reinit the tree, so we can have metadata

9 files changed, 143 insertions, 0 deletions

diff --git a/profiles/features/selinux/eapi b/profiles/features/selinux/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/selinux/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/selinux/make.defaults b/profiles/features/selinux/make.defaults
new file mode 100644
index 000000000000..963412a92e4c
--- /dev/null
+++ b/profiles/features/selinux/make.defaults
@@ -0,0 +1,15 @@
+# Copyright 1999-2014 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+#
+
+# selinux - Enable SELinux support
+# unconfined - Enable unconfined domains, needed due to 'targeted' policy type
+# open_perms - Enable open permission in SELinux subsystem
+USE="selinux unconfined open_perms"
+
+FEATURES="selinux sesandbox sfperms"
+
+POLICY_TYPES="strict targeted"
+PORTAGE_T="portage_t"
+PORTAGE_FETCH_T="portage_fetch_t"
+PORTAGE_SANDBOX_T="portage_sandbox_t"
diff --git a/profiles/features/selinux/package.mask b/profiles/features/selinux/package.mask
new file mode 100644
index 000000000000..fdbb561d5371
--- /dev/null
+++ b/profiles/features/selinux/package.mask
@@ -0,0 +1,37 @@
+
+# Göktürk Yüksek <gokturk@gentoo.org> (09 Nov 2016)
+# On behalf of proxy-maint
+# Mask due to the package requiring systemd
+# and causing unresolvable dep issues
+# See: https://github.com/gentoo/gentoo/pull/2262
+www-misc/profile-sync-daemon
+
+# Jason Zaman <perfinion@gentoo.org> (27 Jun 2015)
+# SystemD has no support in the SELinux policy at the moment.
+# Please see: https://wiki.gentoo.org/wiki/SELinux/FAQ#Can_I_use_SELinux_with_SystemD.3F
+app-admin/systemdgenie
+app-eselect/eselect-gnome-shell-extensions
+sys-apps/systemd
+app-admin/calamares
+dev-python/python-systemd
+gnome-base/gdm
+gnome-base/gnome
+gnome-base/gnome-extra-apps
+gnome-base/gnome-light
+gnome-base/gnome-shell
+gnome-extra/chrome-gnome-shell
+gnome-extra/gnome-logs
+gnome-extra/gnome-shell-extensions
+gnome-extra/gnome-shell-frippery
+gnome-extra/gnome-shell-extensions-topicons
+gnome-extra/gnome-shell-extensions-topicons-plus
+gnome-extra/gnome-tweak-tool
+x11-themes/zukitwo-shell
+gnome-extra/office-runner
+kde-misc/systemd-kcm
+net-firewall/firewalld
+net-misc/netctl
+sys-apps/gentoo-systemd-integration
+sys-apps/systemd-readahead
+sys-process/systemd-cron
+sys-apps/dbus-broker
diff --git a/profiles/features/selinux/package.use.force b/profiles/features/selinux/package.use.force
new file mode 100644
index 000000000000..c7e70425d6bb
--- /dev/null
+++ b/profiles/features/selinux/package.use.force
@@ -0,0 +1,27 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Sven Vermeulen <swift@gentoo.org> (19 Apr 2013)
+# sys-apps/policycoreutils (semanage command) uses sepolgen, which requires libselinux with USE="python". 
+# sys-apps/policycoreutils also requires libsemanage with USE="python" and
+# setools with USE="python"
+sys-libs/libselinux python
+sys-libs/libsemanage python
+app-admin/setools python
+
+# Sven Vermeulen <swift@gentoo.org> (21 May 2013)
+# sys-apps/policycoreutils has PYTHON_USE_WITH="xml" set, so we force it
+# here to allow stages to build with USE=xml on python
+dev-lang/python xml
+
+# Jason Zaman <perfinion@gentoo.org> (03 Dec 2014)
+# sys-apps/busybox has IUSE="+static", so force static-libs on its deps
+# so stages can build with no interacton. Bug #527938
+sys-libs/libselinux static-libs
+dev-libs/libpcre static-libs
+
+# Jason Zaman <perfinion@gentoo.org> (27 Jun 2015)
+# SystemD has no support in the SELinux policy at the moment.
