[PATCH 0/9] SELinux

  • Done
  • quality assurance status badge
Details
3 participants
  • julien lepiller
  • Marius Bakke
  • Ricardo Wurmus
Owner
unassigned
Submitted by
Ricardo Wurmus
Severity
normal
R
R
Ricardo Wurmus wrote on 19 Apr 2017 14:56
(address . guix-patches@gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419125608.31664-1-rekado@elephly.net
This patch series adds SELinux libraries and tools.

Ricardo Wurmus (9):
gnu: Add libsepol.
gnu: Add checkpolicy.
gnu: Add libselinux.
gnu: Add libsemanage.
gnu: Add secilc.
gnu: Add python-sepolgen.
gnu: Add python-ipy.
gnu: Add python-setools.
gnu: Add policycoreutils.

gnu/local.mk | 2 +
gnu/packages/networking.scm | 20 +-
...policycoreutils-make-sepolicy-use-python3.patch | 335 +++++++++++++++
gnu/packages/selinux.scm | 475 +++++++++++++++++++++
4 files changed, 831 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
create mode 100644 gnu/packages/selinux.scm

--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 2/9] gnu: Add checkpolicy.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-2-rekado@elephly.net
* gnu/packages/selinux.scm (checkpolicy): New variable.
---
gnu/packages/selinux.scm | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)

Toggle diff (52 lines)
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 75758dd6b..5f7e11928 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -23,6 +23,7 @@
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
+ #:use-module (gnu packages bison)
#:use-module (gnu packages flex))
;; Update the SELinux packages together!
@@ -69,3 +70,37 @@ similar tools, and programs such as @code{load_policy}, which must perform
specific transformations on binary policies (for example, customizing policy
boolean settings).")
(license license:lgpl2.1+)))
+
+(define-public checkpolicy
+ (package (inherit libsepol)
+ (name "checkpolicy")
+ (arguments
+ `(#:tests? #f ; there is no check target
+ #:make-flags
+ (let ((out (assoc-ref %outputs "out")))
+ (list (string-append "PREFIX=" out)
+ (string-append "LDLIBS="
+ (assoc-ref %build-inputs "libsepol")
+ "/lib/libsepol.a "
+ (assoc-ref %build-inputs "flex")
+ "/lib/libfl.a")
+ "CC=gcc"))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after 'unpack 'enter-dir
+ (lambda _ (chdir ,name) #t)))))
+ (inputs
+ `(("libsepol" ,libsepol)))
+ (native-inputs
+ `(("bison" ,bison)
+ ("flex" ,flex)))
+ (synopsis "Check SELinux security policy configurations and modules")
+ (description
+ "This package provides the tools \"checkpolicy\" and \"checkmodule\".
+Checkpolicy is a program that checks and compiles a SELinux security policy
+configuration into a binary representation that can be loaded into the kernel.
+Checkmodule is a program that checks and compiles a SELinux security policy
+module into a binary representation.")
+ ;; GPLv2 only
+ (license license:gpl2)))
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 1/9] gnu: Add libsepol.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-1-rekado@elephly.net
* gnu/packages/selinux.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
gnu/local.mk | 1 +
gnu/packages/selinux.scm | 71 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 72 insertions(+)
create mode 100644 gnu/packages/selinux.scm

Toggle diff (91 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 5822add4c..77302573a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -342,6 +342,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/sdl.scm \
%D%/packages/search.scm \
%D%/packages/security-token.scm \
+ %D%/packages/selinux.scm \
%D%/packages/serialization.scm \
%D%/packages/serveez.scm \
%D%/packages/shells.scm \
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
new file mode 100644
index 000000000..75758dd6b
--- /dev/null
+++ b/gnu/packages/selinux.scm
@@ -0,0 +1,71 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages selinux)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix utils)
+ #:use-module (guix build-system gnu)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages flex))
+
+;; Update the SELinux packages together!
+
+(define-public libsepol
+ (package
+ (name "libsepol")
+ (version "2.6")
+ (source (let ((release "20161014"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/SELinuxProject/selinux/"
+ "archive/" release ".tar.gz"))
+ (file-name (string-append "selinux-" release ".tar.gz"))
+ (sha256
+ (base32
+ "1dpwynfb6n31928343blac4159g4jbrwxdp61q5yffmxpy3c3czi")))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f ; tests require checkpolicy, which requires libsepol
+ #:test-target "test"
+ #:make-flags
+ (let ((out (assoc-ref %outputs "out")))
+ (list (string-append "PREFIX=" out)
+ (string-append "DESTDIR=" out)
+ (string-append "MAN3DIR=" out "/share/man/man3")
+ (string-append "MAN5DIR=" out "/share/man/man5")
+ (string-append "MAN8DIR=" out "/share/man/man8")
+ (string-append "LDFLAGS=-Wl,-rpath=" out "/lib")
+ "CC=gcc"))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after 'unpack 'enter-dir
+ (lambda _ (chdir ,name) #t)))))
+ (native-inputs
+ `(("flex" ,flex)))
+ (home-page "http://selinuxproject.org/")
+ (synopsis "Library for manipulating SELinux policies")
+ (description
+ "The libsepol library provides an API for the manipulation of SELinux
+binary policies. It is used by @code{checkpolicy} (the policy compiler) and
+similar tools, and programs such as @code{load_policy}, which must perform
+specific transformations on binary policies (for example, customizing policy
+boolean settings).")
+ (license license:lgpl2.1+)))
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 3/9] gnu: Add libselinux.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-3-rekado@elephly.net
* gnu/packages/selinux.scm (libselinux): New variable.
---
gnu/packages/selinux.scm | 62 +++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 61 insertions(+), 1 deletion(-)

Toggle diff (81 lines)
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 5f7e11928..bf5a62a87 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -22,9 +22,14 @@
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system python)
#:use-module (gnu packages)
#:use-module (gnu packages bison)
- #:use-module (gnu packages flex))
+ #:use-module (gnu packages flex)
+ #:use-module (gnu packages pcre)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages swig))
;; Update the SELinux packages together!
@@ -104,3 +109,58 @@ Checkmodule is a program that checks and compiles a SELinux security policy
module into a binary representation.")
;; GPLv2 only
(license license:gpl2)))
+
+(define-public libselinux
+ (package (inherit libsepol)
+ (name "libselinux")
+ (arguments
+ (substitute-keyword-arguments (package-arguments libsepol)
+ ((#:make-flags flags)
+ `(cons* "PYTHON=python3"
+ (string-append "PYSITEDIR="
+ (assoc-ref %outputs "out")
+ "/lib/python3.5/site-packages/")
+ ,flags))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (replace 'enter-dir
+ (lambda _ (chdir ,name) #t))
+ ;; libsepol.a is not located in this package's LIBDIR.
+ (add-after 'enter-dir 'patch-libsepol-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "src/Makefile"
+ (("\\$\\(LIBDIR\\)/libsepol.a")
+ (string-append (assoc-ref inputs "libsepol")
+ "/lib/libsepol.a")))
+ #t))
+ (add-after 'enter-dir 'remove-Werror
+ (lambda _
+ ;; GCC complains about the fact that the output does not (yet)
+ ;; have an "include" directory, even though it is referenced.
+ (substitute* '("src/Makefile"
+ "utils/Makefile")
+ (("-Werror ") ""))
+ #t))
+ (add-after 'build 'pywrap
+ (lambda* (#:key make-flags #:allow-other-keys)
+ (zero? (apply system* "make" "pywrap" make-flags))))
+ (add-after 'install 'install-pywrap
+ (lambda* (#:key make-flags #:allow-other-keys)
+ (zero? (apply system* "make" "install-pywrap" make-flags))))))))
+ (inputs
+ `(("libsepol" ,libsepol)
+ ("pcre" ,pcre)
+ ;; For pywrap phase
+ ("python" ,python-wrapper)))
+ ;; These inputs are only needed for the pywrap phase.
+ (native-inputs
+ `(("swig" ,swig)
+ ("pkg-config" ,pkg-config)))
+ (synopsis "SELinux core libraries and utilities")
+ (description
+ "The libselinux library provides an API for SELinux applications to get
+and set process and file security contexts, and to obtain security policy
+decisions. It is required for any applications that use the SELinux API, and
+used by all applications that are SELinux-aware. This package also includes
+the core SELinux management utilities.")
+ (license license:public-domain)))
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 4/9] gnu: Add libsemanage.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-4-rekado@elephly.net
* gnu/packages/selinux.scm (libsemanage): New variable.
---
gnu/packages/selinux.scm | 44 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 43 insertions(+), 1 deletion(-)

