- Added Paul Howorth patch to only load policy packages shipped with this

package
- Allow pidof from initrc to ptrace higher level domains
- Allow firstboot to communicate with hal via dbus
This commit is contained in:
Daniel J Walsh 2006-07-26 17:58:28 +00:00
parent 9d77b6b4f0
commit 9554c945c3

View File

@ -68,6 +68,9 @@ SELinux Policy development package
%{_usr}/share/selinux/devel/policygentool
%{_usr}/share/selinux/devel/example.*
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
%dir %{_usr}/share/selinux/targeted
%dir %{_usr}/share/selinux/strict
%dir %{_usr}/share/selinux/mls
%define setupCmds() \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 bare \
@ -75,6 +78,9 @@ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic}
cp -f ${RPM_SOURCE_DIR}/modules-%1.conf ./policy/modules.conf \
cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf )
%define installCmds() \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 base.pp \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 modules \
@ -101,7 +107,6 @@ ln -sf ../devel/include %{buildroot}%{_usr}/share/selinux/%1 \
%define fileList() \
%defattr(-,root,root) \
%dir %{_usr}/share/selinux/%1 \
%{_usr}/share/selinux/%1/*.pp \
%dir %{_sysconfdir}/selinux/%1 \
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
@ -140,8 +145,7 @@ fi
%define rebuildpolicy() \
( cd /usr/share/selinux/%1; \
x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`; \
semodule -b base.pp $x -s %1; \
semodule -b base.pp %{expand:%%moduleList %1} -s %1; \
);\
rm -f %{_sysconfdir}/selinux/%1/policy/policy.*.rpmnew
@ -170,6 +174,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
touch %{buildroot}%{_sysconfdir}/selinux/config
touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
# Always create policy module package directories
mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,strict,mls}/
# Install devel
make clean
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=%3 install-headers install-docs
@ -333,7 +340,7 @@ x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`
semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict
%triggerpostun strict -- strict <= 2.0.7
%{rebuildpolicy} strict
%rebuildpolicy strict
%files strict
%fileList strict
@ -341,8 +348,11 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
%endif
%changelog
* Tue Jul 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
* Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
- Added Paul Howorth patch to only load policy packages shipped
with this package
- Allow pidof from initrc to ptrace higher level domains
- Allow firstboot to communicate with hal via dbus
* Mon Jul 24 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-10
- Add policy for /var/run/ldapi