1 files changed, 78 insertions, 4 deletions
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 4846683..9871339 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -16,11 +16,14 @@ PAM_SRC_URI = "file://pam.d/newrole \
               file://pam.d/run_init \
 "
-DEPENDS += "libsepol libselinux libsemanage"
+DEPENDS += "libsepol libselinux libsemanage libcap"
 EXTRA_DEPENDS = "libcap-ng libcgroup setools"
 DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
-inherit selinux
+inherit selinux systemd pythonnative update-rc.d
+PROVIDES += "mcstrans"
 DEPENDS += "${@target_selinux(d, 'libpam audit')}"
 RDEPENDS_${BPN}-audit2allow = "\
@@ -116,7 +119,6 @@ RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
 WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
 ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
-inherit pythonnative
 PACKAGES =+ "\
        ${PN}-audit2allow \
@@ -140,8 +142,31 @@ PACKAGES =+ "\
        ${PN}-sestatus \
        ${PN}-setfiles \
        ${PN}-setsebool \
+        mcstrans \
+        mcstrans-doc \
        system-config-selinux \
 "
+PKGV_mcstrans = "0.3.2"
+PKGV_mcstrans-doc = "0.3.2"
+SUMMARY_mcstrans = "Daemon to translate SELinux MCS/MLS sensitivity labels"
+DESCRIPTION_mcstrans = "\
+        Security-enhanced Linux is a feature of the Linux kernel and a number \
+        of utilities with enhanced security functionality designed to add \
+        mandatory access controls to Linux.  The Security-enhanced Linux \
+        kernel contains new architectural components originally developed to \
+        improve the security of the Flask operating system. These \
+        architectural components provide general support for the enforcement \
+        of many kinds of mandatory access control policies, including those \
+        based on the concepts of Type Enforcement®, Role-based Access \
+        Control, and Multi-level Security. \
+         \
+        mcstrans provides an translation daemon to translate SELinux categories \
+        from internal representations to user defined representation. \
+        "
+SUMMARY_mcstrans-doc = "${SUMMARY_mcstrans} man pages and examples"
+DESCRIPTION_mcstrans-doc = "${DESCRIPTION_mcstrans} \
+        This package contains man pages and examples. \
+        "
 FILES_${PN}-audit2allow = "\
        ${bindir}/audit2allow \
        ${bindir}/audit2why \
@@ -211,6 +236,23 @@ FILES_${PN}-setsebool += "\
        ${sbindir}/setsebool \
        ${datadir}/bash-completion/completions/setsebool \
 "
+FILES_mcstrans = "\
+        ${base_sbindir}/mcstransd \
+        ${sbindir}/untranscon \
+        ${sbindir}/transcon \
+        ${sysconfdir}/init.d/mcstrans \
+        ${systemd_unitdir}/system/mcstrans.service \
+        ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
+        ${sysconfdir}/tmpfiles.d/setrans.conf \
+"
+FILES_mcstrans-doc = "\
+    /usr/share/man/man8/mcstransd.8 \
+    /usr/share/man/man8/mcs.8 \
+    /usr/share/man/man8/setrans.conf.8 \
+    ${datadir}/mcstrans \
+"
 FILES_system-config-selinux = " \
    ${bindir}/sepolgen \
    ${datadir}/system-config-selinux/* \
@@ -251,7 +293,24 @@ do_compile_prepend() {
 do_install_prepend() {
        export PYTHON=python
-        export SEMODULE_PATH=${sbindir}
+        export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
+}
+do_install_append_class-target() {
+        install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
+        install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+                install -d ${D}${sysconfdir}/tmpfiles.d
+                echo "d ${localstatedir}/run/setrans - - - -" \
+                    > ${D}${sysconfdir}/tmpfiles.d/setrans.conf
+        else
+                install -d ${D}${sysconfdir}/default/volatiles
+                echo "d root root 0755 /var/run/setrans none" \
+                        >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
+        fi
+        install -d ${D}${datadir}/mcstrans
+        cp -r mcstrans/share/* ${D}${datadir}/mcstrans/.
