Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration.
This commit is contained in:
parent
a345bb5a25
commit
57b06e2ca9
@ -92,13 +92,6 @@ userdomain = module
|
|||||||
#
|
#
|
||||||
files = base
|
files = base
|
||||||
|
|
||||||
# Layer: system
|
|
||||||
# Module: miscfiles
|
|
||||||
#
|
|
||||||
# Miscelaneous files.
|
|
||||||
#
|
|
||||||
miscfiles = module
|
|
||||||
|
|
||||||
# Module: filesystem
|
# Module: filesystem
|
||||||
# Required in base
|
# Required in base
|
||||||
#
|
#
|
||||||
@ -176,20 +169,6 @@ auditadm = module
|
|||||||
#
|
#
|
||||||
logadm = module
|
logadm = module
|
||||||
|
|
||||||
# Layer: role
|
|
||||||
# Module: logadm
|
|
||||||
#
|
|
||||||
# logadm account on tty logins
|
|
||||||
#
|
|
||||||
logadm = module
|
|
||||||
|
|
||||||
# Layer:role
|
|
||||||
# Module: sysadm_secadm
|
|
||||||
#
|
|
||||||
# System Administrator with Security Admin rules
|
|
||||||
#
|
|
||||||
sysadm_secadm = module
|
|
||||||
|
|
||||||
# Layer: role
|
# Layer: role
|
||||||
# Module: secadm
|
# Module: secadm
|
||||||
#
|
#
|
||||||
@ -351,13 +330,6 @@ miscfiles = module
|
|||||||
#
|
#
|
||||||
modutils = module
|
modutils = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: automount
|
|
||||||
#
|
|
||||||
# Filesystem automounter service.
|
|
||||||
#
|
|
||||||
automount = module
|
|
||||||
|
|
||||||
# Layer: system
|
# Layer: system
|
||||||
# Module: mount
|
# Module: mount
|
||||||
#
|
#
|
||||||
@ -406,11 +378,3 @@ systemd = module
|
|||||||
# Policy for udev.
|
# Policy for udev.
|
||||||
#
|
#
|
||||||
udev = module
|
udev = module
|
||||||
|
|
||||||
# Layer: system
|
|
||||||
# Module: userdomain
|
|
||||||
#
|
|
||||||
# Policy for user domains
|
|
||||||
#
|
|
||||||
userdomain = module
|
|
||||||
|
|
||||||
|
@ -117,13 +117,6 @@ awstats = module
|
|||||||
#
|
#
|
||||||
bind = module
|
bind = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: rpcbind
|
|
||||||
#
|
|
||||||
# universal addresses to RPC program number mapper
|
|
||||||
#
|
|
||||||
rpcbind = module
|
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: bitlbee
|
# Module: bitlbee
|
||||||
#
|
#
|
||||||
@ -495,13 +488,6 @@ fprintd = module
|
|||||||
#
|
#
|
||||||
ftp = module
|
ftp = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: tftp
|
|
||||||
#
|
|
||||||
# Trivial file transfer protocol daemon
|
|
||||||
#
|
|
||||||
tftp = module
|
|
||||||
|
|
||||||
# Layer: apps
|
# Layer: apps
|
||||||
# Module: games
|
# Module: games
|
||||||
#
|
#
|
||||||
@ -537,13 +523,6 @@ glance = module
|
|||||||
#
|
#
|
||||||
gnome = module
|
gnome = module
|
||||||
|
|
||||||
# Layer: apps
|
|
||||||
# Module: gpg
|
|
||||||
#
|
|
||||||
# Policy for GNU Privacy Guard and related programs.
|
|
||||||
#
|
|
||||||
gpg = module
|
|
||||||
|
|
||||||
# Layer: apps
|
# Layer: apps
|
||||||
# Module: gpg
|
# Module: gpg
|
||||||
#
|
#
|
||||||
@ -579,13 +558,6 @@ gssproxy = module
|
|||||||
#
|
#
|
||||||
guest = module
|
guest = module
|
||||||
|
|
||||||
# Layer: role
|
|
||||||
# Module: xguest
|
|
||||||
#
|
|
||||||
# Minimally privs guest account on X Windows logins
|
|
||||||
#
|
|
||||||
xguest = module
|
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: i18n_input
|
# Module: i18n_input
|
||||||
#
|
#
|
||||||
@ -607,13 +579,6 @@ inetd = module
|
|||||||
#
|
#
|
||||||
inn = module
|
inn = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: lircd
|
|
||||||
#
|
|
||||||
# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
|
|
||||||
#
|
|
||||||
lircd = module
|
|
||||||
|
|
||||||
# Layer: apps
|
# Layer: apps
|
||||||
# Module: irc
|
# Module: irc
|
||||||
#
|
#
|
||||||
@ -670,13 +635,6 @@ kerberos = module
|
|||||||
#
|
#
|
||||||
kismet = module
|
kismet = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: ksmtuned
|
|
||||||
#
|
|
||||||
# Kernel Samepage Merging (KSM) Tuning Daemon
|
