Re: [yocto] [PATCH][meta-selinux] policycoreutils: enable mcstransd

2015-07-07 Thread wenzong fan 

Ping ...

On 01/26/2015 03:38 PM, rongqing...@windriver.com wrote:

From: Roy Li rongqing...@windriver.com

mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels,
policycoreutils includes mcstransd whose version is newer than that
from http://mcstrans.sourcearchive.com/

Signed-off-by: Roy Li rongqing...@windriver.com
---
  recipes-security/selinux/policycoreutils.inc   | 82 --
  .../0001-mcstrans-fix-the-init-script.patch| 27 +++
  .../selinux/policycoreutils/enable-mcstrans.patch  | 17 +
  recipes-security/selinux/policycoreutils_2.3.bb|  2 +
  recipes-security/selinux/policycoreutils_git.bb|  2 +
  5 files changed, 126 insertions(+), 4 deletions(-)
  create mode 100644 
recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
  create mode 100644 
recipes-security/selinux/policycoreutils/enable-mcstrans.patch

diff --git a/recipes-security/selinux/policycoreutils.inc 
b/recipes-security/selinux/policycoreutils.inc
index 44a5861..fa0b601 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -13,11 +13,14 @@ PAM_SRC_URI = file://pam.d/newrole \
 file://pam.d/run_init \
  

-DEPENDS += libsepol libselinux libsemanage
+DEPENDS += libsepol libselinux libsemanage libcap
  EXTRA_DEPENDS = libcap-ng libcgroup setools
  DEPENDS += ${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}

-inherit selinux
+inherit selinux systemd pythonnative update-rc.d
+
+PROVIDES += mcstrans
+
  DEPENDS += ${@target_selinux(d, 'libpam audit')}

  RDEPENDS_${BPN}-audit2allow = \
@@ -113,7 +116,6 @@ RDEPENDS_${BPN} += setools setools-libs ${BPN}-python
  WARN_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', 
d)}
  ERROR_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', 
d)}

-inherit pythonnative

  PACKAGES =+ \
${PN}-audit2allow \
@@ -137,8 +139,31 @@ PACKAGES =+ \
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
+   mcstrans \
+   mcstrans-doc \
system-config-selinux \
  
+PKGV_mcstrans = 0.3.2
+PKGV_mcstrans-doc = 0.3.2
+SUMMARY_mcstrans = Daemon to translate SELinux MCS/MLS sensitivity labels
+DESCRIPTION_mcstrans = \
+Security-enhanced Linux is a feature of the Linux kernel and a number \
+of utilities with enhanced security functionality designed to add \
+mandatory access controls to Linux.  The Security-enhanced Linux \
+kernel contains new architectural components originally developed to \
+improve the security of the Flask operating system. These \
+architectural components provide general support for the enforcement \
+of many kinds of mandatory access control policies, including those \
+based on the concepts of Type EnforcementĀ®, Role-based Access \
+Control, and Multi-level Security. \
+ \
+mcstrans provides an translation daemon to translate SELinux 
categories \
+from internal representations to user defined representation. \
+
+SUMMARY_mcstrans-doc = ${SUMMARY_mcstrans} man pages and examples
+DESCRIPTION_mcstrans-doc = ${DESCRIPTION_mcstrans} \
+This package contains man pages and examples. \
+
  FILES_${PN}-audit2allow = \
${bindir}/audit2allow \
${bindir}/audit2why \
@@ -208,6 +233,23 @@ FILES_${PN}-setsebool += \
${sbindir}/setsebool \
${datadir}/bash-completion/completions/setsebool \
  
+FILES_mcstrans = \
+   ${base_sbindir}/mcstransd \
+   ${sbindir}/untranscon \
+   ${sbindir}/transcon \
+   ${sysconfdir}/init.d/mcstrans \
+   ${systemd_unitdir}/system/mcstrans.service \
+   ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
+   ${sysconfdir}/tmpfiles.d/setrans.conf \
+
+
+FILES_mcstrans-doc = \
+/usr/share/man/man8/mcstransd.8 \
+/usr/share/man/man8/mcs.8 \
+/usr/share/man/man8/setrans.conf.8 \
+${datadir}/mcstrans \
+
+
  FILES_system-config-selinux =  \
  ${bindir}/sepolgen \
  ${datadir}/system-config-selinux/* \
@@ -248,7 +290,24 @@ do_compile_prepend() {

  do_install_prepend() {
export PYTHON=python
-   export SEMODULE_PATH=${sbindir}
+   export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
+}
+
+do_install_append_class-target() {
+   install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
+   install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
+
+   if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', 
d)}; then
+   install -d ${D}${sysconfdir}/tmpfiles.d
+   echo d ${localstatedir}/run/setrans - - - - \
+${D}${sysconfdir}/tmpfiles.d/setrans.conf
+   else
+   install -d ${D}${sysconfdir}/default/volatiles
+   echo d root root 0755 /var/run/setrans none \
+

