[pam_shield] - fixed selinux conflict by adding context definition - added some additional cleanup on uninstall

Carl Thompson redragon at fedoraproject.org
Fri Aug 12 07:44:39 UTC 2011 

commit 45e96d51f8a39400e29f632663eb7aaf57a714be
Author: Carl <redragon at gkar.home>
Date:   Fri Aug 12 02:44:18 2011 -0500

    - fixed selinux conflict by adding context definition
    - added some additional cleanup on uninstall

 pam_shield.spec |   25 ++++++++++++++++++++++++-
 1 files changed, 24 insertions(+), 1 deletions(-)
---
diff --git a/pam_shield.spec b/pam_shield.spec
index 9a35fc4..244e908 100644
--- a/pam_shield.spec
+++ b/pam_shield.spec
@@ -1,6 +1,6 @@
 Name:		pam_shield
 Version:	0.9.5
-Release:	8%{?dist}
+Release:	9%{?dist}
 Summary:	Pam Shield - A pam module to counter brute force attacks
 
 Group:		System Environment/Libraries
@@ -10,8 +10,14 @@ Source0:	http://www.heiho.net/pam_shield/pam_shield-0.9.5.tar.gz
 Source1:	shield-trigger.8.gz
 Source2:	shield-purge.8.gz
 Source3:	shield-trigger-iptables.8.gz
+Source4:	pam_shield.selinux
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	pam-devel, gdbm-devel
+%if 0%{?rhel} <= 5
+Requires:	policycoreutils
+%else
+Requires:	policycoreutils-python
+%endif
 Patch0:		shield_purge_segfault.patch
 Patch1:		shield-trigger-iptables.patch
 
@@ -69,6 +75,20 @@ install -m 644 %{SOURCE3} %{buildroot}%{_mandir}/man8/
 %clean
 rm -rf %{buildroot}
 
+%post
+semanage fcontext -a -t var_auth_t '/var/lib/pam_shield' 2>/dev/null || :
+restorecon -R /var/lib/pam_shield || :
+
+%postun
+if [ $1 -eq 0 ] ; then
+semanage fcontext -d -t var_auth_t '/var/lib/pam_shield' 2>/dev/null || :
+fi
+
+%postun
+if [ $1 -eq 0 ] ; then
+rm -f /var/lib/pam_shield/db
+fi
+
 %files
 %defattr(-,root,root)
 /%{_lib}/security/pam_shield.so
@@ -89,6 +109,9 @@ rm -rf %{buildroot}
 %{_sbindir}/shield-trigger-iptables
 
 %changelog
+* Thu Aug 11 2011 Carl Thompson <fedora at red-dragon.com> 0.9.5-9
+- fixed selinux conflict by adding context definition
+- added some additional cleanup on uninstall
 * Sat Apr 30 2011 Carl Thompson <fedora at red-dragon.com> 0.9.5-8
 - patches shield-trigger-iptables to insert rules instead of add
 - and added checks for chain existance and creation if necessary

More information about the scm-commits mailing list