- Remove Multiple spec
- Add include - Fix makefile to not call per_role_expansion
This commit is contained in:
Daniel J Walsh
parent
4b4392dd08
commit
6115689216
@ -26259,7 +26259,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.12/policy/modules/system/libraries.fc
|
||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
|
||||
+++ serefpolicy-3.5.12/policy/modules/system/libraries.fc 2008-10-15 08:59:49.000000000 -0400
|
||||
+++ serefpolicy-3.5.12/policy/modules/system/libraries.fc 2008-10-16 10:30:51.000000000 -0400
|
||||
@@ -60,12 +61,15 @@
|
||||
#
|
||||
# /opt
|
||||
@ -26286,15 +26286,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@@ -123,6 +128,7 @@
|
||||
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/ati-fglrx/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@@ -133,6 +139,7 @@
|
||||
@@ -133,6 +138,7 @@
|
||||
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -26302,7 +26294,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
@@ -168,7 +175,8 @@
|
||||
@@ -168,7 +174,8 @@
|
||||
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
|
||||
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
|
||||
/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -26312,7 +26304,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@@ -187,6 +195,7 @@
|
||||
@@ -187,6 +194,7 @@
|
||||
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -26320,7 +26312,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@@ -246,7 +255,7 @@
|
||||
@@ -246,7 +254,7 @@
|
||||
|
||||
# Flash plugin, Macromedia
|
||||
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -26329,7 +26321,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@@ -267,6 +276,8 @@
|
||||
@@ -267,6 +275,8 @@
|
||||
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
|
||||
@ -26338,7 +26330,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# Java, Sun Microsystems (JPackage SRPM)
|
||||
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@@ -291,6 +302,8 @@
|
||||
@@ -291,6 +301,8 @@
|
||||
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -26347,7 +26339,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
') dnl end distro_redhat
|
||||
|
||||
#
|
||||
@@ -310,3 +323,15 @@
|
||||
@@ -310,3 +322,15 @@
|
||||
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
|
||||
@ -32078,3 +32070,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
-')
|
||||
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.12/support/Makefile.devel
|
||||
--- nsaserefpolicy/support/Makefile.devel 2008-08-07 11:15:14.000000000 -0400
|
||||
+++ serefpolicy-3.5.12/support/Makefile.devel 2008-10-16 10:33:22.000000000 -0400
|
||||
@@ -181,7 +181,7 @@
|
||||
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
|
||||
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
|
||||
@test -d $(@D) || mkdir -p $(@D)
|
||||
- $(call peruser-expansion,$(basename $(@F)),$@.role)
|
||||
+# $(call peruser-expansion,$(basename $(@F)),$@.role)
|
||||
$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
||||
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.5.12
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -91,6 +91,9 @@ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
|
||||
make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \
|
||||
cp -f $RPM_SOURCE_DIR/modules-%1.conf ./policy/modules.conf \
|
||||
cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
|
||||
# Always create policy module package directories
|
||||
mkdir -p %{buildroot}%{_usr}/share/selinux/%1
|
||||
ln -s %{_usr}/share/selinux/devel/include %{buildroot}%{_usr}/share/selinux/%1/include
|
||||
|
||||
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
|
||||
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf )
|
||||
@ -124,6 +127,7 @@ bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp
|
||||
%defattr(-,root,root) \
|
||||
%dir %{_usr}/share/selinux/%1 \
|
||||
%{_usr}/share/selinux/%1/*.pp.bz2 \
|
||||
%{_usr}/share/selinux/%1/include \
|
||||
%dir %{_sysconfdir}/selinux/%1 \
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
|
||||
%ghost %{_sysconfdir}/selinux/%1/seusers \
|
||||
@ -213,9 +217,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
|
||||
touch %{buildroot}%{_sysconfdir}/selinux/config
|
||||
touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
|
||||
|
||||
# Always create policy module package directories
|
||||
mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls}/
|
||||
|
||||
# Install devel
|
||||
make clean
|
||||
%if %{BUILD_TARGETED}
|
||||
@ -460,6 +461,11 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Oct 16 2008 Dan Walsh <dwalsh@redhat.com> 3.5.12-3
|
||||
- Remove Multiple spec
|
||||
- Add include
|
||||
- Fix makefile to not call per_role_expansion
|
||||
|
||||
* Wed Oct 15 2008 Dan Walsh <dwalsh@redhat.com> 3.5.12-2
|
||||
- Fix labeling of libGL
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user