469 lines
14 KiB
RPMSpec
469 lines
14 KiB
RPMSpec
Summary: SELinux tools for managing policy
|
|
Name: setools
|
|
Version: 3.0
|
|
Release: 3%{?dist}
|
|
License: GPL
|
|
Group: System Environment/Base
|
|
URL: http://www.tresys.com/
|
|
Source: http://www.tresys.com/Downloads/selinux-tools/setools-%{version}.tar.bz2
|
|
Source1: setools.pam
|
|
Source4: seaudit.console
|
|
Source5: apol.desktop
|
|
Source7: seaudit.desktop
|
|
Source9: sediffx.desktop
|
|
Source10: seaudit.png
|
|
Source11: apol.png
|
|
Source12: sediffx.png
|
|
Patch: setools-rhat.patch
|
|
|
|
Prefix: %{_prefix}
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
Requires: checkpolicy, policycoreutils, tcl >= 8.5
|
|
Buildrequires: tk-devel >= 8.5, tcl-devel >= 8.5 libsepol-devel >= 1.15.1
|
|
BuildRequires: gtk2-devel, libglade2-devel
|
|
BuildRequires: libselinux-devel, libxml2-devel
|
|
BuildRequires: autoconf
|
|
BuildRequires: libcap-devel
|
|
BuildPrereq: bison, flex, pkgconfig
|
|
|
|
%description
|
|
Security-enhanced Linux is a patch of the Linux kernel and a number of
|
|
utilities with enhanced security functionality designed to add
|
|
mandatory access
|
|
controls to Linux. The Security-enhanced Linux kernel contains new
|
|
architectural components originally developed to improve the security
|
|
of the Flask
|
|
operating system. These architectural components provide general
|
|
support for the
|
|
enforcement of many kinds of mandatory access control policies, including
|
|
those
|
|
based on the concepts of Type Enforcement, Role-based Access Control, and
|
|
Multi-level Security.
|
|
|
|
The tools and libraries in this release include:
|
|
|
|
1. libapol: The main policy.conf analysis library, which is the core
|
|
library for all our tools.
|
|
|
|
See the help files for apol for help on using the
|
|
tools.
|
|
|
|
%package gui
|
|
Summary: Graphical tools for handling SETools
|
|
Group: System Environment/Base
|
|
Requires: %{name} = %{version}-%{release}
|
|
Requires: tk >= 8.5, libglade2 > 2, usermode
|
|
|
|
%description gui
|
|
Security-enhanced Linux is a patch of the Linux kernel and a number of
|
|
utilities with enhanced security functionality designed to add
|
|
mandatory access
|
|
controls to Linux. The Security-enhanced Linux kernel contains new
|
|
architectural components originally developed to improve
|
|
the security of the Flask
|
|
operating system. These architectural components provide
|
|
general support for the
|
|
enforcement of many kinds of mandatory access control policies,
|
|
including those
|
|
based on the concepts of Type Enforcement, Role-based Access Control, and
|
|
Multi-level Security.
|
|
|
|
The tools and libraries in this release include:
|
|
|
|
1. apol: The GUI-based policy analysis tool.
|
|
|
|
2. awish: A version of the TCL/TK wish interpreter that includes the
|
|
setools libraries. We use this to test our GUIs (apol have the
|
|
interpreter compiled within them). One could conceivably write one's own
|
|
GUI tools using TCL/TK as extended via awish.
|
|
|
|
See the help files for apol for help on using the
|
|
tools.
