/[packages]/cauldron/selinux-policy/current/SPECS/selinux-policy.spec
ViewVC logotype

Contents of /cauldron/selinux-policy/current/SPECS/selinux-policy.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 449604 - (show annotations) (download)
Tue Jul 2 00:57:02 2013 UTC (11 years, 4 months ago) by spuhler
File size: 22574 byte(s)
- updated spec file from fedora
1 %define distro redhat
2 %define polyinstatiate n
3 %define monolithic n
4 %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1}
5 %define BUILD_DOC 1
6 %endif
7 %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
8 %define BUILD_TARGETED 1
9 %endif
10 %if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1}
11 %define BUILD_MINIMUM 1
12 %endif
13 %if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
14 %define BUILD_MLS 1
15 %endif
16 %define POLICYVER 29
17 %define POLICYCOREUTILSVER 2.1.14
18 %define CHECKPOLICYVER 2.1.12
19 Summary: SELinux policy configuration
20 Name: selinux-policy
21 Version: 3.12.1
22 Release: %mkrel 1
23 License: GPLv2+
24 Group: System/Base
25 Url: http://oss.tresys.com/repos/refpolicy/
26 Source: serefpolicy-%{version}.tgz
27 Patch0: policy-cauldron-base.patch
28 Patch1: policy-cauldron-contrib.patch
29 #Patch2: policy_contrib-rawhide-roleattribute.patch
30 Source1: modules-targeted-base.conf
31 Source2: booleans-targeted.conf
32 Source3: Makefile.devel
33 Source4: setrans-targeted.conf
34 Source5: modules-mls-base.conf
35 Source6: booleans-mls.conf
36 Source8: setrans-mls.conf
37 Source14: securetty_types-targeted
38 Source15: securetty_types-mls
39 # Source16: modules-minimum.conf
40 Source17: booleans-minimum.conf
41 Source18: setrans-minimum.conf
42 Source19: securetty_types-minimum
43 Source20: customizable_types
44 Source21: config.tgz
45 Source22: users-mls
46 Source23: users-targeted
47 Source25: users-minimum
48 Source26: file_contexts.subs_dist
49 Source27: selinux-policy.conf
50 Source28: permissivedomains.pp
51 Source29: serefpolicy-contrib-%{version}.tgz
52 Source30: booleans.subs_dist
53 Source31: modules-targeted-contrib.conf
54 Source32: modules-mls-contrib.conf
55 BuildRequires: python
56 BuildRequires: gawk
57 BuildRequires: checkpolicy >= %{CHECKPOLICYVER}
58 BuildRequires: m4
59 BuildRequires: policycoreutils-devel >= %{POLICYCOREUTILSVER}
60 BuildRequires: bzip2
61 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
62 Requires(post): awk sha512sum
63 Requires: checkpolicy >= %{CHECKPOLICYVER}
64 BuildArch: noarch
65
66 %description
67 SELinux Base package
68
69 %files
70 %dir %{_usr}/share/selinux
71 %dir %{_usr}/share/selinux/packages
72 %dir %{_sysconfdir}/selinux
73 %ghost %config(noreplace) %{_sysconfdir}/selinux/config
74 %ghost %{_sysconfdir}/sysconfig/selinux
75 %{_usr}/lib/tmpfiles.d/selinux-policy.conf
76
77 %package devel
78 Summary: SELinux policy devel
79 Group: System/Base
80 Requires(pre): selinux-policy = %{version}-%{release}
81 Requires: m4
82 Requires: checkpolicy >= %{CHECKPOLICYVER}
83 Requires: make
84
85 %description devel
86 SELinux policy development and man page package
87
88 %files devel
89 %{_mandir}/man*/*
90 %{_mandir}/ru/*/*
91 %dir %{_usr}/share/selinux/devel
92 %dir %{_usr}/share/selinux/devel/include
93 %{_usr}/share/selinux/devel/include/*
94 %dir %{_usr}/share/selinux/devel/html
95 %{_usr}/share/selinux/devel/html/*html
96 %{_usr}/share/selinux/devel/Makefile
97 %{_usr}/share/selinux/devel/example.*
98 %{_usr}/share/selinux/devel/policy.*
99
100 %package doc
101 Summary: SELinux policy documentation
102 Group: System/Base
103 Requires(pre): selinux-policy = %{version}-%{release}
104 Requires: xdg-utils
105
106 %description doc
107 SELinux policy documentation package
108
109 %files doc
110 %doc %{_usr}/share/doc/%{name}-%{version}
111 %attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
112
113
114 %define makeCmds() \
115 make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 bare \
116 make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 conf \
117 cp -f selinux_config/booleans-%1.conf ./policy/booleans.conf \
118 cp -f selinux_config/users-%1 ./policy/users \
119 #cp -f selinux_config/modules-%1-base.conf ./policy/modules.conf \
120
121 %define makeModulesConf() \
122 cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \
123 cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \
124 if [ %3 == "contrib" ];then \
125 cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \
