- Start building MLS Policy
This commit is contained in:
parent
a32f665665
commit
d77f56b9f2
|
@ -1,3 +1,4 @@
|
||||||
serefpolicy-2.0.0.tgz
|
serefpolicy-2.0.0.tgz
|
||||||
serefpolicy-2.0.1.tgz
|
serefpolicy-2.0.1.tgz
|
||||||
serefpolicy-2.0.2.tgz
|
serefpolicy-2.0.2.tgz
|
||||||
|
serefpolicy-2.0.3.tgz
|
||||||
|
|
|
@ -139,7 +139,7 @@ netutils = base
|
||||||
#
|
#
|
||||||
# Virtual Private Networking client
|
# Virtual Private Networking client
|
||||||
#
|
#
|
||||||
vpn = off
|
vpn = base
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: su
|
# Module: su
|
||||||
|
@ -174,14 +174,14 @@ amanda = base
|
||||||
#
|
#
|
||||||
# Rotate and archive system logs
|
# Rotate and archive system logs
|
||||||
#
|
#
|
||||||
logrotate = off
|
logrotate = base
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: quota
|
# Module: quota
|
||||||
#
|
#
|
||||||
# File system quota management
|
# File system quota management
|
||||||
#
|
#
|
||||||
quota = off
|
quota = base
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: consoletype
|
# Module: consoletype
|
||||||
|
@ -195,7 +195,7 @@ consoletype = base
|
||||||
#
|
#
|
||||||
# Execute a command with a substitute user
|
# Execute a command with a substitute user
|
||||||
#
|
#
|
||||||
sudo = off
|
sudo = base
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: firstboot
|
# Module: firstboot
|
||||||
|
@ -203,14 +203,14 @@ sudo = off
|
||||||
# Final system configuration run during the first boot
|
# Final system configuration run during the first boot
|
||||||
# after installation of Red Hat/Fedora systems.
|
# after installation of Red Hat/Fedora systems.
|
||||||
#
|
#
|
||||||
firstboot = off
|
firstboot = base
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: tmpreaper
|
# Module: tmpreaper
|
||||||
#
|
#
|
||||||
# Manage temporary directory sizes and file ages
|
# Manage temporary directory sizes and file ages
|
||||||
#
|
#
|
||||||
tmpreaper = off
|
tmpreaper = base
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: dmidecode
|
# Module: dmidecode
|
||||||
|
@ -224,7 +224,7 @@ dmidecode = base
|
||||||
#
|
#
|
||||||
# Policy for GNU Privacy Guard and related programs.
|
# Policy for GNU Privacy Guard and related programs.
|
||||||
#
|
#
|
||||||
gpg = off
|
gpg = base
|
||||||
|
|
||||||
# Layer: apps
|
# Layer: apps
|
||||||
# Module: loadkeys
|
# Module: loadkeys
|
||||||
|
@ -534,7 +534,7 @@ ftp = base
|
||||||
#
|
#
|
||||||
# General Purpose Mouse driver
|
# General Purpose Mouse driver
|
||||||
#
|
#
|
||||||
gpm = off
|
gpm = base
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: mta
|
# Module: mta
|
||||||
|
@ -562,7 +562,7 @@ ntp = base
|
||||||
#
|
#
|
||||||
# Bluetooth tools and system services.
|
# Bluetooth tools and system services.
|
||||||
#
|
#
|
||||||
bluetooth = off
|
bluetooth = base
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: hal
|
# Module: hal
|
||||||
|
@ -681,7 +681,7 @@ apm = base
|
||||||
#
|
#
|
||||||
# Policy for TCP daemon.
|
# Policy for TCP daemon.
|
||||||
#
|
#
|
||||||
tcpd = off
|
tcpd = base
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: stunnel
|
# Module: stunnel
|
||||||
|
@ -744,7 +744,7 @@ getty = base
|
||||||
#
|
#
|
||||||
# Policy for logical volume management programs.
|
# Policy for logical volume management programs.
|
||||||
#
|
#
|
||||||
lvm = off
|
lvm = base
|
||||||
|
|
||||||
# Layer: system
|
