13 |
%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} |
%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} |
14 |
%define BUILD_MLS 1 |
%define BUILD_MLS 1 |
15 |
%endif |
%endif |
16 |
%define POLICYVER 27 |
%define POLICYVER 29 |
17 |
%define POLICYCOREUTILSVER 2.1.14 |
%define POLICYCOREUTILSVER 2.1.14 |
18 |
%define CHECKPOLICYVER 2.1.10 |
%define CHECKPOLICYVER 2.1.12 |
19 |
Summary: SELinux policy configuration |
Summary: SELinux policy configuration |
20 |
Name: selinux-policy |
Name: selinux-policy |
21 |
Version: 3.12.1 |
Version: 3.12.1 |
22 |
Release: %mkrel 1 |
Release: %mkrel 1 |
23 |
License: GPLv2+ |
License: GPLv2+ |
24 |
Group: System/Base |
Group: System/Base |
25 |
|
Url: http://oss.tresys.com/repos/refpolicy/ |
26 |
Source: serefpolicy-%{version}.tgz |
Source: serefpolicy-%{version}.tgz |
27 |
Patch0: policy-rawhide-base.patch |
Patch0: policy-cauldron-base.patch |
28 |
Patch1: policy-rawhide-contrib.patch |
Patch1: policy-cauldron-contrib.patch |
29 |
Source1: modules-targeted.conf |
#Patch2: policy_contrib-rawhide-roleattribute.patch |
30 |
|
Source1: modules-targeted-base.conf |
31 |
Source2: booleans-targeted.conf |
Source2: booleans-targeted.conf |
32 |
Source3: Makefile.devel |
Source3: Makefile.devel |
33 |
Source4: setrans-targeted.conf |
Source4: setrans-targeted.conf |
34 |
Source5: modules-mls.conf |
Source5: modules-mls-base.conf |
35 |
Source6: booleans-mls.conf |
Source6: booleans-mls.conf |
36 |
Source8: setrans-mls.conf |
Source8: setrans-mls.conf |
37 |
Source14: securetty_types-targeted |
Source14: securetty_types-targeted |
38 |
Source15: securetty_types-mls |
Source15: securetty_types-mls |
39 |
Source16: modules-minimum.conf |
# Source16: modules-minimum.conf |
40 |
Source17: booleans-minimum.conf |
Source17: booleans-minimum.conf |
41 |
Source18: setrans-minimum.conf |
Source18: setrans-minimum.conf |
42 |
Source19: securetty_types-minimum |
Source19: securetty_types-minimum |
50 |
Source28: permissivedomains.pp |
Source28: permissivedomains.pp |
51 |
Source29: serefpolicy-contrib-%{version}.tgz |
Source29: serefpolicy-contrib-%{version}.tgz |
52 |
Source30: booleans.subs_dist |
Source30: booleans.subs_dist |
53 |
Url: http://oss.tresys.com/repos/refpolicy/ |
Source31: modules-targeted-contrib.conf |
54 |
BuildArch: noarch |
Source32: modules-mls-contrib.conf |
55 |
BuildRequires: python |
BuildRequires: python |
56 |
BuildRequires: gawk |
BuildRequires: gawk |
57 |
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} |
BuildRequires: checkpolicy >= %{CHECKPOLICYVER} |
58 |
BuildRequires: m4 |
BuildRequires: m4 |
59 |
BuildRequires: policycoreutils-python >= %{POLICYCOREUTILSVER} |
BuildRequires: policycoreutils-devel >= %{POLICYCOREUTILSVER} |
60 |
BuildRequires: bzip2 |
BuildRequires: bzip2 |
61 |
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} semanage-devel >= 2.1.8-2 |
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} |
62 |
Requires(post): awk |
Requires(post): awk sha512sum |
63 |
Requires: checkpolicy >= %{CHECKPOLICYVER} |
Requires: checkpolicy >= %{CHECKPOLICYVER} |
64 |
Requires: m4 |
BuildArch: noarch |
65 |
|
|
66 |
%description |
%description |
67 |
SELinux Base package |
SELinux Base package |
78 |
Summary: SELinux policy devel |
Summary: SELinux policy devel |
79 |
Group: System/Base |
Group: System/Base |
80 |
Requires(pre): selinux-policy = %{version}-%{release} |
Requires(pre): selinux-policy = %{version}-%{release} |
81 |
|
Requires: m4 |
82 |
|
Requires: checkpolicy >= %{CHECKPOLICYVER} |
83 |
|
Requires: make |
84 |
|
|
85 |
%description devel |
%description devel |
86 |
SELinux policy development and man page package |
SELinux policy development and man page package |
91 |
%dir %{_usr}/share/selinux/devel |
%dir %{_usr}/share/selinux/devel |
92 |
%dir %{_usr}/share/selinux/devel/include |
%dir %{_usr}/share/selinux/devel/include |
93 |
