Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration.

This commit is contained in:
Miroslav Grepl 2015-07-15 18:05:45 +02:00 committed by Petr Lautrbach
parent a345bb5a25
commit 57b06e2ca9
3 changed files with 63 additions and 112 deletions

View File

@ -92,13 +92,6 @@ userdomain = module
# #
files = base files = base
# Layer: system
# Module: miscfiles
#
# Miscelaneous files.
#
miscfiles = module
# Module: filesystem # Module: filesystem
# Required in base # Required in base
# #
@ -176,20 +169,6 @@ auditadm = module
# #
logadm = module logadm = module
# Layer: role
# Module: logadm
#
# logadm account on tty logins
#
logadm = module
# Layer:role
# Module: sysadm_secadm
#
# System Administrator with Security Admin rules
#
sysadm_secadm = module
# Layer: role # Layer: role
# Module: secadm # Module: secadm
# #
@ -351,13 +330,6 @@ miscfiles = module
# #
modutils = module modutils = module
# Layer: services
# Module: automount
#
# Filesystem automounter service.
#
automount = module
# Layer: system # Layer: system
# Module: mount # Module: mount
# #
@ -406,11 +378,3 @@ systemd = module
# Policy for udev. # Policy for udev.
# #
udev = module udev = module
# Layer: system
# Module: userdomain
#
# Policy for user domains
#
userdomain = module

View File

@ -117,13 +117,6 @@ awstats = module
# #
bind = module bind = module
# Layer: services
# Module: rpcbind
#
# universal addresses to RPC program number mapper
#
rpcbind = module
# Layer: services # Layer: services
# Module: bitlbee # Module: bitlbee
# #
@ -495,13 +488,6 @@ fprintd = module
# #
ftp = module ftp = module
# Layer: services
# Module: tftp
#
# Trivial file transfer protocol daemon
#
tftp = module
# Layer: apps # Layer: apps
# Module: games # Module: games
# #
@ -537,13 +523,6 @@ glance = module
# #
gnome = module gnome = module
# Layer: apps
# Module: gpg
#
# Policy for GNU Privacy Guard and related programs.
#
gpg = module
# Layer: apps # Layer: apps
# Module: gpg # Module: gpg
# #
@ -579,13 +558,6 @@ gssproxy = module
# #
guest = module guest = module
# Layer: role
# Module: xguest
#
# Minimally privs guest account on X Windows logins
#
xguest = module
# Layer: services # Layer: services
# Module: i18n_input # Module: i18n_input
# #
@ -607,13 +579,6 @@ inetd = module
# #
inn = module inn = module
# Layer: services
# Module: lircd
#
# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
#
lircd = module
# Layer: apps # Layer: apps
# Module: irc # Module: irc
# #
@ -670,13 +635,6 @@ kerberos = module
# #
kismet = module kismet = module
# Layer: services
# Module: ksmtuned
#
# Kernel Samepage Merging (KSM) Tuning Daemon
#
ksmtuned = module
# Layer: services # Layer: services
# Module: ktalk # Module: ktalk
# #
@ -1041,11 +999,6 @@ prelink = module
unprivuser = module unprivuser = module
# Layer: services
# Module: prelude
#
prelude = module
# Layer: services # Layer: services
# Module: privoxy # Module: privoxy
# #
@ -1431,13 +1384,6 @@ timidity = off
# #
tmpreaper = module tmpreaper = module
# Layer: apps
# Module: cpufreqselector
#
# cpufreqselector executable
#
cpufreqselector = module
# Layer: services # Layer: services
# Module: tor # Module: tor
# #
@ -1529,13 +1475,6 @@ virt = module
# #
vmware = module vmware = module
# Layer: services
# Module: openvpn
#
# Policy for OPENVPN full-featured SSL VPN solution
#
openvpn = module
# Layer: contrib # Layer: contrib
# Module: openvswitch # Module: openvswitch
# #

