From 1118c441f2dd79fe2ff24a34ffb8c29b8250482a Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 1 Dec 2016 15:44:42 +0100 Subject: [PATCH] - New firewalld-selinux sub package delivering the SELinux policy module for firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573) (RHBZ#1394569) - New firewalld release 0.4.4.2: - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem - firewall.core.fw_nm: create NMClient lazily - Do not use hard-coded path for modinfo, use autofoo to detect it - firewall.core.io.ifcfg: Dropped invalid option warning with bad format string - firewall.core.io.ifcfg: Properly handle quoted ifcfg values - firewall.core.fw_zone: Do not reset ZONE with ifdown - Updated translations from zanata - firewall-config: Extra grid at bottom to visualize firewalld settings --- .gitignore | 2 ++ firewalld.spec | 96 +++++++++++++++++++++++++++++++++++++++++++++++++- sources | 3 +- 3 files changed, 99 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 471692f..531de79 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,5 @@ /firewalld-0.4.3.2.tar.bz2 /firewalld-0.4.3.3.tar.bz2 /firewalld-0.4.4.1.tar.bz2 +/firewalld-0.4.4.2.tar.bz2 +/firewalld-selinux-0.4.4.1.tar diff --git a/firewalld.spec b/firewalld.spec index 5d8bf80..0a285da 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -5,9 +5,29 @@ %endif %endif +# firewalld-selinux +%global selinuxtype targeted +%global moduletype services +%global modulenames firewalld +%global selinux_subpackage 0 +%if 0%{?fedora} >= 23 +%global selinux_subpackage 1 +%global selinux_policyver 3.13.1-128.6 +%endif #0%{?fedora} >= 23 +%if 0%{?rhel} >= 7 +%global selinux_subpackage 1 +%global selinux_policyver 3.13.1-89 +%endif #0%{?rhel} >= 7 +# Usage: _format var format +# Expand 'modulenames' into various formats as needed +# Format must contain '$x' somewhere to do anything useful +%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; +# Relabel files +%global relabel_files() %{_sbindir}/restorecon -RF %{_sysconfdir}/firewalld %{_prefix}/lib/firewalld >& /dev/null || : + Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld -Version: 0.4.4.1 +Version: 0.4.4.2 Release: 1%{?dist} URL: http://www.firewalld.org License: GPLv2+ @@ -16,6 +36,7 @@ Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2 Source1: FedoraServer.xml Source2: FedoraWorkstation.xml %endif +Source3: firewalld-selinux-0.4.4.1.tar %if 0%{?fedora} Patch0: firewalld-0.2.6-MDNS-default.patch %endif @@ -56,6 +77,9 @@ Conflicts: selinux-policy < 3.13.1-199 Conflicts: selinux-policy < 3.13.1-89 Conflicts: squid < 7:3.5.10-1 %endif +%if 0%{?selinux_subpackage} +Requires: firewalld-selinux = %{version}-%{release} +%endif #0%{?selinux_subpackage} %if 0%{?fedora} > 21 Provides: variant_config(Server) @@ -107,6 +131,18 @@ Summary: Firewalld directory layout and rpm macros This package provides directories and rpm macros which are required by other packages that add firewalld configuration files. +%if 0%{?selinux_subpackage} +%package -n firewalld-selinux +Summary: SELinux policy module for firewalld +Requires(post): selinux-policy-base >= %{selinux_policyver} +Requires(post): selinux-policy-targeted >= %{selinux_policyver} +Requires(post): policycoreutils, policycoreutils-python, libselinux-utils +BuildRequires: selinux-policy, selinux-policy-devel + +%description -n firewalld-selinux +SELinux policy module for firewalld +%endif #0%{?selinux_subpackage} + %package -n firewall-applet Summary: Firewall panel applet Requires: %{name} = %{version}-%{release} @@ -149,6 +185,7 @@ firewalld. %if 0%{?fedora} %patch0 -p1 %endif +tar -xvf %{SOURCE3} %if 0%{?with_python3} rm -rf %{py3dir} @@ -165,6 +202,10 @@ sed -i 's|/usr/bin/python|%{__python3}|' %{py3dir}/config/lockdown-whitelist.xml # regenerate them # make %{?