[radicale] SELinux policy 1.0.1 fix bug #1035925
Juan Orti
jorti at fedoraproject.org
Sun Dec 1 12:02:34 UTC 2013
commit f75af5ec784fa9bb99453954fe7ef8fdf0fb745c
Author: Juan Orti Alcaine <juan.orti at miceliux.com>
Date: Sun Dec 1 13:02:01 2013 +0100
SELinux policy 1.0.1 fix bug #1035925
radicale.spec | 21 ++++++++++-----------
radicale.te | 9 ++++++++-
2 files changed, 18 insertions(+), 12 deletions(-)
---
diff --git a/radicale.spec b/radicale.spec
index a61b1b1..9462036 100644
--- a/radicale.spec
+++ b/radicale.spec
@@ -1,6 +1,6 @@
Name: radicale
Version: 0.8
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: A simple CalDAV (calendar) and CardDAV (contact) server
Group: Applications/Internet
License: GPLv3+
@@ -42,7 +42,6 @@ http://www.radicale.org
%package httpd
Summary: httpd config for Radicale
Requires: %{name} = %{version}-%{release}
-Requires: %{name}-selinux = %{version}-%{release}
Requires: httpd
Requires: mod_wsgi
@@ -61,8 +60,8 @@ Requires: %{name} = %{version}-%{release}
%if "%{_selinux_policy_version}" != ""
Requires: selinux-policy >= %{_selinux_policy_version}
%endif
-Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
-Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
+Requires(post): /usr/sbin/semodule, /sbin/fixfiles
+Requires(postun): /usr/sbin/semodule, /sbin/fixfiles
BuildRequires: checkpolicy, selinux-policy-devel, /usr/share/selinux/devel/policyhelp
%description selinux
@@ -143,9 +142,8 @@ do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
done
-/sbin/fixfiles -R %{name} restore || :
-/sbin/fixfiles -R %{name}-httpd restore || :
-#/sbin/restorecon -R %{_localstatedir}/cache/%{name} || :
+/sbin/fixfiles -R %{name} restore > /dev/null 2>&1 || :
+/sbin/fixfiles -R %{name}-httpd restore > /dev/null 2>&1 || :
%postun selinux
if [ $1 -eq 0 ] ; then
@@ -153,10 +151,8 @@ if [ $1 -eq 0 ] ; then
do
/usr/sbin/semodule -s ${selinuxvariant} -r %{name} &> /dev/null || :
done
- /sbin/fixfiles -R %{name} restore || :
- /sbin/fixfiles -R %{name}-httpd restore || :
- #[ -d %{_localstatedir}/cache/%{name} ] && \
- # /sbin/restorecon -R %{_localstatedir}/cache/%{name} &> /dev/null || :
+ /sbin/fixfiles -R %{name} restore > /dev/null 2>&1 || :
+ /sbin/fixfiles -R %{name}-httpd restore > /dev/null 2>&1 || :
fi
@@ -186,6 +182,9 @@ fi
%{_datadir}/selinux/*/%{name}.pp
%changelog
+* Fri Nov 29 2013 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.8-6
+- SELinux policy 1.0.1 fix bug #1035925
+
* Fri Nov 08 2013 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.8-5
- Hardcode _selinux_policy_version in F20 because of #999584
diff --git a/radicale.te b/radicale.te
index fd7d05c..8a65ade 100644
--- a/radicale.te
+++ b/radicale.te
@@ -1,4 +1,4 @@
-policy_module(radicale, 1.0.0)
+policy_module(radicale, 1.0.1)
gen_require(`
type httpd_t;
@@ -35,6 +35,7 @@ systemd_unit_file(radicale_unit_file_t)
#
allow radicale_t self:fifo_file rw_fifo_file_perms;
allow radicale_t self:unix_stream_socket create_stream_socket_perms;
+allow radicale_t self:tcp_socket create_stream_socket_perms;
manage_dirs_pattern(radicale_t, radicale_log_t, radicale_log_t)
manage_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
@@ -71,3 +72,9 @@ if (httpd_can_read_write_radicale) {
}
miscfiles_read_localization(radicale_t)
+dev_read_urand(radicale_t)
+dev_read_rand(radicale_t)
+auth_use_nsswitch(radicale_t)
+corecmd_exec_shell(radicale_t)
+libs_exec_ldconfig(radicale_t)
+kernel_read_system_state(radicale_t)
More information about the scm-commits
mailing list