rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add fixes for selinux-policy packages to reflect the latest changes related to policy module store migration.

Browse Source
This commit is contained in:
Miroslav Grepl 2015-07-15 18:05:45 +02:00 committed by Petr Lautrbach
parent a345bb5a25
commit 57b06e2ca9
3 changed files with 63 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
modules-mls-base.conf
View File

@ -92,13 +92,6 @@ userdomain = module
#
files = base
# Layer: system
# Module: miscfiles
#
# Miscelaneous files.
#
miscfiles = module
# Module: filesystem
# Required in base
#
@ -176,20 +169,6 @@ auditadm = module
#
logadm = module
# Layer: role
# Module: logadm
#
# logadm account on tty logins
#
logadm = module
# Layer:role
# Module: sysadm_secadm
#
# System Administrator with Security Admin rules
#
sysadm_secadm = module
# Layer: role
# Module: secadm
#
@ -351,13 +330,6 @@ miscfiles = module
#
modutils = module
# Layer: services
# Module: automount
#
# Filesystem automounter service.
#
automount = module
# Layer: system
# Module: mount
#
@ -406,11 +378,3 @@ systemd = module
# Policy for udev.
#
udev = module
# Layer: system
# Module: userdomain
#
# Policy for user domains
#
userdomain = module

61
modules-mls-contrib.conf
View File

@ -117,13 +117,6 @@ awstats = module
#
bind = module
# Layer: services
# Module: rpcbind
#
# universal addresses to RPC program number mapper
#
rpcbind = module
# Layer: services
# Module: bitlbee
#
@ -495,13 +488,6 @@ fprintd = module
#
ftp = module
# Layer: services
# Module: tftp
#
# Trivial file transfer protocol daemon
#
tftp = module
# Layer: apps
# Module: games
#
@ -537,13 +523,6 @@ glance = module
#
gnome = module
# Layer: apps
# Module: gpg
#
# Policy for GNU Privacy Guard and related programs.
#
gpg = module
# Layer: apps
# Module: gpg
#
@ -579,13 +558,6 @@ gssproxy = module
#
guest = module
# Layer: role
# Module: xguest
#
# Minimally privs guest account on X Windows logins
#
xguest = module
# Layer: services
# Module: i18n_input
#
@ -607,13 +579,6 @@ inetd = module
#
inn = module
# Layer: services
# Module: lircd
#
# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
#
lircd = module
# Layer: apps
# Module: irc
#
@ -670,13 +635,6 @@ kerberos = module
#
kismet = module
# Layer: services
# Module: ksmtuned
#
# Kernel Samepage Merging (KSM) Tuning Daemon
#
ksmtuned = module
# Layer: services
# Module: ktalk
#
@ -1041,11 +999,6 @@ prelink = module
unprivuser = module
# Layer: services
# Module: prelude
#
prelude = module
# Layer: services
# Module: privoxy
#
@ -1431,13 +1384,6 @@ timidity = off
#
tmpreaper = module
# Layer: apps
# Module: cpufreqselector
#
# cpufreqselector executable
#
cpufreqselector = module
# Layer: services
# Module: tor
#
@ -1529,13 +1475,6 @@ virt = module
#
vmware = module
# Layer: services
# Module: openvpn
#
# Policy for OPENVPN full-featured SSL VPN solution
#
openvpn = module
# Layer: contrib
# Module: openvswitch
#

