[selinux-policy] * Thu Jun 19 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-60 - Implement new spec file handling for
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Jun 19 14:53:37 UTC 2014
commit c04c318879cdd3afff227d61324bb50b2fae0b0d
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Thu Jun 19 16:53:27 2014 +0200
* Thu Jun 19 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-60
- Implement new spec file handling for *.pp modules which allows us to move a policy module out of the policy
modules-mls-contrib.conf | 7 -------
selinux-policy.spec | 31 +++++++++++++++++++++++++------
2 files changed, 25 insertions(+), 13 deletions(-)
---
diff --git a/modules-mls-contrib.conf b/modules-mls-contrib.conf
index 733628e..b74a674 100644
--- a/modules-mls-contrib.conf
+++ b/modules-mls-contrib.conf
@@ -272,13 +272,6 @@ colord = module
comsat = module
# Layer: services
-# Module: consolekit
-#
-# ConsoleKit is a system daemon for tracking what users are logged
-#
-#consolekit = module
-
-# Layer: services
# Module: courier
#
# IMAP and POP3 email servers
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d54cd3d..29ca069 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -11,7 +11,7 @@
%define BUILD_MINIMUM 1
%endif
%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
-%define BUILD_MLS 1
+%define BUILD_MLS 0
%endif
%define POLICYVER 29
%define POLICYCOREUTILSVER 2.1.14-74
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 59%{?dist}
+Release: 60%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -216,7 +216,7 @@ ln -sf /etc/selinux/%1/policy/policy.%{POLICYVER} %{buildroot}%{_sysconfdir}/se
%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/netfilter_contexts \
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/users_extra \
%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/homedir_template \
-%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/*.pp \
+%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/permissivedomains.pp \
%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/policy.kern \
%ghost %{_sysconfdir}/selinux/%1/modules/active/*.local \
%ghost %{_sysconfdir}/selinux/%1/modules/active/*.bin \
@@ -310,6 +310,16 @@ if [ -e ./policy/modules-contrib.conf ];then \
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules-contrib.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules-contrib.lst; \
fi;
+%define nonBaseModulesList() \
+contrib_modules=`cat %{buildroot}/%{_usr}/share/selinux/%1/modules-contrib.lst` \
+base_modules=`cat %{buildroot}/%{_usr}/share/selinux/%1/modules-base.lst` \
+for i in $contrib_modules $base_modules; do \
+ if [ $i != "sandbox.pp" ];then \
+ echo "%verify(not md5 size mtime) /etc/selinux/%1/modules/active/modules/$i" >> %{buildroot}/%{_usr}/share/selinux/%1/nonbasemodules.lst \
+ fi; \
+done
+
+
%description
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
@@ -355,6 +365,7 @@ cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/targeted
%installCmds targeted mcs n allow
mv %{buildroot}/%{_sysconfdir}/selinux/targeted/modules/active/modules/sandbox.pp %{buildroot}/usr/share/selinux/packages
%modulesList targeted
+%nonBaseModulesList targeted
%endif
%if %{BUILD_MINIMUM}
@@ -367,6 +378,7 @@ cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/minimum
%installCmds minimum mcs n allow
rm -f %{buildroot}/%{_sysconfdir}/selinux/minimum/modules/active/modules/sandbox.pp
%modulesList minimum
+%nonBaseModulesList minimum
%endif
%if %{BUILD_MLS}
@@ -375,6 +387,7 @@ rm -f %{buildroot}/%{_sysconfdir}/selinux/minimum/modules/active/modules/sandbox
%makeModulesConf mls base contrib
%installCmds mls mls n deny
%modulesList mls
+%nonBaseModulesList mls
%endif
mkdir -p %{buildroot}%{_mandir}
@@ -482,7 +495,7 @@ exit 0
restorecon -R -p /home
exit 0
-%files targeted
+%files targeted -f %{buildroot}/%{_usr}/share/selinux/targeted/nonbasemodules.lst
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/sysadm_u
@@ -490,6 +503,7 @@ exit 0
%{_usr}/share/selinux/targeted/base.lst
%{_usr}/share/selinux/targeted/modules-base.lst
%{_usr}/share/selinux/targeted/modules-contrib.lst
+%{_usr}/share/selinux/targeted/nonbasemodules.lst
%endif
%if %{BUILD_MINIMUM}
@@ -541,7 +555,7 @@ done
fi
exit 0
-%files minimum
+%files minimum -f %{buildroot}/%{_usr}/share/selinux/minimum/nonbasemodules.lst
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u
@@ -550,6 +564,7 @@ exit 0
%{_usr}/share/selinux/minimum/base.lst
%{_usr}/share/selinux/minimum/modules-base.lst
%{_usr}/share/selinux/minimum/modules-contrib.lst
+%{_usr}/share/selinux/minimum/nonbasemodules.lst
%endif
%if %{BUILD_MLS}
@@ -574,16 +589,20 @@ SELinux Reference policy mls base module.
%post mls
%postInstall $1 mls
-%files mls
+%files mls -f %{buildroot}/%{_usr}/share/selinux/mls/nonbasemodules.lst
%defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u
%fileList mls
%{_usr}/share/selinux/mls/base.lst
%{_usr}/share/selinux/mls/modules-base.lst
%{_usr}/share/selinux/mls/modules-contrib.lst
+%{_usr}/share/selinux/mls/nonbasemodules.lst
%endif
%changelog
+* Thu Jun 19 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-60
+- Implement new spec file handling for *.pp modules which allows us to move a policy module out of the policy
+
* Tue Jun 17 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-59
- Allow system_bus_types to use stream_sockets inherited from system_dbusd
- Allow journalctl to call getpw
More information about the scm-commits
mailing list