Toggle diff (66 lines)
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index bf5a62a87..0ef8b9620 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -24,12 +24,14 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system python)
#:use-module (gnu packages)
+ #:use-module (gnu packages admin)
#:use-module (gnu packages bison)
#:use-module (gnu packages flex)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
- #:use-module (gnu packages swig))
+ #:use-module (gnu packages swig)
+ #:use-module (gnu packages textutils))
;; Update the SELinux packages together!
@@ -164,3 +166,43 @@ decisions. It is required for any applications that use the SELinux API, and
used by all applications that are SELinux-aware. This package also includes
the core SELinux management utilities.")
(license license:public-domain)))
+
+(define-public libsemanage
+ (package (inherit libsepol)
+ (name "libsemanage")
+ (arguments
+ (substitute-keyword-arguments (package-arguments libsepol)
+ ((#:make-flags flags)
+ `(cons* "PYTHON=python3"
+ (string-append "PYSITEDIR="
+ (assoc-ref %outputs "out")
+ "/lib/python3.5/site-packages/")
+ ,flags))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (replace 'enter-dir
+ (lambda _ (chdir ,name) #t))
+ (add-after 'build 'pywrap
+ (lambda* (#:key make-flags #:allow-other-keys)
+ (zero? (apply system* "make" "pywrap" make-flags))))
+ (add-after 'install 'install-pywrap
+ (lambda* (#:key make-flags #:allow-other-keys)
+ (zero? (apply system* "make" "install-pywrap" make-flags))))))))
+ (inputs
+ `(("libsepol" ,libsepol)
+ ("libselinux" ,libselinux)
+ ("audit" ,audit)
+ ("ustr" ,ustr)
+ ;; For pywrap phase
+ ("python" ,python-wrapper)))
+ (native-inputs
+ `(("bison" ,bison)
+ ("flex" ,flex)
+ ;; For pywrap phase
+ ("swig" ,swig)
+ ("pkg-config" ,pkg-config)))
+ (synopsis "SELinux policy management libraries")
+ (description
+ "The libsemanage library provides an API for the manipulation of SELinux
+binary policies.")
+ (license license:lgpl2.1+)))
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 6/9] gnu: Add python-sepolgen.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-6-rekado@elephly.net
* gnu/packages/selinux.scm (python-sepolgen): New variable.
---
gnu/packages/selinux.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)

Toggle diff (62 lines)
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index e73bc0ec6..8f3750daf 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -234,3 +234,55 @@ binary policies.")
(description "The SELinux CIL compiler is a compiler that converts the
@dfn{common intermediate language} (CIL) into a kernel binary policy file.")
(license license:bsd-2)))
+
+(define-public python-sepolgen
+ (package (inherit libsepol)
+ (name "python-sepolgen")
+ (arguments
+ `(#:modules ((srfi srfi-1)
+ (guix build gnu-build-system)
+ (guix build utils))
+ ,@(substitute-keyword-arguments (package-arguments libsepol)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (replace 'enter-dir
+ (lambda _ (chdir "sepolgen") #t))
+ ;; By default all Python files would be installed to
+ ;; $out/gnu/store/...-python-.../, so we override the
+ ;; PACKAGEDIR to fix this.
+ (add-after 'enter-dir 'fix-target-path
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((get-python-version
+ ;; FIXME: copied from python-build-system
+ (lambda (python)
+ (let* ((version (last (string-split python #\-)))
+ (components (string-split version #\.))
+ (major+minor (take components 2)))
+ (string-join major+minor ".")))))
+ (substitute* "src/sepolgen/Makefile"
+ (("^PACKAGEDIR.*")
+ (string-append "PACKAGEDIR="
+ (assoc-ref outputs "out")
+ "/lib/python"
+ (get-python-version
+ (assoc-ref inputs "python"))
+ "/site-packages/sepolgen")))
+ (substitute* "src/share/Makefile"
+ (("\\$\\(DESTDIR\\)") (assoc-ref outputs "out"))))
+ #t)))))))
+ (inputs
+ `(("python" ,python-wrapper)))
+ (native-inputs '())
+ (synopsis "Python module for generating SELinux policies")
+ (description
+ "This package contains a Python module that forms the core of
+@code{audit2allow}, a part of the package @code{policycoreutils}. The
+sepolgen library contains: Reference Policy Representation, which are Objects
+for representing policies and the reference policy interfaces. It has objects
+and algorithms for representing access and sets of access in an abstract way
+and searching that access. It also has a parser for reference policy
+\"headers\". It contains infrastructure for parsing SELinux related messages
+as produced by the audit system. It has facilities for generating policy
+based on required access.")
+ ;; GPLv2 only
+ (license license:gpl2)))
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 5/9] gnu: Add secilc.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-5-rekado@elephly.net
* gnu/packages/selinux.scm (secilc): New variable.
---
gnu/packages/selinux.scm | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)

Toggle diff (52 lines)
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 0ef8b9620..e73bc0ec6 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -26,12 +26,14 @@
#:use-module (gnu packages)
#:use-module (gnu packages admin)
#:use-module (gnu packages bison)
+ #:use-module (gnu packages docbook)
#:use-module (gnu packages flex)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages swig)
- #:use-module (gnu packages textutils))
+ #:use-module (gnu packages textutils)
+ #:use-module (gnu packages xml))
;; Update the SELinux packages together!
@@ -206,3 +208,29 @@ the core SELinux management utilities.")
"The libsemanage library provides an API for the manipulation of SELinux
binary policies.")
(license license:lgpl2.1+)))
+
+(define-public secilc
+ (package (inherit libsepol)
+ (name "secilc")
+ (arguments
+ (substitute-keyword-arguments (package-arguments libsepol)
+ ((#:make-flags flags)
+ `(let ((docbook (assoc-ref %build-inputs "docbook-xsl")))
+ (cons (string-append "XMLTO=xmlto --skip-validation -x "
+ docbook "/xml/xsl/docbook-xsl-"
+ ,(package-version docbook-xsl)
+ "/manpages/docbook.xsl")
+ ,flags)))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (replace 'enter-dir
+ (lambda _ (chdir ,name) #t))))))
+ (inputs
+ `(("libsepol" ,libsepol)))
+ (native-inputs
+ `(("xmlto" ,xmlto)
+ ("docbook-xsl" ,docbook-xsl)))
+ (synopsis "SELinux common intermediate language (CIL) compiler")
+ (description "The SELinux CIL compiler is a compiler that converts the
+@dfn{common intermediate language} (CIL) into a kernel binary policy file.")
+ (license license:bsd-2)))
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 7/9] gnu: Add python-ipy.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-7-rekado@elephly.net
* gnu/packages/networking.scm (python-ipy): New variable.
---
gnu/packages/networking.scm | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)

Toggle diff (39 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index cb9903791..efef2d5a7 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016 Stefan Reichör <stefan@xsteve.at>
;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com>
@@ -1122,6 +1122,24 @@ IPFIX, RSPAN, CLI, LACP, 802.1ag).")
license:bsd-2 license:bsd-3
license:asl2.0)))) ; all other
+(define-public python-ipy
+ (package
+ (name "python-ipy")
+ (version "0.83")
+ (source (origin
+ (method url-fetch)
+ (uri (pypi-uri "IPy" version))
+ (sha256
+ (base32
+ "1f6sdrxclifky4gvkf4gvyv5hx3fjh8vzspnfrqki6qm5d9mmnk1"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/autocracy/python-ipy/")
+ (synopsis "Python class and tools for handling IP addresses and networks")
+ (description "The @code{IP} class allows a comfortable parsing and
+handling for most notations in use for IPv4 and IPv6 addresses and
+networks.")
+ (license license:bsd-3)))
+
(define-public speedtest-cli
(package
(name "speedtest-cli")
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 8/9] gnu: Add python-setools.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-8-rekado@elephly.net
* gnu/packages/selinux.scm (python-setools): New variable.
---
gnu/packages/selinux.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)