|
||||||
#
|
|
||||||
ksmtuned = module
|
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: ktalk
|
# Module: ktalk
|
||||||
#
|
#
|
||||||
@ -1041,11 +999,6 @@ prelink = module
|
|||||||
|
|
||||||
unprivuser = module
|
unprivuser = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: prelude
|
|
||||||
#
|
|
||||||
prelude = module
|
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: privoxy
|
# Module: privoxy
|
||||||
#
|
#
|
||||||
@ -1431,13 +1384,6 @@ timidity = off
|
|||||||
#
|
#
|
||||||
tmpreaper = module
|
tmpreaper = module
|
||||||
|
|
||||||
# Layer: apps
|
|
||||||
# Module: cpufreqselector
|
|
||||||
#
|
|
||||||
# cpufreqselector executable
|
|
||||||
#
|
|
||||||
cpufreqselector = module
|
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: tor
|
# Module: tor
|
||||||
#
|
#
|
||||||
@ -1529,13 +1475,6 @@ virt = module
|
|||||||
#
|
#
|
||||||
vmware = module
|
vmware = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: openvpn
|
|
||||||
#
|
|
||||||
# Policy for OPENVPN full-featured SSL VPN solution
|
|
||||||
#
|
|
||||||
openvpn = module
|
|
||||||
|
|
||||||
# Layer: contrib
|
# Layer: contrib
|
||||||
# Module: openvswitch
|
# Module: openvswitch
|
||||||
#
|
#
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 137%{?dist}.1
|
Release: 138%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -273,7 +273,6 @@ fi;
|
|||||||
|
|
||||||
%define postInstall() \
|
%define postInstall() \
|
||||||
. %{_sysconfdir}/selinux/config; \
|
. %{_sysconfdir}/selinux/config; \
|
||||||
(cd /etc/selinux/%2/modules/active/modules; rm -f vbetool.pp l2tpd.pp shutdown.pp amavis.pp clamav.pp gnomeclock.pp nsplugin.pp matahari.pp xfs.pp kudzu.pp kerneloops.pp execmem.pp openoffice.pp ada.pp tzdata.pp hal.pp hotplug.pp howl.pp java.pp mono.pp moilscanner.pp gamin.pp audio_entropy.pp audioentropy.pp iscsid.pp polkit_auth.pp polkit.pp rtkit_daemon.pp ModemManager.pp telepathysofiasip.pp ethereal.pp passanger.pp qemu.pp qpidd.pp pyzor.pp razor.pp pki-selinux.pp phpfpm.pp consoletype.pp ctdbd.pp fcoemon.pp isnsd.pp rgmanager.pp corosync.pp aisexec.pp pacemaker.pp pkcsslotd.pp smstools.pp ) \
|
|
||||||
if [ -e /etc/selinux/%2/.rebuild ]; then \
|
if [ -e /etc/selinux/%2/.rebuild ]; then \
|
||||||
rm /etc/selinux/%2/.rebuild; \
|
rm /etc/selinux/%2/.rebuild; \
|
||||||
/usr/sbin/semodule -B -n -s %2; \
|
/usr/sbin/semodule -B -n -s %2; \
|
||||||
@ -475,17 +474,22 @@ exit 0
|
|||||||
restorecon -R -p /home
|
restorecon -R -p /home
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%triggerpostun targeted -- selinux-policy-targeted < 3.13.1-137.1
|
%triggerpostun targeted -- selinux-policy-targeted < 3.13.1-138
|
||||||
set -x
|
CR=$'\n'
|
||||||
|
INPUT=""
|
||||||
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*disabled`; do
|
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*disabled`; do
|
||||||
module=`basename $i | sed 's/.pp.disabled//'`
|
module=`basename $i | sed 's/.pp.disabled//'`
|
||||||
if [ -d /var/lib/selinux/targeted/active/modules/100/$module ]; then
|
if [ -d /var/lib/selinux/targeted/active/modules/100/$module ]; then
|
||||||
semodule -d $module
|
touch /var/lib/selinux/targeted/active/modules/disabled/$p
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*.pp`; do
|
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*.pp`; do
|
||||||
semodule -i $i
|
INPUT="${INPUT}${CR}module -N -a $i"
|
||||||
done
|
done
|
||||||
|
echo "$INPUT" | %{_sbindir}/semanage import -S targeted -N
|
||||||
|
if /usr/sbin/selinuxenabled ; then
|
||||||
|
/usr/sbin/load_policy
|
||||||
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%files targeted -f %{buildroot}/%{_usr}/share/selinux/targeted/nonbasemodules.lst
|
%files targeted -f %{buildroot}/%{_usr}/share/selinux/targeted/nonbasemodules.lst
|
||||||
@ -518,18 +522,21 @@ SELinux Reference policy minimum base module.
