Change semanage to produce proper audit records for Common Criteria
- Cleanup packaging for usrmove
This commit is contained in:
parent
132b0f633b
commit
662a1ad3a8
@ -261,6 +261,31 @@ index c493e98..a084e0e 100644
|
|||||||
/* assume fsuid==ruid after this point */
|
/* assume fsuid==ruid after this point */
|
||||||
setfsuid(uid);
|
setfsuid(uid);
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
|
||||||
|
index 17ad6ca..fe6427c 100644
|
||||||
|
--- a/policycoreutils/scripts/Makefile
|
||||||
|
+++ b/policycoreutils/scripts/Makefile
|
||||||
|
@@ -1,7 +1,8 @@
|
||||||
|
# Installation directories.
|
||||||
|
PREFIX ?= $(DESTDIR)/usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
-SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
+USRSBINDIR ?= $(PREFIX)/sbin
|
||||||
|
+SBINDIR ?= $(DESTDIR)/sbin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
LOCALEDIR ?= /usr/share/locale
|
||||||
|
|
||||||
|
@@ -10,8 +11,8 @@ all: fixfiles genhomedircon chcat
|
||||||
|
install: all
|
||||||
|
-mkdir -p $(BINDIR)
|
||||||
|
install -m 755 chcat $(BINDIR)
|
||||||
|
- install -m 755 fixfiles $(DESTDIR)/sbin
|
||||||
|
- install -m 755 genhomedircon $(SBINDIR)
|
||||||
|
+ install -m 755 fixfiles $(SBINDIR)
|
||||||
|
+ install -m 755 genhomedircon $(USRSBINDIR)
|
||||||
|
-mkdir -p $(MANDIR)/man8
|
||||||
|
install -m 644 fixfiles.8 $(MANDIR)/man8/
|
||||||
|
install -m 644 genhomedircon.8 $(MANDIR)/man8/
|
||||||
diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
|
diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
|
||||||
index ab696a7..58b19cd 100644
|
index ab696a7..58b19cd 100644
|
||||||
--- a/policycoreutils/scripts/genhomedircon
|
--- a/policycoreutils/scripts/genhomedircon
|
||||||
|
@ -71,11 +71,6 @@ context.
|
|||||||
%patch3 -p1 -b .gui
|
%patch3 -p1 -b .gui
|
||||||
%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
|
%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
|
||||||
|
|
||||||
sed -i 's#$(DESTDIR)/sbin#$(SBINDIR)#g' scripts/Makefile
|
|
||||||
|
|
||||||
#FIXME
|
|
||||||
sed -i 's#.*ln -sf /sbin/load_policy.*##g' load_policy/Makefile
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||||
make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||||
@ -192,6 +187,7 @@ The policycoreutils-sandbox package contains the scripts to create graphical san
|
|||||||
|
|
||||||
%files sandbox
|
%files sandbox
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
|
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
|
||||||
%{_datadir}/sandbox/sandboxX.sh
|
%{_datadir}/sandbox/sandboxX.sh
|
||||||
%{_datadir}/sandbox/start
|
%{_datadir}/sandbox/start
|
||||||
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||||
@ -283,7 +279,6 @@ rm -rf %{buildroot}
|
|||||||
%{_bindir}/semodule_link
|
%{_bindir}/semodule_link
|
||||||
%{_bindir}/semodule_package
|
%{_bindir}/semodule_package
|
||||||
%{_bindir}/semodule_unpackage
|
%{_bindir}/semodule_unpackage
|
||||||
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
|
|
||||||
%config(noreplace) %{_sysconfdir}/pam.d/run_init
|
%config(noreplace) %{_sysconfdir}/pam.d/run_init
|
||||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||||
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
|
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
|
||||||
@ -339,30 +334,31 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
|
|
||||||
%post restorecond
|
%post restorecond
|
||||||
if [ $1 -eq 1 ] ; then
|
if [ $1 -eq 1 ] ; then
|
||||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%preun restorecond
|
%preun restorecond
|
||||||
if [ $1 = 0 ]; then
|
if [ $1 = 0 ]; then
|
||||||
/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
|
/usr/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
|
||||||
/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
|
/usr/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun restorecond
|
%postun restorecond
|
||||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
if [ $1 -ge 1 ] ; then
|
if [ $1 -ge 1 ] ; then
|
||||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
/usr/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%triggerun -- restorecond < 2.0.86-13
|
%triggerun -- restorecond < 2.0.86-13
|
||||||
%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
|
%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
|
||||||
/bin/systemctl enable restorecond.service >/dev/null 2>&1
|
%{_bindir}/systemctl enable restorecond.service >/dev/null 2>&1
|
||||||
/sbin/chkconfig --del restorecond >/dev/null 2>&1 || :
|
%{_sbindir}/chkconfig --del restorecond >/dev/null 2>&1 || :
|
||||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jan 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
|
* Fri Jan 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
|
||||||
- Change semanage to produce proper audit records for Common Criteria
|
- Change semanage to produce proper audit records for Common Criteria
|
||||||
|
- Cleanup packaging for usrmove
|
||||||
|
|
||||||
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 2.1.10-16
|
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 2.1.10-16
|
||||||
- fixed load_policy location
|
- fixed load_policy location
|
||||||
|
Loading…
Reference in New Issue
Block a user