Toggle diff (62 lines)
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 8f3750daf..05197b85c 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -286,3 +286,55 @@ as produced by the audit system. It has facilities for generating policy
based on required access.")
;; GPLv2 only
(license license:gpl2)))
+
+;; The latest 4.1.x version does not work with the latest 2.6 release of
+;; policycoreutils, so we use the last 4.0.x release.
+(define-public python-setools
+ (package
+ (name "python-setools")
+ (version "4.0.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/TresysTechnology/"
+ "setools/archive/" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1zndpl4ck5c23p7s4sci06db89q1w87jig3jbd4f8s1ggy3lj82c"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:tests? #f ; the test target causes a rebuild
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'set-SEPOL-variable
+ (lambda* (#:key inputs #:allow-other-keys)
+ (setenv "SEPOL"
+ (string-append (assoc-ref inputs "libsepol")
+ "/lib/libsepol.a"))))
+ (add-after 'unpack 'remove-Werror
+ (lambda _
+ (substitute* "setup.py"
+ (("'-Werror',") ""))
+ #t))
+ (add-after 'unpack 'fix-target-paths
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "setup.py"
+ (("join\\(sys.prefix")
+ (string-append "join(\"" (assoc-ref outputs "out") "/\"")))
+ #t)))))
+ (propagated-inputs
+ `(("python-networkx" ,python-networkx)))
+ (inputs
+ `(("libsepol" ,libsepol)
+ ("libselinux" ,libselinux)))
+ (native-inputs
+ `(("bison" ,bison)
+ ("flex" ,flex)
+ ("swig" ,swig)))
+ (home-page "https://github.com/TresysTechnology/setools")
+ (synopsis "Tools for SELinux policy analysis")
+ (description "SETools is a collection of graphical tools, command-line
+tools, and libraries designed to facilitate SELinux policy analysis.")
+ ;; Some programs are under GPL, all libraries under LGPL.
+ (license (list license:lgpl2.1+
+ license:gpl2+))))
--
2.12.2
R
R
Ricardo Wurmus wrote on 19 Apr 2017 16:29
[PATCH 9/9] gnu: Add policycoreutils.
(address . 26561@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)
20170419142918.11688-9-rekado@elephly.net
* gnu/packages/selinux.scm (policycoreutils): New variable.
---
gnu/local.mk | 1 +
...policycoreutils-make-sepolicy-use-python3.patch | 335 +++++++++++++++++++++
gnu/packages/selinux.scm | 135 +++++++++
3 files changed, 471 insertions(+)
create mode 100644 gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch

