- The SELinux policies for cachefilesd now live in the selinux-policy RPM,

so the cachefilesd-selinux RPM is now redundant.
- Move the default cache dir to /var/cache/fscache.
- Make the initscript do a restorecon when starting the cache to make sure
    the labels are correct.
- Fix a wildchar that should be a literal dot in the SELinux policy.
This commit is contained in:
Steve Dickson 2010-04-26 15:01:48 +00:00
parent 21e4096bd7
commit 678f06d345
4 changed files with 20 additions and 109 deletions

View File

@ -7,3 +7,4 @@ cachefilesd-0.6.tar.bz2
cachefilesd-0.7.tar.bz2 cachefilesd-0.7.tar.bz2
cachefilesd-0.9.tar.bz2 cachefilesd-0.9.tar.bz2
cachefilesd-0.10.tar.bz2 cachefilesd-0.10.tar.bz2
cachefilesd-0.10.1.tar.bz2

View File

@ -1,27 +0,0 @@
commit e8ce3e8205c9aabfe61bc3b34142b9b98e4e0611
Author: Steve Dickson <steved@redhat.com>
Date: Sat Feb 27 05:00:57 2010 -0500
Set default SELinux security contexts on startup.
Make sure the SELinux security contexts are set on files
and directories that the cachefilesd daemon needs to access.
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/cachefilesd.initd b/cachefilesd.initd
index 06c4237..bbddcbc 100755
--- a/cachefilesd.initd
+++ b/cachefilesd.initd
@@ -49,6 +49,11 @@ case "$1" in
fi
}
+ # Set security contexts
+ /sbin/restorecon /sbin/cachefilesd
+ /sbin/restorecon /dev/cachefiles
+ /sbin/restorecon -R /var/fscache
+
# Start daemon.
daemon --pidfile=$PIDFILE $PROG ${OPTIONS}
RETVAL=$?

