- Added Paul Howorth patch to only load policy packages shipped with this
package - Allow pidof from initrc to ptrace higher level domains - Allow firstboot to communicate with hal via dbus
This commit is contained in:
parent
9d77b6b4f0
commit
9554c945c3
@ -68,6 +68,9 @@ SELinux Policy development package
|
|||||||
%{_usr}/share/selinux/devel/policygentool
|
%{_usr}/share/selinux/devel/policygentool
|
||||||
%{_usr}/share/selinux/devel/example.*
|
%{_usr}/share/selinux/devel/example.*
|
||||||
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
|
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
|
||||||
|
%dir %{_usr}/share/selinux/targeted
|
||||||
|
%dir %{_usr}/share/selinux/strict
|
||||||
|
%dir %{_usr}/share/selinux/mls
|
||||||
|
|
||||||
%define setupCmds() \
|
%define setupCmds() \
|
||||||
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 bare \
|
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 bare \
|
||||||
@ -75,6 +78,9 @@ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic}
|
|||||||
cp -f ${RPM_SOURCE_DIR}/modules-%1.conf ./policy/modules.conf \
|
cp -f ${RPM_SOURCE_DIR}/modules-%1.conf ./policy/modules.conf \
|
||||||
cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
|
cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
|
||||||
|
|
||||||
|
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
|
||||||
|
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf )
|
||||||
|
|
||||||
%define installCmds() \
|
%define installCmds() \
|
||||||
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 base.pp \
|
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 base.pp \
|
||||||
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 modules \
|
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%3 modules \
|
||||||
@ -101,7 +107,6 @@ ln -sf ../devel/include %{buildroot}%{_usr}/share/selinux/%1 \
|
|||||||
|
|
||||||
%define fileList() \
|
%define fileList() \
|
||||||
%defattr(-,root,root) \
|
%defattr(-,root,root) \
|
||||||
%dir %{_usr}/share/selinux/%1 \
|
|
||||||
%{_usr}/share/selinux/%1/*.pp \
|
%{_usr}/share/selinux/%1/*.pp \
|
||||||
%dir %{_sysconfdir}/selinux/%1 \
|
%dir %{_sysconfdir}/selinux/%1 \
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
|
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
|
||||||
@ -140,8 +145,7 @@ fi
|
|||||||
|
|
||||||
%define rebuildpolicy() \
|
%define rebuildpolicy() \
|
||||||
( cd /usr/share/selinux/%1; \
|
( cd /usr/share/selinux/%1; \
|
||||||
x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`; \
|
semodule -b base.pp %{expand:%%moduleList %1} -s %1; \
|
||||||
semodule -b base.pp $x -s %1; \
|
|
||||||
);\
|
);\
|
||||||
rm -f %{_sysconfdir}/selinux/%1/policy/policy.*.rpmnew
|
rm -f %{_sysconfdir}/selinux/%1/policy/policy.*.rpmnew
|
||||||
|
|
||||||
@ -170,6 +174,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
|
|||||||
touch %{buildroot}%{_sysconfdir}/selinux/config
|
touch %{buildroot}%{_sysconfdir}/selinux/config
|
||||||
touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
|
touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
|
||||||
|
|
||||||
|
# Always create policy module package directories
|
||||||
|
mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,strict,mls}/
|
||||||
|
|
||||||
# Install devel
|
# Install devel
|
||||||
make clean
|
make clean
|
||||||
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=%3 install-headers install-docs
|
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=%3 install-headers install-docs
|
||||||
@ -333,7 +340,7 @@ x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`
|
|||||||
semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict
|
semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict
|
||||||
|
|
||||||
%triggerpostun strict -- strict <= 2.0.7
|
%triggerpostun strict -- strict <= 2.0.7
|
||||||
%{rebuildpolicy} strict
|
%rebuildpolicy strict
|
||||||
|
|
||||||
%files strict
|
%files strict
|
||||||
%fileList strict
|
%fileList strict
|
||||||
@ -341,8 +348,11 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jul 25 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
|
* Wed Jul 26 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-11
|
||||||
|
- Added Paul Howorth patch to only load policy packages shipped
|
||||||
|
with this package
|
||||||
- Allow pidof from initrc to ptrace higher level domains
|
- Allow pidof from initrc to ptrace higher level domains
|
||||||
|
- Allow firstboot to communicate with hal via dbus
|
||||||
|
|
||||||
* Mon Jul 24 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-10
|
* Mon Jul 24 2006 Dan Walsh <dwalsh@redhat.com> 2.3.3-10
|
||||||
- Add policy for /var/run/ldapi
|
- Add policy for /var/run/ldapi
|
||||||
|
Loading…
Reference in New Issue
Block a user