Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.gentoo.dev > #70397
| From | Rahul Sandhu <nvraxn@posteo.uk> |
|---|---|
| Newsgroups | linux.gentoo.dev |
| Subject | [gentoo-dev] [PATCH v4 3/5] sec-policy/selinux-base: update EAPI 7 -> 8 |
| Date | 2026-04-07 17:20 +0200 |
| Message-ID | <MHgnD-dnM7-1@gated-at.bofh.it> (permalink) |
| References | <MHgnD-dnM7-3@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Signed-off-by: Rahul Sandhu <nvraxn@posteo.uk>
---
.../selinux-base-2.20250213-r1.ebuild | 158 -----------------
.../selinux-base-2.20250213_p1.ebuild | 162 ++++++++++++++++++
.../selinux-base-2.20250618-r1.ebuild | 158 -----------------
.../selinux-base-2.20250618_p1.ebuild | 162 ++++++++++++++++++
.../selinux-base/selinux-base-9999.ebuild | 132 +++++++-------
5 files changed, 392 insertions(+), 380 deletions(-)
delete mode 100644 sec-policy/selinux-base/selinux-base-2.20250213-r1.ebuild
create mode 100644 sec-policy/selinux-base/selinux-base-2.20250213_p1.ebuild
delete mode 100644 sec-policy/selinux-base/selinux-base-2.20250618-r1.ebuild
create mode 100644 sec-policy/selinux-base/selinux-base-2.20250618_p1.ebuild
diff --git a/sec-policy/selinux-base/selinux-base-2.20250213-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20250213-r1.ebuild
deleted file mode 100644
index b3edd7c628f0..000000000000
--- a/sec-policy/selinux-base/selinux-base-2.20250213-r1.ebuild
+++ /dev/null
@@ -1,158 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-PYTHON_COMPAT=( python3_{10..12} )
-PYTHON_REQ_USE="xml(+)"
-inherit python-any-r1
-
-if [[ ${PV} == 9999* ]]; then
- EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
- EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
- EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
-
- inherit git-r3
-else
- SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
- https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
-
- KEYWORDS="amd64 arm arm64 ~riscv x86"
-fi
-
-IUSE="doc +unknown-perms systemd +ubac +unconfined"
-
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
-LICENSE="GPL-2"
-SLOT="0"
-
-RDEPEND=">=sys-apps/policycoreutils-2.8"
-DEPEND="${RDEPEND}"
-BDEPEND="
- ${PYTHON_DEPS}
- >=sys-apps/checkpolicy-2.8
- sys-devel/m4"
-
-S=${WORKDIR}/
-
-src_prepare() {
- if [[ ${PV} != 9999* ]]; then
- einfo "Applying SELinux policy updates ... "
- eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
- fi
-
- eapply_user
-
- cd "${S}/refpolicy" || die
- emake bare
-}
-
-src_configure() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- # Update the SELinux refpolicy capabilities based on the users' USE flags.
- if use unknown-perms; then
- sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
- || die "Failed to allow Unknown Permissions Handling"
- sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
- || die "Failed to allow Unknown Permissions Handling"
- fi
-
- if ! use ubac; then
- sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
- || die "Failed to disable User Based Access Control"
- fi
-
- if use systemd; then
- sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
- || die "Failed to enable SystemD"
- fi
-
- echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
-
- # Prepare initial configuration
- cd "${S}/refpolicy" || die
- emake conf
-
- # Setup the policies based on the types delivered by the end user.
- # These types can be "targeted", "strict", "mcs" and "mls".
- for i in ${POLICY_TYPES}; do
- cp -a "${S}/refpolicy" "${S}/${i}" || die
- cd "${S}/${i}" || die
-
- sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
-
- sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
- "${S}/${i}/build.conf" || die "build.conf setup failed."
-
- if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
- then
- # MCS/MLS require additional settings
- sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
- || die "failed to set type to mls"
- fi
-
- if [ "${i}" == "targeted" ]; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-standard/seusers" \
- || die "targeted seusers setup failed."