Toggle diff (469 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 77302573a..79ffbe2fe 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -856,6 +856,7 @@ dist_patch_DATA = \
%D%/packages/patches/plink-endian-detection.patch \
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
%D%/packages/patches/polkit-drop-test.patch \
+ %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \
%D%/packages/patches/portaudio-audacity-compat.patch \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
diff --git a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
new file mode 100644
index 000000000..befe9fbb2
--- /dev/null
+++ b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
@@ -0,0 +1,335 @@
+Downloaded from https://anonscm.debian.org/cgit/selinux/policycoreutils.git/plain/debian/patches/policycoreutils-Make-sepolicy-work-with-python3.patch
+
+From 2d7ca0b862a35196d562f59bd098df011fd7f0e6 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville <bigon@bigon.be>
+Date: Mon, 7 Nov 2016 10:51:08 +0100
+Subject: [PATCH] policycoreutils: Make sepolicy work with python3
+
+Add python3 support for sepolicy
+
+Signed-off-by: Laurent Bigonville <bigon@bigon.be>
+---
+ policycoreutils/sepolicy/selinux_client.py | 6 ++--
+ policycoreutils/sepolicy/sepolicy.py | 38 ++++++++++++------------
+ policycoreutils/sepolicy/sepolicy/__init__.py | 16 ++++++----
+ policycoreutils/sepolicy/sepolicy/communicate.py | 4 +--
+ policycoreutils/sepolicy/sepolicy/generate.py | 30 +++++++++----------
+ policycoreutils/sepolicy/sepolicy/interface.py | 14 ++++++---
+ policycoreutils/sepolicy/sepolicy/manpage.py | 7 +++--
+ 7 files changed, 65 insertions(+), 50 deletions(-)
+
+diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py
+index 7f4a91c..dc29f28 100644
+--- a/sepolicy/selinux_client.py
++++ b/sepolicy/selinux_client.py
+@@ -39,6 +39,6 @@ if __name__ == "__main__":
+ try:
+ dbus_proxy = SELinuxDBus()
+ resp = dbus_proxy.customized()
+- print convert_customization(resp)
+- except dbus.DBusException, e:
+- print e
++ print(convert_customization(resp))
++ except dbus.DBusException as e:
++ print(e)
+diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
+index 3e502a7..5bf9b52 100755
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -262,7 +262,7 @@ def _print_net(src, protocol, perm):
+ if len(portdict) > 0:
+ bold_start = "\033[1m"
+ bold_end = "\033[0;0m"
+- print "\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end
++ print("\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end)
+ port_strings = []
+ boolean_text = ""
+ for p in portdict:
+@@ -275,7 +275,7 @@ def _print_net(src, protocol, perm):
+ port_strings.append("%s (%s)" % (", ".join(recs), t))
+ port_strings.sort(numcmp)
+ for p in port_strings:
+- print "\t" + p
++ print("\t" + p)
+
+
+ def network(args):
+@@ -286,7 +286,7 @@ def network(args):
+ if i[0] not in all_ports:
+ all_ports.append(i[0])
+ all_ports.sort()
+- print "\n".join(all_ports)
++ print("\n".join(all_ports))
+
+ for port in args.port:
+ found = False
+@@ -297,18 +297,18 @@ def network(args):
+ else:
+ range = "%s-%s" % (i[0], i[1])
+ found = True
+- print "%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)
++ print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range))
+ if not found:
+ if port < 500:
+- print "Undefined reserved port type"
++ print("Undefined reserved port type")
+ else:
+- print "Undefined port type"
++ print("Undefined port type")
+
+ for t in args.type:
+ if (t, 'tcp') in portrecs.keys():
+- print "%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))
++ print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])))
+ if (t, 'udp') in portrecs.keys():
+- print "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))
++ print( "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])))
+
+ for a in args.applications:
+ d = sepolicy.get_init_transtype(a)
+@@ -357,7 +357,7 @@ def manpage(args):
+
+ for domain in test_domains:
+ m = ManPage(domain, path, args.root, args.source_files, args.web)
+- print m.get_man_page_path()
++ print(m.get_man_page_path())
+
+ if args.web:
+ HTMLManPages(manpage_roles, manpage_domains, path, args.os)
+@@ -418,7 +418,7 @@ def communicate(args):
+ out = list(set(writable) & set(readable))
+
+ for t in out:
+- print t
++ print(t)
+
+
+ def gen_communicate_args(parser):
+@@ -445,7 +445,7 @@ def booleans(args):
+ args.booleans.sort()
+
+ for b in args.booleans:
+- print "%s=_(\"%s\")" % (b, boolean_desc(b))
++ print("%s=_(\"%s\")" % (b, boolean_desc(b)))
+
+
+ def gen_booleans_args(parser):
+@@ -484,16 +484,16 @@ def print_interfaces(interfaces, args, append=""):
+ for i in interfaces:
+ if args.verbose:
+ try:
+- print get_interface_format_text(i + append)
++ print(get_interface_format_text(i + append))
+ except KeyError:
+- print i
++ print(i)
+ if args.compile:
+ try:
+ interface_compile_test(i)
+ except KeyError:
+- print i
++ print(i)
+ else:
+- print i
++ print(i)
+
+
+ def interface(args):
+@@ -565,7 +565,7 @@ def generate(args):
+ if args.policytype in APPLICATIONS:
+ mypolicy.gen_writeable()
+ mypolicy.gen_symbols()
+- print mypolicy.generate(args.path)
++ print(mypolicy.generate(args.path))
+
+
+ def gen_interface_args(parser):
+@@ -698,12 +698,12 @@ if __name__ == '__main__':
+ args = parser.parse_args(args=parser_args)
+ args.func(args)
+ sys.exit(0)
+- except ValueError, e:
++ except ValueError as e:
+ sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
+ sys.exit(1)
+- except IOError, e:
++ except IOError as e:
+ sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
+ sys.exit(1)
+ except KeyboardInterrupt:
+- print "Out"
++ print("Out")
+ sys.exit(0)
+diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
+index 8fbd5b4..fee6438 100644
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -695,7 +695,7 @@ def get_methods():
+ # List of per_role_template interfaces
+ ifs = interfaces.InterfaceSet()
+ ifs.from_file(fd)
+- methods = ifs.interfaces.keys()
++ methods = list(ifs.interfaces.keys())
+ fd.close()
+ except:
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
+@@ -752,7 +752,10 @@ def get_all_entrypoint_domains():
+
+
+ def gen_interfaces():
+- import commands
++ try:
++ from commands import getstatusoutput
++ except ImportError:
++ from subprocess import getstatusoutput
+ ifile = defaults.interface_info()
+ headers = defaults.headers()
+ try:
+@@ -763,7 +766,7 @@ def gen_interfaces():
+
+ if os.getuid() != 0:
+ raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen"))
+- print(commands.getstatusoutput("/usr/bin/sepolgen-ifgen")[1])
++ print(getstatusoutput("/usr/bin/sepolgen-ifgen")[1])
+
+
+ def gen_port_dict():
+@@ -1085,8 +1088,11 @@ def get_os_version():
+ os_version = ""
+ pkg_name = "selinux-policy"
+ try:
+- import commands
+- rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
++ try:
++ from commands import getstatusoutput
++ except ImportError:
++ from subprocess import getstatusoutput
++ rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
+ if rc == 0:
+ os_version = output.split(".")[-2]
+ except:
+diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py
+index b96c4b9..299316e 100755
+--- a/sepolicy/sepolicy/communicate.py
++++ b/sepolicy/sepolicy/communicate.py
+@@ -34,8 +34,8 @@ def usage(parser, msg):
+
+ def expand_attribute(attribute):
+ try:
+- return sepolicy.info(sepolicy.ATTRIBUTE, attribute)[0]["types"]
+- except RuntimeError:
++ return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"])
++ except StopIteration:
+ return [attribute]
+
+
+diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
+index 65b33b6..5696110 100644
+--- a/sepolicy/sepolicy/generate.py
++++ b/sepolicy/sepolicy/generate.py
+@@ -31,21 +31,21 @@ import time
+ import types
+ import platform
+
+-from templates import executable
+-from templates import boolean
+-from templates import etc_rw
+-from templates import unit_file
+-from templates import var_cache
+-from templates import var_spool
+-from templates import var_lib
+-from templates import var_log
+-from templates import var_run
+-from templates import tmp
+-from templates import rw
+-from templates import network
+-from templates import script
+-from templates import spec
+-from templates import user
++from .templates import executable
++from .templates import boolean
++from .templates import etc_rw
++from .templates import unit_file
++from .templates import var_cache
++from .templates import var_spool
++from .templates import var_lib
++from .templates import var_log
++from .templates import var_run
++from .templates import tmp
++from .templates import rw
++from .templates import network
++from .templates import script
++from .templates import spec
++from .templates import user
+ import sepolgen.interfaces as interfaces
+ import sepolgen.defaults as defaults
+
+diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
+index c2cb971..8956f39 100644
+--- a/sepolicy/sepolicy/interface.py
++++ b/sepolicy/sepolicy/interface.py
+@@ -192,10 +192,13 @@ def generate_compile_te(interface, idict, name="compiletest"):
+ def get_xml_file(if_file):
+ """ Returns xml format of interfaces for given .if policy file"""
+ import os
+- import commands
++ try:
++ from commands import getstatusoutput
++ except ImportError:
++ from subprocess import getstatusoutput
+ basedir = os.path.dirname(if_file) + "/"
+ filename = os.path.basename(if_file).split(".")[0]
+- rc, output = commands.getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename)
++ rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename)
+ if rc != 0:
+ sys.stderr.write("\n Could not proceed selected interface file.\n")
+ sys.stderr.write("\n%s" % output)
+@@ -208,7 +211,10 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
+ exclude_interfaces = ["userdom", "kernel", "corenet", "files", "dev"]
+ exclude_interface_type = ["template"]
+
+- import commands
++ try:
++ from commands import getstatusoutput
++ except ImportError:
++ from subprocess import getstatusoutput
+ import os
+ policy_files = {'pp': "compiletest.pp", 'te': "compiletest.te", 'fc': "compiletest.fc", 'if': "compiletest.if"}
+ idict = get_interface_dict(path)
+@@ -219,7 +225,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
+ fd = open(policy_files['te'], "w")
+ fd.write(generate_compile_te(interface, idict))
+ fd.close()
+- rc, output = commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'])
++ rc, output = getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'])
+ if rc != 0:
+ sys.stderr.write(output)
+ sys.stderr.write(_("\nCompile test for %s failed.\n") % interface)
+diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
+index 7365f93..773a9ab 100755
+--- a/sepolicy/sepolicy/manpage.py
++++ b/sepolicy/sepolicy/manpage.py
+@@ -27,7 +27,6 @@ __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_d
+ import string
+ import selinux
+ import sepolicy
+-import commands
+ import os
+ import time
+
+@@ -162,7 +161,11 @@ def get_alphabet_manpages(manpage_list):
+
+
+ def convert_manpage_to_html(html_manpage, manpage):
+- rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
++ try:
++ from commands import getstatusoutput
++ except ImportError:
++ from subprocess import getstatusoutput
++ rc, output = getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
+ if rc == 0:
+ print(html_manpage, "has been created")
+ fd = open(html_manpage, 'w')
+--
+2.10.2
+
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 05197b85c..7acda89a6 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -28,6 +28,10 @@
#:use-module (gnu packages bison)
#:use-module (gnu packages docbook)
#:use-module (gnu packages flex)
+ #:use-module (gnu packages gettext)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages networking)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
@@ -338,3 +342,134 @@ tools, and libraries designed to facilitate SELinux policy analysis.")
;; Some programs are under GPL, all libraries under LGPL.
(license (list license:lgpl2.1+
license:gpl2+))))
+
+(define-public policycoreutils
+ (package (inherit libsepol)
+ (name "policycoreutils")
+ (source
+ (origin (inherit (package-source libsepol))
+ (patches (search-patches "policycoreutils-make-sepolicy-use-python3.patch"))
+ (patch-flags '("-p1" "-d" "policycoreutils"))))
+ (arguments
+ `(#:test-target "test"
+ #:make-flags
+ (let ((out (assoc-ref %outputs "out")))
+ (list "CC=gcc"
+ (string-append "PREFIX=" out)
+ (string-append "LOCALEDIR=" out "/share/locale")
+ (string-append "BASHCOMPLETIONDIR=" out
+ "/share/bash-completion/completions")
+ "INSTALL=install -c -p"
+ "INSTALL_DIR=install -d"
+ ;; These ones are needed because some Makefiles define the
+ ;; directories relative to DESTDIR, not relative to PREFIX.
+ (string-append "SBINDIR=" out "/sbin")
+ (string-append "ETCDIR=" out "/etc")
+ (string-append "SYSCONFDIR=" out "/etc/sysconfig")
+ (string-append "MAN5DIR=" out "/share/man/man5")
+ (string-append "INSTALL_NLS_DIR=" out "/share/locale")
+ (string-append "AUTOSTARTDIR=" out "/etc/xdg/autostart")
+ (string-append "DBUSSERVICEDIR=" out "/share/dbus-1/services")
+ (string-append "SYSTEMDDIR=" out "/lib/systemd")
+ (string-append "INITDIR=" out "/etc/rc.d/init.d")
+ (string-append "SELINUXDIR=" out "/etc/selinux")))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after 'unpack 'enter-dir
+ (lambda _ (chdir ,name) #t))
+ (add-after 'enter-dir 'ignore-/usr-tests
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; The Makefile decides to build restorecond only if it finds the
+ ;; inotify header somewhere under /usr.
+ (substitute* "Makefile"
+ (("ifeq.*") "")
+ (("endif.*") ""))
+ ;; Rewrite lookup paths for header files.
+ (substitute* '("newrole/Makefile"
+ "setfiles/Makefile"
+ "run_init/Makefile")
+ (("/usr(/include/security/pam_appl.h)" _ file)
+ (string-append (assoc-ref inputs "pam") file))
+ (("/usr(/include/libaudit.h)" _ file)
+ (string-append (assoc-ref inputs "audit") file)))
+ #t))
+ (add-after 'enter-dir 'fix-glib-cflags
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "restorecond/Makefile"
+ (("/usr(/include/glib-2.0|/lib/glib-2.0/include)" _ path)
+ (string-append (assoc-ref inputs "glib") path))
+ (("/usr(/include/dbus-1.0|/lib/dbus-1.0/include)" _ path)
+ (string-append (assoc-ref inputs "dbus") path
+ " -I"
+ (assoc-ref inputs "dbus-glib") path)))
+ #t))
+ (add-after 'enter-dir 'fix-linkage-with-libsepol
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* '("semodule_deps/Makefile"
+ "sepolgen-ifgen/Makefile")
+ (("\\$\\(LIBDIR\\)")
+ (string-append (assoc-ref inputs "libsepol") "/lib/")))))
+ (add-after 'enter-dir 'fix-target-paths
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (substitute* "audit2allow/sepolgen-ifgen"
+ (("ATTR_HELPER = \"/usr/bin/sepolgen-ifgen-attr-helper\"")
+ (string-append "ATTR_HELPER = \"" out
+ "/bin/sepolgen-ifgen-attr-helper\"")))
+ (substitute* "sepolicy/sepolicy/__init__.py"
+ (("/usr/bin/sepolgen-ifgen")
+ (string-append out "/bin/sepolgen-ifgen")))
+ (substitute* "sepolicy/Makefile"
+ ;; By default all Python files would be installed to
+ ;; $out/gnu/store/...-python-.../.
+ (("setup.py install.*$")
+ (string-append "setup.py install --prefix=" out "\n"))
+ (("\\$\\(DESTDIR\\)/etc")
+ (string-append out "/etc"))
+ (("\\$\\(DESTDIR\\)/usr") out)))
+ #t))
+ (add-after 'install 'wrap-python-tools
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (var (string-append out "/lib/python3.5/site-packages:"
+ (getenv "PYTHONPATH"))))
+ ;; The scripts' shebangs tell Python to ignore the PYTHONPATH,
+ ;; so we need to patch them before wrapping.
+ (for-each (lambda (file)
+ (let ((path (string-append out "/" file)))
+
This message was truncated. Download the full message here.
M
M
Marius Bakke wrote on 19 Apr 2017 21:57
Re: bug#26561: [PATCH 1/9] gnu: Add libsepol.
(name . Ricardo Wurmus)(address . rekado@elephly.net)
87wpagtbl2.fsf@fastmail.com
Ricardo Wurmus <rekado@elephly.net> writes:

