rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

try this

Browse Source
This commit is contained in:
Nalin Dahyabhai 2005-11-15 00:01:46 +00:00
parent f852dde3c4
commit 46e7261190
1 changed files with 54 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
selinux-policy.spec
View File

@ -25,6 +25,59 @@ BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCO
Requires: policycoreutils >= %{POLICYCOREUTILSVER} Requires: policycoreutils >= %{POLICYCOREUTILSVER}
Obsoletes: policy Obsoletes: policy
%package %{polname1}
Summary: SELinux %{polname1} base policy
Group: System Environment/Base
Provides: selinux-policy-base
Obsoletes: selinux-policy-%{polname1}-sources
%description %{polname1}
SELinux Reference policy targeted base module.
%files %{polname1}
%fileList %{polname1}
%pre %{polname1}
%saveFileContext %{polname1}
%post %{polname1}
if [ ! -s /etc/selinux/config ]; then
#
# New install so we will default to targeted policy
#
echo "
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
" > /etc/selinux/config
ln -sf /etc/selinux/config /etc/sysconfig/selinux
restorecon /etc/selinux/config 2> /dev/null
else
# if first time update booleans.local needs to be copied to sandbox
[ -f /etc/selinux/%{polname1}/booleans.local ] && mv /etc/selinux/%{polname1}/booleans.local /etc/selinux/%{polname1}/modules/active/
[ -f /etc/selinux/%{polname1}/seusers ] && cp -f /etc/selinux/%{polname1}/seusers /etc/selinux/%{polname1}/modules/active/seusers
grep -q "^SETLOCALDEFS" /etc/selinux/config || echo -n "
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
">> /etc/selinux/config
fi
%rebuildpolicy %{polname1}
%relabel %{polname1}
%triggerpostun %{polname1} -- selinux-policy-%{polname1} <= 2.0.0
%rebuildpolicy %{polname1}
%define installCmds() \ %define installCmds() \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} base.pp \ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} base.pp \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} modules \ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} modules \
@ -42,8 +95,7 @@ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs
%{nil}
%define fileList() \ %define fileList() \
%defattr(-,root,root) \ %defattr(-,root,root) \
@ -117,59 +169,6 @@ make conf
%clean %clean
%{__rm} -fR $RPM_BUILD_ROOT %{__rm} -fR $RPM_BUILD_ROOT
%package %{polname1}
Summary: SELinux %{polname1} base policy
Group: System Environment/Base
Provides: selinux-policy-base
Obsoletes: selinux-policy-%{polname1}-sources
%description %{polname1}
SELinux Reference policy targeted base module.
%files %{polname1}
%fileList %{polname1}
%pre %{polname1}
%saveFileContext %{polname1}
%post %{polname1}
if [ ! -s /etc/selinux/config ]; then
#
# New install so we will default to targeted policy
#
echo "
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
" > /etc/selinux/config
ln -sf /etc/selinux/config /etc/sysconfig/selinux
restorecon /etc/selinux/config 2> /dev/null
else
# if first time update booleans.local needs to be copied to sandbox
[ -f /etc/selinux/%{polname1}/booleans.local ] && mv /etc/selinux/%{polname1}/booleans.local /etc/selinux/%{polname1}/modules/active/
[ -f /etc/selinux/%{polname1}/seusers ] && cp -f /etc/selinux/%{polname1}/seusers /etc/selinux/%{polname1}/modules/active/seusers
grep -q "^SETLOCALDEFS" /etc/selinux/config || echo -n "
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
">> /etc/selinux/config
fi
%rebuildpolicy %{polname1}
%relabel %{polname1}
%triggerpostun %{polname1} -- selinux-policy-%{polname1} <= 2.0.0
%rebuildpolicy %{polname1}
%if 0 %if 0
%package %{polname2} %package %{polname2}
Summary: SELinux %{polname2} base policy Summary: SELinux %{polname2} base policy