_smp_mflags} +%if 0%{?selinux_subpackage} +make -C config/selinux SHARE="%{_datadir}" TARGETS="%{modulenames}" +%endif + %if 0%{?with_python3} pushd %{py3dir} %configure --enable-sysconfig --enable-rpmmacros PYTHON=%{__python3} @@ -188,6 +229,18 @@ make -C src install-nobase_dist_pythonDATA PYTHON=%{__python3} DESTDIR=%{buildro popd %endif #0%{?with_python3} +# Install SELinux interfaces +%_format INTERFACES config/selinux/$x.if +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} +install -p -m 644 $INTERFACES \ + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} + +# Install policy modules +%_format MODULES config/selinux/$x.pp.bz2 +install -d %{buildroot}%{_datadir}/selinux/packages +install -m 0644 $MODULES \ + %{buildroot}%{_datadir}/selinux/packages + desktop-file-install --delete-original \ --dir %{buildroot}%{_sysconfdir}/xdg/autostart \ %{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop @@ -230,6 +283,25 @@ rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.poli %postun %systemd_postun_with_restart firewalld.service +%if 0%{?selinux_subpackage} +%post -n firewalld-selinux +%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 +%{_sbindir}/semodule -n -s %{selinuxtype} -i $MODULES +if %{_sbindir}/selinuxenabled ; then + %{_sbindir}/load_policy + %relabel_files +fi + +%postun -n firewalld-selinux +if [ $1 -eq 0 ]; then + %{_sbindir}/semodule -n -r %{modulenames} >& /dev/null || : + if %{_sbindir}/selinuxenabled ; then + %{_sbindir}/load_policy + %relabel_files + fi +fi +%endif + %if 0%{?fedora} > 21 %posttrans # If we don't yet have a symlink or existing file for firewalld.conf, @@ -385,6 +457,13 @@ fi %dir %{_prefix}/lib/firewalld/xmlschema %{_rpmconfigdir}/macros.d/macros.firewalld +%if 0%{?selinux_subpackage} +%files -n firewalld-selinux +%defattr(-,root,root,0755) +%attr(0644,root,root) %{_datadir}/selinux/packages/*.pp.bz2 +%attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/*.if +%endif + %files -n firewall-applet %{_bindir}/firewall-applet %defattr(0644,root,root) @@ -407,6 +486,21 @@ fi %{_mandir}/man1/firewall-config*.1* %changelog +* Thu Dec 1 2016 Thomas Woerner - 0.4.4.2-1 +- New firewalld-selinux sub package delivering the SELinux policy module for + firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573) + (RHBZ#1394569) +- New firewalld release 0.4.4.2: + - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem + - firewall.core.fw_nm: create NMClient lazily + - Do not use hard-coded path for modinfo, use autofoo to detect it + - firewall.core.io.ifcfg: Dropped invalid option warning with bad format + string + - firewall.core.io.ifcfg: Properly handle quoted ifcfg values + - firewall.core.fw_zone: Do not reset ZONE with ifdown + - Updated translations from zanata + - firewall-config: Extra grid at bottom to visualize firewalld settings + * Wed Nov 9 2016 Thomas Woerner - 0.4.4.1-1 - firewall-config: Use proper source check in sourceDialog (fixes issue#162) - firewallctl: New support for helpers diff --git a/sources b/sources index d081081..533163e 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -57aaca12bcea9436aada394468aae154 firewalld-0.4.4.1.tar.bz2 +d47ca0e9b940c8911863caa228732acd firewalld-0.4.4.2.tar.bz2 +54e9235552ce4d9b1700acd2066a2b03 firewalld-selinux-0.4.4.1.tar