[glpi] fix SELinux context

Remi Collet remi at fedoraproject.org
Tue Jan 21 07:35:54 UTC 2014 

commit 224775f17b1f6f9563ec15820c544153d84edbb8
Author: Remi Collet <remi at fedoraproject.org>
Date:   Tue Jan 21 08:36:06 2014 +0100

    fix SELinux context

 glpi.spec |   23 +++++++++++++++--------
 1 files changed, 15 insertions(+), 8 deletions(-)
---
diff --git a/glpi.spec b/glpi.spec
index 1fd0e45..7a88af4 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -10,7 +10,7 @@
 
 Name:           glpi
 Version:        0.84.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Free IT asset management software
 Summary(fr):    Gestion Libre de Parc Informatique
 
@@ -193,12 +193,14 @@ done >%{name}.lang
 %if %{useselinux}
 (
 # New File context
-semanage fcontext -a -s system_u -t httpd_sys_script_rw_t -r s0 "%{_sysconfdir}/glpi(/.*)?" 
-semanage fcontext -a -s system_u -t httpd_log_t           -r s0 "%{_localstatedir}/log/glpi(/.*)?"
-# keep httpd_sys_script_rw_t (httpd_var_lib_t prevent dir creation)
-semanage fcontext -a -s system_u -t httpd_sys_script_rw_t -r s0 "%{_localstatedir}/lib/glpi(/.*)?"
+semanage fcontext -a -s system_u -t httpd_sys_rw_content_t -r s0 "%{_sysconfdir}/%{name}(/.*)?"
+semanage fcontext -a -s system_u -t httpd_sys_content_t    -r s0 "%{_datadir}/%{name}(/.*)?"
+semanage fcontext -a -s system_u -t httpd_log_t            -r s0 "%{_localstatedir}/log/%{name}(/.*)?"
+# keep httpd_sys_rw_content_t (httpd_var_lib_t prevent dir creation)
+semanage fcontext -a -s system_u -t httpd_sys_rw_content_t -r s0 "%{_localstatedir}/lib/%{name}(/.*)?"
 # files created by app
 restorecon -R %{_sysconfdir}/%{name}
+restorecon -R %{_datadir}/%{name}
 restorecon -R %{_localstatedir}/lib/%{name}
 restorecon -R %{_localstatedir}/log/%{name}
 ) &>/dev/null
@@ -211,9 +213,10 @@ restorecon -R %{_localstatedir}/log/%{name}
 if [ "$1" -eq "0" ]; then
     # Remove the File Context
     (
-    semanage fcontext -d "%{_sysconfdir}/glpi(/.*)?"
-    semanage fcontext -d "%{_localstatedir}/log/glpi(/.*)?"
-    semanage fcontext -d "%{_localstatedir}/lib/glpi(/.*)?"
+    semanage fcontext -d "%{_sysconfdir}/%{name}(/.*)?"
+    semanage fcontext -d "%{_datadir}/%{name}(/.*)?"
+    semanage fcontext -d "%{_localstatedir}/log/%{name}(/.*)?"
+    semanage fcontext -d "%{_localstatedir}/lib/%{name}(/.*)?"
     ) &>/dev/null
 fi
 %endif
@@ -253,6 +256,10 @@ fi
 
 
 %changelog
+* Tue Jan 21 2014 Remi Collet <remi at fedoraproject.org> - 0.84.3-2
+- fix SELinux context #1032995
+  use httpd_sys_rw_content_t instead of httpd_sys_script_rw_t
+
 * Sun Nov  3 2013 Remi Collet <remi at fedoraproject.org> - 0.84.3-1
 - update to 0.84.3
   https://forge.indepnet.net/projects/glpi/versions/973

More information about the scm-commits mailing list