- fi
-
- if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-${i}/seusers" \
- || die "policy seusers setup failed."
- fi
- done
-}
-
-src_compile() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
- emake base
- if use doc; then
- emake html
- fi
- done
-}
-
-src_install() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
-
- emake DESTDIR="${D}" install
- emake DESTDIR="${D}" install-headers
-
- echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
-
- echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
-
- # libsemanage won't make this on its own
- keepdir "/etc/selinux/${i}/policy"
-
- if use doc; then
- docinto ${i}/html
- dodoc -r doc/html/*;
- fi
-
- insinto /usr/share/selinux/devel;
- doins doc/policy.xml;
-
- done
-
- docinto /
- dodoc doc/Makefile.example doc/example.{te,fc,if}
-
- doman man/man8/*.8;
-
- insinto /etc/selinux
- doins "${FILESDIR}/config"
-
- insinto /usr/share/portage/config/sets
- doins "${FILESDIR}/selinux.conf"
-}
diff --git a/sec-policy/selinux-base/selinux-base-2.20250213_p1.ebuild b/sec-policy/selinux-base/selinux-base-2.20250213_p1.ebuild
new file mode 100644
index 000000000000..549705fab3f2
--- /dev/null
+++ b/sec-policy/selinux-base/selinux-base-2.20250213_p1.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..14} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit python-any-r1
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
+
+if [[ "${PV}" = 9999* ]]; then
+ EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+ EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+ EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+ inherit git-r3
+else
+ MY_PV=$(ver_cut 1-2)
+ SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${MY_PV/./_}/refpolicy-${MY_PV}.tar.bz2
+ https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PV/_p/-r}.tar.bz2"
+ KEYWORDS="amd64 arm arm64 ~riscv x86"
+fi
+
+S="${WORKDIR}"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="
+ doc +unknown-perms systemd +ubac +unconfined
+ +selinux_policy_types_targeted +selinux_policy_types_strict +selinux_policy_types_mcs +selinux_policy_types_mls
+"
+REQUIRED_USE="
+ || ( selinux_policy_types_targeted selinux_policy_types_strict selinux_policy_types_mcs selinux_policy_types_mls )
+"
+
+RDEPEND=">=sys-apps/policycoreutils-2.8"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ ${PYTHON_DEPS}
+ >=sys-apps/checkpolicy-2.8
+ sys-devel/m4
+"
+
+src_prepare() {
+ if [[ "${PV}" != 9999* ]]; then
+ einfo "Applying SELinux policy updates... "
+ eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
+ fi
+
+ eapply_user
+
+ cd "${S}/refpolicy" || die
+ emake bare
+}
+
+src_configure() {
+ # Update the SELinux refpolicy capabilities based on the users' USE flags.
+ if use unknown-perms; then
+ sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
+ || die "Failed to allow Unknown Permissions Handling"
+ sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
+ || die "Failed to allow Unknown Permissions Handling"
+ fi
+
+ if ! use ubac; then
+ sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
+ || die "Failed to disable User Based Access Control"
+ fi
+
+ if use systemd; then
+ sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
+ || die "Failed to enable SystemD"
+ fi
+
+ echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
+
+ # Prepare initial configuration
+ cd "${S}/refpolicy" || die
+ emake conf
+
+ # Setup the policies based on the types delivered by the end user.
+ # These types can be "targeted", "strict", "mcs" and "mls".
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cp -a "${S}/refpolicy" "${S}/${type}" || die
+ cd "${S}/${type}" || die
+
+ sed -i -e "/= module/d" "${S}/${type}/policy/modules.conf" || die
+
+ sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/${type}/" \
+ "${S}/${type}/build.conf" || die "build.conf setup failed."
