinux systemd pythonnative update-rc.d
		24
		25	PROVIDES += "mcstrans"
		26
24	DEPENDS += "${@target_selinux(d, 'libpam audit')}"	27	DEPENDS += "${@target_selinux(d, 'libpam audit')}"
25		28
26	RDEPENDS_${BPN}-audit2allow = "\	29	RDEPENDS_${BPN}-audit2allow = "\
@@ -116,7 +119,6 @@ RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
116	WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"	119	WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
117	ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"	120	ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
118		121
119	inherit pythonnative
120		122
121	PACKAGES =+ "\	123	PACKAGES =+ "\
122	${PN}-audit2allow \	124	${PN}-audit2allow \
@@ -140,8 +142,31 @@ PACKAGES =+ "\
140	${PN}-sestatus \	142	${PN}-sestatus \
141	${PN}-setfiles \	143	${PN}-setfiles \
142	${PN}-setsebool \	144	${PN}-setsebool \
		145	mcstrans \
		146	mcstrans-doc \
143	system-config-selinux \	147	system-config-selinux \
144	"	148	"
		149	PKGV_mcstrans = "0.3.2"
		150	PKGV_mcstrans-doc = "0.3.2"
		151	SUMMARY_mcstrans = "Daemon to translate SELinux MCS/MLS sensitivity labels"
		152	DESCRIPTION_mcstrans = "\
		153	Security-enhanced Linux is a feature of the Linux kernel and a number \
		154	of utilities with enhanced security functionality designed to add \
		155	mandatory access controls to Linux. The Security-enhanced Linux \
		156	kernel contains new architectural components originally developed to \
		157	improve the security of the Flask operating system. These \
		158	architectural components provide general support for the enforcement \
		159	of many kinds of mandatory access control policies, including those \
		160	based on the concepts of Type Enforcement®, Role-based Access \
		161	Control, and Multi-level Security. \
		162	\
		163	mcstrans provides an translation daemon to translate SELinux categories \
		164	from internal representations to user defined representation. \
		165	"
		166	SUMMARY_mcstrans-doc = "${SUMMARY_mcstrans} man pages and examples"
		167	DESCRIPTION_mcstrans-doc = "${DESCRIPTION_mcstrans} \
		168	This package contains man pages and examples. \
		169	"
145	FILES_${PN}-audit2allow = "\	170	FILES_${PN}-audit2allow = "\
146	${bindir}/audit2allow \	171	${bindir}/audit2allow \
147	${bindir}/audit2why \	172	${bindir}/audit2why \
@@ -211,6 +236,23 @@ FILES_${PN}-setsebool += "\
211	${sbindir}/setsebool \	236	${sbindir}/setsebool \
212	${datadir}/bash-completion/completions/setsebool \	237	${datadir}/bash-completion/completions/setsebool \
213	"	238	"
		239	FILES_mcstrans = "\
		240	${base_sbindir}/mcstransd \
		241	${sbindir}/untranscon \
		242	${sbindir}/transcon \
		243	${sysconfdir}/init.d/mcstrans \
		244	${systemd_unitdir}/system/mcstrans.service \
		245	${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
		246	${sysconfdir}/tmpfiles.d/setrans.conf \
		247	"
		248
		249	FILES_mcstrans-doc = "\
		250	/usr/share/man/man8/mcstransd.8 \
		251	/usr/share/man/man8/mcs.8 \
		252	/usr/share/man/man8/setrans.conf.8 \
		253	${datadir}/mcstrans \
		254	"
		255
214	FILES_system-config-selinux = " \	256	FILES_system-config-selinux = " \
215	${bindir}/sepolgen \	257	${bindir}/sepolgen \
216	${datadir}/system-config-selinux/* \	258	${datadir}/system-config-selinux/* \
@@ -251,7 +293,24 @@ do_compile_prepend() {
251		293
252	do_install_prepend() {	294	do_install_prepend() {
253	export PYTHON=python	295	export PYTHON=python
254	export SEMODULE_PATH=${sbindir}	296	export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
		297	}
		298
		299	do_install_append_class-target() {
		300	install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
		301	install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
		302
		303	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
		304	install -d ${D}${sysconfdir}/tmpfiles.d
		305	echo "d ${localstatedir}/run/setrans - - - -" \
		306	> ${D}${sysconfdir}/tmpfiles.d/setrans.conf
		307	else
		308	install -d ${D}${sysconfdir}/default/volatiles
		309	echo "d root root 0755 /var/run/setrans none" \
		310	>${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
		311	fi
		312	install -d ${D}${datadir}/mcstrans
		313	cp -r mcstrans/share/* ${D}${datadir}/mcstrans/.
255	}	314	}
256		315
257	do_install_virtclass-native() {	316	do_install_virtclass-native() {
@@ -269,3 +328,18 @@ do_install_append_class-target() {
269	install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/	328	install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
270	fi	329	fi
271	}	330	}
		331
		332	SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
		333	INITSCRIPT_PACKAGES = "mcstrans"
		334	INITSCRIPT_NAME_mcstrans = "mcstrans"
		335	INITSCRIPT_PARAMS_mcstrans = "defaults"
		336
		337	pkg_postinst_mcstrans () {
		338	if [ -z "$D" ]; then
		339	if command -v systemd-tmpfiles >/dev/null; then
		340	systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
		341	elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
		342	${sysconfdir}/init.d/populate-volatile.sh update
		343	fi
		344	fi
		345	}


