mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-24 10:02:29 +01:00
system/systrace: Added (interactive policy gen. for system calls)
Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
This commit is contained in:
B. Watson
Robby Workman
parent
2502f46354
commit
128fdc9ce0
4 changed files with 190 additions and 0 deletions
12
system/systrace/README
Normal file
12
system/systrace/README
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
systrace (interactive policy generation for system calls)
|
||||
|
||||
Systrace enforces system call policies for applications by constraining
|
||||
the application's access to the system. The policy is generated
|
||||
interactively. Operations not covered by the policy raise an alarm,
|
||||
allowing an user to refine the currently configured policy.
|
||||
|
||||
By default, this build includes a GTK+ GUI frontend (gtk-systrace), which
|
||||
will be started by systrace as needed. To build without the GUI (e.g. for
|
||||
use on headless servers), set GUI=no in the script's environment. In
|
||||
this case, you'll have to run systrace with the -t option to prevent it
|
||||
trying to start the nonexistant GUI.
|
||||
19
system/systrace/slack-desc
Normal file
19
system/systrace/slack-desc
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
# HOW TO EDIT THIS FILE:
|
||||
# The "handy ruler" below makes it easier to edit a package description.
|
||||
# Line up the first '|' above the ':' following the base package name, and
|
||||
# the '|' on the right side marks the last column you can put a character in.
|
||||
# You must make exactly 11 lines for the formatting to be correct. It's also
|
||||
# customary to leave one space after the ':' except on otherwise blank lines.
|
||||
|
||||
|-----handy-ruler------------------------------------------------------|
|
||||
systrace: systrace (interactive policy generation for system calls)
|
||||
systrace:
|
||||
systrace: Systrace enforces system call policies for applications by constraining
|
||||
systrace: the application's access to the system. The policy is generated
|
||||
systrace: interactively. Operations not covered by the policy raise an alarm,
|
||||
systrace: allowing an user to refine the currently configured policy.
|
||||
systrace:
|
||||
systrace:
|
||||
systrace:
|
||||
systrace:
|
||||
systrace:
|
||||
147
system/systrace/systrace.SlackBuild
Normal file
147
system/systrace/systrace.SlackBuild
Normal file
|
|
@ -0,0 +1,147 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Slackware build script for systrace
|
||||
|
||||
# Written by B. Watson (yalhcru@gmail.com)
|
||||
|
||||
# Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details.
|
||||
|
||||
PRGNAM=systrace
|
||||
VERSION=${VERSION:-1.6g}
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
|
||||
if [ -z "$ARCH" ]; then
|
||||
case "$( uname -m )" in
|
||||
i?86) ARCH=i486 ;;
|
||||
arm*) ARCH=arm ;;
|
||||
*) ARCH=$( uname -m ) ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
CWD=$(pwd)
|
||||
TMP=${TMP:-/tmp/SBo}
|
||||
PKG=$TMP/package-$PRGNAM
|
||||
OUTPUT=${OUTPUT:-/tmp}
|
||||
|
||||
if [ "$ARCH" = "i486" ]; then
|
||||
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "i686" ]; then
|
||||
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "x86_64" ]; then
|
||||
SLKCFLAGS="-O2 -fPIC"
|
||||
LIBDIRSUFFIX="64"
|
||||
else
|
||||
SLKCFLAGS="-O2"
|
||||
LIBDIRSUFFIX=""
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
rm -rf $PKG
|
||||
mkdir -p $TMP $PKG $OUTPUT
|
||||
cd $TMP
|
||||
rm -rf $PRGNAM-$VERSION
|
||||
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
|
||||
cd $PRGNAM-$VERSION
|
||||
chown -R root:root .
