Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sec-policy/selinux-haveged/ChangeLog21
-rw-r--r--sec-policy/selinux-haveged/files/fix-services-haveged-r1.patch42
-rw-r--r--sec-policy/selinux-haveged/metadata.xml6
-rw-r--r--sec-policy/selinux-haveged/selinux-haveged-2.20101213-r1.ebuild18
-rw-r--r--sec-policy/selinux-haveged/selinux-haveged-2.20101213-r2.ebuild16
5 files changed, 103 insertions, 0 deletions
diff --git a/sec-policy/selinux-haveged/ChangeLog b/sec-policy/selinux-haveged/ChangeLog
new file mode 100644
index 000000000000..b2fa4128299a
--- /dev/null
+++ b/sec-policy/selinux-haveged/ChangeLog
@@ -0,0 +1,21 @@
+# ChangeLog for sec-policy/selinux-haveged
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-haveged/ChangeLog,v 1.1 2011/07/25 22:58:54 blueness Exp $
+
+*selinux-haveged-2.20101213-r1 (25 Jul 2011)
+
+ 25 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+ +files/fix-services-haveged-r1.patch, +selinux-haveged-2.20101213-r1.ebuild,
+ +selinux-haveged-2.20101213-r2.ebuild, +metadata.xml:
+ Initial commit to tree
+
+*selinux-haveged-2.20101213-r2 (21 Jul 2011)
+
+ 21 Jul 2011; <swift@gentoo.org> +selinux-haveged-2.20101213-r2.ebuild:
+ Do not use a haveged domain, but refer to audio-entropyd
+
+ 17 Jul 2011; <swift@gentoo.org> +files/fix-services-haveged-r1.patch,
+ +selinux-haveged-2.20101213-r1.ebuild, +metadata.xml:
+ Initial support for haveged
+
+
diff --git a/sec-policy/selinux-haveged/files/fix-services-haveged-r1.patch b/sec-policy/selinux-haveged/files/fix-services-haveged-r1.patch
new file mode 100644
index 000000000000..e67434ca735c
--- /dev/null
+++ b/sec-policy/selinux-haveged/files/fix-services-haveged-r1.patch
@@ -0,0 +1,42 @@
+--- services/haveged.te 1970-01-01 01:00:00.000000000 +0100
++++ services/haveged.te 2011-07-17 19:54:35.947000888 +0200
+@@ -0,0 +1,35 @@
++policy_module(haveged, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type haveged_t;
++type haveged_exec_t;
++init_daemon_domain(haveged_t, haveged_exec_t)
++
++type haveged_var_run_t;
++files_pid_file(haveged_var_run_t)
++
++########################################
++#
++# haveged local policy
++#
++allow haveged_t self:capability sys_admin;
++allow haveged_t self:unix_dgram_socket create_socket_perms;
++allow haveged_t haveged_var_run_t:file manage_file_perms;
++
++# pid file
++files_pid_filetrans(haveged_t, haveged_var_run_t, file)
++
++## Kernel stuff
++kernel_rw_kernel_sysctl(haveged_t)
++dev_read_rand(haveged_t)
++dev_write_rand(haveged_t)
++
++## System stuff
++miscfiles_read_localization(haveged_t)
++
++## Other stuff
++logging_send_syslog_msg(haveged_t)
+--- services/haveged.fc 1970-01-01 01:00:00.000000000 +0100
++++ services/haveged.fc 2011-07-17 17:55:56.431000683 +0200
+@@ -0,0 +1 @@
++/usr/sbin/haveged -- gen_context(system_u:object_r:haveged_exec_t,s0)
diff --git a/sec-policy/selinux-haveged/metadata.xml b/sec-policy/selinux-haveged/metadata.xml
new file mode 100644
index 000000000000..8334c93a0947
--- /dev/null
+++ b/sec-policy/selinux-haveged/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>Gentoo SELinux policy for haveged</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r1.ebuild b/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r1.ebuild
new file mode 100644
index 000000000000..01b7fdc2c32d
--- /dev/null
+++ b/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r1.ebuild
@@ -0,0 +1,18 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r1.ebuild,v 1.1 2011/07/25 22:58:54 blueness Exp $
+
+IUSE=""
+
+MODS="haveged"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for general applications"
+
+DEPEND=">=sec-policy/selinux-base-policy-2.20101213-r19"
+RDEPEND="${DEPEND}"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-services-haveged-r1.patch"
diff --git a/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r2.ebuild b/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r2.ebuild
new file mode 100644
index 000000000000..c55feefb5598
--- /dev/null
+++ b/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r2.ebuild
@@ -0,0 +1,16 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-haveged/selinux-haveged-2.20101213-r2.ebuild,v 1.1 2011/07/25 22:58:54 blueness Exp $
+
+EAPI=3
+
+DESCRIPTION="SELinux policy for haveged (meta-package for selinux-audio-entropyd)"
+HOMEPAGE="http://hardened.gentoo.org/selinux"
+SRC_URI=""
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND=">=sec-policy/selinux-audio-entropyd-2.20101213-r1"