126 cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \
127 fi; \
128
129 %define installCmds() \
130 make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" base.pp \
131 make validate UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" modules \
132 make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} MLS_CATS=1024 MCS_CATS=1024 install \
133 make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} MLS_CATS=1024 MCS_CATS=1024 install-appconfig \
134 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/logins \
135 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/policy \
136 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules \
137 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/contexts/files \
138 touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
139 touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
140 rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/booleans \
141 touch %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
142 touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \
143 install -m0644 selinux_config/securetty_types-%1 %{buildroot}%{_sysconfdir}/selinux/%1/contexts/securetty_types \
144 install -m0644 selinux_config/file_contexts.subs_dist %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files \
145 install -m0644 selinux_config/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \
146 install -m0644 selinux_config/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
147 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/seusers \
148 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.local \
149 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/nodes.local \
150 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users_extra.local \
151 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users.local \
152 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.homedirs.bin \
153 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.bin \
154 cp %{SOURCE30} %{buildroot}%{_sysconfdir}/selinux/%1 \
155 bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \
156 rm -f %{buildroot}/%{_usr}/share/selinux/%1/base.pp \
157 for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/`basename $i`; done \
158 rm -f %{buildroot}/%{_usr}/share/selinux/%1/*pp* \
159 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/modules/sandbox.disabled \
160 /usr/sbin/semodule -s %1 -n -B -p %{buildroot}; \
161 /usr/bin/sha512sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f 1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policy.sha512; \
162 rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \
163 rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern
164 %nil
165
166 %define fileList() \
167 %defattr(-,root,root) \
168 %dir %{_usr}/share/selinux/%1 \
169 %dir %{_sysconfdir}/selinux/%1 \
170 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
171 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/seusers \
172 %dir %{_sysconfdir}/selinux/%1/logins \
173 %dir %{_sysconfdir}/selinux/%1/modules \
174 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
175 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
176 %dir %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
177 %dir %{_sysconfdir}/selinux/%1/modules/active/modules \
178 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/policy.kern \
179 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/commit_num \
180 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/base.pp \
181 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts \
182 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.homedirs \
183 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.template \
184 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/seusers.final \
185 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/netfilter_contexts \
186 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/users_extra \
187 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/homedir_template \
188 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/*.pp \
189 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/sandbox.disabled \
190 %ghost %{_sysconfdir}/selinux/%1/modules/active/*.local \
191 %ghost %{_sysconfdir}/selinux/%1/modules/active/*.bin \
192 %ghost %{_sysconfdir}/selinux/%1/modules/active/seusers \
193 %dir %{_sysconfdir}/selinux/%1/policy/ \
194 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
195 %{_sysconfdir}/selinux/%1/.policy.sha512 \