# Layer: system
|
||||||
# Module: sysnetwork
|
# Module: sysnetwork
|
||||||
|
@ -800,7 +800,7 @@ libraries = base
|
||||||
#
|
#
|
||||||
# RAID array management tools
|
# RAID array management tools
|
||||||
#
|
#
|
||||||
raid = off
|
raid = base
|
||||||
|
|
||||||
# Layer: system
|
# Layer: system
|
||||||
# Module: userdomain
|
# Module: userdomain
|
||||||
|
@ -843,7 +843,7 @@ locallogin = base
|
||||||
#
|
#
|
||||||
# Policy for iptables.
|
# Policy for iptables.
|
||||||
#
|
#
|
||||||
iptables = off
|
iptables = base
|
||||||
|
|
||||||
# Layer: system
|
# Layer: system
|
||||||
# Module: mount
|
# Module: mount
|
||||||
|
@ -871,5 +871,5 @@ miscfiles = base
|
||||||
#
|
#
|
||||||
# TCP/IP encryption
|
# TCP/IP encryption
|
||||||
#
|
#
|
||||||
ipsec = off
|
ipsec = base
|
||||||
|
|
||||||
|
|
|
@ -2,22 +2,27 @@
|
||||||
%define direct_initrc y
|
%define direct_initrc y
|
||||||
%define monolithic n
|
%define monolithic n
|
||||||
%define polname1 targeted
|
%define polname1 targeted
|
||||||
%define type1 targeted-mcs
|
%define polname2 mls
|
||||||
%define polname2 strict
|
%define polname3 strict
|
||||||
%define type2 strict-mcs
|
|
||||||
%define polname3 mls
|
|
||||||
%define type3 mls
|
|
||||||
%define POLICYVER 20
|
%define POLICYVER 20
|
||||||
%define POLICYCOREUTILSVER 1.27.27-3
|
%define POLICYCOREUTILSVER 1.27.27-3
|
||||||
%define CHECKPOLICYVER 1.27.17-5
|
%define CHECKPOLICYVER 1.27.17-5
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 2.0.2
|
Version: 2.0.3
|
||||||
Release: 2
|
Release: 1
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
patch: policy-20051114.patch
|
patch: policy-20051114.patch
|
||||||
|
Source1: modules-%{polname1}.conf
|
||||||
|
Source2: booleans-%{polname1}.conf
|
||||||
|
Source3: seusers-%{polname1}
|
||||||
|
Source4: setrans-%{polname1}.conf
|
||||||
|
Source5: modules-%{polname2}.conf
|
||||||
|
Source6: booleans-%{polname2}.conf
|
||||||
|
Source7: seusers-%{polname2}
|
||||||
|
Source8: setrans-%{polname2}.conf
|
||||||
|
|
||||||
Url: http://serefpolicy.sourceforge.net
|
Url: http://serefpolicy.sourceforge.net
|
||||||
BuildRoot: %{_tmppath}/serefpolicy-buildroot
|
BuildRoot: %{_tmppath}/serefpolicy-buildroot
|
||||||
|
@ -45,7 +50,7 @@ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic}
|
||||||
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/policy \
|
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/policy \
|
||||||
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/modules/active \
|
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/modules/active \
|
||||||
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/contexts/files \
|
%{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/contexts/files \
|
||||||
make NAME=%1 TYPE=%{type1} DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=y DESTDIR=$RPM_BUILD_ROOT install-appconfig \
|
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=y DESTDIR=$RPM_BUILD_ROOT install-appconfig \
|
||||||
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
|
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
|
||||||
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
|
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
|
||||||
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
|
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
|
||||||
|
@ -121,19 +126,19 @@ SELinux Reference Policy - modular.
