Package: selinux-policy-refpolicy-targeted
Version: 0.0.20061018-5.3
Severity: important
The current policy package builds in non-MLS mode (IE without MCS support).
Changing between MCS and non-MCS requires a purge and reinstall of the package
and a reboot, it's painful and unpleasant. Also not using it makes it
difficult to interoperate with Fedora/RHEL systems. To avoid this we want to
not release policy without MCS support.
The following patch makes the policy build with MCS support, not sure if it's
the best way to do it, but it seems to work.
diff -ru refpolicy-0.0.20080314.org/debian/build.conf.strict
refpolicy-0.0.20080314/debian/build.conf.strict
--- refpolicy-0.0.20080314.org/debian/build.conf.strict 2008-03-27
23:57:20.000000000 +1100
+++ refpolicy-0.0.20080314/debian/build.conf.strict 2008-03-28
09:27:26.000000000 +1100
@@ -14,7 +14,7 @@
# strict, targeted,
# strict-mls, targeted-mls,
# strict-mcs, targeted-mcs
-TYPE ?= mcs
+TYPE = mcs
# Policy Name
# If set, this will be used as the policy
diff -ru refpolicy-0.0.20080314.org/debian/build.conf.targeted
refpolicy-0.0.20080314/debian/build.conf.targeted
--- refpolicy-0.0.20080314.org/debian/build.conf.targeted 2008-03-27
15:53:40.000000000 +1100
+++ refpolicy-0.0.20080314/debian/build.conf.targeted 2008-03-28
09:27:34.000000000 +1100
@@ -12,7 +12,7 @@
# Policy Type
# standard, mls, mcs
-TYPE ?= mcs
+TYPE = mcs
# Policy Name
# If set, this will be used as the policy
diff -ru refpolicy-0.0.20080314.org/debian/local.mk
refpolicy-0.0.20080314/debian/local.mk
--- refpolicy-0.0.20080314.org/debian/local.mk 2008-03-27 15:53:40.000000000
+1100
+++ refpolicy-0.0.20080314/debian/local.mk 2008-03-28 09:35:35.000000000
+1100
@@ -71,10 +71,10 @@
cp debian/build.conf.strict
$(SRCTOP)/debian/build-$(package)/build.conf
test -e debian/stamp-config-strict || \
$(MAKE) -C $(SRCTOP)/debian/build-$(package) \
- NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE) $(OPTIONS)
bare
+ NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS) bare
test -e debian/stamp-config-strict || \
(cd $(SRCTOP)/debian/build-$(package) ; \
- $(MAKE) NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE) $(OPTIONS)
conf)
+ $(MAKE) NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS) conf)
cp debian/modules.conf.strict \
$(SRCTOP)/debian/build-$(package)/policy/modules.conf
echo done > debian/stamp-config-strict
@@ -96,10 +96,10 @@
cp debian/build.conf.targeted
$(SRCTOP)/debian/build-$(package)/build.conf
test -e debian/stamp-config-targeted || \
$(MAKE) -C $(SRCTOP)/debian/build-$(package) \
- NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE)
$(OPTIONS) bare
+ NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS) bare
test -e debian/stamp-config-targeted || \
(cd $(SRCTOP)/debian/build-$(package) ; \
- $(MAKE) NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE)
$(OPTIONS) conf)
+ $(MAKE) NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS)
conf)
cp debian/modules.conf.targeted \
$(SRCTOP)/debian/build-$(package)/policy/modules.conf
echo done > debian/stamp-config-targeted
@@ -166,7 +166,7 @@
$(REASON)
test -e debian/stamp-build-strict || \
(cd $(SRCTOP)/debian/build-$(package) ; \
- $(MAKE) NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE) $(OPTIONS)
policy all)
+ $(MAKE) NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS)
policy all)
echo done > debian/stamp-build-strict
STAMPS_TO_CLEAN += debian/stamp-build-strict
@@ -174,7 +174,7 @@
$(REASON)
test -e debian/stamp-build-targeted || \
(cd $(SRCTOP)/debian/build-$(package) ; \
- $(MAKE) NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE)
$(OPTIONS) policy all)
+ $(MAKE) NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS)
policy all)
echo done > debian/stamp-build-targeted
STAMPS_TO_CLEAN += debian/stamp-build-targeted
@@ -197,7 +197,7 @@
test -f
$(TMPTOP)/etc/selinux/refpolicy-strict/modules/active/file_contexts.local || \
touch
$(TMPTOP)/etc/selinux/refpolicy-strict/modules/active/file_contexts.local
(cd $(SRCTOP)/debian/build-$(package);
\
- $(MAKE) NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE)
$(OPTIONS) \
+ $(MAKE) NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS) \
DESTDIR=$(TMPTOP) install install-headers
\
$(TMPTOP)/etc/selinux/refpolicy-strict/users/local.users
\
$(TMPTOP)/etc/selinux/refpolicy-strict/users/system.users)
@@ -226,7 +226,7 @@
test -f
$(TMPTOP)/etc/selinux/refpolicy-targeted/modules/active/file_contexts.local || \
touch
$(TMPTOP)/etc/selinux/refpolicy-targeted/modules/active/file_contexts.local
(cd $(SRCTOP)/debian/build-$(package);
\
- $(MAKE) NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE)
$(OPTIONS) \
+ $(MAKE) NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS) \
DESTDIR=$(TMPTOP) install install-headers
\
$(TMPTOP)/etc/selinux/refpolicy-targeted/users/local.users
\
$(TMPTOP)/etc/selinux/refpolicy-targeted/users/system.users)
diff -ru refpolicy-0.0.20080314.org/debian/local-vars.mk
refpolicy-0.0.20080314/debian/local-vars.mk
--- refpolicy-0.0.20080314.org/debian/local-vars.mk 2008-03-28
00:22:45.000000000 +1100
+++ refpolicy-0.0.20080314/debian/local-vars.mk 2008-03-28 09:35:01.000000000
+1100
@@ -45,8 +45,8 @@
PYDEFAULT =$(strip $(shell pyversions -vd))
MODULES_DIR=$(TMPTOP)/usr/share/python-support/$(package)
-# set this to -mcs or -mls
-MCS_MLS_TYPE=-mcs
+# set this to mcs, mls, or an empty string
+MCS_MLS_TYPE=mcs
# Things we have put into the base for Debian systems.
# egrep base debian/modules.conf.targeted | grep -v '#' | \
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Versions of packages selinux-policy-refpolicy-targeted depends on:
ii libpam-modules 0.79-5 Pluggable Authentication Modules f
ii libselinux1 2.0.15-2.etch1 SELinux shared libraries
ii policycoreutils 2.0.16-1.etch1 SELinux core policy utilities
ii python 2.4.4-2 An interactive high-level object-o
Versions of packages selinux-policy-refpolicy-targeted recommends:
ii checkpolicy 1.32-1 SELinux policy compiler
ii setools 2.4-3 Tresys tools for managing Security
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]