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch -p1 -b .rhat
|
|
|
|
%build
|
|
autoconf
|
|
%configure --disable-bwidget-check --disable-selinux-check
|
|
make clean
|
|
make LIBDIR=%{_libdir} all
|
|
|
|
%install
|
|
rm -rf ${RPM_BUILD_ROOT}
|
|
mkdir -p $RPM_BUILD_ROOT/%{_bindir}
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sbindir}
|
|
mkdir -p $RPM_BUILD_ROOT/%_libdir
|
|
mkdir -p $RPM_BUILD_ROOT%{_includedir}/selinux/apol
|
|
mkdir -p $RPM_BUILD_ROOT/usr/share/doc/setools-%{version}
|
|
mkdir -p $RPM_BUILD_ROOT/usr/share/tcl8.4
|
|
mkdir -p $RPM_BUILD_ROOT/usr/share/pixmaps
|
|
|
|
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR=%{_libdir} install
|
|
rm -f ${RPM_BUILD_ROOT}/usr/bin/findcon
|
|
rm -f ${RPM_BUILD_ROOT}/usr/bin/replcon
|
|
rm -f ${RPM_BUILD_ROOT}/usr/bin/searchcon
|
|
rm -f ${RPM_BUILD_ROOT}/usr/bin/indexcon
|
|
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/searchcon.1
|
|
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/indexcon.1
|
|
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/replcon.1
|
|
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/findcon.1
|
|
rm -rf ${RPM_BUILD_ROOT}%{_includedir}/libsefs/sqlite
|
|
|
|
install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d
|
|
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d/seaudit
|
|
install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps
|
|
install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/seaudit
|
|
install -d -m 755 ${RPM_BUILD_ROOT}%{_datadir}/applications
|
|
install -m 664 %{SOURCE5} ${RPM_BUILD_ROOT}%{_datadir}/applications/apol.desktop
|
|
install -m 664 %{SOURCE7} ${RPM_BUILD_ROOT}%{_datadir}/applications/seaudit.desktop
|
|
install -m 664 %{SOURCE9} ${RPM_BUILD_ROOT}%{_datadir}/applications/sediffx.desktop
|
|
install -m 664 %{SOURCE10} ${RPM_BUILD_ROOT}/usr/share/pixmaps/seaudit.png
|
|
install -m 664 %{SOURCE11} ${RPM_BUILD_ROOT}/usr/share/pixmaps/apol.png
|
|
install -m 664 %{SOURCE12} ${RPM_BUILD_ROOT}/usr/share/pixmaps/sediffx.png
|
|
|
|
cd $RPM_BUILD_ROOT/%{_bindir}/
|
|
ln -sf consolehelper seaudit
|
|
|
|
%clean
|
|
rm -rf ${RPM_BUILD_ROOT}
|
|
|
|
%files gui
|
|
%defattr(-,root,root)
|
|
%dir /usr/share/tcl8.4/BWidget-1.8.0
|
|
/usr/share/tcl8.4/BWidget-1.8.0/*
|
|
%{_bindir}/apol
|
|
%{_bindir}/sediffx
|
|
%{_bindir}/awish
|
|
%{_bindir}/seaudit
|
|
%{_bindir}/seaudit_report
|
|
%{_sbindir}/seaudit
|
|
%{_datadir}/applications/apol.desktop
|
|
%{_datadir}/applications/seaudit.desktop
|
|
%{_datadir}/applications/sediffx.desktop
|
|
%config(noreplace) %{_sysconfdir}/pam.d/seaudit
|
|
%config(noreplace) %{_sysconfdir}/security/console.apps/seaudit
|
|
|
|
/usr/share/setools/apol.tcl
|
|
/usr/share/setools/apol_perm_mapping_ver12
|
|
/usr/share/setools/apol_perm_mapping_ver15
|
|
/usr/share/setools/apol_perm_mapping_ver16
|
|
/usr/share/setools/apol_perm_mapping_ver17
|
|
/usr/share/setools/apol_perm_mapping_ver18
|
|
/usr/share/setools/apol_perm_mapping_ver19
|
|
/usr/share/setools/apol_perm_mapping_ver20
|
|
/usr/share/setools/apol_perm_mapping_ver21
|
|
/usr/share/setools/customize_filter_window.glade
|
|
/usr/share/setools/dot_seaudit
|
|
/usr/share/setools/filter_window.glade
|
|
/usr/share/setools/multifilter_window.glade
|
|
/usr/share/setools/prefer_window.glade
|
|
/usr/share/setools/query_window.glade
|
|
/usr/share/setools/report_window.glade
|
|
/usr/share/setools/seaudit-report.conf
|
|
/usr/share/setools/seaudit-report.css
|
|
/usr/share/setools/seaudit.glade
|
|
/usr/share/setools/sediff.glade
|
|
|
|
%{_mandir}/man1/apol.1.gz
|
|
%{_mandir}/man1/sediffx.1.gz
|
|
%{_mandir}/man8/seaudit.8.gz
|
|
%{_mandir}/man8/seaudit-report.8.gz
|
|
%attr(0644,root,root) /usr/share/pixmaps/seaudit.png
|
|
%attr(0644,root,root) /usr/share/pixmaps/apol.png
|
|
%attr(0644,root,root) /usr/share/pixmaps/sediffx.png
|
|
|
|
%package devel
|
|
Summary: Development environment for SETools
|
|
Group: System Environment/Base
|
|
Requires: %{name} = %{version}-%{release} sqlite-devel
|
|
|
|
%description devel
|
|
Headers, static libraries and API docs for SETools.
