diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 71c8c3f..aa5b05c 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -2177,7 +2177,7 @@ index 0000000..eeb2218 +and +.I Thomas Liu diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c -index ec692e7..ff61262 100644 +index ec692e7..e3fa6bd 100644 --- a/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c @@ -1,28 +1,35 @@ @@ -2683,7 +2683,7 @@ index ec692e7..ff61262 100644 + + rc = 0; +err: -+ fclose(fp) ++ fclose(fp); + free(str); + free(mem); + free(cgroupname); diff --git a/policycoreutils.spec b/policycoreutils.spec index 1293c5d..944a90b 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -23,6 +23,7 @@ Source7: selinux-polgengui.console Source8: policycoreutils_man_ru2.tar.bz2 Source9: semanage-bash-completion.sh Patch: policycoreutils-rhat.patch +Source10: restorecond.service Patch1: policycoreutils-po.patch Patch3: policycoreutils-gui.patch Patch4: policycoreutils-sepolgen.patch @@ -36,9 +37,11 @@ BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libse BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel BuildRequires: python-devel Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed +BuildRequires: systemd-units Requires: libsepol >= %{libsepolver} coreutils checkpolicy libselinux-utils >= %{libselinuxver} -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/service /sbin/chkconfig +Requires(post): systemd-units systemd-sysv chkconfig +Requires(preun): systemd-units /sbin/service +Requires(postun): systemd-units BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %description @@ -71,7 +74,7 @@ make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optfla %install rm -rf %{buildroot} -mkdir -p %{buildroot}/etc/rc.d/init.d +mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d mkdir -p %{buildroot}/var/lib/selinux mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_sbindir} @@ -87,6 +90,11 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/ make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install +# Systemd +mkdir -p %{buildroot}%{_unitdir} +install -m644 %{SOURCE10} %{buildroot}%{_unitdir} +rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond + make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps @@ -302,7 +310,6 @@ rm -rf %{buildroot} %package restorecond Summary: SELinux restorecond utilities Group: System Environment/Base -Requires(post): /sbin/chkconfig %description restorecond The policycoreutils-restorecond package contains the restorecond service. @@ -310,38 +317,47 @@ The policycoreutils-restorecond package contains the restorecond service. %files restorecond %defattr(-,root,root,-) %{_sbindir}/restorecond -%attr(755,root,root) /etc/rc.d/init.d/restorecond -%config(noreplace) /etc/selinux/restorecond.conf -%config(noreplace) /etc/selinux/restorecond_user.conf +%{_unitdir}/restorecond.service +%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf +%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf %{_sysconfdir}/xdg/autostart/restorecond.desktop %{_datadir}/dbus-1/services/org.selinux.Restorecond.service %{_mandir}/man8/restorecond.8* %{_mandir}/ru/man8/restorecond.8* -%preun restorecond -if [ $1 -eq 0 ]; then - /sbin/service restorecond stop > /dev/null 2>&1 - /sbin/chkconfig --del restorecond -fi -exit 0 - %post restorecond -/sbin/chkconfig --add restorecond -exit 0 +if [ $1 -eq 1 ] ; then + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi + +%preun restorecond +if [ $1 = 0 ]; then + /bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || : + /bin/systemctl stop restorecond.service > /dev/null 2>&1 || : +fi %postun restorecond -if [ "$1" -ge "1" ]; then - [ -x /sbin/service ] && /sbin/service restorecond condrestart > /dev/null +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : fi -exit 0 + +%triggerun -- restorecond < 2.0.86-13 +%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||: +/bin/systemctl enable restorecond.service >/dev/null 2>&1 +/sbin/chkconfig --del restorecond >/dev/null 2>&1 || : +/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog -* Mon Jul 5 2011 Dan Walsh 2.0.86-15 +* Mon Jul 5 2011 Dan Walsh 2.0.86-16 - Add -C option to sandbox and seunshare to maintain capabilities, otherwise the bounding set will be dropped. - Change --cgroups short name -c rather then -C for consistancy - Fix memory and fd leaks in seunshare +* Wed Jun 29 2011 Jóhann B. Guðmundsson - 2.0.86-15 +- Introduce systemd unit file for restorecond drop SysV support + * Mon Jun 13 2011 Dan Walsh 2.0.86-14 - Do not drop capability bounding set in seunshare, this allows sandbox to - run setuid apps. diff --git a/restorecond.service b/restorecond.service new file mode 100644 index 0000000..11f4ffd --- /dev/null +++ b/restorecond.service @@ -0,0 +1,12 @@ +[Unit] +Description=Restorecon maintaining path file context +After=syslog.target +ConditionPathExists=/etc/selinux/restorecond.conf + +[Service] +Type=oneshot +ExecStart=/usr/sbin/restorecond +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target