View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.13.1 Version: 3.13.1
Release: 137%{?dist}.1 Release: 138%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -273,7 +273,6 @@ fi;
%define postInstall() \ %define postInstall() \
. %{_sysconfdir}/selinux/config; \ . %{_sysconfdir}/selinux/config; \
(cd /etc/selinux/%2/modules/active/modules; rm -f vbetool.pp l2tpd.pp shutdown.pp amavis.pp clamav.pp gnomeclock.pp nsplugin.pp matahari.pp xfs.pp kudzu.pp kerneloops.pp execmem.pp openoffice.pp ada.pp tzdata.pp hal.pp hotplug.pp howl.pp java.pp mono.pp moilscanner.pp gamin.pp audio_entropy.pp audioentropy.pp iscsid.pp polkit_auth.pp polkit.pp rtkit_daemon.pp ModemManager.pp telepathysofiasip.pp ethereal.pp passanger.pp qemu.pp qpidd.pp pyzor.pp razor.pp pki-selinux.pp phpfpm.pp consoletype.pp ctdbd.pp fcoemon.pp isnsd.pp rgmanager.pp corosync.pp aisexec.pp pacemaker.pp pkcsslotd.pp smstools.pp ) \
if [ -e /etc/selinux/%2/.rebuild ]; then \ if [ -e /etc/selinux/%2/.rebuild ]; then \
rm /etc/selinux/%2/.rebuild; \ rm /etc/selinux/%2/.rebuild; \
/usr/sbin/semodule -B -n -s %2; \ /usr/sbin/semodule -B -n -s %2; \
@ -475,17 +474,22 @@ exit 0
restorecon -R -p /home restorecon -R -p /home
exit 0 exit 0
%triggerpostun targeted -- selinux-policy-targeted < 3.13.1-137.1 %triggerpostun targeted -- selinux-policy-targeted < 3.13.1-138
set -x CR=$'\n'
INPUT=""
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*disabled`; do for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*disabled`; do
module=`basename $i | sed 's/.pp.disabled//'` module=`basename $i | sed 's/.pp.disabled//'`
if [ -d /var/lib/selinux/targeted/active/modules/100/$module ]; then if [ -d /var/lib/selinux/targeted/active/modules/100/$module ]; then
semodule -d $module touch /var/lib/selinux/targeted/active/modules/disabled/$p
fi fi
done done
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*.pp`; do for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*.pp`; do
semodule -i $i INPUT="${INPUT}${CR}module -N -a $i"
done done
echo "$INPUT" | %{_sbindir}/semanage import -S targeted -N
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
fi
exit 0 exit 0
%files targeted -f %{buildroot}/%{_usr}/share/selinux/targeted/nonbasemodules.lst %files targeted -f %{buildroot}/%{_usr}/share/selinux/targeted/nonbasemodules.lst
@ -518,18 +522,21 @@ SELinux Reference policy minimum base module.
%pre minimum %pre minimum
%preInstall minimum %preInstall minimum
if [ $1 -ne 1 ]; then if [ $1 -ne 1 ]; then
/usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ if ($3 != "Disabled") print $1; }' > /usr/share/selinux/minimum/instmodules.lst /usr/sbin/semodule -s minimum --list-modules=full | awk '{ if ($4 != "disabled") print $2; }' > /usr/share/selinux/minimum/instmodules.lst
fi fi
%post minimum %post minimum
contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst` contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
basepackages=`cat /usr/share/selinux/minimum/modules-base.lst` basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
if [ ! -d /var/lib/selinux/minimum/active/modules/disabled ]; then
mkdir /var/lib/selinux/minimum/active/modules/disabled
fi
if [ $1 -eq 1 ]; then if [ $1 -eq 1 ]; then
for p in $contribpackages; do for p in $contribpackages; do
touch /etc/selinux/minimum/modules/active/modules/$p.disabled touch /var/lib/selinux/minimum/active/modules/disabled/$p
done done
for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do for p in $basepackages apache dbus inetd kerberos mta nis; do
rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled rm -f /var/lib/selinux/minimum/active/modules/disabled/$p
done done
/usr/sbin/semanage import -S minimum -f - << __eof /usr/sbin/semanage import -S minimum -f - << __eof
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
@ -540,16 +547,37 @@ __eof
else else
instpackages=`cat /usr/share/selinux/minimum/instmodules.lst` instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
for p in $contribpackages; do for p in $contribpackages; do
touch /etc/selinux/minimum/modules/active/modules/$p.disabled touch /var/lib/selinux/minimum/active/modules/disabled/$p
done done
for p in $instpackages apache dbus inetd kerberos mta nis; do for p in $instpackages apache dbus inetd kerberos mta nis; do
rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled rm -f /var/lib/selinux/minimum/active/modules/disabled/$p
done done
/usr/sbin/semodule -B -s minimum /usr/sbin/semodule -B -s minimum
%relabel minimum %relabel minimum
fi fi
exit 0 exit 0
%triggerpostun minimum -- selinux-policy-minimum < 3.13.1-138
if [ `ls -A /var/lib/selinux/minimum/active/modules/disabled/` ]; then
rm -f /var/lib/selinux/minimum/active/modules/disabled/*
fi
CR=$'\n'
INPUT=""
for i in `find /etc/selinux/minimum/modules/active/modules/ -name \*disabled`; do
module=`basename $i | sed 's/.pp.disabled//'`
if [ -d /var/lib/selinux/minimum/active/modules/100/$module ]; then
touch /var/lib/selinux/minimum/active/modules/disabled/$p
fi
done
for i in `find /etc/selinux/minimum/modules/active/modules/ -name \*.pp`; do
INPUT="${INPUT}${CR}module -N -a $i"
done
echo "$INPUT" | %{_sbindir}/semanage import -S minimum -N
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
fi
exit 0
%files minimum -f %{buildroot}/%{_usr}/share/selinux/minimum/nonbasemodules.lst %files minimum -f %{buildroot}/%{_usr}/share/selinux/minimum/nonbasemodules.lst
%defattr(-,root,root,-) %defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
@ -585,6 +613,26 @@ SELinux Reference policy mls base module.
%post mls %post mls
%postInstall $1 mls %postInstall $1 mls
%triggerpostun mls -- selinux-policy-mls < 3.13.1-138
CR=$'\n'
INPUT=""
for i in `find /etc/selinux/mls/modules/active/modules/ -name \*disabled`; do
module=`basename $i | sed 's/.pp.disabled//'`
if [ -d /var/lib/selinux/mls/active/modules/100/$module ]; then
touch /var/lib/selinux/mls/active/modules/disabled/$p
fi
done
for i in `find /etc/selinux/mls/modules/active/modules/ -name \*.pp`; do
INPUT="${INPUT}${CR}module -N -a $i"
done
echo "$INPUT" | %{_sbindir}/semanage import -S mls -N
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
fi
exit 0
%files mls -f %{buildroot}/%{_usr}/share/selinux/mls/nonbasemodules.lst %files mls -f %{buildroot}/%{_usr}/share/selinux/mls/nonbasemodules.lst
%defattr(-,root,root,-) %defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u %config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u