diff --git a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch b/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch new file mode 100644 index 0000000..39be80a --- /dev/null +++ b/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
@@ -0,0 +1,27 @@
		1	[PATCH] mcstrans: fix the init script
		2
		3	Upstream-Status: Inappropriate [embedded specific]
		4
		5	replace daemon with start-stop-daemon, due to not daemon functions
		6
		7	Signed-off-by: Roy Li <rongqing.li@windriver.com>
		8	---
		9	mcstrans/src/mcstrans.init \| 2 +-
		10	1 file changed, 1 insertion(+), 1 deletion(-)
		11
		12	diff --git a/mcstrans/src/mcstrans.init b/mcstrans/src/mcstrans.init
		13	index 2804ec0..c660290 100644
		14	--- a/mcstrans/src/mcstrans.init
		15	+++ b/mcstrans/src/mcstrans.init
		16	@@ -51,7 +51,7 @@ start(){
		17	fi
		18
		19	unset HOME MAIL USER USERNAME
		20	- daemon $prog "$EXTRAOPTIONS"
		21	+ start-stop-daemon --start --quiet --exec $prog -- "$EXTRAOPTIONS"
		22	RETVAL=$?
		23	echo
		24	if test $RETVAL = 0 ; then
		25	--
		26	1.9.1
		27


diff --git a/recipes-security/selinux/policycoreutils/enable-mcstrans.patch b/recipes-security/selinux/policycoreutils/enable-mcstrans.patch new file mode 100644 index 0000000..e923903 --- /dev/null +++ b/recipes-security/selinux/policycoreutils/enable-mcstrans.patch
@@ -0,0 +1,17 @@
		1	Add the "mcstrans" subdir so it gets built too.
		2
		3	Upstream-Status: Inappropriate [embedded specific]
		4
		5	Signed-off-by: Roy Li <rongqing.li@windriver.com>
		6	diff --git a/Makefile b/Makefile
		7	index 83ebd45..3ae784f 100644
		8	--- a/Makefile
		9	+++ b/Makefile
		10	@@ -1,5 +1,7 @@
		11	SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui
		12
		13	+SUBDIRS += mcstrans
		14	+
		15	INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
		16
		17	ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)


diff --git a/recipes-security/selinux/policycoreutils_2.3.bb b/recipes-security/selinux/policycoreutils_2.3.bb index 447e6c9..c837266 100644 --- a/recipes-security/selinux/policycoreutils_2.3.bb +++ b/recipes-security/selinux/policycoreutils_2.3.bb
@@ -13,4 +13,6 @@ SRC_URI += "\
13	file://policycoreutils-semanage-edit-user.patch \	13	file://policycoreutils-semanage-edit-user.patch \
14	file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \	14	file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
15	file://policycoreutils-fix-TypeError-for-seobject.py.patch \	15	file://policycoreutils-fix-TypeError-for-seobject.py.patch \
		16	file://0001-mcstrans-fix-the-init-script.patch \
		17	file://enable-mcstrans.patch \
16	"	18	"


diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb index 823edb2..b630797 100644 --- a/recipes-security/selinux/policycoreutils_git.bb +++ b/recipes-security/selinux/policycoreutils_git.bb
@@ -9,4 +9,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
9	SRC_URI += "\	9	SRC_URI += "\
10	file://policycoreutils-fix-sepolicy-install-path.patch \	10	file://policycoreutils-fix-sepolicy-install-path.patch \
11	file://policycoreutils-make-O_CLOEXEC-optional.patch \	11	file://policycoreutils-make-O_CLOEXEC-optional.patch \
		12	file://0001-mcstrans-fix-the-init-script.patch \
		13	file://enable-mcstrans.patch \
12	"	14	"