%{_usr}/share/selinux/devel/include/* |
%{_usr}/share/selinux/devel/include/* |
94 |
|
%dir %{_usr}/share/selinux/devel/html |
95 |
|
%{_usr}/share/selinux/devel/html/*html |
96 |
%{_usr}/share/selinux/devel/Makefile |
%{_usr}/share/selinux/devel/Makefile |
97 |
%{_usr}/share/selinux/devel/example.* |
%{_usr}/share/selinux/devel/example.* |
98 |
|
%{_usr}/share/selinux/devel/policy.* |
99 |
|
|
100 |
%package doc |
%package doc |
101 |
Summary: SELinux policy documentation |
Summary: SELinux policy documentation |
109 |
%files doc |
%files doc |
110 |
%doc %{_usr}/share/doc/%{name}-%{version} |
%doc %{_usr}/share/doc/%{name}-%{version} |
111 |
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp |
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp |
112 |
%{_usr}/share/selinux/devel/policy.* |
|
113 |
|
|
114 |
%define makeCmds() \ |
%define makeCmds() \ |
115 |
make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 bare \ |
make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 bare \ |
281 |
%description |
%description |
282 |
SELinux Reference Policy - modular. |
SELinux Reference Policy - modular. |
283 |
Based off of reference policy: Checked out revision 2.20091117 |
Based off of reference policy: Checked out revision 2.20091117 |
284 |
|
|
285 |
%build |
%build |
286 |
|
|
287 |
%prep |
%prep |
295 |
|
|
296 |
%install |
%install |
297 |
mkdir selinux_config |
mkdir selinux_config |
298 |
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26};do |
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do |
299 |
cp $i selinux_config |
cp $i selinux_config |
300 |
done |
done |
301 |
tar zxvf selinux_config/config.tgz |
tar zxvf selinux_config/config.tgz |
319 |
mkdir -p %{buildroot}%{_usr}/share/selinux/targeted |
mkdir -p %{buildroot}%{_usr}/share/selinux/targeted |
320 |
cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/targeted |
cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/targeted |
321 |
%makeCmds targeted mcs n allow |
%makeCmds targeted mcs n allow |
322 |
|
%makeModulesConf targeted base contrib |
323 |
%installCmds targeted mcs n allow |
%installCmds targeted mcs n allow |
324 |
|
%modulesList targeted |
325 |
%endif |
%endif |
326 |
|
|
327 |
%if %{BUILD_MINIMUM} |
%if %{BUILD_MINIMUM} |
330 |
mkdir -p %{buildroot}%{_usr}/share/selinux/minimum |
mkdir -p %{buildroot}%{_usr}/share/selinux/minimum |
331 |
cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/minimum |
cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/minimum |
332 |
%makeCmds minimum mcs n allow |
%makeCmds minimum mcs n allow |
333 |
|
%makeModulesConf targeted base contrib |
334 |
%installCmds minimum mcs n allow |
%installCmds minimum mcs n allow |
335 |
%modulesList minimum |
%modulesList minimum |
336 |
%endif |
%endif |
338 |
%if %{BUILD_MLS} |
%if %{BUILD_MLS} |
339 |
# Build mls policy |
# Build mls policy |
340 |
%makeCmds mls mls n deny |
%makeCmds mls mls n deny |
341 |
|
%makeModulesConf mls base contrib |
342 |
%installCmds mls mls n deny |
%installCmds mls mls n deny |
343 |
|
%modulesList mls |
344 |
%endif |
%endif |
345 |
|
|
346 |
mkdir -p %{buildroot}%{_mandir} |
mkdir -p %{buildroot}%{_mandir} |
354 |
install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/ |
install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/ |
355 |
echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp |
echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp |
356 |
chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp |
chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp |
357 |
|
/usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot} |
358 |
|
mkdir %{buildroot}%{_usr}/share/selinux/devel/html |
359 |
|
htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/` |
360 |
|
mv ${htmldir}/* %{buildroot}%{_usr}/share/selinux/devel/html |
361 |
|
rm -rf ${htmldir} |
362 |
mkdir %{buildroot}%{_usr}/share/selinux/packages/ |