 }
 do_install_virtclass-native() {
@@ -269,3 +328,18 @@ do_install_append_class-target() {
                install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
        fi
 }
+SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
+INITSCRIPT_PACKAGES = "mcstrans"
+INITSCRIPT_NAME_mcstrans = "mcstrans"
+INITSCRIPT_PARAMS_mcstrans = "defaults"
+pkg_postinst_mcstrans () {
+    if [ -z "$D" ]; then
+        if command -v systemd-tmpfiles >/dev/null; then
+            systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
+        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+            ${sysconfdir}/init.d/populate-volatile.sh update
+        fi
+    fi
+}

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 4846683..9871339 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc
@@ -16,11 +16,14 @@ PAM_SRC_URI = "file://pam.d/newrole \
16	file://pam.d/run_init \	16	file://pam.d/run_init \
17	"	17	"
18		18
19	DEPENDS += "libsepol libselinux libsemanage"	19	DEPENDS += "libsepol libselinux libsemanage libcap"
20	EXTRA_DEPENDS = "libcap-ng libcgroup setools"	20	EXTRA_DEPENDS = "libcap-ng libcgroup setools"
21	DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"	21	DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
22		22
23	inherit selinux	23	inherit selinux systemd pythonnative update-rc.d
		24
		25	PROVIDES += "mcstrans"
		26
24	DEPENDS += "${@target_selinux(d, 'libpam audit')}"	27	DEPENDS += "${@target_selinux(d, 'libpam audit')}"
25		28
26	RDEPENDS_${BPN}-audit2allow = "\	29	RDEPENDS_${BPN}-audit2allow = "\
@@ -116,7 +119,6 @@ RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
116	WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"	119	WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
117	ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"	120	ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
118		121
119	inherit pythonnative
120		122
121	PACKAGES =+ "\	123	PACKAGES =+ "\
122	${PN}-audit2allow \	124	${PN}-audit2allow \
@@ -140,8 +142,31 @@ PACKAGES =+ "\
140	${PN}-sestatus \	142	${PN}-sestatus \
141	${PN}-setfiles \	143	${PN}-setfiles \
142	${PN}-setsebool \	144	${PN}-setsebool \
		145	mcstrans \
		146	mcstrans-doc \
143	system-config-selinux \	147	system-config-selinux \
144	"	148	"
		149	PKGV_mcstrans = "0.3.2"
		150	PKGV_mcstrans-doc = "0.3.2"
		151	SUMMARY_mcstrans = "Daemon to translate SELinux MCS/MLS sensitivity labels"
		152	DESCRIPTION_mcstrans = "\
		153	Security-enhanced Linux is a feature of the Linux kernel and a number \
		154	of utilities with enhanced security functionality designed to add \
		155	mandatory access controls to Linux. The Security-enhanced Linux \
		156	kernel contains new architectural components originally developed to \
		157	improve the security of the Flask operating system. These \
		158	architectural components provide general support for the enforcement \
		159	of many kinds of mandatory access control policies, including those \
		160	based on the concepts of Type Enforcement®, Role-based Access \
		161	Control, and Multi-level Security. \
		162	\
		163	mcstrans provides an translation daemon to translate SELinux categories \
		164	from internal representations to user defined representation. \
		165	"
		166	SUMMARY_mcstrans-doc = "${SUMMARY_mcstrans} man pages and examples"
		167	DESCRIPTION_mcstrans-doc = "${DESCRIPTION_mcstrans} \
		168	This package contains man pages and examples. \
		169	"
145	FILES_${PN}-audit2allow = "\	170	FILES_${PN}-audit2allow = "\
146	${bindir}/audit2allow \	171	${bindir}/audit2allow \
147	${bindir}/audit2why \	172	${bindir}/audit2why \
@@ -211,6 +236,23 @@ FILES_${PN}-setsebool += "\
211	${sbindir}/setsebool \	236	${sbindir}/setsebool \
212	${datadir}/bash-completion/completions/setsebool \	237	${datadir}/bash-completion/completions/setsebool \
213	"	238	"
		239	FILES_mcstrans = "\
		240	${base_sbindir}/mcstransd \
		241	${sbindir}/untranscon \
		242	${sbindir}/transcon \
		243	${sysconfdir}/init.d/mcstrans \
		244	${systemd_unitdir}/system/mcstrans.service \
		245	${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
		246	${sysconfdir}/tmpfiles.d/setrans.conf \
		247	"
		248
		249	FILES_mcstrans-doc = "\
		250	/usr/share/man/man8/mcstransd.8 \
		251	/usr/share/man/man8/mcs.8 \
		252	/usr/share/man/man8/setrans.conf.8 \
		253	${datadir}/mcstrans \
		254	"
		255
214	FILES_system-config-selinux = " \	256	FILES_system-config-selinux = " \
215	${bindir}/sepolgen \	257	${bindir}/sepolgen \
216	${datadir}/system-config-selinux/* \	258	${datadir}/system-config-selinux/* \
@@ -251,7 +293,24 @@ do_compile_prepend() {
251		293
252	do_install_prepend() {	294	do_install_prepend() {
253	export PYTHON=python	295	export PYTHON=python
254	export SEMODULE_PATH=${sbindir}	296	export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
		297	}
		298
		299	do_install_append_class-target() {
		300	install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
		301	install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
		302
		303	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
		304	install -d ${D}${sysconfdir}/tmpfiles.d
		305	echo "d ${localstatedir}/run/setrans - - - -" \
		306	> ${D}${sysconfdir}/tmpfiles.d/setrans.conf
		307	else
		308	install -d ${D}${sysconfdir}/default/volatiles
		309	echo "d root root 0755 /var/run/setrans none" \
		310	>${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
		311	fi
		312	install -d ${D}${datadir}/mcstrans
		313	cp -r mcstrans/share/* ${D}${datadir}/mcstrans/.
255	}	314	}
256		315
257	do_install_virtclass-native() {	316	do_install_virtclass-native() {
@@ -269,3 +328,18 @@ do_install_append_class-target() {
269	install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/	328	install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
270	fi	329	fi
271	}	330	}
		331
		332	SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
		333	INITSCRIPT_PACKAGES = "mcstrans"
		334	INITSCRIPT_NAME_mcstrans = "mcstrans"
		335	INITSCRIPT_PARAMS_mcstrans = "defaults"
		336
		337	pkg_postinst_mcstrans () {
		338	if [ -z "$D" ]; then
		339	if command -v systemd-tmpfiles >/dev/null; then
		340	systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
		341	elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
		342	${sysconfdir}/init.d/populate-volatile.sh update
		343	fi
		344	fi
		345	}