|
||||
find . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
||||
-exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
||||
-exec chmod 644 {} \;
|
||||
|
||||
## First, systrace itself (backend + textmode UI):
|
||||
|
||||
CFLAGS="$SLKCFLAGS" \
|
||||
CXXFLAGS="$SLKCFLAGS" \
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
||||
--sysconfdir=/etc \
|
||||
--localstatedir=/var \
|
||||
--mandir=/usr/man \
|
||||
--docdir=/usr/doc/$PRGNAM-$VERSION \
|
||||
--build=$ARCH-slackware-linux
|
||||
|
||||
# Fix some issues with includes in modern glibc.
|
||||
sed -i -e '/in_addr_t/d' -e '/HAVE_SCHED_H/d' config.h
|
||||
|
||||
# The regression test's uniq.policy.* are outdated, just disable the test.
|
||||
rm -f regress/uniq.policy.*
|
||||
|
||||
# Fix the hard-coded path to xsystrace.
|
||||
# Right now this isn't 100% necessary, but it might be in future:
|
||||
sed -i 's,/usr/X11R6,/usr,' systrace.h
|
||||
|
||||
make
|
||||
make install-strip DESTDIR=$PKG
|
||||
|
||||
gzip $PKG/usr/man/man?/*.?
|
||||
|
||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cp -a README ChangeLog $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
|
||||
mkdir -p $PKG/install
|
||||
|
||||
## Now, the GTK frontend, unless disabled with GUI=no
|
||||
if [ "${GUI:-yes}" = "yes" ]; then
|
||||
TARDIR=notification-0.1
|
||||
TARVER=2003-06-23
|
||||
GTKPRGNAM="gtk-systrace"
|
||||
|
||||
cd $TMP
|
||||
rm -rf $TARDIR
|
||||
tar xvf $CWD/$GTKPRGNAM-$TARVER.tar.gz
|
||||
cd $TARDIR
|
||||
chown -R root:root .
|
||||
find . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
||||
-exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
||||
-exec chmod 644 {} \;
|
||||
|
||||
autoreconf -if
|
||||
|
||||
CFLAGS="$SLKCFLAGS" \
|
||||
CXXFLAGS="$SLKCFLAGS" \
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
||||
--sysconfdir=/etc \
|
||||
--localstatedir=/var \
|
||||
--mandir=/usr/man \
|
||||
--docdir=/usr/doc/$PRGNAM-$VERSION/$GTKPRGNAM \
|
||||
--build=$ARCH-slackware-linux
|
||||
|
||||
# Get rid of bad prototypes for strlcpy/strlcat, and make
|
||||
# the pixmaps live in /usr/share/$GTKPRGNAM
|
||||
sed -i \
|
||||
-e '/^unsigned int strl/d' \
|
||||
-e "/PACKAGE_DATA_DIR/s,notification,$GTKPRGNAM," \
|
||||
config.h
|
||||
|
||||
sed -i \
|
||||
-e "/^pkgdatadir/s,notification,$GTKPRGNAM," \
|
||||
Makefile
|
||||
|
||||
make
|
||||
make install-strip DESTDIR=$PKG
|
||||
mv $PKG/usr/bin/notification $PKG/usr/bin/$GTKPRGNAM
|
||||
ln -s $GTKPRGNAM $PKG/usr/bin/xsystrace
|
||||
|
||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/$GTKPRGNAM
|
||||
cp -a AUTHORS COPYING README $PKG/usr/doc/$PRGNAM-$VERSION/$GTKPRGNAM
|
||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||
else
|
||||
# remind the user there's no GUI, if it's disabled in the build
|
||||
sed '16s/$/ This package built without GTK GUI, use "systrace -t" for textmode./' \
|
||||
< $CWD/slack-desc > $PKG/install/slack-desc
|
||||
fi
|
||||
|
||||
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||
|
||||
cd $PKG
|
||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
||||
12
system/systrace/systrace.info
Normal file
12
system/systrace/systrace.info
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
PRGNAM="systrace"
|
||||
VERSION="1.6g"
|
||||
HOMEPAGE="http://www.citi.umich.edu/u/provos/systrace/"
|
||||
DOWNLOAD="http://www.provos.org/uploads/systrace-1.6g.tar.gz \
|
||||
http://www.citi.umich.edu/u/provos/systrace/gtk-systrace-2003-06-23.tar.gz"
|
||||
DOWNLOAD_x86_64=""
|
||||
MD5SUM="c4c0af2127af33e1b53c7aa07a970c5a \
|
||||
4073ae27ec31a6c66e16f134bdd37929"
|
||||
MD5SUM_x86_64=""
|
||||
REQUIRES="libevent"
|
||||
MAINTAINER="B. Watson"
|
||||
EMAIL="yalhcru@gmail.com"
|
||||
Loading…
Reference in a new issue