+
+ if [[ "${type}" = "mls" || "${type}" = "mcs" ]]; then
+ # MCS/MLS require additional settings
+ sed -i -e "/^TYPE/s/standard/${type}/" "${S}/${type}/build.conf" \
+ || die "failed to set type to mls"
+ fi
+
+ if [[ "${type}" = "targeted" ]]; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${type}/config/appconfig-standard/seusers" \
+ || die "targeted seusers setup failed."
+ fi
+
+ if [[ "${type}" != "targeted" && "${type}" != "strict" ]] && use unconfined; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${type}/config/appconfig-${type}/seusers" \
+ || die "policy seusers setup failed."
+ fi
+ fi
+ done
+}
+
+src_compile() {
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cd "${S}/${type}" || die
+ emake base
+ use doc && emake html
+ fi
+ done
+}
+
+src_install() {
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cd "${S}/${type}" || die
+
+ emake DESTDIR="${D}" install
+ emake DESTDIR="${D}" install-headers
+
+ echo "run_init_t" > "${D}/etc/selinux/${type}/contexts/run_init_type" || die
+
+ echo "textrel_shlib_t" >> "${D}/etc/selinux/${type}/contexts/customizable_types" || die
+
+ # libsemanage won't make this on its own
+ keepdir "/etc/selinux/${type}/policy"
+
+ if use doc; then
+ docinto "${type}/html"
+ dodoc -r doc/html/*;
+ fi
+
+ insinto /usr/share/selinux/devel;
+ doins doc/policy.xml;
+ fi
+ done
+
+ docinto /
+ dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+ doman man/man8/*.8;
+
+ insinto /etc/selinux
+ doins "${FILESDIR}/config"
+
+ insinto /usr/share/portage/config/sets
+ doins "${FILESDIR}/selinux.conf"
+}
diff --git a/sec-policy/selinux-base/selinux-base-2.20250618-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20250618-r1.ebuild
deleted file mode 100644
index b3edd7c628f0..000000000000
--- a/sec-policy/selinux-base/selinux-base-2.20250618-r1.ebuild
+++ /dev/null
@@ -1,158 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-PYTHON_COMPAT=( python3_{10..12} )
-PYTHON_REQ_USE="xml(+)"
-inherit python-any-r1
-
-if [[ ${PV} == 9999* ]]; then
- EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
- EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
- EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
-
- inherit git-r3
-else
- SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
- https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
-
- KEYWORDS="amd64 arm arm64 ~riscv x86"
-fi
-
-IUSE="doc +unknown-perms systemd +ubac +unconfined"
-
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
-LICENSE="GPL-2"
-SLOT="0"
-
-RDEPEND=">=sys-apps/policycoreutils-2.8"
-DEPEND="${RDEPEND}"
-BDEPEND="
- ${PYTHON_DEPS}
- >=sys-apps/checkpolicy-2.8
- sys-devel/m4"
-
-S=${WORKDIR}/
-
-src_prepare() {
- if [[ ${PV} != 9999* ]]; then
- einfo "Applying SELinux policy updates ... "
- eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
- fi
-
- eapply_user
-
- cd "${S}/refpolicy" || die
- emake bare
-}
-
-src_configure() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- # Update the SELinux refpolicy capabilities based on the users' USE flags.
- if use unknown-perms; then
- sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
- || die "Failed to allow Unknown Permissions Handling"
- sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
- || die "Failed to allow Unknown Permissions Handling"
- fi
-
- if ! use ubac; then
- sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
- || die "Failed to disable User Based Access Control"
- fi
-
- if use systemd; then
- sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
- || die "Failed to enable SystemD"
- fi
-
- echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
-
- # Prepare initial configuration
- cd "${S}/refpolicy" || die
- emake conf
-
- # Setup the policies based on the types delivered by the end user.
- # These types can be "targeted", "strict", "mcs" and "mls".