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%{_includedir}/apol
|
|
%{_includedir}/poldiff
|
|
%{_includedir}/qpol
|
|
%{_includedir}/sefs
|
|
%{_includedir}/selinux/apol
|
|
|
|
%{_libdir}/libsefs.a
|
|
%{_libdir}/libapol.a
|
|
%{_libdir}/libapol-tcl.a
|
|
%{_libdir}/libqpol.a
|
|
%{_libdir}/libseaudit.a
|
|
%{_libdir}/libpoldiff.a
|
|
|
|
%post devel -p /sbin/ldconfig
|
|
|
|
%postun devel -p /sbin/ldconfig
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%{_bindir}/seinfo
|
|
%{_bindir}/sesearch
|
|
%{_bindir}/sechecker
|
|
%{_bindir}/sediff
|
|
%dir /usr/share/doc/setools-%{version}
|
|
%doc KNOWN-BUGS
|
|
%doc README
|
|
%{_mandir}/man1/sechecker.1.gz
|
|
%{_mandir}/man1/seinfo.1.gz
|
|
%{_mandir}/man1/sediff.1.gz
|
|
%{_mandir}/man1/sesearch.1.gz
|
|
%attr(755,root,root) %dir /usr/share/setools
|
|
%attr(755,root,root) %dir /usr/share/setools/sechecker-profiles
|
|
/usr/share/setools/sechecker-profiles/*
|
|
/usr/share/setools/*.txt
|
|
%{_libdir}/libapol.so*
|
|
%{_libdir}/libqpol.so*
|
|
%{_libdir}/libpoldiff.so*
|
|
%{_libdir}/libsefs.so*
|
|
|
|
%changelog
|
|
* Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0-3
|
|
- Rebuild with newer libtk
|
|
|
|
* Wed Dec 13 2006 Adam Jackson <ajax@redhat.com> 3.0-2
|
|
- Rebuild with dist tag, fixes 6 to 7 upgrades.
|
|
|
|
* Thu Oct 26 2006 Dan Walsh <dwalsh@redhat.com> 3.0-2
|
|
- Build on rawhide
|
|
|
|
* Sun Oct 15 2006 Dan Walsh <dwalsh@redhat.com> 3.0-1
|
|
- Update to upstream
|
|
|
|
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - sh: line 0: fg: no job control
|
|
- rebuild
|
|
|
|
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-2
|
|
- Remove sqlite include directory
|
|
|
|
* Wed May 3 2006 Dan Walsh <dwalsh@redhat.com> 2.4-1
|
|
- Update from upstream
|
|
|
|
* Mon Apr 10 2006 Dan Walsh <dwalsh@redhat.com> 2.3-3
|
|
- Fix help
|
|
- Add icons
|
|
|
|
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 2.3-2
|
|
- Remove console apps for sediff, sediffx and apol
|
|
|
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.3-1.2
|
|
- bump again for double-long bug on ppc(64)
|
|
|
|
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.3-1.1
|
|
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
|
* Tue Jan 31 2006 Dan Walsh <dwalsh@redhat.com> 2.3-1
|
|
- Update from upstream
|
|
* apol:
|
|
added new MLS components tab for sensitivities,
|
|
levels, and categories.
|
|
Changed users tab to support ranges and default
|
|
levels.
|
|
added range transition tab for searching range
|
|
Transition rules.
|
|
added new tab for network context components.
|
|
added new tab for file system context components.
|
|
* libapol:
|
|
added binpol support for MLS, network contexts,
|
|
and file system contexts.
|
|
* seinfo:
|
|
added command line options for MLS components.
|
|
added command line options for network contexts
|
|
and file system contexts.
|
|
* sesearch:
|
|
added command line option for searching for rules
|
|
by conditional boolean name.
|
|
* seaudit:
|
|
added new column in the log view for the 'comm'
|
|
field found in auditd log files.
|
|
added filters for the 'comm' field and 'message'
|
|
field.
|
|
* manpages:
|
|
added manpages for all tools.
|
|
|
|
|
|
|
|
* Fri Dec 16 2005 Jesse Keating <jkeating@redhat.com>
|
|
- rebuilt for new gcj
|
|
|
|
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.2-4
|
|
- Fix dessktop files
|
|
- Apply fixes from bkyoung
|
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
- rebuilt
|
|
|
|
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-3
|
|
- Move more gui files out of base into gui
|
|
|
|
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-2
|
|
- Move sediff from gui to main package
|
|
|
|
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-1
|
|
- Upgrade to upstream version
|
|
|
|
* Thu Oct 13 2005 Dan Walsh <dwalsh@redhat.com> 2.1.3-1
|
|
- Upgrade to upstream version
|
|
|
|
* Mon Oct 10 2005 Tomas Mraz <tmraz@redhat.com> 2.1.2-3
|
|
- use include instead of pam_stack in pam config
|
|
|
|
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-2
|
|
- Fix spec file
|
|
|
|
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
|
|
- Upgrade to upstream version
|
|
|
|
* Thu Aug 18 2005 Florian La Roche <laroche@redhat.com>
|
|
- do not package debug files into the -devel package
|
|
|
|
* Wed Aug 17 2005 Jeremy Katz <katzj@redhat.com> - 2.1.1-3
|
|
- rebuild against new cairo
|
|
|
|
* Wed May 25 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-0
|
|
- Upgrade to upstream version
|
|
|
|
* Mon May 23 2005 Bill Nottingham <notting@redhat.com> 2.1.0-5
|
|
- put libraries in the right place (also puts debuginfo in the right
|
|
package)
|
|
- add %%defattr for -devel too
|
|
|
|
* Thu May 12 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-4
|
|
- Move sepcut to gui apps.