78
selinux-policy.spec
View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
Release: 137%{?dist}.1
Release: 138%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -273,7 +273,6 @@ fi;
%define postInstall() \
. %{_sysconfdir}/selinux/config; \
(cd /etc/selinux/%2/modules/active/modules; rm -f vbetool.pp l2tpd.pp shutdown.pp amavis.pp clamav.pp gnomeclock.pp nsplugin.pp matahari.pp xfs.pp kudzu.pp kerneloops.pp execmem.pp openoffice.pp ada.pp tzdata.pp hal.pp hotplug.pp howl.pp java.pp mono.pp moilscanner.pp gamin.pp audio_entropy.pp audioentropy.pp iscsid.pp polkit_auth.pp polkit.pp rtkit_daemon.pp ModemManager.pp telepathysofiasip.pp ethereal.pp passanger.pp qemu.pp qpidd.pp pyzor.pp razor.pp pki-selinux.pp phpfpm.pp consoletype.pp ctdbd.pp fcoemon.pp isnsd.pp rgmanager.pp corosync.pp aisexec.pp pacemaker.pp pkcsslotd.pp smstools.pp ) \
if [ -e /etc/selinux/%2/.rebuild ]; then \
rm /etc/selinux/%2/.rebuild; \
/usr/sbin/semodule -B -n -s %2; \
@ -475,17 +474,22 @@ exit 0
restorecon -R -p /home
exit 0
%triggerpostun targeted -- selinux-policy-targeted < 3.13.1-137.1
set -x
%triggerpostun targeted -- selinux-policy-targeted < 3.13.1-138
CR=$'\n'
INPUT=""
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*disabled`; do
module=`basename $i | sed 's/.pp.disabled//'`
if [ -d /var/lib/selinux/targeted/active/modules/100/$module ]; then
semodule -d $module
fi
module=`basename $i | sed 's/.pp.disabled//'`
if [ -d /var/lib/selinux/targeted/active/modules/100/$module ]; then
touch /var/lib/selinux/targeted/active/modules/disabled/$p
fi
done
for i in `find /etc/selinux/targeted/modules/active/modules/ -name \*.pp`; do
semodule -i $i
INPUT="${INPUT}${CR}module -N -a $i"
done
echo "$INPUT" | %{_sbindir}/semanage import -S targeted -N
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
fi
exit 0
%files targeted -f %{buildroot}/%{_usr}/share/selinux/targeted/nonbasemodules.lst
@ -518,18 +522,21 @@ SELinux Reference policy minimum base module.
%pre minimum
%preInstall minimum
if [ $1 -ne 1 ]; then
/usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ if ($3 != "Disabled") print $1; }' > /usr/share/selinux/minimum/instmodules.lst
/usr/sbin/semodule -s minimum --list-modules=full | awk '{ if ($4 != "disabled") print $2; }' > /usr/share/selinux/minimum/instmodules.lst
fi
%post minimum
contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
if [ ! -d /var/lib/selinux/minimum/active/modules/disabled ]; then
mkdir /var/lib/selinux/minimum/active/modules/disabled
fi
if [ $1 -eq 1 ]; then
for p in $contribpackages; do
touch /etc/selinux/minimum/modules/active/modules/$p.disabled
touch /var/lib/selinux/minimum/active/modules/disabled/$p
done
for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do
rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
for p in $basepackages apache dbus inetd kerberos mta nis; do
rm -f /var/lib/selinux/minimum/active/modules/disabled/$p
done
/usr/sbin/semanage import -S minimum -f - << __eof
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
@ -540,16 +547,37 @@ __eof
else
instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
for p in $contribpackages; do
touch /etc/selinux/minimum/modules/active/modules/$p.disabled
touch /var/lib/selinux/minimum/active/modules/disabled/$p
done
for p in $instpackages apache dbus inetd kerberos mta nis; do
rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled
rm -f /var/lib/selinux/minimum/active/modules/disabled/$p
done
/usr/sbin/semodule -B -s minimum
%relabel minimum
fi
exit 0
%triggerpostun minimum -- selinux-policy-minimum < 3.13.1-138
if [ `ls -A /var/lib/selinux/minimum/active/modules/disabled/` ]; then
rm -f /var/lib/selinux/minimum/active/modules/disabled/*
fi
CR=$'\n'
INPUT=""
for i in `find /etc/selinux/minimum/modules/active/modules/ -name \*disabled`; do
module=`basename $i | sed 's/.pp.disabled//'`
if [ -d /var/lib/selinux/minimum/active/modules/100/$module ]; then
touch /var/lib/selinux/minimum/active/modules/disabled/$p
fi
done
for i in `find /etc/selinux/minimum/modules/active/modules/ -name \*.pp`; do
INPUT="${INPUT}${CR}module -N -a $i"
done
echo "$INPUT" | %{_sbindir}/semanage import -S minimum -N
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
fi
exit 0
%files minimum -f %{buildroot}/%{_usr}/share/selinux/minimum/nonbasemodules.lst
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
@ -585,6 +613,26 @@ SELinux Reference policy mls base module.
%post mls
%postInstall $1 mls
%triggerpostun mls -- selinux-policy-mls < 3.13.1-138
CR=$'\n'
INPUT=""
for i in `find /etc/selinux/mls/modules/active/modules/ -name \*disabled`; do
module=`basename $i | sed 's/.pp.disabled//'`
if [ -d /var/lib/selinux/mls/active/modules/100/$module ]; then
touch /var/lib/selinux/mls/active/modules/disabled/$p
fi
done
for i in `find /etc/selinux/mls/modules/active/modules/ -name \*.pp`; do
INPUT="${INPUT}${CR}module -N -a $i"
done
echo "$INPUT" | %{_sbindir}/semanage import -S mls -N
if /usr/sbin/selinuxenabled ; then
/usr/sbin/load_policy
fi
exit 0
%files mls -f %{buildroot}/%{_usr}/share/selinux/mls/nonbasemodules.lst
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u