Bug#473048: selinux-policy-refpolicy-targeted: Policy is incorrectly built without MLS (MCS) support

Russell Coker Thu, 27 Mar 2008 16:13:11 -0700

Package: selinux-policy-refpolicy-targeted
Version: 0.0.20061018-5.3
Severity: important


The current policy package builds in non-MLS mode (IE without MCS support).

Changing between MCS and non-MCS requires a purge and reinstall of the package
and a reboot, it's painful and unpleasant.  Also not using it makes it
difficult to interoperate with Fedora/RHEL systems.  To avoid this we want to
not release policy without MCS support.

The following patch makes the policy build with MCS support, not sure if it's
the best way to do it, but it seems to work.


diff -ru refpolicy-0.0.20080314.org/debian/build.conf.strict 
refpolicy-0.0.20080314/debian/build.conf.strict
--- refpolicy-0.0.20080314.org/debian/build.conf.strict 2008-03-27 
23:57:20.000000000 +1100
+++ refpolicy-0.0.20080314/debian/build.conf.strict     2008-03-28 
09:27:26.000000000 +1100
@@ -14,7 +14,7 @@
 # strict, targeted,
 # strict-mls, targeted-mls,
 # strict-mcs, targeted-mcs
-TYPE ?= mcs
+TYPE = mcs
 
 # Policy Name
 # If set, this will be used as the policy
diff -ru refpolicy-0.0.20080314.org/debian/build.conf.targeted 
refpolicy-0.0.20080314/debian/build.conf.targeted
--- refpolicy-0.0.20080314.org/debian/build.conf.targeted       2008-03-27 
15:53:40.000000000 +1100
+++ refpolicy-0.0.20080314/debian/build.conf.targeted   2008-03-28 
09:27:34.000000000 +1100
@@ -12,7 +12,7 @@
 
 # Policy Type
 # standard, mls, mcs
-TYPE ?= mcs
+TYPE = mcs
 
 # Policy Name
 # If set, this will be used as the policy
diff -ru refpolicy-0.0.20080314.org/debian/local.mk 
refpolicy-0.0.20080314/debian/local.mk
--- refpolicy-0.0.20080314.org/debian/local.mk  2008-03-27 15:53:40.000000000 
+1100
+++ refpolicy-0.0.20080314/debian/local.mk      2008-03-28 09:35:35.000000000 
+1100
@@ -71,10 +71,10 @@
          cp debian/build.conf.strict 
$(SRCTOP)/debian/build-$(package)/build.conf
        test -e debian/stamp-config-strict  ||                             \
          $(MAKE) -C $(SRCTOP)/debian/build-$(package)                     \
-                   NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE) $(OPTIONS) 
bare
+                   NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS) bare
        test -e debian/stamp-config-strict  ||                             \
          (cd $(SRCTOP)/debian/build-$(package) ;                          \
-           $(MAKE) NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE) $(OPTIONS) 
conf)
+           $(MAKE) NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS) conf)
        cp debian/modules.conf.strict                                      \
                      $(SRCTOP)/debian/build-$(package)/policy/modules.conf
        echo done > debian/stamp-config-strict
@@ -96,10 +96,10 @@
          cp debian/build.conf.targeted 
$(SRCTOP)/debian/build-$(package)/build.conf
        test -e debian/stamp-config-targeted  ||                           \
          $(MAKE) -C $(SRCTOP)/debian/build-$(package)                     \
-                 NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE) 
$(OPTIONS) bare
+                 NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS) bare
        test -e debian/stamp-config-targeted  ||                           \
          (cd $(SRCTOP)/debian/build-$(package) ;                          \
-           $(MAKE) NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE) 
$(OPTIONS) conf)
+           $(MAKE) NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS) 
conf)
        cp debian/modules.conf.targeted                                    \
                      $(SRCTOP)/debian/build-$(package)/policy/modules.conf
        echo done > debian/stamp-config-targeted
@@ -166,7 +166,7 @@
        $(REASON)
        test -e debian/stamp-build-strict                    ||            \
          (cd $(SRCTOP)/debian/build-$(package) ;                          \
-           $(MAKE) NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE) $(OPTIONS) 
policy all)
+           $(MAKE) NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS) 
policy all)
        echo done > debian/stamp-build-strict   
 STAMPS_TO_CLEAN += debian/stamp-build-strict   
 