196 %dir %{_sysconfdir}/selinux/%1/contexts \
197 %config %{_sysconfdir}/selinux/%1/contexts/customizable_types \
198 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/securetty_types \
199 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \
200 %config %{_sysconfdir}/selinux/%1/contexts/x_contexts \
201 %config %{_sysconfdir}/selinux/%1/contexts/default_contexts \
202 %config %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \
203 %config %{_sysconfdir}/selinux/%1/contexts/virtual_image_context \
204 %config %{_sysconfdir}/selinux/%1/contexts/lxc_contexts \
205 %config %{_sysconfdir}/selinux/%1/contexts/sepgsql_contexts \
206 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \
207 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/failsafe_context \
208 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \
209 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/removable_context \
210 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/userhelper_context \
211 %dir %{_sysconfdir}/selinux/%1/contexts/files \
212 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
213 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
214 %ghost %{_sysconfdir}/selinux/%1/contexts/files/*.bin \
215 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local \
216 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \
217 %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \
218 %{_sysconfdir}/selinux/%1/booleans.subs_dist \
219 %config %{_sysconfdir}/selinux/%1/contexts/files/media \
220 %dir %{_sysconfdir}/selinux/%1/contexts/users \
221 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
222 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
223 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \
224 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
225 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
226
227 %define relabel() \
228 . %{_sysconfdir}/selinux/config; \
229 FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
230 /usr/sbin/selinuxenabled; \
231 if [ $? = 0 -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
232 /sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null; \
233 rm -f ${FILE_CONTEXT}.pre; \
234 fi; \
235 if /sbin/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then \
236 continue; \
237 fi; \
238 if /sbin/restorecon -R /home/*/.cache /home/*/.config 2> /dev/null;then \
239 continue; \
240 fi;
241
242 %define preInstall() \
243 if [ $1 -ne 1 ] && [ -s /etc/selinux/config ]; then \
244 . %{_sysconfdir}/selinux/config; \
245 FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
246 if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \
247 [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
248 fi; \
249 touch /etc/selinux/%1/.rebuild; \
250 if [ -e /etc/selinux/%1/.policy.sha512 ]; then \
251 sha512=`sha512sum /etc/selinux/%1/modules/active/policy.kern | cut -d ' ' -f 1`; \
252 checksha512=`cat /etc/selinux/%1/.policy.sha512`; \
253 if [ "$sha512" == "$checksha512" ] ; then \
254 rm /etc/selinux/%1/.rebuild; \
255 fi; \
256 fi; \
257 fi;
258
259 %define postInstall() \
260 . %{_sysconfdir}/selinux/config; \
261 if [ -e /etc/selinux/%2/.rebuild ]; then \
262 rm /etc/selinux/%2/.rebuild; \
263 (cd /etc/selinux/%2/modules/active/modules; rm -f l2tpd.pp shutdown.pp amavis.pp clamav.pp gnomeclock.pp matahari.pp xfs.pp kudzu.pp kerneloops.pp execmem.pp openoffice.pp ada.pp tzdata.pp hal.pp hotplug.pp howl.pp java.pp mono.pp moilscanner.pp gamin.pp audio_entropy.pp audioentropy.pp iscsid.pp polkit_auth.pp polkit.pp rtkit_daemon.pp ModemManager.pp telepathysofiasip.pp ethereal.pp passanger.pp qpidd.pp pyzor.pp razor.pp pki-selinux.pp phpfpm.pp consoletype.pp ctdbd.pp fcoemon.pp isnsd.pp rgmanager.pp corosync.pp aisexec.pp pacemaker.pp ) \
264 /usr/sbin/semodule -B -n -s %2; \
265 else \
266 touch /etc/selinux/%2/modules/active/modules/sandbox.disabled \
267 fi; \
268 [ "${SELINUXTYPE}" == "%2" ] && selinuxenabled && load_policy; \
269 if [ %1 -eq 1 ]; then \
270 /sbin/restorecon -R /root /var/log /run 2> /dev/null; \
271 else \
272 %relabel %2 \
273 fi;
274
275 %define modulesList() \
276 awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules-base.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules-base.lst \
277 if [ -e ./policy/modules-contrib.conf ];then \
278 awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules-contrib.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules-contrib.lst; \
279 fi;
