[glpi/el6] fix SELinux context #1032995

Remi Collet remi at fedoraproject.org
Thu Nov 21 12:50:25 UTC 2013 

commit 66fd8518bc88a8065f62dca8b67dd4005141b00f
Author: Remi Collet <remi at fedoraproject.org>
Date:   Thu Nov 21 13:58:43 2013 +0100

    fix SELinux context #1032995

 glpi.spec |   21 ++++++++++++++-------
 1 files changed, 14 insertions(+), 7 deletions(-)
---
diff --git a/glpi.spec b/glpi.spec
index e1af245..7e557d1 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -2,7 +2,7 @@
 
 Name:           glpi
 Version:        0.83.9.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Free IT asset management software
 Summary(fr):    Gestion Libre de Parc Informatique
 
@@ -183,12 +183,14 @@ rm -rf %{buildroot}
 %if %{useselinux}
 (
 # New File context
-semanage fcontext -a -s system_u -t httpd_sys_script_rw_t -r s0 "%{_sysconfdir}/glpi(/.*)?" 
-semanage fcontext -a -s system_u -t httpd_log_t           -r s0 "%{_localstatedir}/log/glpi(/.*)?"
+semanage fcontext -a -s system_u -t httpd_sys_rw_content_t -r s0 "%{_sysconfdir}/%{name}(/.*)?"
+semanage fcontext -a -s system_u -t httpd_sys_content_t    -r s0 "%{_datadir}/%{name}(/.*)?"
+semanage fcontext -a -s system_u -t httpd_log_t            -r s0 "%{_localstatedir}/log/%{name}(/.*)?"
 # keep httpd_sys_script_rw_t (httpd_var_lib_t prevent dir creation)
-semanage fcontext -a -s system_u -t httpd_sys_script_rw_t -r s0 "%{_localstatedir}/lib/glpi(/.*)?"
+semanage fcontext -a -s system_u -t httpd_sys_rw_content_t -r s0 "%{_localstatedir}/lib/%{name}(/.*)?"
 # files created by app
 restorecon -R %{_sysconfdir}/%{name}
+restorecon -R %{_datadir}/%{name}
 restorecon -R %{_localstatedir}/lib/%{name}
 restorecon -R %{_localstatedir}/log/%{name}
 ) &>/dev/null
@@ -201,9 +203,10 @@ restorecon -R %{_localstatedir}/log/%{name}
 if [ "$1" -eq "0" ]; then
     # Remove the File Context
     (
-    semanage fcontext -d "%{_sysconfdir}/glpi(/.*)?"
-    semanage fcontext -d "%{_localstatedir}/log/glpi(/.*)?"
-    semanage fcontext -d "%{_localstatedir}/lib/glpi(/.*)?"
+    semanage fcontext -d "%{_sysconfdir}/%{name}(/.*)?"
+    semanage fcontext -d "%{_datadir}/%{name}(/.*)?"
+    semanage fcontext -d "%{_localstatedir}/log/%{name}(/.*)?"
+    semanage fcontext -d "%{_localstatedir}/lib/%{name}(/.*)?"
     ) &>/dev/null
 fi
 %endif
@@ -244,6 +247,10 @@ fi
 
 
 %changelog
+* Thu Nov 21 2013 Remi Collet <remi at fedoraproject.org> - 0.84.9.1-5
+- fix SELinux context #1032995
+  use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t
+
 * Thu Sep 12 2013 Remi Collet <remi at fedoraproject.org> - 0.83.9.1-4
 - restrict access for install to local for security
 - drop bundled Flash files files, #1000251

More information about the scm-commits mailing list