[selinux-policy] Fully path the semodule command

Daniel J Walsh dwalsh at fedoraproject.org
Tue Jul 5 14:46:01 UTC 2011 

commit fb5b77fade5ae863c3494958ebc1920e26edf0d0
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Jul 1 06:35:11 2011 -0400

    Fully path the semodule command

 selinux-policy.spec |   44 ++++++++++++++++++++++----------------------
 1 files changed, 22 insertions(+), 22 deletions(-)
---
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3128019..f34ed44 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -111,12 +111,11 @@ install -m0644 selinux_config/securetty_types-%1 %{buildroot}%{_sysconfdir}/seli
 install -m0644 selinux_config/file_contexts.subs_dist %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files \
 install -m0644 selinux_config/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \
 install -m0644 selinux_config/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
-awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules.lst \
 bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp  > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \
 rm -f %{buildroot}/%{_usr}/share/selinux/%1/base.pp  \
 for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/`basename $i`; done \
 rm -f %{buildroot}/%{_usr}/share/selinux/%1/*pp*  \
-semodule -s %1 -n -B -p %{buildroot}; \
+/usr/sbin/semodule -s %1 -n -B -p %{buildroot}; \
 /usr/bin/md5sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f 1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policymd5 \
 rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts 
 %nil
@@ -124,7 +123,6 @@ rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts
 %define fileList() \
 %defattr(-,root,root) \
 %dir %{_usr}/share/selinux/%1 \
-%{_usr}/share/selinux/%1/modules.lst \
 %dir %{_sysconfdir}/selinux/%1 \
 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
 %verify(not mtime) %{_sysconfdir}/selinux/%1/seusers \
@@ -185,10 +183,10 @@ fi;
 %define relabel() \
 . %{_sysconfdir}/selinux/config; \
 FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
-selinuxenabled; \
+/usr/sbin/selinuxenabled; \
 if [ $? = 0  -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
-     fixfiles -C ${FILE_CONTEXT}.pre restore; \
-     restorecon -R /root /var/log /var/run 2> /dev/null; \
+     /sbin/fixfiles -C ${FILE_CONTEXT}.pre restore; \
+     /sbin/restorecon -R /root /var/log /var/run 2> /dev/null; \
      rm -f ${FILE_CONTEXT}.pre; \
 fi; 
 
@@ -199,14 +197,14 @@ md5=`md5sum /etc/selinux/%2/modules/active/policy.kern | cut -d ' ' -f 1`; \
 checkmd5=`cat /etc/selinux/%2/.policymd5`; \
 if [ "$md5" != "$checkmd5" ] ; then \
    if [ %1 -ne 1 ]; then \
-      	 semodule -n -s %2 -r moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
+	/usr/sbin/semodule -n -s %2 -r moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
    fi \
-   semodule -B -s %2; \
+   /usr/sbin/semodule -B -s %2; \
 else \
    [ "${SELINUXTYPE}" == "%2" ] && [ selinuxenabled ] && load_policy; \
 fi; \
 if [ %1 -eq 1 ]; then \
-   restorecon -R /root /var/log /var/run 2> /dev/null; \
+   /sbin/restorecon -R /root /var/log /var/run 2> /dev/null; \
 else \
 %relabel %2 \
 fi;
@@ -253,6 +251,7 @@ make clean
 # Commented out because only minimum ref policy currently builds
 %makeCmds minimum mcs n y allow
 %installCmds minimum mcs n y allow
+awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules.lst
 %endif
 
 %if %{BUILD_MLS}
@@ -344,18 +343,18 @@ exit 0
 . /etc/selinux/config
 [ "${SELINUXTYPE}" != "targeted" ] && exit 0
 setsebool -P use_nfs_home_dirs=1
-semanage user -l | grep -s unconfined_u > /dev/null
+/usr/sbin/semanage user -l | grep -s unconfined_u > /dev/null
 if [ $? -eq 0 ]; then
-   semanage user -m -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
+   /usr/sbin/semanage user -m -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
 else
-   semanage user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
+   /usr/sbin/semanage user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
 fi
-seuser=`semanage login -l | grep __default__ | awk '{ print $2 }'`
-[ "$seuser" != "unconfined_u" ]  && semanage login -m -s "unconfined_u"  -r s0-s0:c0.c1023 __default__
-seuser=`semanage login -l | grep root | awk '{ print $2 }'`
-[ "$seuser" = "system_u" ] && semanage login -m -s "unconfined_u"  -r s0-s0:c0.c1023 root
+seuser=`/usr/sbin/semanage login -l | grep __default__ | awk '{ print $2 }'`
+[ "$seuser" != "unconfined_u" ]  && /usr/sbin/semanage login -m -s "unconfined_u"  -r s0-s0:c0.c1023 __default__
+seuser=`/usr/sbin/semanage login -l | grep root | awk '{ print $2 }'`
+[ "$seuser" = "system_u" ] && /usr/sbin/semanage login -m -s "unconfined_u"  -r s0-s0:c0.c1023 root
 restorecon -R /root /etc/selinux/targeted 2> /dev/null
-semodule -r qmail 2> /dev/null
+/usr/sbin/semodule -r qmail 2> /dev/null
 exit 0
 
 %files targeted
@@ -381,7 +380,7 @@ SELinux Reference policy minimum base module.
 %pre minimum
 %saveFileContext minimum
 if [ $1 -ne 1 ]; then
-   semodule -s minimum -l 2>/dev/null | awk '{ print $1 }' > /usr/share/selinux/minimum/instmodules.lst
+   /usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ print $1 }' > /usr/share/selinux/minimum/instmodules.lst
 fi
 
 %post minimum
@@ -394,12 +393,12 @@ done
 for p in $packages; do 
     rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
 done
-semanage -S minimum -i - << __eof
+/usr/sbin/semanage -S minimum -i - << __eof
 login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
 login -m  -s unconfined_u -r s0-s0:c0.c1023 root
 __eof
-restorecon -R /root /var/log /var/run 2> /dev/null
-semodule -B -s minimum
+/sbin/restorecon -R /root /var/log /var/run 2> /dev/null
+/usr/sbin/semodule -B -s minimum
 else
 instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
 for p in $allpackages; do 
@@ -408,7 +407,7 @@ done
 for p in $instpackages; do 
     rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled
 done
-semodule -B -s minimum
+/usr/sbin/semodule -B -s minimum
 %relabel minimum
 fi
 exit 0
@@ -417,6 +416,7 @@ exit 0
 %defattr(-,root,root,-)
 %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
 %fileList minimum
+%{_usr}/share/selinux/%1/modules.lst
 %endif
 
 %if %{BUILD_MLS}

More information about the scm-commits mailing list