- The SELinux policies for cachefilesd now live in the selinux-policy RPM,
so the cachefilesd-selinux RPM is now redundant. - Move the default cache dir to /var/cache/fscache. - Make the initscript do a restorecon when starting the cache to make sure the labels are correct. - Fix a wildchar that should be a literal dot in the SELinux policy.
This commit is contained in:
parent
21e4096bd7
commit
678f06d345
@ -7,3 +7,4 @@ cachefilesd-0.6.tar.bz2
|
|||||||
cachefilesd-0.7.tar.bz2
|
cachefilesd-0.7.tar.bz2
|
||||||
cachefilesd-0.9.tar.bz2
|
cachefilesd-0.9.tar.bz2
|
||||||
cachefilesd-0.10.tar.bz2
|
cachefilesd-0.10.tar.bz2
|
||||||
|
cachefilesd-0.10.1.tar.bz2
|
||||||
|
@ -1,27 +0,0 @@
|
|||||||
commit e8ce3e8205c9aabfe61bc3b34142b9b98e4e0611
|
|
||||||
Author: Steve Dickson <steved@redhat.com>
|
|
||||||
Date: Sat Feb 27 05:00:57 2010 -0500
|
|
||||||
|
|
||||||
Set default SELinux security contexts on startup.
|
|
||||||
|
|
||||||
Make sure the SELinux security contexts are set on files
|
|
||||||
and directories that the cachefilesd daemon needs to access.
|
|
||||||
|
|
||||||
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
||||||
|
|
||||||
diff --git a/cachefilesd.initd b/cachefilesd.initd
|
|
||||||
index 06c4237..bbddcbc 100755
|
|
||||||
--- a/cachefilesd.initd
|
|
||||||
+++ b/cachefilesd.initd
|
|
||||||
@@ -49,6 +49,11 @@ case "$1" in
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
+ # Set security contexts
|
|
||||||
+ /sbin/restorecon /sbin/cachefilesd
|
|
||||||
+ /sbin/restorecon /dev/cachefiles
|
|
||||||
+ /sbin/restorecon -R /var/fscache
|
|
||||||
+
|
|
||||||
# Start daemon.
|
|
||||||
daemon --pidfile=$PIDFILE $PROG ${OPTIONS}
|
|
||||||
RETVAL=$?
|
|
@ -1,8 +1,5 @@
|
|||||||
%define selinux_variants mls strict targeted
|
|
||||||
%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
|
|
||||||
|
|
||||||
Name: cachefilesd
|
Name: cachefilesd
|
||||||
Version: 0.10
|
Version: 0.10.1
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: CacheFiles userspace management daemon
|
Summary: CacheFiles userspace management daemon
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -10,37 +7,20 @@ License: GPL
|
|||||||
URL: http://people.redhat.com/~dhowells/fscache/
|
URL: http://people.redhat.com/~dhowells/fscache/
|
||||||
Source0: http://people.redhat.com/dhowells/fscache/cachefilesd-%{version}.tar.bz2
|
Source0: http://people.redhat.com/dhowells/fscache/cachefilesd-%{version}.tar.bz2
|
||||||
|
|
||||||
Patch00: cachefilesd-0.10-security-contexts.patch
|
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: automake, autoconf, selinux-policy-doc
|
BuildRequires: automake, autoconf
|
||||||
Requires(post): /sbin/chkconfig, /sbin/service
|
Requires(post): /sbin/chkconfig, /sbin/service
|
||||||
Requires(preun): /sbin/chkconfig, /sbin/service
|
Requires(preun): /sbin/chkconfig, /sbin/service
|
||||||
Requires: %{name}-selinux = %{version}-%{release}
|
Requires: selinux-policy-base = 3.7.19-5
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The cachefilesd daemon manages the caching files and directory that are
|
The cachefilesd daemon manages the caching files and directory that are
|
||||||
that are used by network filesystems such a AFS and NFS to
|
that are used by network filesystems such a AFS and NFS to
|
||||||
do persistent caching to the local disk.
