[radicale] SELinux policy 1.0.2

Juan Orti jorti at fedoraproject.org
Thu Dec 26 23:45:42 UTC 2013 

commit fee2ec82560fef68b89c3f074e55172f6fbaefa7
Author: Juan Orti Alcaine <juan.orti at miceliux.com>
Date:   Fri Dec 27 00:45:11 2013 +0100

    SELinux policy 1.0.2

 radicale.fc   |    1 +
 radicale.spec |   12 +++++++++---
 radicale.te   |    7 ++++++-
 3 files changed, 16 insertions(+), 4 deletions(-)
---
diff --git a/radicale.fc b/radicale.fc
index d599364..b30a923 100644
--- a/radicale.fc
+++ b/radicale.fc
@@ -8,3 +8,4 @@
 
 /etc/radicale(/.*)?         gen_context(system_u:object_r:radicale_etc_t,s0)
 
+#portcon tcp     5232   gen_context(system_u:object_r:radicale_port_t,s0)
diff --git a/radicale.spec b/radicale.spec
index 9462036..41f16b8 100644
--- a/radicale.spec
+++ b/radicale.spec
@@ -1,6 +1,6 @@
 Name:             radicale
 Version:          0.8
-Release:          6%{?dist}
+Release:          7%{?dist}
 Summary:          A simple CalDAV (calendar) and CardDAV (contact) server
 Group:            Applications/Internet
 License:          GPLv3+
@@ -60,8 +60,8 @@ Requires:       %{name} = %{version}-%{release}
 %if "%{_selinux_policy_version}" != ""
 Requires:      selinux-policy >= %{_selinux_policy_version}
 %endif
-Requires(post):   /usr/sbin/semodule, /sbin/fixfiles
-Requires(postun): /usr/sbin/semodule, /sbin/fixfiles
+Requires(post):   /usr/sbin/semodule, /sbin/fixfiles, policycoreutils-python
+Requires(postun): /usr/sbin/semodule, /sbin/fixfiles, policycoreutils-python
 BuildRequires: checkpolicy, selinux-policy-devel, /usr/share/selinux/devel/policyhelp
 
 %description selinux
@@ -142,11 +142,14 @@ do
   /usr/sbin/semodule -s ${selinuxvariant} -i \
     %{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
 done
+# http://danwalsh.livejournal.com/10607.html
+semanage port -a -t radicale_port_t -p tcp 5232
 /sbin/fixfiles -R %{name} restore > /dev/null 2>&1 || :
 /sbin/fixfiles -R %{name}-httpd restore > /dev/null 2>&1 || :
 
 %postun selinux
 if [ $1 -eq 0 ] ; then
+  semanage port -d -p tcp 5232
   for selinuxvariant in %{selinux_variants}
   do
     /usr/sbin/semodule -s ${selinuxvariant} -r %{name} &> /dev/null || :
@@ -182,6 +185,9 @@ fi
 %{_datadir}/selinux/*/%{name}.pp
 
 %changelog
+* Wed Dec 25 2013 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.8-7
+- SELinux policy 1.0.2
+
 * Fri Nov 29 2013 Juan Orti Alcaine <jorti at fedoraproject.org> - 0.8-6
 - SELinux policy 1.0.1 fix bug #1035925
 
diff --git a/radicale.te b/radicale.te
index 8a65ade..0b466a0 100644
--- a/radicale.te
+++ b/radicale.te
@@ -1,4 +1,4 @@
-policy_module(radicale, 1.0.1)
+policy_module(radicale, 1.0.2)
 
 gen_require(`
     type httpd_t;
@@ -29,6 +29,9 @@ files_type(radicale_etc_t);
 type radicale_unit_file_t;
 systemd_unit_file(radicale_unit_file_t)
 
+type radicale_port_t;
+corenet_port(radicale_port_t)
+
 ########################################
 #
 # radicale local policy
@@ -37,6 +40,8 @@ allow radicale_t self:fifo_file rw_fifo_file_perms;
 allow radicale_t self:unix_stream_socket create_stream_socket_perms;
 allow radicale_t self:tcp_socket create_stream_socket_perms;
 
+allow radicale_t radicale_port_t:tcp_socket name_bind;
+
 manage_dirs_pattern(radicale_t, radicale_log_t, radicale_log_t)
 manage_files_pattern(radicale_t, radicale_log_t, radicale_log_t)
 manage_lnk_files_pattern(radicale_t, radicale_log_t, radicale_log_t)

More information about the scm-commits mailing list