Toggle quote (72 lines)
> * gnu/packages/selinux.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> ---
> gnu/local.mk | 1 +
> gnu/packages/selinux.scm | 71 ++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 72 insertions(+)
> create mode 100644 gnu/packages/selinux.scm
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 5822add4c..77302573a 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -342,6 +342,7 @@ GNU_SYSTEM_MODULES = \
> %D%/packages/sdl.scm \
> %D%/packages/search.scm \
> %D%/packages/security-token.scm \
> + %D%/packages/selinux.scm \
> %D%/packages/serialization.scm \
> %D%/packages/serveez.scm \
> %D%/packages/shells.scm \
> diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
> new file mode 100644
> index 000000000..75758dd6b
> --- /dev/null
> +++ b/gnu/packages/selinux.scm
> @@ -0,0 +1,71 @@
> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
> +;;;
> +;;; This file is part of GNU Guix.
> +;;;
> +;;; GNU Guix is free software; you can redistribute it and/or modify it
> +;;; under the terms of the GNU General Public License as published by
> +;;; the Free Software Foundation; either version 3 of the License, or (at
> +;;; your option) any later version.
> +;;;
> +;;; GNU Guix is distributed in the hope that it will be useful, but
> +;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +;;; GNU General Public License for more details.
> +;;;
> +;;; You should have received a copy of the GNU General Public License
> +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
> +
> +(define-module (gnu packages selinux)
> + #:use-module ((guix licenses) #:prefix license:)
> + #:use-module (guix packages)
> + #:use-module (guix download)
> + #:use-module (guix utils)
> + #:use-module (guix build-system gnu)
> + #:use-module (gnu packages)
> + #:use-module (gnu packages flex))
> +
> +;; Update the SELinux packages together!
> +
> +(define-public libsepol
> + (package
> + (name "libsepol")
> + (version "2.6")
> + (source (let ((release "20161014"))
> + (origin
> + (method url-fetch)
> + (uri (string-append "https://github.com/SELinuxProject/selinux/"
> + "archive/" release ".tar.gz"))
> + (file-name (string-append "selinux-" release ".tar.gz"))
> + (sha256
> + (base32
> + "1dpwynfb6n31928343blac4159g4jbrwxdp61q5yffmxpy3c3czi")))))
> + (build-system gnu-build-system)
> + (arguments
> + `(#:tests? #f ; tests require checkpolicy, which requires libsepol

I guess we could work around this as with other circular dependencies,
but that can be done later.

Toggle quote (18 lines)
> + #:test-target "test"
> + #:make-flags
> + (let ((out (assoc-ref %outputs "out")))
> + (list (string-append "PREFIX=" out)
> + (string-append "DESTDIR=" out)
> + (string-append "MAN3DIR=" out "/share/man/man3")
> + (string-append "MAN5DIR=" out "/share/man/man5")
> + (string-append "MAN8DIR=" out "/share/man/man8")
> + (string-append "LDFLAGS=-Wl,-rpath=" out "/lib")
> + "CC=gcc"))
> + #:phases
> + (modify-phases %standard-phases
> + (delete 'configure)
> + (add-after 'unpack 'enter-dir
> + (lambda _ (chdir ,name) #t)))))
> + (native-inputs
> + `(("flex" ,flex)))
> + (home-page "http://selinuxproject.org/")
^^^
https*

Toggle quote (10 lines)
> + (synopsis "Library for manipulating SELinux policies")
> + (description
> + "The libsepol library provides an API for the manipulation of SELinux
> +binary policies. It is used by @code{checkpolicy} (the policy compiler) and
> +similar tools, and programs such as @code{load_policy}, which must perform
> +specific transformations on binary policies (for example, customizing policy
> +boolean settings).")
> + (license license:lgpl2.1+)))
> --
> 2.12.2
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlj3wRkACgkQoqBt8qM6
VPq7VAgAh2ETG41UC+VhHj7wpNdtlxzvH4DZrF7yNQs4cJBndPYnfCtMgfVOn1oW
YDnTpzVMCnGteIlrBKnWYDEYSvCO+XyLRylJ6+4af/aj5tb07J1tYFCljNLexiz2
6t0n+F6Z2JPnBoaH7l+ue7aJ374V8/Iqq/HY301wx6+J+qruqeFVxq5aVB1xVmW0
w7AoEmpHImfzDt3scBAKkYdL4vNl1qCNHKq8DhhGuvf6nhg8lUcDk2WSG0Q/RsjO
UYHk6mwkHBQxSa8krB3EGgZEHaPhFSP3SFI59htFz+OnzWXypmVbaF0nuVcPlY0w
4b12bPg0hus0YkpV7CcEJlM036gYHw==
=pCxA
-----END PGP SIGNATURE-----

