From 9554c945c30e883f36504bed701ed529d33a0cec Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Wed, 26 Jul 2006 17:58:28 +0000
Subject: [PATCH] - Added Paul Howorth patch to only load policy packages
 shipped with this     package - Allow pidof from initrc to ptrace higher
 level domains - Allow firstboot to communicate with hal via dbus

---
 selinux-policy.spec | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 288f2a08..d9c25377 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -68,6 +68,9 @@ SELinux Policy development package
 %{_usr}/share/selinux/devel/policygentool
 %{_usr}/share/selinux/devel/example.*
 %attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
+%dir %{_usr}/share/selinux/targeted
+%dir %{_usr}/share/selinux/strict
+%dir %{_usr}/share/selinux/mls
 
 %define setupCmds() \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 bare \
@@ -75,6 +78,9 @@ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic}
 cp -f ${RPM_SOURCE_DIR}/modules-%1.conf  ./policy/modules.conf \
 cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
 
+%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
+awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf )
+
 %define installCmds() \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 base.pp \
 make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 modules \
@@ -101,7 +107,6 @@ ln -sf ../devel/include %{buildroot}%{_usr}/share/selinux/%1 \
 
 %define fileList() \
 %defattr(-,root,root) \
-%dir %{_usr}/share/selinux/%1 \
 %{_usr}/share/selinux/%1/*.pp \
 %dir %{_sysconfdir}/selinux/%1 \
 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
@@ -140,8 +145,7 @@ fi
 
 %define rebuildpolicy() \
 ( cd /usr/share/selinux/%1; \
-x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`; \
-semodule -b base.pp $x -s %1; \
+semodule -b base.pp %{expand:%%moduleList %1} -s %1; \
 );\
 rm -f %{_sysconfdir}/selinux/%1/policy/policy.*.rpmnew
 
@@ -170,6 +174,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
 touch %{buildroot}%{_sysconfdir}/selinux/config
 touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
 
+# Always create policy module package directories
+mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,strict,mls}/
+
 # Install devel
 make clean
 make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=%3 install-headers install-docs
@@ -333,7 +340,7 @@ x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`
 semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict
 
 %triggerpostun strict -- strict <= 2.0.7
-%{rebuildpolicy} strict 
+%rebuildpolicy strict 
 
 %files strict
 %fileList strict
@@ -341,8 +348,11 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
-* Tue Jul 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
+* Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
+- Added Paul Howorth patch to only load policy packages shipped 
+  with this package
 - Allow pidof from initrc to ptrace higher level domains
+- Allow firstboot to communicate with hal via dbus
 
 * Mon Jul 24 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-10
 - Add policy for /var/run/ldapi