|
|
|
|
* Fri May 6 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-3
|
|
- Fix Missing return code.
|
|
|
|
* Wed Apr 20 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-2
|
|
- Fix requires line
|
|
|
|
* Tue Apr 19 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-1
|
|
- Update to latest from tresys
|
|
|
|
* Tue Apr 5 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-2
|
|
- Fix buildrequires lines in spec file
|
|
|
|
* Tue Mar 2 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-1
|
|
- Update to latest from tresys
|
|
|
|
* Mon Nov 29 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-6
|
|
- add FALLBACK=true to /etc/security/console.apps/apol
|
|
|
|
* Wed Nov 10 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-3
|
|
- Add badtcl patch from Tresys.
|
|
|
|
* Mon Nov 8 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-2
|
|
- Apply malloc problem patch provided by Sami Farin
|
|
|
|
* Mon Nov 1 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-1
|
|
- Update to latest from Upstream
|
|
|
|
* Wed Oct 6 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-5
|
|
- Update tresys patch
|
|
|
|
* Mon Oct 4 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-4
|
|
- Fix directory ownership
|
|
|
|
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-1
|
|
- Latest from Tresys
|
|
|
|
* Wed Jun 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
|
|
- Add build requires libselinux
|
|
|
|
* Tue Jun 22 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4
|
|
- Add support for policy.18
|
|
|
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Thu Jun 10 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2
|
|
- Fix install locations of policy_src_dir
|
|
|
|
* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 1.4-1
|
|
- Update to latest from TRESYS.
|
|
|
|
* Tue Jun 1 2004 Dan Walsh <dwalsh@redhat.com> 1.3-3
|
|
- Make changes to work with targeted/strict policy
|
|
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-2
|
|
- Take out requirement for policy file
|
|
|
|
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1
|
|
- Fix doc location
|
|
|
|
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1
|
|
- Latest from TRESYS
|
|
|
|
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-8
|
|
- fix location of policy.conf file
|
|
|
|
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-7
|
|
- Obsolete setools-devel
|
|
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-6
|
|
- Fix location of
|
|
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-5
|
|
- Remove devel libraries
|
|
- Fix installdir for lib64
|
|
|
|
* Sat Apr 3 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-4
|
|
- Add usr_t file read to policy
|
|
|
|
* Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-3
|
|
- Use tcl8.4
|
|
|
|
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-1
|
|
- New patch
|
|
|
|
* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2-1
|
|
- Latest upstream version
|
|
|
|
* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1.1-1
|
|
- New version from upstream
|
|
- Remove seuser.te. Now in policy file.
|
|
|
|
* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2
|
|
- Add Defattr to devel
|
|
- move libs to base kit
|
|
|
|
* Fri Dec 19 2003 Dan Walsh <dwalsh@redhat.com> 1.1-1
|
|
- Update to latest code from tresys
|
|
- Break into three separate packages for cmdline, devel and gui
|
|
- Incorporate the tcl patch
|
|
|
|
* Mon Dec 15 2003 Jens Petersen <petersen@redhat.com> - 1.0.1-3
|
|
- apply setools-1.0.1-tcltk.patch to build against tcl/tk 8.4
|
|
- buildrequire tk-devel
|
|
|
|
* Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-2
|
|
- Add Bwidgets to this RPM
|
|
|
|
* Tue Nov 4 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-1
|
|
- Upgrade to 1.0.1
|
|
|
|
* Wed Oct 15 2003 Dan Walsh <dwalsh@redhat.com> 1.0-6
|
|
- Clean up build
|
|
|
|
* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.0-5
|
|
- Update with correct seuser.te
|
|
|
|
* Wed Oct 1 2003 Dan Walsh <dwalsh@redhat.com> 1.0-4
|
|
- Update with final release from Tresys
|
|
|
|
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
|
|
- Initial version
|
|
|
|
|
|
|
|
|