+# Please see: https://wiki.gentoo.org/wiki/SELinux/FAQ#Can_I_use_SELinux_with_SystemD.3F
+gnome-base/gnome-settings-daemon openrc-force
+gnome-base/gnome-shell openrc-force
diff --git a/profiles/features/selinux/package.use.mask b/profiles/features/selinux/package.use.mask
new file mode 100644
index 000000000000..9af31771b185
--- /dev/null
+++ b/profiles/features/selinux/package.use.mask
@@ -0,0 +1,33 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Brian Dolbec <dolsen@gentoo.org> (17 Sep 2014)
+# mask pypy for several utilities due to incompatibility with libselinux
+sys-apps/portage python_targets_pypy python_targets_pypy3
+app-portage/gentoolkit python_targets_pypy python_targets_pypy3
+app-portage/layman python_targets_pypy python_targets_pypy3
+app-admin/webapp-config python_targets_pypy python_targets_pypy3
+app-portage/diffmask python_targets_pypy python_targets_pypy3
+app-portage/flaggie python_targets_pypy python_targets_pypy3
+
+# Jason Zaman <perfinion@gentoo.org> (27 Jun 2015)
+# SystemD has no support in the SELinux policy at the moment.
+# Please see: https://wiki.gentoo.org/wiki/SELinux/FAQ#Can_I_use_SELinux_with_SystemD.3F
+app-emulation/libvirt firewalld
+gnome-base/gdm wayland
+net-firewall/fwknop firewalld
+www-servers/uwsgi uwsgi_plugins_systemd_logger
+x11-wm/mutter kms
+>=x11-wm/mutter-3.22 wayland
+x11-misc/xscreensaver gdm
+xfce-extra/xfswitch-plugin gdm
+app-misc/workrave gnome
+net-misc/wicd gnome-shell
+x11-misc/gpaste gnome
+x11-terms/gnome-terminal gnome-shell
+x11-themes/zukitwo gnome-shell
+net-wireless/bluez user-session
+
+# Alex Brandt <alunduil@gentoo.org> (6 Sep 2015)
+# app-emulation/rkt[rkt_stage1_src] requires systemd which isn't available with selinux.
+app-emulation/rkt rkt_stage1_src
diff --git a/profiles/features/selinux/packages b/profiles/features/selinux/packages
new file mode 100644
index 000000000000..038ef191f71f
--- /dev/null
+++ b/profiles/features/selinux/packages
@@ -0,0 +1,10 @@
+# Copyright 1999-2012 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+# Base SELinux packages
+*sys-libs/libsepol
+*sys-libs/libselinux
+*sys-libs/libsemanage
+*sys-apps/checkpolicy
+*sys-apps/policycoreutils
+*sec-policy/selinux-base-policy
diff --git a/profiles/features/selinux/profile.bashrc b/profiles/features/selinux/profile.bashrc
new file mode 100644
index 000000000000..d28d6c3dfae3
--- /dev/null
+++ b/profiles/features/selinux/profile.bashrc
@@ -0,0 +1,5 @@
+# SELinux-aware progams write to entries here
+SANDBOX_WRITE="${SANDBOX_WRITE}:/selinux/:/sys/fs/selinux/"
+
+# for setfscreatecon
+SANDBOX_WRITE="${SANDBOX_WRITE}:/proc/self/"
diff --git a/profiles/features/selinux/use.force b/profiles/features/selinux/use.force
new file mode 100644
index 000000000000..a651b206dcf2
--- /dev/null
+++ b/profiles/features/selinux/use.force
@@ -0,0 +1 @@
+selinux
diff --git a/profiles/features/selinux/use.mask b/profiles/features/selinux/use.mask
new file mode 100644
index 000000000000..5d0b3bf1e557
--- /dev/null
+++ b/profiles/features/selinux/use.mask
@@ -0,0 +1,14 @@
+# Copyright 1999-2017 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+# This file masks out USE flags that are simply NOT allowed in the default
+# profile for any architecture.  This works, for example, if a non-default
+# profile (such as the selinux profiles) have a USE flag associated with
+# them.
+
+-hardened
+-selinux
+
+# no policy yet
+systemd
+-openrc-force