dd new restorecond service

This commit is contained in:
Dan Walsh 2011-07-05 17:18:12 -04:00
parent 759501823b
commit 8dbd4d49f6
3 changed files with 50 additions and 22 deletions

View File

@ -2177,7 +2177,7 @@ index 0000000..eeb2218
+and +and
+.I Thomas Liu <tliu@fedoraproject.org> +.I Thomas Liu <tliu@fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index ec692e7..ff61262 100644 index ec692e7..e3fa6bd 100644
--- a/policycoreutils/sandbox/seunshare.c --- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c
@@ -1,28 +1,35 @@ @@ -1,28 +1,35 @@
@ -2683,7 +2683,7 @@ index ec692e7..ff61262 100644
+ +
+ rc = 0; + rc = 0;
+err: +err:
+ fclose(fp) + fclose(fp);
+ free(str); + free(str);
+ free(mem); + free(mem);
+ free(cgroupname); + free(cgroupname);

View File

@ -23,6 +23,7 @@ Source7: selinux-polgengui.console
Source8: policycoreutils_man_ru2.tar.bz2 Source8: policycoreutils_man_ru2.tar.bz2
Source9: semanage-bash-completion.sh Source9: semanage-bash-completion.sh
Patch: policycoreutils-rhat.patch Patch: policycoreutils-rhat.patch
Source10: restorecond.service
Patch1: policycoreutils-po.patch Patch1: policycoreutils-po.patch
Patch3: policycoreutils-gui.patch Patch3: policycoreutils-gui.patch
Patch4: policycoreutils-sepolgen.patch Patch4: policycoreutils-sepolgen.patch
@ -36,9 +37,11 @@ BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libse
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
BuildRequires: python-devel BuildRequires: python-devel
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
BuildRequires: systemd-units
Requires: libsepol >= %{libsepolver} coreutils checkpolicy libselinux-utils >= %{libselinuxver} Requires: libsepol >= %{libsepolver} coreutils checkpolicy libselinux-utils >= %{libselinuxver}
Requires(post): /sbin/chkconfig Requires(post): systemd-units systemd-sysv chkconfig
Requires(preun): /sbin/service /sbin/chkconfig Requires(preun): systemd-units /sbin/service
Requires(postun): systemd-units
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description %description
@ -71,7 +74,7 @@ make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optfla
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
mkdir -p %{buildroot}/etc/rc.d/init.d mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
mkdir -p %{buildroot}/var/lib/selinux mkdir -p %{buildroot}/var/lib/selinux
mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_sbindir}
@ -87,6 +90,11 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/ cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
# Systemd
mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
@ -302,7 +310,6 @@ rm -rf %{buildroot}
%package restorecond %package restorecond
Summary: SELinux restorecond utilities Summary: SELinux restorecond utilities
Group: System Environment/Base Group: System Environment/Base
Requires(post): /sbin/chkconfig
%description restorecond %description restorecond
The policycoreutils-restorecond package contains the restorecond service. The policycoreutils-restorecond package contains the restorecond service.
@ -310,38 +317,47 @@ The policycoreutils-restorecond package contains the restorecond service.
%files restorecond %files restorecond
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_sbindir}/restorecond %{_sbindir}/restorecond
%attr(755,root,root) /etc/rc.d/init.d/restorecond %{_unitdir}/restorecond.service
%config(noreplace) /etc/selinux/restorecond.conf %config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
%config(noreplace) /etc/selinux/restorecond_user.conf %config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
%{_sysconfdir}/xdg/autostart/restorecond.desktop %{_sysconfdir}/xdg/autostart/restorecond.desktop
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service %{_datadir}/dbus-1/services/org.selinux.Restorecond.service
%{_mandir}/man8/restorecond.8* %{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8* %{_mandir}/ru/man8/restorecond.8*
%preun restorecond
if [ $1 -eq 0 ]; then
/sbin/service restorecond stop > /dev/null 2>&1
/sbin/chkconfig --del restorecond
fi
exit 0
%post restorecond %post restorecond
/sbin/chkconfig --add restorecond if [ $1 -eq 1 ] ; then
exit 0 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi
%preun restorecond
if [ $1 = 0 ]; then
/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
fi
%postun restorecond %postun restorecond
if [ "$1" -ge "1" ]; then /bin/systemctl daemon-reload >/dev/null 2>&1 || :
[ -x /sbin/service ] && /sbin/service restorecond condrestart > /dev/null if [ $1 -ge 1 ] ; then
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
fi fi
exit 0
%triggerun -- restorecond < 2.0.86-13
%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
/bin/systemctl enable restorecond.service >/dev/null 2>&1
/sbin/chkconfig --del restorecond >/dev/null 2>&1 || :
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Mon Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-15 * Mon Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise - Add -C option to sandbox and seunshare to maintain capabilities, otherwise
the bounding set will be dropped. the bounding set will be dropped.
- Change --cgroups short name -c rather then -C for consistancy - Change --cgroups short name -c rather then -C for consistancy
- Fix memory and fd leaks in seunshare - Fix memory and fd leaks in seunshare
* Wed Jun 29 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.0.86-15
- Introduce systemd unit file for restorecond drop SysV support
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14 * Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14
- Do not drop capability bounding set in seunshare, this allows sandbox to - Do not drop capability bounding set in seunshare, this allows sandbox to
- run setuid apps. - run setuid apps.

12
restorecond.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Restorecon maintaining path file context
After=syslog.target
ConditionPathExists=/etc/selinux/restorecond.conf
[Service]
Type=oneshot
ExecStart=/usr/sbin/restorecond
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target