[yocto] [PATCH][meta-selinux] policycoreutils: enable mcstransd

2015-01-25 Thread rongqing.li 
From: Roy Li rongqing...@windriver.com

mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels,
policycoreutils includes mcstransd whose version is newer than that
from http://mcstrans.sourcearchive.com/

Signed-off-by: Roy Li rongqing...@windriver.com
---
 recipes-security/selinux/policycoreutils.inc   | 82 --
 .../0001-mcstrans-fix-the-init-script.patch| 27 +++
 .../selinux/policycoreutils/enable-mcstrans.patch  | 17 +
 recipes-security/selinux/policycoreutils_2.3.bb|  2 +
 recipes-security/selinux/policycoreutils_git.bb|  2 +
 5 files changed, 126 insertions(+), 4 deletions(-)
 create mode 100644 
recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
 create mode 100644 
recipes-security/selinux/policycoreutils/enable-mcstrans.patch

diff --git a/recipes-security/selinux/policycoreutils.inc 
b/recipes-security/selinux/policycoreutils.inc
index 44a5861..fa0b601 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -13,11 +13,14 @@ PAM_SRC_URI = file://pam.d/newrole \
file://pam.d/run_init \
 
 
-DEPENDS += libsepol libselinux libsemanage
+DEPENDS += libsepol libselinux libsemanage libcap
 EXTRA_DEPENDS = libcap-ng libcgroup setools
 DEPENDS += ${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}
 
-inherit selinux
+inherit selinux systemd pythonnative update-rc.d
+
+PROVIDES += mcstrans
+
 DEPENDS += ${@target_selinux(d, 'libpam audit')}
 
 RDEPENDS_${BPN}-audit2allow = \
@@ -113,7 +116,6 @@ RDEPENDS_${BPN} += setools setools-libs ${BPN}-python
 WARN_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}
 ERROR_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', 
d)}
 
-inherit pythonnative
 
 PACKAGES =+ \
${PN}-audit2allow \
@@ -137,8 +139,31 @@ PACKAGES =+ \
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
+   mcstrans \
+   mcstrans-doc \
system-config-selinux \
 
+PKGV_mcstrans = 0.3.2
+PKGV_mcstrans-doc = 0.3.2
+SUMMARY_mcstrans = Daemon to translate SELinux MCS/MLS sensitivity labels
+DESCRIPTION_mcstrans = \
+Security-enhanced Linux is a feature of the Linux kernel and a number \
+of utilities with enhanced security functionality designed to add \
+mandatory access controls to Linux.  The Security-enhanced Linux \
+kernel contains new architectural components originally developed to \
+improve the security of the Flask operating system. These \
+architectural components provide general support for the enforcement \
+of many kinds of mandatory access control policies, including those \
+based on the concepts of Type EnforcementĀ®, Role-based Access \
+Control, and Multi-level Security. \
+ \
+mcstrans provides an translation daemon to translate SELinux 
categories \
+from internal representations to user defined representation. \
+
+SUMMARY_mcstrans-doc = ${SUMMARY_mcstrans} man pages and examples
+DESCRIPTION_mcstrans-doc = ${DESCRIPTION_mcstrans} \
+This package contains man pages and examples. \
+
 FILES_${PN}-audit2allow = \
${bindir}/audit2allow \
${bindir}/audit2why \
@@ -208,6 +233,23 @@ FILES_${PN}-setsebool += \
${sbindir}/setsebool \
${datadir}/bash-completion/completions/setsebool \
 
+FILES_mcstrans = \
+   ${base_sbindir}/mcstransd \
+   ${sbindir}/untranscon \
+   ${sbindir}/transcon \
+   ${sysconfdir}/init.d/mcstrans \
+   ${systemd_unitdir}/system/mcstrans.service \
+   ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
+   ${sysconfdir}/tmpfiles.d/setrans.conf \
+
+
+FILES_mcstrans-doc = \
+/usr/share/man/man8/mcstransd.8 \
+/usr/share/man/man8/mcs.8 \
+/usr/share/man/man8/setrans.conf.8 \
+${datadir}/mcstrans \
+
+
 FILES_system-config-selinux =  \
 ${bindir}/sepolgen \
 ${datadir}/system-config-selinux/* \
@@ -248,7 +290,24 @@ do_compile_prepend() {
 
 do_install_prepend() {
export PYTHON=python
-   export SEMODULE_PATH=${sbindir}
+   export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
+}
+
+do_install_append_class-target() {
+   install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
+   install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
+
+   if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', 
d)}; then
+   install -d ${D}${sysconfdir}/tmpfiles.d
+   echo d ${localstatedir}/run/setrans - - - - \
+${D}${sysconfdir}/tmpfiles.d/setrans.conf
+   else
+   install -d ${D}${sysconfdir}/default/volatiles
+   echo d root root 0755 /var/run/setrans none \
+   
${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
+   fi
+   install -d ${D}${datadir}/mcstrans
+