dd new restorecond service
This commit is contained in:
parent
759501823b
commit
8dbd4d49f6
@ -2177,7 +2177,7 @@ index 0000000..eeb2218
|
|||||||
+and
|
+and
|
||||||
+.I Thomas Liu <tliu@fedoraproject.org>
|
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||||
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
|
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
|
||||||
index ec692e7..ff61262 100644
|
index ec692e7..e3fa6bd 100644
|
||||||
--- a/policycoreutils/sandbox/seunshare.c
|
--- a/policycoreutils/sandbox/seunshare.c
|
||||||
+++ b/policycoreutils/sandbox/seunshare.c
|
+++ b/policycoreutils/sandbox/seunshare.c
|
||||||
@@ -1,28 +1,35 @@
|
@@ -1,28 +1,35 @@
|
||||||
@ -2683,7 +2683,7 @@ index ec692e7..ff61262 100644
|
|||||||
+
|
+
|
||||||
+ rc = 0;
|
+ rc = 0;
|
||||||
+err:
|
+err:
|
||||||
+ fclose(fp)
|
+ fclose(fp);
|
||||||
+ free(str);
|
+ free(str);
|
||||||
+ free(mem);
|
+ free(mem);
|
||||||
+ free(cgroupname);
|
+ free(cgroupname);
|
||||||
|
@ -23,6 +23,7 @@ Source7: selinux-polgengui.console
|
|||||||
Source8: policycoreutils_man_ru2.tar.bz2
|
Source8: policycoreutils_man_ru2.tar.bz2
|
||||||
Source9: semanage-bash-completion.sh
|
Source9: semanage-bash-completion.sh
|
||||||
Patch: policycoreutils-rhat.patch
|
Patch: policycoreutils-rhat.patch
|
||||||
|
Source10: restorecond.service
|
||||||
Patch1: policycoreutils-po.patch
|
Patch1: policycoreutils-po.patch
|
||||||
Patch3: policycoreutils-gui.patch
|
Patch3: policycoreutils-gui.patch
|
||||||
Patch4: policycoreutils-sepolgen.patch
|
Patch4: policycoreutils-sepolgen.patch
|
||||||
@ -36,9 +37,11 @@ BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libse
|
|||||||
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
||||||
BuildRequires: python-devel
|
BuildRequires: python-devel
|
||||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
||||||
|
BuildRequires: systemd-units
|
||||||
Requires: libsepol >= %{libsepolver} coreutils checkpolicy libselinux-utils >= %{libselinuxver}
|
Requires: libsepol >= %{libsepolver} coreutils checkpolicy libselinux-utils >= %{libselinuxver}
|
||||||
Requires(post): /sbin/chkconfig
|
Requires(post): systemd-units systemd-sysv chkconfig
|
||||||
Requires(preun): /sbin/service /sbin/chkconfig
|
Requires(preun): systemd-units /sbin/service
|
||||||
|
Requires(postun): systemd-units
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -71,7 +74,7 @@ make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optfla
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
mkdir -p %{buildroot}/etc/rc.d/init.d
|
mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
|
||||||
mkdir -p %{buildroot}/var/lib/selinux
|
mkdir -p %{buildroot}/var/lib/selinux
|
||||||
mkdir -p %{buildroot}%{_bindir}
|
mkdir -p %{buildroot}%{_bindir}
|
||||||
mkdir -p %{buildroot}%{_sbindir}
|
mkdir -p %{buildroot}%{_sbindir}
|
||||||
@ -87,6 +90,11 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
|
|||||||
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
|
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
|
||||||
|
|
||||||
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||||
|
# Systemd
|
||||||
|
mkdir -p %{buildroot}%{_unitdir}
|
||||||
|
install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
|
||||||
|
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
|
||||||
|
|
||||||
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||||
|
|
||||||
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
|
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
|
||||||
@ -302,7 +310,6 @@ rm -rf %{buildroot}
|
|||||||
%package restorecond
|
%package restorecond
|
||||||
Summary: SELinux restorecond utilities
|
Summary: SELinux restorecond utilities
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Requires(post): /sbin/chkconfig
|
|
||||||
|
|
||||||
%description restorecond
|
%description restorecond
|
||||||
The policycoreutils-restorecond package contains the restorecond service.
|
The policycoreutils-restorecond package contains the restorecond service.
|
||||||
@ -310,38 +317,47 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%files restorecond
|
%files restorecond
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%{_sbindir}/restorecond
|
%{_sbindir}/restorecond
|
||||||
%attr(755,root,root) /etc/rc.d/init.d/restorecond
|
%{_unitdir}/restorecond.service
|
||||||
%config(noreplace) /etc/selinux/restorecond.conf
|
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
|
||||||
%config(noreplace) /etc/selinux/restorecond_user.conf
|
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
|
||||||
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
||||||
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
|
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
|
||||||
%{_mandir}/man8/restorecond.8*
|
%{_mandir}/man8/restorecond.8*
|
||||||
%{_mandir}/ru/man8/restorecond.8*
|
%{_mandir}/ru/man8/restorecond.8*
|
||||||
|
|
||||||
%preun restorecond
|
|
||||||
if [ $1 -eq 0 ]; then
|
|
||||||
/sbin/service restorecond stop > /dev/null 2>&1
|
|
||||||
/sbin/chkconfig --del restorecond
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
%post restorecond
|
%post restorecond
|
||||||
/sbin/chkconfig --add restorecond
|
if [ $1 -eq 1 ] ; then
|
||||||
exit 0
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%preun restorecond
|
||||||
|
if [ $1 = 0 ]; then
|
||||||
|
/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
|
||||||
|
/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
|
||||||
|
fi
|
||||||
|
|
||||||
%postun restorecond
|
%postun restorecond
|
||||||
if [ "$1" -ge "1" ]; then
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
[ -x /sbin/service ] && /sbin/service restorecond condrestart > /dev/null
|
if [ $1 -ge 1 ] ; then
|
||||||
|
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
fi
|
fi
|
||||||
exit 0
|
|
||||||
|
%triggerun -- restorecond < 2.0.86-13
|
||||||
|
%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
|
||||||
|
/bin/systemctl enable restorecond.service >/dev/null 2>&1
|
||||||
|
/sbin/chkconfig --del restorecond >/dev/null 2>&1 || :
|
||||||
|
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-15
|
* Mon Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
|
||||||
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
|
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
|
||||||
the bounding set will be dropped.
|
the bounding set will be dropped.
|
||||||
- Change --cgroups short name -c rather then -C for consistancy
|
- Change --cgroups short name -c rather then -C for consistancy
|
||||||
- Fix memory and fd leaks in seunshare
|
- Fix memory and fd leaks in seunshare
|
||||||
|
|
||||||
|
* Wed Jun 29 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.0.86-15
|
||||||
|
- Introduce systemd unit file for restorecond drop SysV support
|
||||||
|
|
||||||
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14
|
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14
|
||||||
- Do not drop capability bounding set in seunshare, this allows sandbox to
|
- Do not drop capability bounding set in seunshare, this allows sandbox to
|
||||||
- run setuid apps.
|
- run setuid apps.
|
||||||
|
12
restorecond.service
Normal file
12
restorecond.service
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Restorecon maintaining path file context
|
||||||
|
After=syslog.target
|
||||||
|
ConditionPathExists=/etc/selinux/restorecond.conf
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/sbin/restorecond
|
||||||
|
RemainAfterExit=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in New Issue
Block a user