- for i in ${POLICY_TYPES}; do
- cp -a "${S}/refpolicy" "${S}/${i}" || die
- cd "${S}/${i}" || die
-
- sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
-
- sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
- "${S}/${i}/build.conf" || die "build.conf setup failed."
-
- if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
- then
- # MCS/MLS require additional settings
- sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
- || die "failed to set type to mls"
- fi
-
- if [ "${i}" == "targeted" ]; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-standard/seusers" \
- || die "targeted seusers setup failed."
- fi
-
- if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-${i}/seusers" \
- || die "policy seusers setup failed."
- fi
- done
-}
-
-src_compile() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
- emake base
- if use doc; then
- emake html
- fi
- done
-}
-
-src_install() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
-
- emake DESTDIR="${D}" install
- emake DESTDIR="${D}" install-headers
-
- echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
-
- echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
-
- # libsemanage won't make this on its own
- keepdir "/etc/selinux/${i}/policy"
-
- if use doc; then
- docinto ${i}/html
- dodoc -r doc/html/*;
- fi
-
- insinto /usr/share/selinux/devel;
- doins doc/policy.xml;
-
- done
-
- docinto /
- dodoc doc/Makefile.example doc/example.{te,fc,if}
-
- doman man/man8/*.8;
-
- insinto /etc/selinux
- doins "${FILESDIR}/config"
-
- insinto /usr/share/portage/config/sets
- doins "${FILESDIR}/selinux.conf"
-}
diff --git a/sec-policy/selinux-base/selinux-base-2.20250618_p1.ebuild b/sec-policy/selinux-base/selinux-base-2.20250618_p1.ebuild
new file mode 100644
index 000000000000..549705fab3f2
--- /dev/null
+++ b/sec-policy/selinux-base/selinux-base-2.20250618_p1.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..14} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit python-any-r1
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
+
+if [[ "${PV}" = 9999* ]]; then
+ EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+ EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+ EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+ inherit git-r3
+else
+ MY_PV=$(ver_cut 1-2)
+ SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${MY_PV/./_}/refpolicy-${MY_PV}.tar.bz2
+ https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PV/_p/-r}.tar.bz2"
+ KEYWORDS="amd64 arm arm64 ~riscv x86"
+fi
+
+S="${WORKDIR}"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="
+ doc +unknown-perms systemd +ubac +unconfined
+ +selinux_policy_types_targeted +selinux_policy_types_strict +selinux_policy_types_mcs +selinux_policy_types_mls
+"
+REQUIRED_USE="
+ || ( selinux_policy_types_targeted selinux_policy_types_strict selinux_policy_types_mcs selinux_policy_types_mls )
+"
+
+RDEPEND=">=sys-apps/policycoreutils-2.8"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ ${PYTHON_DEPS}
+ >=sys-apps/checkpolicy-2.8
+ sys-devel/m4
+"
+
+src_prepare() {
+ if [[ "${PV}" != 9999* ]]; then
+ einfo "Applying SELinux policy updates... "
+ eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
+ fi
+
+ eapply_user
+
+ cd "${S}/refpolicy" || die
+ emake bare
+}
+
+src_configure() {
+ # Update the SELinux refpolicy capabilities based on the users' USE flags.
+ if use unknown-perms; then
+ sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
+ || die "Failed to allow Unknown Permissions Handling"
+ sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
+ || die "Failed to allow Unknown Permissions Handling"
+ fi
+
+ if ! use ubac; then
+ sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
+ || die "Failed to disable User Based Access Control"
+ fi
+
+ if use systemd; then
+ sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
+ || die "Failed to enable SystemD"
+ fi
+
+ echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
+
+ # Prepare initial configuration
+ cd "${S}/refpolicy" || die
+ emake conf
+
+ # Setup the policies based on the types delivered by the end user.
+ # These types can be "targeted", "strict", "mcs" and "mls".