|
|||||||
%pre minimum
|
%pre minimum
|
||||||
%preInstall minimum
|
%preInstall minimum
|
||||||
if [ $1 -ne 1 ]; then
|
if [ $1 -ne 1 ]; then
|
||||||
/usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ if ($3 != "Disabled") print $1; }' > /usr/share/selinux/minimum/instmodules.lst
|
/usr/sbin/semodule -s minimum --list-modules=full | awk '{ if ($4 != "disabled") print $2; }' > /usr/share/selinux/minimum/instmodules.lst
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%post minimum
|
%post minimum
|
||||||
contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
|
contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
|
||||||
basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
|
basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
|
||||||
|
if [ ! -d /var/lib/selinux/minimum/active/modules/disabled ]; then
|
||||||
|
mkdir /var/lib/selinux/minimum/active/modules/disabled
|
||||||
|
fi
|
||||||
if [ $1 -eq 1 ]; then
|
if [ $1 -eq 1 ]; then
|
||||||
for p in $contribpackages; do
|
for p in $contribpackages; do
|
||||||
touch /etc/selinux/minimum/modules/active/modules/$p.disabled
|
touch /var/lib/selinux/minimum/active/modules/disabled/$p
|
||||||
done
|
done
|
||||||
for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do
|
for p in $basepackages apache dbus inetd kerberos mta nis; do
|
||||||
rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
|
rm -f /var/lib/selinux/minimum/active/modules/disabled/$p
|
||||||
done
|
done
|
||||||
/usr/sbin/semanage import -S minimum -f - << __eof
|
/usr/sbin/semanage import -S minimum -f - << __eof
|
||||||
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
|
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
|
||||||
@ -540,16 +547,37 @@ __eof
|
|||||||
else
|
else
|
||||||
instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
|
instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
|
||||||
for p in $contribpackages; do
|
for p in $contribpackages; do
|
||||||
touch /etc/selinux/minimum/modules/active/modules/$p.disabled
|
touch /var/lib/selinux/minimum/active/modules/disabled/$p
|
||||||
done
|
done
|
||||||
for p in $instpackages apache dbus inetd kerberos mta nis; do
|
for p in $instpackages apache dbus inetd kerberos mta nis; do
|
||||||
rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled
|
rm -f /var/lib/selinux/minimum/active/modules/disabled/$p
|
||||||
done
|
done
|
||||||
/usr/sbin/semodule -B -s minimum
|
/usr/sbin/semodule -B -s minimum
|
||||||
%relabel minimum
|
%relabel minimum
|
||||||
fi
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
%triggerpostun minimum -- selinux-policy-minimum < 3.13.1-138
|
||||||
|
if [ `ls -A /var/lib/selinux/minimum/active/modules/disabled/` ]; then
|
||||||
|
rm -f /var/lib/selinux/minimum/active/modules/disabled/*
|
||||||
|
fi
|
||||||
|
CR=$'\n'
|
||||||
|
INPUT=""
|
||||||
|
for i in `find /etc/selinux/minimum/modules/active/modules/ -name \*disabled`; do
|
||||||
|
module=`basename $i | sed 's/.pp.disabled//'`
|
||||||
|
if [ -d /var/lib/selinux/minimum/active/modules/100/$module ]; then
|
||||||
|
touch /var/lib/selinux/minimum/active/modules/disabled/$p
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
for i in `find /etc/selinux/minimum/modules/active/modules/ -name \*.pp`; do
|
||||||
|
INPUT="${INPUT}${CR}module -N -a $i"
|
||||||
|
done
|
||||||
|
echo "$INPUT" | %{_sbindir}/semanage import -S minimum -N
|
||||||
|
if /usr/sbin/selinuxenabled ; then
|
||||||
|
/usr/sbin/load_policy
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
|
||||||
%files minimum -f %{buildroot}/%{_usr}/share/selinux/minimum/nonbasemodules.lst
|
%files minimum -f %{buildroot}/%{_usr}/share/selinux/minimum/nonbasemodules.lst
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
|
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
|
||||||
@ -585,6 +613,26 @@ SELinux Reference policy mls base module.
|
|||||||
%post mls
|
%post mls
|
||||||
%postInstall $1 mls
|
%postInstall $1 mls
|
||||||
|
|
||||||
|
|
||||||
|
%triggerpostun mls -- selinux-policy-mls < 3.13.1-138
|
||||||
|
CR=$'\n'
|
||||||
|
INPUT=""
|
||||||
|
for i in `find /etc/selinux/mls/modules/active/modules/ -name \*disabled`; do
|
||||||
|
module=`basename $i | sed 's/.pp.disabled//'`
|
||||||
|
if [ -d /var/lib/selinux/mls/active/modules/100/$module ]; then
|
||||||
|
touch /var/lib/selinux/mls/active/modules/disabled/$p
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
for i in `find /etc/selinux/mls/modules/active/modules/ -name \*.pp`; do
|
||||||
|
INPUT="${INPUT}${CR}module -N -a $i"
|
||||||
|
done
|
||||||
|
echo "$INPUT" | %{_sbindir}/semanage import -S mls -N
|
||||||
|
if /usr/sbin/selinuxenabled ; then
|
||||||
|
/usr/sbin/load_policy
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
|
||||||
%files mls -f %{buildroot}/%{_usr}/share/selinux/mls/nonbasemodules.lst
|
%files mls -f %{buildroot}/%{_usr}/share/selinux/mls/nonbasemodules.lst
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u
|
%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u
|
||||||
|
Loading…
Reference in New Issue
Block a user