From 678f06d34563344c20f8f468bd84e3843a87b94d Mon Sep 17 00:00:00 2001 From: Steve Dickson Date: Mon, 26 Apr 2010 15:01:48 +0000 Subject: [PATCH] - The SELinux policies for cachefilesd now live in the selinux-policy RPM, so the cachefilesd-selinux RPM is now redundant. - Move the default cache dir to /var/cache/fscache. - Make the initscript do a restorecon when starting the cache to make sure the labels are correct. - Fix a wildchar that should be a literal dot in the SELinux policy. --- .cvsignore | 1 + cachefilesd-0.10-security-contexts.patch | 27 ------- cachefilesd.spec | 99 +++++------------------- sources | 2 +- 4 files changed, 20 insertions(+), 109 deletions(-) delete mode 100644 cachefilesd-0.10-security-contexts.patch diff --git a/.cvsignore b/.cvsignore index 4f364b7..dd9893f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -7,3 +7,4 @@ cachefilesd-0.6.tar.bz2 cachefilesd-0.7.tar.bz2 cachefilesd-0.9.tar.bz2 cachefilesd-0.10.tar.bz2 +cachefilesd-0.10.1.tar.bz2 diff --git a/cachefilesd-0.10-security-contexts.patch b/cachefilesd-0.10-security-contexts.patch deleted file mode 100644 index 8268889..0000000 --- a/cachefilesd-0.10-security-contexts.patch +++ /dev/null @@ -1,27 +0,0 @@ -commit e8ce3e8205c9aabfe61bc3b34142b9b98e4e0611 -Author: Steve Dickson -Date: Sat Feb 27 05:00:57 2010 -0500 - - Set default SELinux security contexts on startup. - - Make sure the SELinux security contexts are set on files - and directories that the cachefilesd daemon needs to access. - - Signed-off-by: Steve Dickson - -diff --git a/cachefilesd.initd b/cachefilesd.initd -index 06c4237..bbddcbc 100755 ---- a/cachefilesd.initd -+++ b/cachefilesd.initd -@@ -49,6 +49,11 @@ case "$1" in - fi - } - -+ # Set security contexts -+ /sbin/restorecon /sbin/cachefilesd -+ /sbin/restorecon /dev/cachefiles -+ /sbin/restorecon -R /var/fscache -+ - # Start daemon. - daemon --pidfile=$PIDFILE $PROG ${OPTIONS} - RETVAL=$? diff --git a/cachefilesd.spec b/cachefilesd.spec index cb711bc..6ebeae0 100644 --- a/cachefilesd.spec +++ b/cachefilesd.spec @@ -1,8 +1,5 @@ -%define selinux_variants mls strict targeted -%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp) - Name: cachefilesd -Version: 0.10 +Version: 0.10.1 Release: 1%{?dist} Summary: CacheFiles userspace management daemon Group: System Environment/Daemons @@ -10,37 +7,20 @@ License: GPL URL: http://people.redhat.com/~dhowells/fscache/ Source0: http://people.redhat.com/dhowells/fscache/cachefilesd-%{version}.tar.bz2 -Patch00: cachefilesd-0.10-security-contexts.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) -BuildRequires: automake, autoconf, selinux-policy-doc +BuildRequires: automake, autoconf Requires(post): /sbin/chkconfig, /sbin/service Requires(preun): /sbin/chkconfig, /sbin/service -Requires: %{name}-selinux = %{version}-%{release} +Requires: selinux-policy-base = 3.7.19-5 %description The cachefilesd daemon manages the caching files and directory that are that are used by network filesystems such a AFS and NFS to do persistent caching to the local disk. -%package selinux -Summary: SELinux policy module supporting cachefilesd -Group: System Environment/Base -BuildRequires: checkpolicy, selinux-policy-devel, hardlink -%if "%{selinux_policyver}" != "" -Requires: selinux-policy >= %{selinux_policyver} -%endif -Requires(post): /usr/sbin/semodule, /sbin/restorecon -Requires(postun): /usr/sbin/semodule, /sbin/restorecon - -%description selinux -SELinux policy module supporting cachefilesd - %prep %setup -q -%patch00 -p1 - %build %ifarch s390 s390x PIE="-fPIE" @@ -52,18 +32,6 @@ CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $PIE`" make all -# Build SELinux policy modules -cd selinux -for selinuxvariant in %{selinux_variants} -do - make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile - mkdir ${selinuxvariant} - mv cachefilesd.pp ${selinuxvariant}/cachefilesd.pp - bzip2 -9 ${selinuxvariant}/cachefilesd.pp - make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean -done -cd - - %install rm -rf %{buildroot} mkdir -p %{buildroot}/sbin @@ -71,25 +39,12 @@ mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d mkdir -p %{buildroot}%{_mandir}/{man5,man8} mkdir -p %{buildroot}/usr/share/doc/%{name}-%{version} mkdir -p %{buildroot}/usr/share/doc/%{name}-selinux-%{version} -mkdir -p %{buildroot}%{_localstatedir}/fscache +mkdir -p %{buildroot}%{_localstatedir}/cache/fscache make DESTDIR=%{buildroot} install install -m 644 cachefilesd.conf %{buildroot}%{_sysconfdir} install -m 755 cachefilesd.initd %{buildroot}%{_sysconfdir}/rc.d/init.d/cachefilesd -install -m 644 selinux/move-cache.txt %{buildroot}/usr/share/doc/%{name}-selinux-%{version}/ - -# Install SELinux policy modules -cd selinux -for selinuxvariant in %{selinux_variants} -do - install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} - install -p -m 644 ${selinuxvariant}/cachefilesd.pp.bz2 \ - %{buildroot}%{_datadir}/selinux/${selinuxvariant} -done -cd - - -# Hardlink identical policy module packages together -/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux +install -m 644 selinux/move-cache.txt %{buildroot}/usr/share/doc/%{name}-%{version}/ %clean rm -rf $RPM_BUILD_ROOT @@ -101,14 +56,6 @@ if [ "$1" -ge 1 ]; then /sbin/service cachefilesd condrestart > /dev/null fi -%post selinux -# Install SELinux policy modules -for selinuxvariant in %{selinux_variants} -do - /usr/sbin/semodule -s ${selinuxvariant} -i \ - %{_datadir}/selinux/${selinuxvariant}/cachefilesd.pp.bz2 &> /dev/null || : -done - %preun if [ $1 -eq 0 ]; then /sbin/service cachefilesd stop @@ -118,41 +65,31 @@ fi %postun if [ $1 -eq 0 ]; then # Fix up non-standard directory context - /sbin/restorecon -R %{_localstatedir}/fscache || : -fi - -%postun selinux -# Clean up after package removal -if [ $1 -eq 0 ]; then - # Remove SELinux policy modules - for selinuxvariant in %{selinux_variants} - do - /usr/sbin/semodule -s ${selinuxvariant} -r cachefilesd &> /dev/null || : - done - # Clean up any remaining file contexts (shouldn't be any really) - [ -d %{_localstatedir}/fscache ] && \ - /sbin/restorecon -R %{_localstatedir}/fscache &> /dev/null || : + /sbin/restorecon -R %{_localstatedir}/cache/fscache || : fi %files %defattr(-,root,root) %doc README %doc howto.txt -%config(noreplace) %{_sysconfdir}/cachefilesd.conf -%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/cachefilesd -/sbin/* -%{_mandir}/*/* -%{_localstatedir}/fscache - -%files selinux -%defattr(-,root,root,0755) %doc selinux/move-cache.txt %doc selinux/*.fc %doc selinux/*.if %doc selinux/*.te -%{_datadir}/selinux/*/cachefilesd.pp.bz2 +%config(noreplace) %{_sysconfdir}/cachefilesd.conf +%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/cachefilesd +/sbin/* +%{_mandir}/*/* +%{_localstatedir}/cache/fscache %changelog +* Fri Apr 23 2010 David Howells +- The SELinux policies for cachefilesd now live in the selinux-policy RPM, so + the cachefilesd-selinux RPM is now redundant. +- Move the default cache dir to /var/cache/fscache. +- Make the initscript do a restorecon when starting the cache to make sure the + labels are correct. +- Fix a wildchar that should be a literal dot in the SELinux policy. * Thu Feb 25 2010 David Howells - Fix the SELinux policies for cachefilesd. diff --git a/sources b/sources index 0e1fdb5..96df24d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ba27ed4b5e8165c46175501bf703ac08 cachefilesd-0.10.tar.bz2 +59da7af8efeb81bdc1d3e3df69cb6a44 cachefilesd-0.10.1.tar.bz2