diff --git a/cockpit.spec b/cockpit.spec index 1410e18..a29901a 100644 --- a/cockpit.spec +++ b/cockpit.spec @@ -1,6 +1,6 @@ Name: cockpit Version: 0.16 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A user interface for Linux servers License: LGPLv2+ @@ -38,6 +38,11 @@ BuildRequires: libxslt-devel BuildRequires: docbook-style-xsl BuildRequires: dbus-devel +# For selinux +BuildRequires: selinux-policy-devel +BuildRequires: checkpolicy +BuildRequires: /usr/share/selinux/devel/policyhelp + Requires: dbus Requires: glib-networking Requires: realmd @@ -47,6 +52,7 @@ Requires: lvm2 Requires: storaged Requires: cockpit-assets +Requires: cockpit-selinux-policy Requires(post): systemd Requires(preun): systemd @@ -67,6 +73,17 @@ BuildArch: noarch %description assets This package contains the web assets used by Cockpit. +%package selinux-policy +Summary: SELinux policy for Cockpit testing +Requires: %{name} = %{version}-%{release} +Requires: %{name}-test-assets = %{version}-%{release} +Requires: selinux-policy +Requires: selinux-policy-targeted +Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles +Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles + +%description selinux-policy +SELinux policy for Cockpit testing. %prep %setup -q @@ -74,7 +91,7 @@ rm -rf src/libgsystem/*.{c,doap} %build %configure --disable-static --disable-silent-rules --with-cockpit-user=cockpit-ws -make %{?_smp_mflags} +make %{?_smp_mflags} all selinux %check # The check doesnt run on koji as it requires network @@ -84,6 +101,8 @@ make %{?_smp_mflags} %make_install mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d install -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit +install -d %{buildroot}%{_datadir}/selinux/targeted +install -p -m 644 cockpit.pp %{buildroot}%{_datadir}/selinux/targeted/ rm -f %{buildroot}/%{_libdir}/cockpit/*.so rm -f %{buildroot}%{_sysconfdir}/dbus-1/system.d/com.redhat.Cockpit.DBusTests.Test.conf rm -f %{buildroot}%{_unitdir}/cockpit-testing.service @@ -92,7 +111,6 @@ rm -f %{buildroot}%{_unitdir}/test-server.service rm -f %{buildroot}%{_unitdir}/test-server.socket rm -rf %{buildroot}%{_datadir}/cockpit-test-assets - %files %doc AUTHORS COPYING README.md %doc %{_mandir}/man5/cockpit.conf.5.gz @@ -118,6 +136,10 @@ rm -rf %{buildroot}%{_datadir}/cockpit-test-assets %files assets %{_datadir}/%{name} +%files selinux-policy +%defattr(-,root,root,0755) +%{_datadir}/selinux/targeted/cockpit.pp + %pre getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws getent group cockpit-user-admin >/dev/null || groupadd -r cockpit-user-admin @@ -136,8 +158,24 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true %postun %systemd_postun_with_restart cockpit.socket +%post selinux-policy +/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/cockpit.pp &> /dev/null || : +/sbin/fixfiles -R cockpit restore || : +/sbin/fixfiles -R cockpit-test-assets restore || : +/sbin/restorecon -R %{_sharedstatedir}/%{name} || : + +%postun selinux-policy +if [ $1 -eq 0 ] ; then + /usr/sbin/semodule -s targeted -r cockpit &> /dev/null || : + /sbin/fixfiles -R cockpit-selinux-policy restore || : + [ -d %{_sharedstatedir}/%{name} ] && \ + /sbin/restorecon -R %{_sharedstatedir}/%{name} &> /dev/null || : +fi %changelog +* Wed Jul 23 2014 Stef Walter 0.16-3 +- Distribute our own selinux policy rhbz#1110758 + * Tue Jul 22 2014 Stef Walter 0.16-2 - Refer to cockpit.socket in scriptlets rhbz#1110764