diff --git a/.gitignore b/.gitignore index 0d02b0b..5596aaf 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /memcached-1.5.8.tar.gz +/memcached-selinux-1.0.tar.gz diff --git a/memcached.spec b/memcached.spec index 001ebbf..5525652 100644 --- a/memcached.spec +++ b/memcached.spec @@ -2,10 +2,15 @@ %define groupname memcached %bcond_without sasl %bcond_with seccomp +%global selinuxtype targeted +%global selinuxmoduletype contrib +%global selinuxmodulename memcached +%global selinuxmodulever 1.0 +%global selinuxmoduledir %{selinuxmodulename}-selinux-%{selinuxmodulever} Name: memcached Version: 1.5.8 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 0 Summary: High Performance, Distributed Memory Object Cache @@ -14,6 +19,8 @@ License: BSD URL: https://www.memcached.org/ Source0: https://www.memcached.org/files/%{name}-%{version}.tar.gz Source1: memcached.sysconfig +# SELinux policy sources: https://pagure.io/memcached-selinux/tree/master +Source2: https://pagure.io/memcached-selinux/raw/master/f/%{selinuxmoduledir}.tar.gz Patch1: memcached-unit.patch @@ -40,8 +47,21 @@ Requires: %{name} = %{epoch}:%{version}-%{release} Install memcached-devel if you are developing C/C++ applications that require access to the memcached binary include files. +%package selinux +Summary: Selinux policy module +Group: System Environment/Base +License: GPLv2 +BuildRequires: selinux-policy +%{?selinux_requires} + +%description selinux +Install memcached-selinux to ensure your system contains the latest SELinux policy +optimised for use with this version of memcached. + %prep -%setup -q +# Unpack memcached sources into memcached-X.X.X directory +# and SELinux policy sources into memcached-selinux-X.X +%setup -q -b 2 %patch1 -p1 -b .unit %build @@ -51,6 +71,10 @@ access to the memcached binary include files. make %{?_smp_mflags} +pushd ../%{selinuxmoduledir} +make +popd + %check # disable testing as it is unreliable on build systems exit 0 @@ -83,6 +107,14 @@ install -Dp -m0644 scripts/memcached.service \ # Default configs install -Dp -m0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} +# install SELinux policy module +pushd ../%{selinuxmoduledir} +install -d %{buildroot}%{_datadir}/selinux/packages +install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{selinuxmoduletype} +# Not installing memcached.if - interface file from selinux-policy-devel will be used +# see. "Independant product policy" documentation for more details +install -m 0644 %{selinuxmodulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages +popd %pre getent group %{groupname} >/dev/null || groupadd -r %{groupname} @@ -91,10 +123,15 @@ useradd -r -g %{groupname} -d /run/memcached \ -s /sbin/nologin -c "Memcached daemon" %{username} exit 0 +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} %post %systemd_post memcached.service +%post selinux +# install selinux policy module with priority 200 to override the default policy +%selinux_modules_install -s %{selinuxtype} -p 200 %{_datadir}/selinux/packages/%{selinuxmodulename}.pp.bz2 &> /dev/null %preun %systemd_preun memcached.service @@ -103,6 +140,13 @@ exit 0 %postun %systemd_postun_with_restart memcached.service +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{selinuxmodulename} +fi + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} &> /dev/null %files %doc AUTHORS ChangeLog COPYING NEWS README.md doc/CONTRIBUTORS doc/*.txt @@ -117,7 +161,16 @@ exit 0 %files devel %{_includedir}/memcached/* +%files selinux +%defattr(-,root,root,0755) +%attr(0644,root,root) %{_datadir}/selinux/packages/%{selinuxmodulename}.pp.bz2 +%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{selinuxmodulename} +%license COPYING + %changelog +* Tue Jun 05 2018 Vit Mojzis - 0:1.5.8-2 +- add "selinux" subpackage containing SELinux policy module + * Fri May 25 2018 Miroslav Lichvar - 0:1.5.8-1 - update to 1.5.8 - use system CFLAGS and LDFLAGS diff --git a/sources b/sources index 5a50f26..4f33874 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (memcached-1.5.8.tar.gz) = 6f0e3ce9cae3e424c41223597353b9520e7e7f97fb4719a5d520dfd34e1d917d4ee0e42bced0a5799042227b80bc4ed2778715a71b9941239db13cb367bdb088 +SHA512 (memcached-selinux-1.0.tar.gz) = 0b1f65c2f45fe15d45f470cd42c8164865d4f667cca5a2139098fdc41afa52ac867cf8edf360c8f59b878e2e41a07edd6673162f097ad9be079cffa1ddecdea5