|
do persistent caching to the local disk.
|
||||||
|
|
||||||
%package selinux
|
|
||||||
Summary: SELinux policy module supporting cachefilesd
|
|
||||||
Group: System Environment/Base
|
|
||||||
BuildRequires: checkpolicy, selinux-policy-devel, hardlink
|
|
||||||
%if "%{selinux_policyver}" != ""
|
|
||||||
Requires: selinux-policy >= %{selinux_policyver}
|
|
||||||
%endif
|
|
||||||
Requires(post): /usr/sbin/semodule, /sbin/restorecon
|
|
||||||
Requires(postun): /usr/sbin/semodule, /sbin/restorecon
|
|
||||||
|
|
||||||
%description selinux
|
|
||||||
SELinux policy module supporting cachefilesd
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
%patch00 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%ifarch s390 s390x
|
%ifarch s390 s390x
|
||||||
PIE="-fPIE"
|
PIE="-fPIE"
|
||||||
@ -52,18 +32,6 @@ CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $PIE`"
|
|||||||
|
|
||||||
make all
|
make all
|
||||||
|
|
||||||
# Build SELinux policy modules
|
|
||||||
cd selinux
|
|
||||||
for selinuxvariant in %{selinux_variants}
|
|
||||||
do
|
|
||||||
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
|
|
||||||
mkdir ${selinuxvariant}
|
|
||||||
mv cachefilesd.pp ${selinuxvariant}/cachefilesd.pp
|
|
||||||
bzip2 -9 ${selinuxvariant}/cachefilesd.pp
|
|
||||||
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
|
|
||||||
done
|
|
||||||
cd -
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
mkdir -p %{buildroot}/sbin
|
mkdir -p %{buildroot}/sbin
|
||||||
@ -71,25 +39,12 @@ mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
|
|||||||
mkdir -p %{buildroot}%{_mandir}/{man5,man8}
|
mkdir -p %{buildroot}%{_mandir}/{man5,man8}
|
||||||
mkdir -p %{buildroot}/usr/share/doc/%{name}-%{version}
|
mkdir -p %{buildroot}/usr/share/doc/%{name}-%{version}
|
||||||
mkdir -p %{buildroot}/usr/share/doc/%{name}-selinux-%{version}
|
mkdir -p %{buildroot}/usr/share/doc/%{name}-selinux-%{version}
|
||||||
mkdir -p %{buildroot}%{_localstatedir}/fscache
|
mkdir -p %{buildroot}%{_localstatedir}/cache/fscache
|
||||||
make DESTDIR=%{buildroot} install
|
make DESTDIR=%{buildroot} install
|
||||||
|
|
||||||
install -m 644 cachefilesd.conf %{buildroot}%{_sysconfdir}
|
install -m 644 cachefilesd.conf %{buildroot}%{_sysconfdir}
|
||||||
install -m 755 cachefilesd.initd %{buildroot}%{_sysconfdir}/rc.d/init.d/cachefilesd
|
install -m 755 cachefilesd.initd %{buildroot}%{_sysconfdir}/rc.d/init.d/cachefilesd
|
||||||
install -m 644 selinux/move-cache.txt %{buildroot}/usr/share/doc/%{name}-selinux-%{version}/
|
install -m 644 selinux/move-cache.txt %{buildroot}/usr/share/doc/%{name}-%{version}/
|
||||||
|
|
||||||
# Install SELinux policy modules
|
|
||||||
cd selinux
|
|
||||||
for selinuxvariant in %{selinux_variants}
|
|
||||||
do
|
|
||||||
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
|
|
||||||
install -p -m 644 ${selinuxvariant}/cachefilesd.pp.bz2 \
|
|
||||||
%{buildroot}%{_datadir}/selinux/${selinuxvariant}
|
|
||||||
done
|
|
||||||
cd -
|
|
||||||
|
|
||||||
# Hardlink identical policy module packages together
|
|
||||||
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
|
