[policycoreutils] Change semanage to produce proper audit records for Common Criteria

Daniel J Walsh dwalsh at fedoraproject.org
Fri Jan 27 19:09:21 UTC 2012 

commit 662a1ad3a8f97a542132817c2c0605830dd6b9fc
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Jan 27 14:09:12 2012 -0500

    Change semanage to produce proper audit records for Common Criteria
    
    - Cleanup packaging for usrmove

 policycoreutils-rhat.patch |   25 +++++++++++++++++++++++++
 policycoreutils.spec       |   24 ++++++++++--------------
 2 files changed, 35 insertions(+), 14 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 0b1dfcc..28a67a3 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -261,6 +261,31 @@ index c493e98..a084e0e 100644
  		/* assume fsuid==ruid after this point */
  		setfsuid(uid);
  
+diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
+index 17ad6ca..fe6427c 100644
+--- a/policycoreutils/scripts/Makefile
++++ b/policycoreutils/scripts/Makefile
+@@ -1,7 +1,8 @@
+ # Installation directories.
+ PREFIX ?= $(DESTDIR)/usr
+ BINDIR ?= $(PREFIX)/bin
+-SBINDIR ?= $(PREFIX)/sbin
++USRSBINDIR ?= $(PREFIX)/sbin
++SBINDIR ?= $(DESTDIR)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+ 
+@@ -10,8 +11,8 @@ all: fixfiles genhomedircon chcat
+ install: all
+ 	-mkdir -p $(BINDIR)
+ 	install -m 755 chcat $(BINDIR)
+-	install -m 755 fixfiles $(DESTDIR)/sbin
+-	install -m 755 genhomedircon  $(SBINDIR)
++	install -m 755 fixfiles $(SBINDIR)
++	install -m 755 genhomedircon  $(USRSBINDIR)
+ 	-mkdir -p $(MANDIR)/man8
+ 	install -m 644 fixfiles.8 $(MANDIR)/man8/
+ 	install -m 644 genhomedircon.8 $(MANDIR)/man8/
 diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
 index ab696a7..58b19cd 100644
 --- a/policycoreutils/scripts/genhomedircon
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 9120313..42d15c3 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -71,11 +71,6 @@ context.
 %patch3 -p1 -b .gui
 %patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
 
-sed -i 's#$(DESTDIR)/sbin#$(SBINDIR)#g' scripts/Makefile
-
-#FIXME
-sed -i 's#.*ln -sf /sbin/load_policy.*##g' load_policy/Makefile
-
 %build
 make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all 
 make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all 
@@ -192,6 +187,7 @@ The policycoreutils-sandbox package contains the scripts to create graphical san
 
 %files sandbox
 %defattr(-,root,root,-)
+%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
 %{_datadir}/sandbox/sandboxX.sh
 %{_datadir}/sandbox/start
 %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
@@ -283,7 +279,6 @@ rm -rf %{buildroot}
 %{_bindir}/semodule_link
 %{_bindir}/semodule_package
 %{_bindir}/semodule_unpackage
-%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
 %config(noreplace) %{_sysconfdir}/pam.d/run_init
 %config(noreplace) %{_sysconfdir}/sestatus.conf
 # selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
@@ -339,30 +334,31 @@ The policycoreutils-restorecond package contains the restorecond service.
 
 %post restorecond
 if [ $1 -eq 1 ] ; then
-    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+   /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
 fi
 
 %preun restorecond
 if [ $1 = 0 ]; then
-  /bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
-  /bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
+   /usr/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
+  /usr/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
 fi
 
 %postun restorecond
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
 if [ $1 -ge 1 ] ; then
-    /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
+    /usr/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 fi
 
 %triggerun -- restorecond < 2.0.86-13
 %{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
-/bin/systemctl enable restorecond.service >/dev/null 2>&1
-/sbin/chkconfig --del restorecond >/dev/null 2>&1 || :
-/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
+%{_bindir}/systemctl enable restorecond.service >/dev/null 2>&1
+%{_sbindir}/chkconfig --del restorecond >/dev/null 2>&1 || :
+%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
 * Fri Jan 26 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.10-17
 - Change semanage to produce proper audit records for Common Criteria
+- Cleanup packaging for usrmove
 
 * Thu Jan 26 2012 Harald Hoyer <harald at redhat.com> 2.1.10-16
 - fixed load_policy location

More information about the scm-commits mailing list