- Added Paul Howorth patch to only load policy packages shipped with this

package - Allow pidof from initrc to ptrace higher level domains - Allow firstboot to communicate with hal via dbus
2006-07-26 17:58:28 +00:00 · 2006-07-26 17:58:28 +00:00 · 9554c945c3
parent 9d77b6b4f0
commit 9554c945c3
1 changed files with 15 additions and 5 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -68,6 +68,9 @@ SELinux Policy development package
 %{_usr}/share/selinux/devel/policygentool
 %{_usr}/share/selinux/devel/example.*
 %attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
+%dir %{_usr}/share/selinux/targeted
+%dir %{_usr}/share/selinux/strict
+%dir %{_usr}/share/selinux/mls

 %define setupCmds() \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 bare \
@ -75,6 +78,9 @@ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic}
 cp -f ${RPM_SOURCE_DIR}/modules-%1.conf  ./policy/modules.conf \
 cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \

+%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
+awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf )
+
 %define installCmds() \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 base.pp \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 modules \
@ -101,7 +107,6 @@ ln -sf ../devel/include %{buildroot}%{_usr}/share/selinux/%1 \

 %define fileList() \
 %defattr(-,root,root) \
-%dir %{_usr}/share/selinux/%1 \
 %{_usr}/share/selinux/%1/*.pp \
 %dir %{_sysconfdir}/selinux/%1 \
 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
@ -140,8 +145,7 @@ fi

 %define rebuildpolicy() \
 ( cd /usr/share/selinux/%1; \
-x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`; \
-semodule -b base.pp $x -s %1; \
+semodule -b base.pp %{expand:%%moduleList %1} -s %1; \
 );\
 rm -f %{_sysconfdir}/selinux/%1/policy/policy.*.rpmnew

@ -170,6 +174,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
 touch %{buildroot}%{_sysconfdir}/selinux/config
 touch %{buildroot}%{_sysconfdir}/sysconfig/selinux

+# Always create policy module package directories
+mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,strict,mls}/
+
 # Install devel
 make clean
 make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=%3 install-headers install-docs
@ -333,7 +340,7 @@ x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`
 semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict

 %triggerpostun strict -- strict <= 2.0.7
-%{rebuildpolicy} strict 
+%rebuildpolicy strict 

 %files strict
 %fileList strict
@ -341,8 +348,11 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif

 %changelog
-* Tue Jul 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
+* Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
+- Added Paul Howorth patch to only load policy packages shipped 
+  with this package
 - Allow pidof from initrc to ptrace higher level domains
+- Allow firstboot to communicate with hal via dbus

 * Mon Jul 24 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-10
 - Add policy for /var/run/ldapi