[radicale] SELinux policy 1.0.2
Juan Orti
jorti at fedoraproject.org
Thu Dec 26 23:45:42 UTC 2013
commit fee2ec82560fef68b89c3f074e55172f6fbaefa7
Author: Juan Orti Alcaine <juan.orti at miceliux.com>
Date: Fri Dec 27 00:45:11 2013 +0100
SELinux policy 1.0.2
radicale.fc | 1 +
radicale.spec | 12 +++++++++---
radicale.te | 7 ++++++-
3 files changed, 16 insertions(+), 4 deletions(-)
---
diff --git a/radicale.fc b/radicale.fc
index d599364..b30a923 100644
--- a/radicale.fc
+++ b/radicale.fc
@@ -8,3 +8,4 @@
/etc/radicale(/.*)? gen_context(system_u:object_r:radicale_etc_t,s0)
+#portcon tcp 5232 gen_context(system_u:object_r:radicale_port_t,s0)
diff --git a/radicale.spec b/radicale.spec
index 9462036..41f16b8 100644
--- a/radicale.spec
+++ b/radicale.spec
@@ -1,6 +1,6 @@
Name: radicale
Version: 0.8
-Release: 6%{?dist}
+Release: 7%{?dist}
Summary: A simple CalDAV (calendar) and CardDAV (contact) server
Group: Applications/Internet
License: GPLv3+
@@ -60,8 +60,8 @@ Requires: %{name} = %{version}-%{release}
%if "%{_selinux_policy_version}" != ""
Requires: selinux-policy >= %{_selinux_policy_version}
%endif
-Requires(post): /usr/sbin/semodule, /sbin/fixfiles
-Requires(postun): /usr/sbin/semodule, /sbin/fixfiles
+Requires(post): /usr/sbin/semodule, /sbin/fixfiles, policycoreutils-python
+Requires(postun): /usr/sbin/semodule, /sbin/fixfiles, policycoreutils-python
BuildRequires: checkpolicy, selinux-policy-devel, /usr/share/selinux/devel/policyhelp
%description selinux
@@ -142,11 +142,14 @@ do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
done
+# http://danwalsh.livejournal.com/10607.html
+semanage port -a -t radicale_port_t -p tcp 5232
/sbin/fixfiles -R %{name} restore > /dev/null 2>&1 || :
/sbin/fixfiles -R %{name}-httpd restore > /dev/null 2>&1 || :
%postun selinux
if [ $1 -eq 0 ] ; then
+ semanage port -d -p tcp 5232
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -r %{name} &> /dev/null || :
@@ -182,6 +185,9 @@ fi
%{_datadir}/selinux/*/%{name}.pp
%changelog
+* Wed Dec 25 2013 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.8-7
+- SELinux policy 1.0.2
+
* Fri Nov 29 2013 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.8-6
- SELinux policy 1.0.1 fix bug #1035925
diff --git a/radicale.te b/radicale.te
index 8a65ade..0b466a0 100644
--- a/radicale.te
+++ b/radicale.te
@@ -1,4 +1,4 @@
-policy_module(radicale, 1.0.1)
+policy_module(radicale, 1.0.2)
gen_require(`
type httpd_t;
@@ -29,6 +29,9 @@ files_type(radicale_etc_t);
type radicale_unit_file_t;
systemd_unit_file(radicale_unit_file_t)
+type radicale_port_t;
+corenet_port(radicale_port_t)
+
########################################
#
# radicale local policy
@@ -37,6 +40,8 @@ allow radicale_t self:fifo_file rw_fifo_file_perms;
allow radicale_t self:unix_stream_socket create_stream_socket_perms;
allow radicale_t self:tcp_socket create_stream_socket_perms;
+allow radicale_t radicale_port_t:tcp_socket name_bind;
+
manage_dirs_pattern(radicale_t, radicale_log_t, radicale_log_t)
manage_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
manage_lnk_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
More information about the scm-commits
mailing list