mkdir %{buildroot}%{_usr}/share/selinux/packages/ |
363 |
|
|
364 |
rm -rf selinux_config |
rm -rf selinux_config |
408 |
|
|
409 |
%if %{BUILD_TARGETED} |
%if %{BUILD_TARGETED} |
410 |
%package targeted |
%package targeted |
411 |
Summary: SELinux targeted base policy |
Summary: SELinux targeted base policy |
412 |
Provides: selinux-policy-base = %{version}-%{release} |
Provides: selinux-policy-base = %{version}-%{release} |
413 |
Group: System/Base |
Group: System Environment/Base |
414 |
Obsoletes: selinux-policy-targeted-sources < 2 |
Obsoletes: selinux-policy-targeted-sources < 2 |
415 |
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} |
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} |
416 |
Requires(pre): coreutils |
Requires(pre): coreutils |
417 |
Requires(pre): selinux-policy = %{version}-%{release} |
Requires(pre): selinux-policy = %{version}-%{release} |
418 |
Requires: selinux-policy = %{version}-%{release} |
Requires: selinux-policy = %{version}-%{release} |
419 |
Conflicts: audispd-plugins <= 1.7.7-1 |
Conflicts: audispd-plugins <= 1.7.7-1 |
420 |
Obsoletes: mod_fcgid-selinux <= %{version}-%{release} |
Obsoletes: mod_fcgid-selinux <= %{version}-%{release} |
421 |
Obsoletes: cachefilesd-selinux <= 0.10-1 |
Obsoletes: cachefilesd-selinux <= 0.10-1 |
422 |
Conflicts: seedit |
Conflicts: seedit |
423 |
Conflicts: 389-ds-base < 1.2.7 |
Conflicts: 389-ds-base < 1.2.7, 389-admin < 1.1.12 |
424 |
Conflicts: 389-admin < 1.1.12 |
Conflicts: pki-selinux < 10-0.0-0.45.b1 |
425 |
|
|
426 |
%description targeted |
%description targeted |
427 |
SELinux Reference policy targeted base module. |
SELinux Reference policy targeted base module. |
433 |
%postInstall $1 targeted |
%postInstall $1 targeted |
434 |
exit 0 |
exit 0 |
435 |
|
|
436 |
%triggerpostun targeted -- selinux-policy-targeted < 3.11.0-1.fc18 |
%triggerpostun targeted -- selinux-policy-targeted < 3.12.1-7.fc19 |
437 |
restorecon -R -p /home |
restorecon -R -p /home |
438 |
exit 0 |
exit 0 |
439 |
|
|
441 |
%defattr(-,root,root,-) |
%defattr(-,root,root,-) |
442 |
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u |
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u |
443 |
%fileList targeted |
%fileList targeted |
444 |
|
%{_usr}/share/selinux/targeted/modules-base.lst |
445 |
|
%{_usr}/share/selinux/targeted/modules-contrib.lst |
446 |
%endif |
%endif |
447 |
|
|
448 |
%if %{BUILD_MINIMUM} |
%if %{BUILD_MINIMUM} |
449 |
%package minimum |
%package minimum |
450 |
Summary: SELinux minimum base policy |
Summary: SELinux minimum base policy |
451 |
Provides: selinux-policy-base = %{version}-%{release} |
Provides: selinux-policy-base = %{version}-%{release} |
452 |
Group: System/Base |
Group: System Environment/Base |
453 |
Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER} |
Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER} |
454 |
Requires(pre): coreutils |
Requires(pre): coreutils |
455 |
Requires(pre): selinux-policy = %{version}-%{release} |
Requires(pre): selinux-policy = %{version}-%{release} |
456 |
Requires: selinux-policy = %{version}-%{release} |
Requires: selinux-policy = %{version}-%{release} |
457 |
Conflicts: seedit |
Conflicts: seedit |
458 |
|
|
459 |
%description minimum |
%description minimum |
460 |
SELinux Reference policy minimum base module. |
SELinux Reference policy minimum base module. |
462 |
%pre minimum |
%pre minimum |
463 |
%preInstall minimum |
%preInstall minimum |
464 |
if [ $1 -ne 1 ]; then |
if [ $1 -ne 1 ]; then |
465 |
/usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ print $1 }' > /usr/share/selinux/minimum/instmodules.lst |
/usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ if ($3 != "Disabled") print $1; }' > /usr/share/selinux/minimum/instmodules.lst |
466 |
fi |
fi |
467 |
|
|
468 |
%post minimum |
%post minimum |
469 |
allpackages=`cat /usr/share/selinux/minimum/modules.lst` |
contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst` |
470 |
|
basepackages=`cat /usr/share/selinux/minimum/modules-base.lst` |
471 |
if [ $1 -eq 1 ]; then |
if [ $1 -eq 1 ]; then |
472 |
packages="clock.pp execmem.pp unconfined.pp unconfineduser.pp application.pp userdomain.pp authlogin.pp logging.pp selinuxutil.pp init.pp systemd.pp sysnetwork.pp miscfiles.pp libraries.pp modutils.pp sysadm.pp locallogin.pp dbus.pp rpm.pp mount.pp fstools.pp usermanage.pp mta.pp" |
for p in $contribpackages; do |
473 |
for p in $allpackages; do |
touch /etc/selinux/minimum/modules/active/modules/$p.disabled |
|
touch /etc/selinux/minimum/modules/active/modules/$p.disabled |
|
474 |
done |
done |
475 |
for p in $packages; do |
for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do |
476 |
rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled |
rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled |
477 |
done |
done |
478 |
/usr/sbin/semanage -S minimum -i - << __eof |
/usr/sbin/semanage -S minimum -i - << __eof |
479 |
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ |
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ |
483 |
/usr/sbin/semodule -B -s minimum |
/usr/sbin/semodule -B -s minimum |
484 |
else |
else |
485 |
instpackages=`cat /usr/share/selinux/minimum/instmodules.lst` |
instpackages=`cat /usr/share/selinux/minimum/instmodules.lst` |
486 |
for p in $allpackages; do |
for p in $contribpackages; do |
487 |
touch /etc/selinux/minimum/modules/active/modules/$p.disabled |
touch /etc/selinux/minimum/modules/active/modules/$p.disabled |
488 |
done |
done |
489 |
for p in $instpackages; do |
for p in $instpackages apache dbus inetd kerberos mta nis; do |
490 |
rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled |
rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled |
491 |
done |
done |
492 |
/usr/sbin/semodule -B -s minimum |
/usr/sbin/semodule -B -s minimum |
495 |
exit 0 |
exit 0 |
496 |
|
|
497 |
%files minimum |
%files minimum |
498 |
|
%defattr(-,root,root,-) |
499 |
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u |
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u |
500 |
%fileList minimum |
%fileList minimum |
501 |
%{_datadir}/selinux/minimum/modules.lst |
%{_usr}/share/selinux/minimum/modules-base.lst |
502 |
|
%{_usr}/share/selinux/minimum/modules-contrib.lst |
503 |
%endif |
%endif |
504 |
|
|
505 |
%if %{BUILD_MLS} |
%if %{BUILD_MLS} |
506 |
%package mls |
%package mls |
507 |
Summary: SELinux mls base policy |
Summary: SELinux mls base policy |
508 |
Group: System/Base |
Group: System Environment/Base |
509 |
Provides: selinux-policy-base = %{version}-%{release} |
Provides: selinux-policy-base = %{version}-%{release} |
510 |
Obsoletes: selinux-policy-mls-sources < 2 |
Obsoletes: selinux-policy-mls-sources < 2 |
511 |
Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} |
Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd |
512 |
Requires: setransd |
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} |
513 |
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} |
Requires(pre): coreutils |
514 |
Requires(pre): coreutils |
Requires(pre): selinux-policy = %{version}-%{release} |
515 |
Requires(pre): selinux-policy = %{version}-%{release} |
Requires: selinux-policy = %{version}-%{release} |
516 |
Requires: selinux-policy = %{version}-%{release} |
Conflicts: seedit |
|
Conflicts: seedit |
|
517 |
|
|
518 |
%description mls |
%description mls |
519 |
SELinux Reference policy mls base module. |
SELinux Reference policy mls base module. |
528 |
%defattr(-,root,root,-) |
%defattr(-,root,root,-) |
529 |
%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u |
%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u |
530 |
%fileList mls |
%fileList mls |
531 |
|
%{_usr}/share/selinux/mls/modules-base.lst |
532 |
%endif |
%{_usr}/share/selinux/mls/modules-contrib.lst |
533 |
|
%endif |