[policycoreutils/f18] Add missing spec.py from templates directory needed for sepolicy generate
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Oct 17 12:44:29 UTC 2012
commit 84aee825fefc357c591ae3519e1ffea81ee59ec4
Author: rhatdan <dwalsh at redhat.com>
Date: Wed Oct 17 08:43:56 2012 -0400
Add missing spec.py from templates directory needed for sepolicy generate
- Add /var/tmp as collection point for sandbox apps.
policycoreutils-rhat.patch | 92 ++++++++++++++++++++++++++++++++++++++++++-
policycoreutils.spec | 6 ++-
2 files changed, 94 insertions(+), 4 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 1410fa5..7e118b1 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -334740,7 +334740,7 @@ index 4ba51bf..bd50ade 100644
+#~ msgid "Disable SELinux protection for NIS Transfer Daemon"
+#~ msgstr "停用 NIS 傳輸 daemon 的 SELinux 保護"
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 0ecb6be..4546014 100644
+index 0ecb6be..6760bc1 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -26,7 +26,7 @@ import signal
@@ -334752,7 +334752,15 @@ index 0ecb6be..4546014 100644
PROGNAME = "policycoreutils"
SEUNSHARE = "/usr/sbin/seunshare"
-@@ -275,7 +275,7 @@ kill -TERM $WM_PID 2> /dev/null
+@@ -241,6 +241,7 @@ class Sandbox:
+ for f in files:
+ copyfile(f, homedir, self.__homedir)
+ copyfile(f, "/tmp", self.__tmpdir)
++ copyfile(f, "/var/tmp", self.__tmpdir)
+
+ def __setup_sandboxrc(self, wm = "/usr/bin/matchbox-window-manager -use_titlebar no"):
+ execfile =self.__homedir + "/.sandboxrc"
+@@ -275,7 +276,7 @@ kill -TERM $WM_PID 2> /dev/null
types = _("""
Policy defines the following types for use with the -t:
\t%s
@@ -334761,7 +334769,7 @@ index 0ecb6be..4546014 100644
except RuntimeError:
pass
-@@ -349,7 +349,12 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
+@@ -349,7 +350,12 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
if self.__options.X_ind:
self.setype = DEFAULT_X_TYPE
@@ -341752,6 +341760,84 @@ index 0000000..f77e50e
+udp_ports="""
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+diff --git a/policycoreutils/sepolicy/sepolicy/templates/spec.py b/policycoreutils/sepolicy/sepolicy/templates/spec.py
+new file mode 100644
+index 0000000..ca109aa
+--- /dev/null
++++ b/policycoreutils/sepolicy/sepolicy/templates/spec.py
+@@ -0,0 +1,72 @@
++header_comment_section="""\
++# vim: sw=4:ts=4:et
++"""
++
++base_section="""\
++
++%define selinux_policyver VERSION
++
++Name: MODULENAME_selinux
++Version: 1.0
++Release: 1%{?dist}
++Summary: SELinux policy module for MODULENAME
++
++Group: System Environment/Base
++License: GPLv2+
++# This is an example. You will need to change it.
++URL: http://HOSTNAME
++Source0: MODULENAME.pp
++Source1: MODULENAME.if
++Source2: MODULENAME_selinux.8
++
++Requires: policycoreutils
++Requires: selinux-policy-base >= %{selinux_policyver}
++Requires(post): /usr/sbin/semodule, /sbin/restorecon, /usr/sbin/selinuxenabled, /usr/sbin/semanage
++Requires(postun): /usr/sbin/semodule, /sbin/restorecon
++BuildArch: noarch
++
++%description
++This package installs and sets up the SELinux policy security module for MODULENAME.
++
++%install
++# Install SELinux interfaces
++install -d %{buildroot}%{_datadir}/selinux/devel/include/contrib
++install -m 644 MODULENAME.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/MODULENAME.if
++install -d %{buildroot}%{_datadir}/selinux/packages
++install -m 644 MODULENAME.pp %{buildroot}%{_datadir}/selinux/packages/
++install -d %{buildroot}%{_mandir}/man8/
++install -m 644 MODULENAME_selinux.8 %{buildroot}%{_mandir}/man8/
++
++%post
++if /usr/sbin/selinuxenabled ; then
++ semodule -i %{_datadir}/selinux/packages/MODULENAME.pp;
++ %relabel_files
++fi;
++exit 0
++
++%postun
++if [ $1 -eq 0 ]; then
++ semodule -r MODULENAME;
++ %relabel_files
++fi;
++exit 0
++
++%files
++%attr(0600,root,root) %{_datadir}/selinux/packages/MODULENAME.pp
++%{_datadir}/selinux/devel/include/contrib/MODULENAME.if
++%{_mandir}/man8/MODULENAME_selinux.8.*
++
++%changelog
++* TODAYSDATE YOUR NAME <YOUR at EMAILADDRESS> 1.0-1
++- Initial version
++
++"""
++
++define_relabel_files_begin ="""\
++\n
++%define relabel_files() \\
++"""
++
++define_relabel_files_end ="""\
++restorecon -R FILENAME; \\
++"""
diff --git a/policycoreutils/sepolicy/sepolicy/templates/tmp.py b/policycoreutils/sepolicy/sepolicy/templates/tmp.py
new file mode 100644
index 0000000..c000a75
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 33504e5..8331039 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -330,6 +330,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Wed Oct 17 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-12
+- Add missing spec.py from templates directory needed for sepolicy generate
+- Add /var/tmp as collection point for sandbox apps.
+
* Tue Oct 16 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-11
- Handle audit2allow -b in foreign locales
More information about the scm-commits
mailing list