From cc006f789e261c3d4f9efbf7d26965438297f0ed Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Tue, 11 Sep 2012 14:49:18 +0800
Subject: policycoreutils: add pam config for newrole/run_init

Also fix missing RDEPENDS for setools-*

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
---
 .../selinux/policycoreutils/pam.d/newrole          |  6 ++++++
 .../selinux/policycoreutils/pam.d/run_init         |  6 ++++++
 recipes-security/selinux/policycoreutils_2.1.10.bb | 24 +++++++++++++++++----
 recipes-security/selinux/policycoreutils_git.bb    | 25 +++++++++++++++++-----
 4 files changed, 52 insertions(+), 9 deletions(-)
 create mode 100644 recipes-security/selinux/policycoreutils/pam.d/newrole
 create mode 100644 recipes-security/selinux/policycoreutils/pam.d/run_init

diff --git a/recipes-security/selinux/policycoreutils/pam.d/newrole b/recipes-security/selinux/policycoreutils/pam.d/newrole
new file mode 100644
index 0000000..1151600
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils/pam.d/newrole
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       include	common-auth
+account    include	common-auth
+password   include	common-auth
+session    include	common-auth
+session    optional	pam_xauth.so
diff --git a/recipes-security/selinux/policycoreutils/pam.d/run_init b/recipes-security/selinux/policycoreutils/pam.d/run_init
new file mode 100644
index 0000000..1151600
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils/pam.d/run_init
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       include	common-auth
+account    include	common-auth
+password   include	common-auth
+session    include	common-auth
+session    optional	pam_xauth.so
diff --git a/recipes-security/selinux/policycoreutils_2.1.10.bb b/recipes-security/selinux/policycoreutils_2.1.10.bb
index 73d4afb..f6e998d 100644
--- a/recipes-security/selinux/policycoreutils_2.1.10.bb
+++ b/recipes-security/selinux/policycoreutils_2.1.10.bb
@@ -5,7 +5,7 @@ load_policy to load policies, setfiles to label filesystems, newrole \
 to switch roles, and run_init to run /etc/init.d scripts in the proper \
 context."
 SECTION = "base"
-PR = "r4"
+PR = "r5"
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
@@ -14,10 +14,16 @@ include selinux_20120216.inc
 SRC_URI[md5sum] = "fefdede2815cdd2ba8b68599fef1f257"
 SRC_URI[sha256sum] = "8bbbc36b7d375edff891503932da93e37553f0dd7bdceded7ce9a45c80bec3d1"
 
-SRC_URI += "file://policycoreutils-fix-format-security.patch"
+SRC_URI += "file://policycoreutils-fix-format-security.patch \
+            ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           "
+
+PAM_SRC_URI = "file://pam.d/newrole \
+               file://pam.d/run_init \
+              "
 
 DEPENDS += "libsepol libselinux libsemanage"
-DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' == '${BPN}']}"
+DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
 EXTRA_DEPENDS = "libcap-ng libcgroup"
 EXTRA_DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam audit', '', d)}"
 
@@ -36,7 +42,8 @@ RDEPENDS_${BPN} += "\
 	python-textutils \
 	python-ipy \
 	"
-RDEPENDS_${BPN} += "setools"
+
+RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
 
 WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
 ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
@@ -74,3 +81,12 @@ do_install_virtclass-native() {
 			SBINDIR="${D}/${base_sbindir}"
 	done
 }
+
+do_install_append() {
+	test "${CLASSOVERRIDE}" = "class-native" && return 0
+
+	if [ -e ${WORKDIR}/pam.d ]; then
+		install -d ${D}${sysconfdir}/pam.d/
+		install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+	fi
+}
diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb
index 7ff4c58..2736476 100644
--- a/recipes-security/selinux/policycoreutils_git.bb
+++ b/recipes-security/selinux/policycoreutils_git.bb
@@ -5,7 +5,7 @@ load_policy to load policies, setfiles to label filesystems, newrole \
 to switch roles, and run_init to run /etc/init.d scripts in the proper \
 context."
 SECTION = "base"
-PR = "r4"
+PR = "r5"
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 DEFAULT_PREFERENCE = "-1"
@@ -15,12 +15,18 @@ include selinux_git.inc
 SRCREV = "339f8079d7b9dd1e0b0138e2d096dc7c60b2092e"
 PV = "2.1.10+git${SRCPV}"
 
-SRC_URI += "file://policycoreutils-fix-format-security.patch"
+SRC_URI += "file://policycoreutils-fix-format-security.patch \
+            ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           "
 
-DEPENDS += "libsepol libselinux libsemanage ${EXTRA_DEPENDS}"
+PAM_SRC_URI = "file://pam.d/newrole \
+               file://pam.d/run_init \
+              "
+
+DEPENDS += "libsepol libselinux libsemanage"
+DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
 EXTRA_DEPENDS = "libcap-ng libcgroup"
 EXTRA_DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam audit', '', d)}"
-EXTRA_DEPENDS_virtclass-native = ""
 
 RDEPENDS_${BPN} += "\
 	libselinux-python \
@@ -37,7 +43,7 @@ RDEPENDS_${BPN} += "\
 	python-textutils \
 	python-ipy \
 	"
-RDEPENDS_${BPN} += "setools"
+RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
 
 WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
 ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
@@ -75,3 +81,12 @@ do_install_virtclass-native() {
 			SBINDIR="${D}/${base_sbindir}"
 	done
 }
+
+do_install_append() {
+	test "${CLASSOVERRIDE}" = "class-native" && return 0
+
+	if [ -e ${WORKDIR}/pam.d ]; then
+		install -d ${D}${sysconfdir}/pam.d/
+		install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+	fi
+}
-- 
cgit v1.2.3-54-g00ecf