280
281 %description
282 SELinux Reference Policy - modular.
283 Based off of reference policy: Checked out revision 2.20091117
284
285 %build
286
287 %prep
288 %setup -n serefpolicy-contrib-%{version} -q -b 29
289 %patch1 -p1
290 contrib_path=`pwd`
291 %setup -n serefpolicy-%{version} -q
292 %patch0 -p1
293 refpolicy_path=`pwd`
294 cp $contrib_path/* $refpolicy_path/policy/modules/contrib
295
296 %install
297 mkdir selinux_config
298 for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
299 cp $i selinux_config
300 done
301 tar zxvf selinux_config/config.tgz
302 # Build targeted policy
303 %{__rm} -fR %{buildroot}
304 mkdir -p %{buildroot}%{_sysconfdir}/selinux
305 mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
306 touch %{buildroot}%{_sysconfdir}/selinux/config
307 touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
308 mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/
309 cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/
310
311 # Always create policy module package directories
312 mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls,minimum,modules}/
313
314 # Install devel
315 make clean
316 %if %{BUILD_TARGETED}
317 # Build targeted policy
318 # Commented out because only targeted ref policy currently builds
319 mkdir -p %{buildroot}%{_usr}/share/selinux/targeted
320 cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/targeted
321 %makeCmds targeted mcs n allow
322 %makeModulesConf targeted base contrib
323 %installCmds targeted mcs n allow
324 %modulesList targeted
325 %endif
326
327 %if %{BUILD_MINIMUM}
328 # Build minimum policy
329 # Commented out because only minimum ref policy currently builds
330 mkdir -p %{buildroot}%{_usr}/share/selinux/minimum
331 cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/minimum
332 %makeCmds minimum mcs n allow
333 %makeModulesConf targeted base contrib
334 %installCmds minimum mcs n allow
335 %modulesList minimum
336 %endif
337
338 %if %{BUILD_MLS}
339 # Build mls policy
340 %makeCmds mls mls n deny
341 %makeModulesConf mls base contrib
342 %installCmds mls mls n deny
343 %modulesList mls
344 %endif
345
346 mkdir -p %{buildroot}%{_mandir}
347 cp -R man/* %{buildroot}%{_mandir}
348 make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} MLS_CATS=1024 MCS_CATS=1024 install-docs
349 make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} MLS_CATS=1024 MCS_CATS=1024 install-headers
350 mkdir %{buildroot}%{_usr}/share/selinux/devel/
351 mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
352 install -m 644 selinux_config/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
353 install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
354 install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
355 echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
356 chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
357 /usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot}
358 mkdir %{buildroot}%{_usr}/share/selinux/devel/html
359 htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/`
360 mv ${htmldir}/* %{buildroot}%{_usr}/share/selinux/devel/html
361 rm -rf ${htmldir}
362 mkdir %{buildroot}%{_usr}/share/selinux/packages/
363
364 rm -rf selinux_config
365 %clean
366 %{__rm} -fR %{buildroot}
367
368 %post
369 if [ ! -s /etc/selinux/config ]; then
370 #
371 # New install so we will default to targeted policy
372 #
373 echo "
374 # This file controls the state of SELinux on the system.
375 # SELINUX= can take one of these three values:
376 # enforcing - SELinux security policy is enforced.
377 # permissive - SELinux prints warnings instead of enforcing.
378 # disabled - No SELinux policy is loaded.
379 SELINUX=enforcing
380 # SELINUXTYPE= can take one of these two values:
381 # targeted - Targeted processes are protected,
382 # minimum - Modification of targeted policy. Only selected processes are protected.
383 # mls - Multi Level Security protection.
384 SELINUXTYPE=targeted
385
386 " > /etc/selinux/config
387
388 ln -sf ../selinux/config /etc/sysconfig/selinux
389 restorecon /etc/selinux/config 2> /dev/null || :