M
M
Marius Bakke wrote on 19 Apr 2017 21:59
Re: bug#26561: [PATCH 9/9] gnu: Add policycoreutils.
(name . Ricardo Wurmus)(address . rekado@elephly.net)
87tw5ktbha.fsf@fastmail.com
Ricardo Wurmus <rekado@elephly.net> writes:

Toggle quote (460 lines)
> * gnu/packages/selinux.scm (policycoreutils): New variable.
> ---
> gnu/local.mk | 1 +
> ...policycoreutils-make-sepolicy-use-python3.patch | 335 +++++++++++++++++++++
> gnu/packages/selinux.scm | 135 +++++++++
> 3 files changed, 471 insertions(+)
> create mode 100644 gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 77302573a..79ffbe2fe 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -856,6 +856,7 @@ dist_patch_DATA = \
> %D%/packages/patches/plink-endian-detection.patch \
> %D%/packages/patches/plotutils-libpng-jmpbuf.patch \
> %D%/packages/patches/polkit-drop-test.patch \
> + %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \
> %D%/packages/patches/portaudio-audacity-compat.patch \
> %D%/packages/patches/portmidi-modular-build.patch \
> %D%/packages/patches/procmail-ambiguous-getline-debian.patch \
> diff --git a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
> new file mode 100644
> index 000000000..befe9fbb2
> --- /dev/null
> +++ b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch
> @@ -0,0 +1,335 @@
> +Downloaded from https://anonscm.debian.org/cgit/selinux/policycoreutils.git/plain/debian/patches/policycoreutils-Make-sepolicy-work-with-python3.patch
> +
> +From 2d7ca0b862a35196d562f59bd098df011fd7f0e6 Mon Sep 17 00:00:00 2001
> +From: Laurent Bigonville <bigon@bigon.be>
> +Date: Mon, 7 Nov 2016 10:51:08 +0100
> +Subject: [PATCH] policycoreutils: Make sepolicy work with python3
> +
> +Add python3 support for sepolicy
> +
> +Signed-off-by: Laurent Bigonville <bigon@bigon.be>
> +---
> + policycoreutils/sepolicy/selinux_client.py | 6 ++--
> + policycoreutils/sepolicy/sepolicy.py | 38 ++++++++++++------------
> + policycoreutils/sepolicy/sepolicy/__init__.py | 16 ++++++----
> + policycoreutils/sepolicy/sepolicy/communicate.py | 4 +--
> + policycoreutils/sepolicy/sepolicy/generate.py | 30 +++++++++----------
> + policycoreutils/sepolicy/sepolicy/interface.py | 14 ++++++---
> + policycoreutils/sepolicy/sepolicy/manpage.py | 7 +++--
> + 7 files changed, 65 insertions(+), 50 deletions(-)
> +
> +diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py
> +index 7f4a91c..dc29f28 100644
> +--- a/sepolicy/selinux_client.py
> ++++ b/sepolicy/selinux_client.py
> +@@ -39,6 +39,6 @@ if __name__ == "__main__":
> + try:
> + dbus_proxy = SELinuxDBus()
> + resp = dbus_proxy.customized()
> +- print convert_customization(resp)
> +- except dbus.DBusException, e:
> +- print e
> ++ print(convert_customization(resp))
> ++ except dbus.DBusException as e:
> ++ print(e)
> +diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
> +index 3e502a7..5bf9b52 100755
> +--- a/sepolicy/sepolicy.py
> ++++ b/sepolicy/sepolicy.py
> +@@ -262,7 +262,7 @@ def _print_net(src, protocol, perm):
> + if len(portdict) > 0:
> + bold_start = "\033[1m"
> + bold_end = "\033[0;0m"
> +- print "\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end
> ++ print("\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end)
> + port_strings = []
> + boolean_text = ""
> + for p in portdict:
> +@@ -275,7 +275,7 @@ def _print_net(src, protocol, perm):
> + port_strings.append("%s (%s)" % (", ".join(recs), t))
> + port_strings.sort(numcmp)
> + for p in port_strings:
> +- print "\t" + p
> ++ print("\t" + p)
> +
> +
> + def network(args):
> +@@ -286,7 +286,7 @@ def network(args):
> + if i[0] not in all_ports:
> + all_ports.append(i[0])
> + all_ports.sort()
> +- print "\n".join(all_ports)
> ++ print("\n".join(all_ports))
> +
> + for port in args.port:
> + found = False
> +@@ -297,18 +297,18 @@ def network(args):
> + else:
> + range = "%s-%s" % (i[0], i[1])
> + found = True
> +- print "%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)
> ++ print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range))
> + if not found:
> + if port < 500:
> +- print "Undefined reserved port type"
> ++ print("Undefined reserved port type")
> + else:
> +- print "Undefined port type"
> ++ print("Undefined port type")
> +
> + for t in args.type:
> + if (t, 'tcp') in portrecs.keys():
> +- print "%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))
> ++ print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])))
> + if (t, 'udp') in portrecs.keys():
> +- print "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))
> ++ print( "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])))
> +
> + for a in args.applications:
> + d = sepolicy.get_init_transtype(a)
> +@@ -357,7 +357,7 @@ def manpage(args):
> +
> + for domain in test_domains:
> + m = ManPage(domain, path, args.root, args.source_files, args.web)
> +- print m.get_man_page_path()
> ++ print(m.get_man_page_path())
> +
> + if args.web:
> + HTMLManPages(manpage_roles, manpage_domains, path, args.os)
> +@@ -418,7 +418,7 @@ def communicate(args):
> + out = list(set(writable) & set(readable))
> +
> + for t in out:
> +- print t
> ++ print(t)
> +
> +
> + def gen_communicate_args(parser):
> +@@ -445,7 +445,7 @@ def booleans(args):
> + args.booleans.sort()
> +
> + for b in args.booleans:
> +- print "%s=_(\"%s\")" % (b, boolean_desc(b))
> ++ print("%s=_(\"%s\")" % (b, boolean_desc(b)))
> +
> +
> + def gen_booleans_args(parser):
> +@@ -484,16 +484,16 @@ def print_interfaces(interfaces, args, append=""):
> + for i in interfaces:
> + if args.verbose:
> + try:
> +- print get_interface_format_text(i + append)
> ++ print(get_interface_format_text(i + append))
> + except KeyError:
> +- print i
> ++ print(i)
> + if args.compile:
> + try:
> + interface_compile_test(i)
> + except KeyError:
> +- print i
> ++ print(i)
> + else:
> +- print i
> ++ print(i)
> +
> +
> + def interface(args):
> +@@ -565,7 +565,7 @@ def generate(args):
> + if args.policytype in APPLICATIONS:
> + mypolicy.gen_writeable()
> + mypolicy.gen_symbols()
> +- print mypolicy.generate(args.path)
> ++ print(mypolicy.generate(args.path))
> +
> +
> + def gen_interface_args(parser):
> +@@ -698,12 +698,12 @@ if __name__ == '__main__':
> + args = parser.parse_args(args=parser_args)
> + args.func(args)
> + sys.exit(0)
> +- except ValueError, e:
> ++ except ValueError as e:
> + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
> + sys.exit(1)
> +- except IOError, e:
> ++ except IOError as e:
> + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
> + sys.exit(1)
> + except KeyboardInterrupt:
> +- print "Out"
> ++ print("Out")
> + sys.exit(0)
> +diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
> +index 8fbd5b4..fee6438 100644
> +--- a/sepolicy/sepolicy/__init__.py
> ++++ b/sepolicy/sepolicy/__init__.py
> +@@ -695,7 +695,7 @@ def get_methods():
> + # List of per_role_template interfaces
> + ifs = interfaces.InterfaceSet()
> + ifs.from_file(fd)
> +- methods = ifs.interfaces.keys()
> ++ methods = list(ifs.interfaces.keys())
> + fd.close()
> + except:
> + sys.stderr.write("could not open interface info [%s]\n" % fn)
> +@@ -752,7 +752,10 @@ def get_all_entrypoint_domains():
> +
> +
> + def gen_interfaces():
> +- import commands
> ++ try:
> ++ from commands import getstatusoutput
> ++ except ImportError:
> ++ from subprocess import getstatusoutput
> + ifile = defaults.interface_info()
> + headers = defaults.headers()
> + try:
> +@@ -763,7 +766,7 @@ def gen_interfaces():
> +
> + if os.getuid() != 0:
> + raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen"))
> +- print(commands.getstatusoutput("/usr/bin/sepolgen-ifgen")[1])
> ++ print(getstatusoutput("/usr/bin/sepolgen-ifgen")[1])
> +
> +
> + def gen_port_dict():
> +@@ -1085,8 +1088,11 @@ def get_os_version():
> + os_version = ""
> + pkg_name = "selinux-policy"
> + try:
> +- import commands
> +- rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
> ++ try:
> ++ from commands import getstatusoutput
> ++ except ImportError:
> ++ from subprocess import getstatusoutput
> ++ rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
> + if rc == 0:
> + os_version = output.split(".")[-2]
> + except:
> +diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py
> +index b96c4b9..299316e 100755
> +--- a/sepolicy/sepolicy/communicate.py
> ++++ b/sepolicy/sepolicy/communicate.py
> +@@ -34,8 +34,8 @@ def usage(parser, msg):
> +
> + def expand_attribute(attribute):
> + try:
> +- return sepolicy.info(sepolicy.ATTRIBUTE, attribute)[0]["types"]
> +- except RuntimeError:
> ++ return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"])
> ++ except StopIteration:
> + return [attribute]
> +