View File

@ -1,8 +1,5 @@
%define selinux_variants mls strict targeted
%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
Name: cachefilesd Name: cachefilesd
Version: 0.10 Version: 0.10.1
Release: 1%{?dist} Release: 1%{?dist}
Summary: CacheFiles userspace management daemon Summary: CacheFiles userspace management daemon
Group: System Environment/Daemons Group: System Environment/Daemons
@ -10,37 +7,20 @@ License: GPL
URL: http://people.redhat.com/~dhowells/fscache/ URL: http://people.redhat.com/~dhowells/fscache/
Source0: http://people.redhat.com/dhowells/fscache/cachefilesd-%{version}.tar.bz2 Source0: http://people.redhat.com/dhowells/fscache/cachefilesd-%{version}.tar.bz2
Patch00: cachefilesd-0.10-security-contexts.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
BuildRequires: automake, autoconf, selinux-policy-doc BuildRequires: automake, autoconf
Requires(post): /sbin/chkconfig, /sbin/service Requires(post): /sbin/chkconfig, /sbin/service
Requires(preun): /sbin/chkconfig, /sbin/service Requires(preun): /sbin/chkconfig, /sbin/service
Requires: %{name}-selinux = %{version}-%{release} Requires: selinux-policy-base = 3.7.19-5
%description %description
The cachefilesd daemon manages the caching files and directory that are The cachefilesd daemon manages the caching files and directory that are
that are used by network filesystems such a AFS and NFS to that are used by network filesystems such a AFS and NFS to
do persistent caching to the local disk. do persistent caching to the local disk.
%package selinux
Summary: SELinux policy module supporting cachefilesd
Group: System Environment/Base
BuildRequires: checkpolicy, selinux-policy-devel, hardlink
%if "%{selinux_policyver}" != ""
Requires: selinux-policy >= %{selinux_policyver}
%endif
Requires(post): /usr/sbin/semodule, /sbin/restorecon
Requires(postun): /usr/sbin/semodule, /sbin/restorecon
%description selinux
SELinux policy module supporting cachefilesd
%prep %prep
%setup -q %setup -q
%patch00 -p1
%build %build
%ifarch s390 s390x %ifarch s390 s390x
PIE="-fPIE" PIE="-fPIE"
@ -52,18 +32,6 @@ CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $PIE`"
make all make all
# Build SELinux policy modules
cd selinux
for selinuxvariant in %{selinux_variants}
do
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
mkdir ${selinuxvariant}
mv cachefilesd.pp ${selinuxvariant}/cachefilesd.pp
bzip2 -9 ${selinuxvariant}/cachefilesd.pp
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
done
cd -
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
mkdir -p %{buildroot}/sbin mkdir -p %{buildroot}/sbin
@ -71,25 +39,12 @@ mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
mkdir -p %{buildroot}%{_mandir}/{man5,man8} mkdir -p %{buildroot}%{_mandir}/{man5,man8}
mkdir -p %{buildroot}/usr/share/doc/%{name}-%{version} mkdir -p %{buildroot}/usr/share/doc/%{name}-%{version}
mkdir -p %{buildroot}/usr/share/doc/%{name}-selinux-%{version} mkdir -p %{buildroot}/usr/share/doc/%{name}-selinux-%{version}
mkdir -p %{buildroot}%{_localstatedir}/fscache mkdir -p %{buildroot}%{_localstatedir}/cache/fscache
make DESTDIR=%{buildroot} install make DESTDIR=%{buildroot} install
install -m 644 cachefilesd.conf %{buildroot}%{_sysconfdir} install -m 644 cachefilesd.conf %{buildroot}%{_sysconfdir}
install -m 755 cachefilesd.initd %{buildroot}%{_sysconfdir}/rc.d/init.d/cachefilesd install -m 755 cachefilesd.initd %{buildroot}%{_sysconfdir}/rc.d/init.d/cachefilesd
install -m 644 selinux/move-cache.txt %{buildroot}/usr/share/doc/%{name}-selinux-%{version}/ install -m 644 selinux/move-cache.txt %{buildroot}/usr/share/doc/%{name}-%{version}/
# Install SELinux policy modules
cd selinux
for selinuxvariant in %{selinux_variants}
do
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
install -p -m 644 ${selinuxvariant}/cachefilesd.pp.bz2 \
%{buildroot}%{_datadir}/selinux/${selinuxvariant}
done
cd -
# Hardlink identical policy module packages together
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -101,14 +56,6 @@ if [ "$1" -ge 1 ]; then
/sbin/service cachefilesd condrestart > /dev/null /sbin/service cachefilesd condrestart > /dev/null
fi fi
%post selinux
# Install SELinux policy modules
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/cachefilesd.pp.bz2 &> /dev/null || :
done
%preun %preun
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
/sbin/service cachefilesd stop /sbin/service cachefilesd stop
@ -118,41 +65,31 @@ fi
%postun %postun
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
# Fix up non-standard directory context # Fix up non-standard directory context
/sbin/restorecon -R %{_localstatedir}/fscache || : /sbin/restorecon -R %{_localstatedir}/cache/fscache || :
fi
%postun selinux
# Clean up after package removal
if [ $1 -eq 0 ]; then
# Remove SELinux policy modules
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -r cachefilesd &> /dev/null || :
done
# Clean up any remaining file contexts (shouldn't be any really)
[ -d %{_localstatedir}/fscache ] && \
/sbin/restorecon -R %{_localstatedir}/fscache &> /dev/null || :
fi fi
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc README %doc README
%doc howto.txt %doc howto.txt
%config(noreplace) %{_sysconfdir}/cachefilesd.conf
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/cachefilesd
/sbin/*
%{_mandir}/*/*
%{_localstatedir}/fscache
%files selinux
%defattr(-,root,root,0755)
%doc selinux/move-cache.txt %doc selinux/move-cache.txt
%doc selinux/*.fc %doc selinux/*.fc
%doc selinux/*.if %doc selinux/*.if
%doc selinux/*.te %doc selinux/*.te
%{_datadir}/selinux/*/cachefilesd.pp.bz2 %config(noreplace) %{_sysconfdir}/cachefilesd.conf
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/cachefilesd
/sbin/*
%{_mandir}/*/*
%{_localstatedir}/cache/fscache
%changelog %changelog
* Fri Apr 23 2010 David Howells <dhowells@redhat.com>
- The SELinux policies for cachefilesd now live in the selinux-policy RPM, so
the cachefilesd-selinux RPM is now redundant.
- Move the default cache dir to /var/cache/fscache.
- Make the initscript do a restorecon when starting the cache to make sure the
labels are correct.
- Fix a wildchar that should be a literal dot in the SELinux policy.
* Thu Feb 25 2010 David Howells <dhowells@redhat.com> * Thu Feb 25 2010 David Howells <dhowells@redhat.com>
- Fix the SELinux policies for cachefilesd. - Fix the SELinux policies for cachefilesd.

View File

@ -1 +1 @@
ba27ed4b5e8165c46175501bf703ac08 cachefilesd-0.10.tar.bz2 59da7af8efeb81bdc1d3e3df69cb6a44 cachefilesd-0.10.1.tar.bz2