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cp -a "${S}/refpolicy" "${S}/${type}" || die
+ cd "${S}/${type}" || die
+
+ sed -i -e "/= module/d" "${S}/${type}/policy/modules.conf" || die
+
+ sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/${type}/" \
+ "${S}/${type}/build.conf" || die "build.conf setup failed."
+
+ if [[ "${type}" = "mls" || "${type}" = "mcs" ]]; then
+ # MCS/MLS require additional settings
+ sed -i -e "/^TYPE/s/standard/${type}/" "${S}/${type}/build.conf" \
+ || die "failed to set type to mls"
+ fi
+
+ if [[ "${type}" = "targeted" ]]; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${type}/config/appconfig-standard/seusers" \
+ || die "targeted seusers setup failed."
+ fi
+
+ if [[ "${type}" != "targeted" && "${type}" != "strict" ]] && use unconfined; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${type}/config/appconfig-${type}/seusers" \
+ || die "policy seusers setup failed."
+ fi
+ fi
+ done
+}
+
+src_compile() {
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cd "${S}/${type}" || die
+ emake base
+ use doc && emake html
+ fi
+ done
+}
+
+src_install() {
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cd "${S}/${type}" || die
+
+ emake DESTDIR="${D}" install
+ emake DESTDIR="${D}" install-headers
+
+ echo "run_init_t" > "${D}/etc/selinux/${type}/contexts/run_init_type" || die
+
+ echo "textrel_shlib_t" >> "${D}/etc/selinux/${type}/contexts/customizable_types" || die
+
+ # libsemanage won't make this on its own
+ keepdir "/etc/selinux/${type}/policy"
+
+ if use doc; then
+ docinto "${type}/html"
+ dodoc -r doc/html/*;
+ fi
+
+ insinto /usr/share/selinux/devel;
+ doins doc/policy.xml;
+ fi
+ done
+
+ docinto /
+ dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+ doman man/man8/*.8;
+
+ insinto /etc/selinux
+ doins "${FILESDIR}/config"
+
+ insinto /usr/share/portage/config/sets
+ doins "${FILESDIR}/selinux.conf"
+}
diff --git a/sec-policy/selinux-base/selinux-base-9999.ebuild b/sec-policy/selinux-base/selinux-base-9999.ebuild
index bdb6a700eef4..69fecc0d5264 100644
--- a/sec-policy/selinux-base/selinux-base-9999.ebuild
+++ b/sec-policy/selinux-base/selinux-base-9999.ebuild
@@ -1,13 +1,17 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI="7"
+EAPI=8
-PYTHON_COMPAT=( python3_{10..12} )
+PYTHON_COMPAT=( python3_{11..14} )
PYTHON_REQ_USE="xml(+)"
+
inherit python-any-r1
-if [[ ${PV} == 9999* ]]; then
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
+
+if [[ "${PV}" = 9999* ]]; then
EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
@@ -15,30 +19,34 @@ if [[ ${PV} == 9999* ]]; then
inherit git-r3
else
SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
- https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
+ https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86"
fi
-IUSE="doc +unknown-perms systemd +ubac +unconfined"
+S="${WORKDIR}"
-DESCRIPTION="Gentoo base policy for SELinux"
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
LICENSE="GPL-2"
SLOT="0"
+IUSE="
+ doc +unknown-perms systemd +ubac +unconfined
+ +selinux_policy_types_targeted +selinux_policy_types_strict +selinux_policy_types_mcs +selinux_policy_types_mls
+"
+REQUIRED_USE="
+ || ( selinux_policy_types_targeted selinux_policy_types_strict selinux_policy_types_mcs selinux_policy_types_mls )
+"
RDEPEND=">=sys-apps/policycoreutils-2.8"
DEPEND="${RDEPEND}"
BDEPEND="
${PYTHON_DEPS}
>=sys-apps/checkpolicy-2.8
- sys-devel/m4"
-
-S=${WORKDIR}/
+ sys-devel/m4
+"
src_prepare() {
- if [[ ${PV} != 9999* ]]; then
- einfo "Applying SELinux policy updates ... "
+ if [[ "${PV}" != 9999* ]]; then
+ einfo "Applying SELinux policy updates... "
eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
@@ -49,8 +57,6 @@ src_prepare() {
}
src_configure() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
# Update the SELinux refpolicy capabilities based on the users' USE flags.
if use unknown-perms; then
sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
@@ -77,72 +83,70 @@ src_configure() {
# Setup the policies based on the types delivered by the end user.
# These types can be "targeted", "strict", "mcs" and "mls".
- for i in ${POLICY_TYPES}; do
- cp -a "${S}/refpolicy" "${S}/${i}" || die
- cd "${S}/${i}" || die
-
- sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
-
- sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
- "${S}/${i}/build.conf" || die "build.conf setup failed."
-
- if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
- then
- # MCS/MLS require additional settings
- sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
- || die "failed to set type to mls"
- fi
-
- if [ "${i}" == "targeted" ]; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-standard/seusers" \
- || die "targeted seusers setup failed."
- fi
-
- if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
- sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
- "${S}/${i}/config/appconfig-${i}/seusers" \
- || die "policy seusers setup failed."
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cp -a "${S}/refpolicy" "${S}/${type}" || die
+ cd "${S}/${type}" || die
+
+ sed -i -e "/= module/d" "${S}/${type}/policy/modules.conf" || die
+
+ sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/${type}/" \
+ "${S}/${type}/build.conf" || die "build.conf setup failed."
+
+ if [[ "${type}" = "mls" || "${type}" = "mcs" ]]; then
+ # MCS/MLS require additional settings
+ sed -i -e "/^TYPE/s/standard/${type}/" "${S}/${type}/build.conf" \
+ || die "failed to set type to mls"
+ fi
+
+ if [[ "${type}" = "targeted" ]]; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${type}/config/appconfig-standard/seusers" \
+ || die "targeted seusers setup failed."
+ fi
+
+ if [[ "${type}" != "targeted" && "${type}" != "strict" ]] && use unconfined; then
+ sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+ "${S}/${type}/config/appconfig-${type}/seusers" \
+ || die "policy seusers setup failed."
+ fi
fi
done
}
src_compile() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
-
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
- emake base
- if use doc; then
- emake html
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cd "${S}/${type}" || die
+ emake base
+ use doc && emake html
fi
done
}
src_install() {
- [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+ for type in targeted strict mcs mls; do
+ if use "selinux_policy_types_${type}"; then
+ cd "${S}/${type}" || die
- for i in ${POLICY_TYPES}; do
- cd "${S}/${i}" || die
+ emake DESTDIR="${D}" install
+ emake DESTDIR="${D}" install-headers
- emake DESTDIR="${D}" install
- emake DESTDIR="${D}" install-headers
+ echo "run_init_t" > "${D}/etc/selinux/${type}/contexts/run_init_type" || die
- echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
+ echo "textrel_shlib_t" >> "${D}/etc/selinux/${type}/contexts/customizable_types" || die
- echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
+ # libsemanage won't make this on its own
+ keepdir "/etc/selinux/${type}/policy"
- # libsemanage won't make this on its own
- keepdir "/etc/selinux/${i}/policy"
+ if use doc; then
+ docinto "${type}/html"
+ dodoc -r doc/html/*;
+ fi
- if use doc; then
- docinto ${i}/html
- dodoc -r doc/html/*;
+ insinto /usr/share/selinux/devel;
+ doins doc/policy.xml;
fi
-
- insinto /usr/share/selinux/devel;
- doins doc/policy.xml;
-
done
docinto /
--
2.53.0
Back to linux.gentoo.dev | Previous | Next | Find similar
[gentoo-dev] [PATCH v4 3/5] sec-policy/selinux-base: update EAPI 7 -> 8 Rahul Sandhu <nvraxn@posteo.uk> - 2026-04-07 17:20 +0200
csiph-web