> +
> +diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
> +index 65b33b6..5696110 100644
> +--- a/sepolicy/sepolicy/generate.py
> ++++ b/sepolicy/sepolicy/generate.py
> +@@ -31,21 +31,21 @@ import time
> + import types
> + import platform
> +
> +-from templates import executable
> +-from templates import boolean
> +-from templates import etc_rw
> +-from templates import unit_file
> +-from templates import var_cache
> +-from templates import var_spool
> +-from templates import var_lib
> +-from templates import var_log
> +-from templates import var_run
> +-from templates import tmp
> +-from templates import rw
> +-from templates import network
> +-from templates import script
> +-from templates import spec
> +-from templates import user
> ++from .templates import executable
> ++from .templates import boolean
> ++from .templates import etc_rw
> ++from .templates import unit_file
> ++from .templates import var_cache
> ++from .templates import var_spool
> ++from .templates import var_lib
> ++from .templates import var_log
> ++from .templates import var_run
> ++from .templates import tmp
> ++from .templates import rw
> ++from .templates import network
> ++from .templates import script
> ++from .templates import spec
> ++from .templates import user
> + import sepolgen.interfaces as interfaces
> + import sepolgen.defaults as defaults
> +
> +diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
> +index c2cb971..8956f39 100644
> +--- a/sepolicy/sepolicy/interface.py
> ++++ b/sepolicy/sepolicy/interface.py
> +@@ -192,10 +192,13 @@ def generate_compile_te(interface, idict, name="compiletest"):
> + def get_xml_file(if_file):
> + """ Returns xml format of interfaces for given .if policy file"""
> + import os
> +- import commands
> ++ try:
> ++ from commands import getstatusoutput
> ++ except ImportError:
> ++ from subprocess import getstatusoutput
> + basedir = os.path.dirname(if_file) + "/"
> + filename = os.path.basename(if_file).split(".")[0]
> +- rc, output = commands.getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename)
> ++ rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename)
> + if rc != 0:
> + sys.stderr.write("\n Could not proceed selected interface file.\n")
> + sys.stderr.write("\n%s" % output)
> +@@ -208,7 +211,10 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
> + exclude_interfaces = ["userdom", "kernel", "corenet", "files", "dev"]
> + exclude_interface_type = ["template"]
> +
> +- import commands
> ++ try:
> ++ from commands import getstatusoutput
> ++ except ImportError:
> ++ from subprocess import getstatusoutput
> + import os
> + policy_files = {'pp': "compiletest.pp", 'te': "compiletest.te", 'fc': "compiletest.fc", 'if': "compiletest.if"}
> + idict = get_interface_dict(path)
> +@@ -219,7 +225,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
> + fd = open(policy_files['te'], "w")
> + fd.write(generate_compile_te(interface, idict))
> + fd.close()
> +- rc, output = commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'])
> ++ rc, output = getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'])
> + if rc != 0:
> + sys.stderr.write(output)
> + sys.stderr.write(_("\nCompile test for %s failed.\n") % interface)
> +diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
> +index 7365f93..773a9ab 100755
> +--- a/sepolicy/sepolicy/manpage.py
> ++++ b/sepolicy/sepolicy/manpage.py
> +@@ -27,7 +27,6 @@ __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_d
> + import string
> + import selinux
> + import sepolicy
> +-import commands
> + import os
> + import time
> +
> +@@ -162,7 +161,11 @@ def get_alphabet_manpages(manpage_list):
> +
> +
> + def convert_manpage_to_html(html_manpage, manpage):
> +- rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
> ++ try:
> ++ from commands import getstatusoutput
> ++ except ImportError:
> ++ from subprocess import getstatusoutput
> ++ rc, output = getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
> + if rc == 0:
> + print(html_manpage, "has been created")
> + fd = open(html_manpage, 'w')
> +--
> +2.10.2
> +
> diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
> index 05197b85c..7acda89a6 100644
> --- a/gnu/packages/selinux.scm
> +++ b/gnu/packages/selinux.scm
> @@ -28,6 +28,10 @@
> #:use-module (gnu packages bison)
> #:use-module (gnu packages docbook)
> #:use-module (gnu packages flex)
> + #:use-module (gnu packages gettext)
> + #:use-module (gnu packages glib)
> + #:use-module (gnu packages linux)
> + #:use-module (gnu packages networking)
> #:use-module (gnu packages pcre)
> #:use-module (gnu packages pkg-config)
> #:use-module (gnu packages python)
> @@ -338,3 +342,134 @@ tools, and libraries designed to facilitate SELinux policy analysis.")
> ;; Some programs are under GPL, all libraries under LGPL.
> (license (list license:lgpl2.1+
> license:gpl2+))))
> +
> +(define-public policycoreutils
> + (package (inherit libsepol)
> + (name "policycoreutils")
> + (source
> + (origin (inherit (package-source libsepol))
> + (patches (search-patches "policycoreutils-make-sepolicy-use-python3.patch"))
> + (patch-flags '("-p1" "-d" "policycoreutils"))))
> + (arguments
> + `(#:test-target "test"
> + #:make-flags
> + (let ((out (assoc-ref %outputs "out")))
> + (list "CC=gcc"
> + (string-append "PREFIX=" out)
> + (string-append "LOCALEDIR=" out "/share/locale")
> + (string-append "BASHCOMPLETIONDIR=" out
> + "/share/bash-completion/completions")
> + "INSTALL=install -c -p"
> + "INSTALL_DIR=install -d"
> + ;; These ones are needed because some Makefiles define the
> + ;; directories relative to DESTDIR, not relative to PREFIX.
> + (string-append "SBINDIR=" out "/sbin")
> + (string-append "ETCDIR=" out "/etc")
> + (string-append "SYSCONFDIR=" out "/etc/sysconfig")
> + (string-append "MAN5DIR=" out "/share/man/man5")
> + (string-append "INSTALL_NLS_DIR=" out "/share/locale")
> + (string-append "AUTOSTARTDIR=" out "/etc/xdg/autostart")
> + (string-append "DBUSSERVICEDIR=" out "/share/dbus-1/services")
> + (string-append "SYSTEMDDIR=" out "/lib/systemd")
> + (string-append "INITDIR=" out "/etc/rc.d/init.d")
> + (string-append "SELINUXDIR=" out "/etc/selinux")))
> + #:phases
> + (modify-phases %standard-phases
> + (delete 'configure)
> + (add-after 'unpack 'enter-dir
> + (lambda _ (chdir ,name) #t))
> + (add-after 'enter-dir 'ignore-/usr-tests
> + (lambda* (#:key inputs #:allow-other-keys)
> + ;; The Makefile decides to build restorecond only if it finds the
> + ;; inotify header somewhere under /usr.
> + (substitute* "Makefile"
> + (("ifeq.*") "")
> + (("endif.*") ""))
> + ;; Rewrite lookup paths for header files.
> + (substitute* '("newrole/Makefile"
> + "setfiles/Makefile"
> + "run_init/Makefile")
> + (("/usr(/include/security/pam_appl.h)" _ file)
> + (string-append (assoc-ref inputs "pam") file))
> + (("/usr(/include/libaudit.h)" _ file)
> + (string-append (assoc-ref inputs "audit") file)))
> + #t))
> + (add-after 'enter-dir 'fix-glib-cflags
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "restorecond/Makefile"
> + (("/usr(/include/glib-2.0|/lib/glib-2.0/include)" _ path)
> + (string-append (assoc-ref inputs "glib") path))
> + (("/usr(/include/dbus-1.0|/lib/dbus-1.0/include)" _ path)
> + (string-append (assoc-ref inputs "dbus") path
> + " -I"
> + (assoc-ref inputs "dbus-glib") path)))
> + #t))
> + (add-after 'enter-dir 'fix-linkage-with-libsepol
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* '("semodule_deps/Makefile"
> + "sepolgen-ifgen/Makefile")
> + (("\\$\\(LIBDIR\\)")
> + (string-append (assoc-ref inputs "libsepol") "/lib/")))))
> + (add-after 'enter-dir 'fix-target-paths
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let ((out (assoc-ref outputs "out")))
> + (substitute* "audit2allow/sepolgen-ifgen"
> + (("ATTR_HELPER = \"/usr/bin/sepolgen-ifgen-attr-helper\"")
> + (string-append "ATTR_HELPER = \"" out
> + "/bin/sepolgen-ifgen-attr-helper\"")))
> + (substitute* "sepolicy/sepolicy/__init__.py"
> + (("/usr/bin/sepolgen-ifgen")
> + (string-append out "/bin/sepolgen-ifgen")))
> + (substitute* "sepolicy/Makefile"
> +
This message was truncated. Download the full message here.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlj3waEACgkQoqBt8qM6
VPoB6Af+JgrS7WT/eSivtmEieW1tEQY92bLNibSOPHuX+D6kH0oFnZBeJc2iaejH
69x1DJVBQXuPCBiDHED0G/Y2wBt3tBrbMDePL+WYJuF8xHuR+JinINoOvl/+roZ1
gltMFWHiVJEVjyCnsCUDTEhO4hbPNYf0+X6MNTvXsFQwu7f+WhC2NjDrJV+q46vn
XLvtZYpKyiqNlepVrKKf2iRyAXdpi2P9QO96E6E7PmNOTgshqWe5vy28rHrtKDKU
V7+rd0IIJ6WjtiTCgoYmK4kOdWV9fxoH951798KwiNulyZ6hP9b7X9CNbvUfifX0
2bIuMJ/rlLPi5kOOQXZIoIp4q8vpbg==
=HFNl
-----END PGP SIGNATURE-----