@@ -174,7 +174,7 @@
        $(REASON)
        test -e debian/stamp-build-targeted                    ||            \
          (cd $(SRCTOP)/debian/build-$(package) ;                            \
-           $(MAKE) NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE) 
$(OPTIONS) policy all)
+           $(MAKE) NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS) 
policy all)
        echo done > debian/stamp-build-targeted 
 STAMPS_TO_CLEAN += debian/stamp-build-targeted   
 
@@ -197,7 +197,7 @@
        test -f 
$(TMPTOP)/etc/selinux/refpolicy-strict/modules/active/file_contexts.local || \
        touch 
$(TMPTOP)/etc/selinux/refpolicy-strict/modules/active/file_contexts.local
        (cd $(SRCTOP)/debian/build-$(package);                                  
\
-            $(MAKE) NAME=refpolicy-strict TYPE=strict$(MCS_MLS_TYPE) 
$(OPTIONS) \
+            $(MAKE) NAME=refpolicy-strict TYPE=$(MCS_MLS_TYPE) $(OPTIONS) \
                     DESTDIR=$(TMPTOP) install  install-headers                 
 \
           $(TMPTOP)/etc/selinux/refpolicy-strict/users/local.users             
 \
           $(TMPTOP)/etc/selinux/refpolicy-strict/users/system.users)
@@ -226,7 +226,7 @@
        test -f 
$(TMPTOP)/etc/selinux/refpolicy-targeted/modules/active/file_contexts.local || \
        touch 
$(TMPTOP)/etc/selinux/refpolicy-targeted/modules/active/file_contexts.local
        (cd $(SRCTOP)/debian/build-$(package);                                  
    \
-            $(MAKE) NAME=refpolicy-targeted TYPE=targeted$(MCS_MLS_TYPE) 
$(OPTIONS) \
+            $(MAKE) NAME=refpolicy-targeted TYPE=$(MCS_MLS_TYPE) $(OPTIONS) \
                     DESTDIR=$(TMPTOP) install  install-headers                 
     \
           $(TMPTOP)/etc/selinux/refpolicy-targeted/users/local.users           
     \
           $(TMPTOP)/etc/selinux/refpolicy-targeted/users/system.users)
diff -ru refpolicy-0.0.20080314.org/debian/local-vars.mk 
refpolicy-0.0.20080314/debian/local-vars.mk
--- refpolicy-0.0.20080314.org/debian/local-vars.mk     2008-03-28 
00:22:45.000000000 +1100
+++ refpolicy-0.0.20080314/debian/local-vars.mk 2008-03-28 09:35:01.000000000 
+1100
@@ -45,8 +45,8 @@
 PYDEFAULT  =$(strip $(shell pyversions -vd))
 MODULES_DIR=$(TMPTOP)/usr/share/python-support/$(package)
 
-# set this to -mcs or -mls
-MCS_MLS_TYPE=-mcs
+# set this to mcs, mls, or an empty string
+MCS_MLS_TYPE=mcs
 
 # Things we have put into the base for Debian systems.
 # egrep base debian/modules.conf.targeted | grep -v '#' | \

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968) 
(ignored: LC_ALL set to C)

Versions of packages selinux-policy-refpolicy-targeted depends on:
ii  libpam-modules            0.79-5         Pluggable Authentication Modules f
ii  libselinux1               2.0.15-2.etch1 SELinux shared libraries
ii  policycoreutils           2.0.16-1.etch1 SELinux core policy utilities
ii  python                    2.4.4-2        An interactive high-level object-o

Versions of packages selinux-policy-refpolicy-targeted recommends:
ii  checkpolicy                   1.32-1     SELinux policy compiler
ii  setools                       2.4-3      Tresys tools for managing Security

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#473048: selinux-policy-refpolicy-targeted: Policy is incorrectly built without MLS (MCS) support

Reply via email to