rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Change semanage to produce proper audit records for Common Criteria

Browse Source 
- Cleanup packaging for usrmove
This commit is contained in:
Dan Walsh 2012-01-27 14:09:12 -05:00
parent 132b0f633b
commit 662a1ad3a8
2 changed files with 35 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
policycoreutils-rhat.patch
View File

@ -261,6 +261,31 @@ index c493e98..a084e0e 100644
/* assume fsuid==ruid after this point */ /* assume fsuid==ruid after this point */
setfsuid(uid); setfsuid(uid);
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
index 17ad6ca..fe6427c 100644
--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
@@ -1,7 +1,8 @@
# Installation directories.
PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
-SBINDIR ?= $(PREFIX)/sbin
+USRSBINDIR ?= $(PREFIX)/sbin
+SBINDIR ?= $(DESTDIR)/sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -10,8 +11,8 @@ all: fixfiles genhomedircon chcat
install: all
-mkdir -p $(BINDIR)
install -m 755 chcat $(BINDIR)
- install -m 755 fixfiles $(DESTDIR)/sbin
- install -m 755 genhomedircon $(SBINDIR)
+ install -m 755 fixfiles $(SBINDIR)
+ install -m 755 genhomedircon $(USRSBINDIR)
-mkdir -p $(MANDIR)/man8
install -m 644 fixfiles.8 $(MANDIR)/man8/
install -m 644 genhomedircon.8 $(MANDIR)/man8/
diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
index ab696a7..58b19cd 100644 index ab696a7..58b19cd 100644
--- a/policycoreutils/scripts/genhomedircon --- a/policycoreutils/scripts/genhomedircon

24
policycoreutils.spec
View File

@ -71,11 +71,6 @@ context.
%patch3 -p1 -b .gui %patch3 -p1 -b .gui
%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver} %patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
sed -i 's#$(DESTDIR)/sbin#$(SBINDIR)#g' scripts/Makefile
#FIXME
sed -i 's#.*ln -sf /sbin/load_policy.*##g' load_policy/Makefile
%build %build
make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
@ -192,6 +187,7 @@ The policycoreutils-sandbox package contains the scripts to create graphical san
%files sandbox %files sandbox
%defattr(-,root,root,-) %defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
%{_datadir}/sandbox/sandboxX.sh %{_datadir}/sandbox/sandboxX.sh
%{_datadir}/sandbox/start %{_datadir}/sandbox/start
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
@ -283,7 +279,6 @@ rm -rf %{buildroot}
%{_bindir}/semodule_link %{_bindir}/semodule_link
%{_bindir}/semodule_package %{_bindir}/semodule_package
%{_bindir}/semodule_unpackage %{_bindir}/semodule_unpackage
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
%config(noreplace) %{_sysconfdir}/pam.d/run_init %config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them # selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
@ -339,30 +334,31 @@ The policycoreutils-restorecond package contains the restorecond service.
%post restorecond %post restorecond
if [ $1 -eq 1 ] ; then if [ $1 -eq 1 ] ; then
/bin/systemctl daemon-reload >/dev/null 2>&1 || : /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi fi
%preun restorecond %preun restorecond
if [ $1 = 0 ]; then if [ $1 = 0 ]; then
/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || : /usr/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
/bin/systemctl stop restorecond.service > /dev/null 2>&1 || : /usr/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
fi fi
%postun restorecond %postun restorecond
/bin/systemctl daemon-reload >/dev/null 2>&1 || : /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then if [ $1 -ge 1 ] ; then
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : /usr/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
fi fi
%triggerun -- restorecond < 2.0.86-13 %triggerun -- restorecond < 2.0.86-13
%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||: %{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
/bin/systemctl enable restorecond.service >/dev/null 2>&1 %{_bindir}/systemctl enable restorecond.service >/dev/null 2>&1
/sbin/chkconfig --del restorecond >/dev/null 2>&1 || : %{_sbindir}/chkconfig --del restorecond >/dev/null 2>&1 || :
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Fri Jan 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17 * Fri Jan 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
- Change semanage to produce proper audit records for Common Criteria - Change semanage to produce proper audit records for Common Criteria
- Cleanup packaging for usrmove
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 2.1.10-16 * Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 2.1.10-16
- fixed load_policy location - fixed load_policy location