- New firewalld-selinux sub package delivering the SELinux policy module for

firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573) (RHBZ#1394569) - New firewalld release 0.4.4.2: - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem - firewall.core.fw_nm: create NMClient lazily - Do not use hard-coded path for modinfo, use autofoo to detect it - firewall.core.io.ifcfg: Dropped invalid option warning with bad format string - firewall.core.io.ifcfg: Properly handle quoted ifcfg values - firewall.core.fw_zone: Do not reset ZONE with ifdown - Updated translations from zanata - firewall-config: Extra grid at bottom to visualize firewalld settings
2016-12-01 15:44:42 +01:00 · 2016-12-01 15:44:42 +01:00 · 1118c441f2
commit 1118c441f2
parent e49b9a8f35
3 changed files with 99 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -42,3 +42,5 @@
 /firewalld-0.4.3.2.tar.bz2
 /firewalld-0.4.3.3.tar.bz2
 /firewalld-0.4.4.1.tar.bz2
+/firewalld-0.4.4.2.tar.bz2
+/firewalld-selinux-0.4.4.1.tar
--- a/firewalld.spec
+++ b/firewalld.spec
@ -5,9 +5,29 @@
 %endif
 %endif

+# firewalld-selinux
+%global selinuxtype	targeted
+%global moduletype	services
+%global modulenames	firewalld
+%global selinux_subpackage 0
+%if 0%{?fedora} >= 23
+%global selinux_subpackage 1
+%global selinux_policyver 3.13.1-128.6
+%endif #0%{?fedora} >= 23
+%if 0%{?rhel} >= 7
+%global selinux_subpackage 1
+%global selinux_policyver 3.13.1-89
+%endif #0%{?rhel} >= 7
+# Usage: _format var format
+#   Expand 'modulenames' into various formats as needed
+#   Format must contain '$x' somewhere to do anything useful
+%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
+# Relabel files
+%global relabel_files() %{_sbindir}/restorecon -RF %{_sysconfdir}/firewalld %{_prefix}/lib/firewalld >& /dev/null || :
+
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.4.4.1
+Version: 0.4.4.2
 Release: 1%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
@ -16,6 +36,7 @@ Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
 %endif
+Source3: firewalld-selinux-0.4.4.1.tar
 %if 0%{?fedora}
 Patch0: firewalld-0.2.6-MDNS-default.patch
 %endif
@ -56,6 +77,9 @@ Conflicts: selinux-policy < 3.13.1-199
 Conflicts: selinux-policy < 3.13.1-89
 Conflicts: squid < 7:3.5.10-1
 %endif
+%if 0%{?selinux_subpackage}
+Requires: firewalld-selinux  = %{version}-%{release}
+%endif #0%{?selinux_subpackage}

 %if 0%{?fedora} > 21
 Provides: variant_config(Server)
@ -107,6 +131,18 @@ Summary: Firewalld directory layout and rpm macros
 This package provides directories and rpm macros which
 are required by other packages that add firewalld configuration files.

+%if 0%{?selinux_subpackage}
+%package -n firewalld-selinux
+Summary: SELinux policy module for firewalld
+Requires(post): selinux-policy-base >= %{selinux_policyver}
+Requires(post): selinux-policy-targeted >= %{selinux_policyver}
+Requires(post): policycoreutils, policycoreutils-python, libselinux-utils
+BuildRequires: selinux-policy, selinux-policy-devel
+
+%description -n firewalld-selinux
+SELinux policy module for firewalld
+%endif #0%{?selinux_subpackage}
+
 %package -n firewall-applet
 Summary: Firewall panel applet
 Requires: %{name} = %{version}-%{release}
@ -149,6 +185,7 @@ firewalld.
 %if 0%{?fedora}
 %patch0 -p1
 %endif
+tar -xvf %{SOURCE3}

 %if 0%{?with_python3}
 rm -rf %{py3dir}
@ -165,6 +202,10 @@ sed -i 's|/usr/bin/python|%{__python3}|' %{py3dir}/config/lockdown-whitelist.xml
 # regenerate them
 # make %{?_smp_mflags}