|
||||||
# Build targeted policy
|
# Build targeted policy
|
||||||
make conf
|
make conf
|
||||||
%{__rm} -fR $RPM_BUILD_ROOT
|
%{__rm} -fR $RPM_BUILD_ROOT
|
||||||
%installCmds %{polname1} %{type1} %{direct_initrc}
|
%installCmds %{polname1} targeted-mcs %{direct_initrc}
|
||||||
|
|
||||||
|
# Build mls policy
|
||||||
|
make clean
|
||||||
|
make conf
|
||||||
|
%installCmds %{polname2} strict-mls n
|
||||||
|
|
||||||
|
|
||||||
# Build strict policy
|
# Build strict policy
|
||||||
# Commented out because only targeted ref policy currently builds
|
# Commented out because only targeted ref policy currently builds
|
||||||
# make clean
|
# make clean
|
||||||
# make conf
|
# make conf
|
||||||
#%#installCmds %{polname2} %{type2} %{direct_initrc}
|
#%#installCmds %{polname3} strict-mcs %{direct_initrc}
|
||||||
|
|
||||||
# Build mls policy
|
|
||||||
make clean
|
|
||||||
make conf
|
|
||||||
%installCmds %{polname3} %{type3} n
|
|
||||||
|
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
%{__rm} -fR $RPM_BUILD_ROOT
|
%{__rm} -fR $RPM_BUILD_ROOT
|
||||||
|
@ -183,7 +188,6 @@ fi
|
||||||
%triggerpostun %{polname1} -- selinux-policy-%{polname1} <= 2.0.0
|
%triggerpostun %{polname1} -- selinux-policy-%{polname1} <= 2.0.0
|
||||||
%rebuildpolicy %{polname1}
|
%rebuildpolicy %{polname1}
|
||||||
|
|
||||||
%if 0
|
|
||||||
%package %{polname2}
|
%package %{polname2}
|
||||||
Summary: SELinux %{polname2} base policy
|
Summary: SELinux %{polname2} base policy
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
|
@ -198,15 +202,15 @@ SELinux Reference policy %{polname2} base module.
|
||||||
|
|
||||||
%post %{polname2}
|
%post %{polname2}
|
||||||
%rebuildpolicy %{polname2}
|
%rebuildpolicy %{polname2}
|
||||||
%relabel %{polname1}
|
%relabel %{polname2}
|
||||||
|
|
||||||
%triggerpostun %{polname2} -- %{polname2} <= 2.0.0
|
%triggerpostun %{polname2} -- %{polname2} <= 2.0.0
|
||||||
%{rebuildpolicy} %{polname2}
|
%{rebuildpolicy} %{polname2}
|
||||||
|
|
||||||
%files %{polname2}
|
%files %{polname2}
|
||||||
#%#fileList %{polname2}
|
%fileList %{polname2}
|
||||||
%endif
|
|
||||||
|
|
||||||
|
%if 0
|
||||||
%package %{polname3}
|
%package %{polname3}
|
||||||
Summary: SELinux %{polname3} base policy
|
Summary: SELinux %{polname3} base policy
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
|
@ -221,13 +225,14 @@ SELinux Reference policy %{polname3} base module.
|
||||||
|
|
||||||
%post %{polname3}
|
%post %{polname3}
|
||||||
%rebuildpolicy %{polname3}
|
%rebuildpolicy %{polname3}
|
||||||
%relabel %{polname1}
|
%relabel %{polname3}
|
||||||
|
|
||||||
%triggerpostun %{polname3} -- %{polname3} <= 2.0.0
|
%triggerpostun %{polname3} -- %{polname3} <= 2.0.0
|
||||||
%{rebuildpolicy} %{polname3}
|
%{rebuildpolicy} %{polname3}
|
||||||
|
|
||||||
%files %{polname3}
|
%files %{polname3}
|
||||||
%fileList %{polname3}
|
#%#fileList %{polname3}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
|
Loading…
Reference in New Issue