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
@ -101,14 +56,6 @@ if [ "$1" -ge 1 ]; then
|
|||||||
/sbin/service cachefilesd condrestart > /dev/null
|
/sbin/service cachefilesd condrestart > /dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%post selinux
|
|
||||||
# Install SELinux policy modules
|
|
||||||
for selinuxvariant in %{selinux_variants}
|
|
||||||
do
|
|
||||||
/usr/sbin/semodule -s ${selinuxvariant} -i \
|
|
||||||
%{_datadir}/selinux/${selinuxvariant}/cachefilesd.pp.bz2 &> /dev/null || :
|
|
||||||
done
|
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
/sbin/service cachefilesd stop
|
/sbin/service cachefilesd stop
|
||||||
@ -118,41 +65,31 @@ fi
|
|||||||
%postun
|
%postun
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
# Fix up non-standard directory context
|
# Fix up non-standard directory context
|
||||||
/sbin/restorecon -R %{_localstatedir}/fscache || :
|
/sbin/restorecon -R %{_localstatedir}/cache/fscache || :
|
||||||
fi
|
|
||||||
|
|
||||||
%postun selinux
|
|
||||||
# Clean up after package removal
|
|
||||||
if [ $1 -eq 0 ]; then
|
|
||||||
# Remove SELinux policy modules
|
|
||||||
for selinuxvariant in %{selinux_variants}
|
|
||||||
do
|
|
||||||
/usr/sbin/semodule -s ${selinuxvariant} -r cachefilesd &> /dev/null || :
|
|
||||||
done
|
|
||||||
# Clean up any remaining file contexts (shouldn't be any really)
|
|
||||||
[ -d %{_localstatedir}/fscache ] && \
|
|
||||||
/sbin/restorecon -R %{_localstatedir}/fscache &> /dev/null || :
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%doc README
|
%doc README
|
||||||
%doc howto.txt
|
%doc howto.txt
|
||||||
%config(noreplace) %{_sysconfdir}/cachefilesd.conf
|
|
||||||
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/cachefilesd
|
|
||||||
/sbin/*
|
|
||||||
%{_mandir}/*/*
|
|
||||||
%{_localstatedir}/fscache
|
|
||||||
|
|
||||||
%files selinux
|
|
||||||
%defattr(-,root,root,0755)
|
|
||||||
%doc selinux/move-cache.txt
|
%doc selinux/move-cache.txt
|
||||||
%doc selinux/*.fc
|
%doc selinux/*.fc
|
||||||
%doc selinux/*.if
|
%doc selinux/*.if
|
||||||
%doc selinux/*.te
|
%doc selinux/*.te
|
||||||
%{_datadir}/selinux/*/cachefilesd.pp.bz2
|
%config(noreplace) %{_sysconfdir}/cachefilesd.conf
|
||||||
|
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/cachefilesd
|
||||||
|
/sbin/*
|
||||||
|
%{_mandir}/*/*
|
||||||
|
%{_localstatedir}/cache/fscache
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 23 2010 David Howells <dhowells@redhat.com>
|
||||||
|
- The SELinux policies for cachefilesd now live in the selinux-policy RPM, so
|
||||||
|
the cachefilesd-selinux RPM is now redundant.
|
||||||
|
- Move the default cache dir to /var/cache/fscache.
|
||||||
|
- Make the initscript do a restorecon when starting the cache to make sure the
|
||||||
|
labels are correct.
|
||||||
|
- Fix a wildchar that should be a literal dot in the SELinux policy.
|
||||||
|
|
||||||
* Thu Feb 25 2010 David Howells <dhowells@redhat.com>
|
* Thu Feb 25 2010 David Howells <dhowells@redhat.com>
|
||||||
- Fix the SELinux policies for cachefilesd.
|
- Fix the SELinux policies for cachefilesd.
|
||||||
|
Loading…
Reference in New Issue
Block a user