+%if 0%{?selinux_subpackage}
+make -C config/selinux SHARE="%{_datadir}" TARGETS="%{modulenames}"
+%endif
+
 %if 0%{?with_python3}
 pushd %{py3dir}
 %configure --enable-sysconfig --enable-rpmmacros PYTHON=%{__python3}
@ -188,6 +229,18 @@ make -C src install-nobase_dist_pythonDATA PYTHON=%{__python3} DESTDIR=%{buildro
 popd
 %endif #0%{?with_python3}

+# Install SELinux interfaces
+%_format INTERFACES config/selinux/$x.if
+install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 $INTERFACES \
+    %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+
+# Install policy modules
+%_format MODULES config/selinux/$x.pp.bz2
+install -d %{buildroot}%{_datadir}/selinux/packages
+install -m 0644 $MODULES \
+    %{buildroot}%{_datadir}/selinux/packages
+
 desktop-file-install --delete-original \
  --dir %{buildroot}%{_sysconfdir}/xdg/autostart \
  %{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
@ -230,6 +283,25 @@ rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.poli
 %postun
 %systemd_postun_with_restart firewalld.service 

+%if 0%{?selinux_subpackage}
+%post -n firewalld-selinux
+%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
+%{_sbindir}/semodule -n -s %{selinuxtype} -i $MODULES
+if %{_sbindir}/selinuxenabled ; then
+    %{_sbindir}/load_policy
+    %relabel_files
+fi
+
+%postun -n firewalld-selinux
+if [ $1 -eq 0 ]; then
+    %{_sbindir}/semodule -n -r %{modulenames} >& /dev/null || :
+    if %{_sbindir}/selinuxenabled ; then
+        %{_sbindir}/load_policy
+        %relabel_files
+    fi
+fi
+%endif
+
 %if 0%{?fedora} > 21
 %posttrans
 # If we don't yet have a symlink or existing file for firewalld.conf,
@ -385,6 +457,13 @@ fi
 %dir %{_prefix}/lib/firewalld/xmlschema
 %{_rpmconfigdir}/macros.d/macros.firewalld

+%if 0%{?selinux_subpackage}
+%files -n firewalld-selinux
+%defattr(-,root,root,0755)
+%attr(0644,root,root) %{_datadir}/selinux/packages/*.pp.bz2
+%attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/*.if
+%endif
+
 %files -n firewall-applet
 %{_bindir}/firewall-applet
 %defattr(0644,root,root)
@ -407,6 +486,21 @@ fi
 %{_mandir}/man1/firewall-config*.1*

 %changelog
+* Thu Dec  1 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.4.2-1
+- New firewalld-selinux sub package delivering the SELinux policy module for
+  firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573)
+  (RHBZ#1394569)
+- New firewalld release 0.4.4.2:
+  - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem
+  - firewall.core.fw_nm: create NMClient lazily
+  - Do not use hard-coded path for modinfo, use autofoo to detect it
+  - firewall.core.io.ifcfg: Dropped invalid option warning with bad format
+    string
+  - firewall.core.io.ifcfg: Properly handle quoted ifcfg values
+  - firewall.core.fw_zone: Do not reset ZONE with ifdown
+  - Updated translations from zanata
+  - firewall-config: Extra grid at bottom to visualize firewalld settings
+
 * Wed Nov  9 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.4.1-1
 - firewall-config: Use proper source check in sourceDialog (fixes issue#162)
 - firewallctl: New support for helpers
--- a/3
+++ b/3
@ -1 +1,2 @@
-57aaca12bcea9436aada394468aae154  firewalld-0.4.4.1.tar.bz2
+d47ca0e9b940c8911863caa228732acd  firewalld-0.4.4.2.tar.bz2
+54e9235552ce4d9b1700acd2066a2b03  firewalld-selinux-0.4.4.1.tar