M
M
Marius Bakke wrote on 19 Apr 2017 22:01
Re: bug#26561: [PATCH 0/9] SELinux
(name . Ricardo Wurmus)(address . rekado@elephly.net)
87r30otbe3.fsf@fastmail.com
Ricardo Wurmus <rekado@elephly.net> writes:

Toggle quote (13 lines)
> This patch series adds SELinux libraries and tools.
>
> Ricardo Wurmus (9):
> gnu: Add libsepol.
> gnu: Add checkpolicy.
> gnu: Add libselinux.
> gnu: Add libsemanage.
> gnu: Add secilc.
> gnu: Add python-sepolgen.
> gnu: Add python-ipy.
> gnu: Add python-setools.
> gnu: Add policycoreutils.

Wow, amazing work! I've read through the patches and they LGTM apart
from the minor nitpicks sent separately. Thanks a lot for this!
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlj3whUACgkQoqBt8qM6
VPoc9ggAxO4bmBxiM2m3ZTP5MmKLAtTNmM/iioBy38pzRQJrOYOANpK5ZPFkCiuS
7djGpJXIZyaq5xv2YBexuoFLF0tdF9kJbLYqluySatHHP8MBbQuWMDsUYpwVEV5T
/kOL0EUWjNl9RtkJBqMlqhsLCEmbChcOJeI1FaNvlqdtA+r2IfwEjXXcNkeJVcnW
yGxVbti1vardaBUOTa6yW+DAMvNtLgc4Hv6xpOKOr3hAPgpCGxbaSFr81R3aD+BO
Yno77fzpSIsqTMIm/U6YoUG7I3Za0p6JpMOsDJ195V2lX+FrsSFbQEM8XGMo+qNd
+/hANDqutKhilgo7JrWNf7x1ciLG3Q==
=i4CS
-----END PGP SIGNATURE-----

J
J
julien lepiller wrote on 20 Apr 2017 10:30
(address . 26561@debbugs.gnu.org)
e846b49f5c4dbd643d2772473c1ea7cc@lepiller.eu
Le 2017-04-19 22:01, Marius Bakke a écrit :
Toggle quote (18 lines)
> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> This patch series adds SELinux libraries and tools.
>>
>> Ricardo Wurmus (9):
>> gnu: Add libsepol.
>> gnu: Add checkpolicy.
>> gnu: Add libselinux.
>> gnu: Add libsemanage.
>> gnu: Add secilc.
>> gnu: Add python-sepolgen.
>> gnu: Add python-ipy.
>> gnu: Add python-setools.
>> gnu: Add policycoreutils.
>
> Wow, amazing work! I've read through the patches and they LGTM apart
> from the minor nitpicks sent separately. Thanks a lot for this!

How exciting!

I once tried to install all that on my LFS system, but I couldn't find
how to enable SELinux (setenforce 1 wouldn't work). Could you explain
what steps need to be taken so I can activate SELinux on GuixSD? Or what
is still laking? Could we imagine configuring the policy from the
operating-system declaration?
R
R
Ricardo Wurmus wrote on 22 Apr 2017 00:21
Re: bug#26561: [PATCH 1/9] gnu: Add libsepol.
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 26561@debbugs.gnu.org)
87bmrptn9b.fsf@elephly.net
Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (6 lines)
>> + (native-inputs
>> + `(("flex" ,flex)))
>> + (home-page "http://selinuxproject.org/")
> ^^^
> https*

Ha, good catch! Thanks!

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
R
R
Ricardo Wurmus wrote on 22 Apr 2017 00:40
Re: bug#26561: [PATCH 0/9] SELinux
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 26561-done@debbugs.gnu.org)
87a879tmdo.fsf@elephly.net
Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (18 lines)
> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> This patch series adds SELinux libraries and tools.
>>
>> Ricardo Wurmus (9):
>> gnu: Add libsepol.
>> gnu: Add checkpolicy.
>> gnu: Add libselinux.
>> gnu: Add libsemanage.
>> gnu: Add secilc.
>> gnu: Add python-sepolgen.
>> gnu: Add python-ipy.
>> gnu: Add python-setools.
>> gnu: Add policycoreutils.
>
> Wow, amazing work! I've read through the patches and they LGTM apart
> from the minor nitpicks sent separately. Thanks a lot for this!

Thanks for the review. I made the suggested changes and pushed to
master with commit 6ef94ecba.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
Closed
?