390 else
391 . /etc/selinux/config
392 # if first time update booleans.local needs to be copied to sandbox
393 [ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
394 [ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers
395 fi
396 exit 0
397
398 %postun
399 if [ $1 = 0 ]; then
400 setenforce 0 2> /dev/null
401 if [ ! -s /etc/selinux/config ]; then
402 echo "SELINUX=disabled" > /etc/selinux/config
403 else
404 sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
405 fi
406 fi
407 exit 0
408
409 %if %{BUILD_TARGETED}
410 %package targeted
411 Summary: SELinux targeted base policy
412 Provides: selinux-policy-base = %{version}-%{release}
413 Group: System Environment/Base
414 Obsoletes: selinux-policy-targeted-sources < 2
415 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
416 Requires(pre): coreutils
417 Requires(pre): selinux-policy = %{version}-%{release}
418 Requires: selinux-policy = %{version}-%{release}
419 Conflicts: audispd-plugins <= 1.7.7-1
420 Obsoletes: mod_fcgid-selinux <= %{version}-%{release}
421 Obsoletes: cachefilesd-selinux <= 0.10-1
422 Conflicts: seedit
423 Conflicts: 389-ds-base < 1.2.7, 389-admin < 1.1.12
424 Conflicts: pki-selinux < 10-0.0-0.45.b1
425
426 %description targeted
427 SELinux Reference policy targeted base module.
428
429 %pre targeted
430 %preInstall targeted
431
432 %post targeted
433 %postInstall $1 targeted
434 exit 0
435
436 %triggerpostun targeted -- selinux-policy-targeted < 3.12.1-7.fc19
437 restorecon -R -p /home
438 exit 0
439
440 %files targeted
441 %defattr(-,root,root,-)
442 %config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
443 %fileList targeted
444 %{_usr}/share/selinux/targeted/modules-base.lst
445 %{_usr}/share/selinux/targeted/modules-contrib.lst
446 %endif
447
448 %if %{BUILD_MINIMUM}
449 %package minimum
450 Summary: SELinux minimum base policy
451 Provides: selinux-policy-base = %{version}-%{release}
452 Group: System Environment/Base
453 Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER}
454 Requires(pre): coreutils
455 Requires(pre): selinux-policy = %{version}-%{release}
456 Requires: selinux-policy = %{version}-%{release}
457 Conflicts: seedit
458
459 %description minimum
460 SELinux Reference policy minimum base module.
461
462 %pre minimum
463 %preInstall minimum
464 if [ $1 -ne 1 ]; then
465 /usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ if ($3 != "Disabled") print $1; }' > /usr/share/selinux/minimum/instmodules.lst
466 fi
467
468 %post minimum
469 contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
470 basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
471 if [ $1 -eq 1 ]; then
472 for p in $contribpackages; do
473 touch /etc/selinux/minimum/modules/active/modules/$p.disabled
474 done
475 for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do
476 rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
477 done
478 /usr/sbin/semanage -S minimum -i - << __eof
479 login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
480 login -m -s unconfined_u -r s0-s0:c0.c1023 root
481 __eof
482 /sbin/restorecon -R /root /var/log /var/run 2> /dev/null
483 /usr/sbin/semodule -B -s minimum
484 else
485 instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
486 for p in $contribpackages; do
487 touch /etc/selinux/minimum/modules/active/modules/$p.disabled
488 done
489 for p in $instpackages apache dbus inetd kerberos mta nis; do
490 rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled
491 done
492 /usr/sbin/semodule -B -s minimum
493 %relabel minimum
494 fi
495 exit 0
496
497 %files minimum
498 %defattr(-,root,root,-)
499 %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
500 %fileList minimum
501 %{_usr}/share/selinux/minimum/modules-base.lst
502 %{_usr}/share/selinux/minimum/modules-contrib.lst
503 %endif
504
505 %if %{BUILD_MLS}
506 %package mls
507 Summary: SELinux mls base policy
508 Group: System Environment/Base
509 Provides: selinux-policy-base = %{version}-%{release}
510 Obsoletes: selinux-policy-mls-sources < 2
511 Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
512 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
513 Requires(pre): coreutils
514 Requires(pre): selinux-policy = %{version}-%{release}
515 Requires: selinux-policy = %{version}-%{release}
516 Conflicts: seedit
517
518 %description mls
519 SELinux Reference policy mls base module.
520
521 %pre mls
522 %preInstall mls
523
524 %post mls
525 %postInstall $1 mls
526
527 %files mls
528 %defattr(-,root,root,-)
529 %config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u
530 %fileList mls
531 %{_usr}/share/selinux/mls/modules-base.lst
532 %{_usr}/share/selinux/mls/modules-contrib.lst
533 %endif

  ViewVC Help
Powered by ViewVC 1.1.30