[lnst] lnst.spec: fix selinux label of lnst-slave
Jiří Pírko
jirka at fedoraproject.org
Mon Jul 28 13:31:48 UTC 2014
commit 30f509e116c196bc8cc5f815ecda87735d44c5d2
Author: Ondrej Lichtner <olichtne at redhat.com>
Date: Tue Jul 22 09:22:06 2014 +0200
lnst.spec: fix selinux label of lnst-slave
This patch relabels the lnst-slave executable to the unconfined_exec_t
type. This fixes our issues with lnst-slave, started by systemd, not
being able to properly use tcpdump and other netutils.
Signed-off-by: Ondrej Lichtner <olichtne at redhat.com>
Signed-off-by: Jiri Pirko <jiri at resnulli.us>
lnst.spec | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/lnst.spec b/lnst.spec
index bf2de82..c314132 100644
--- a/lnst.spec
+++ b/lnst.spec
@@ -32,9 +32,9 @@ Requires: %{name} = %{version}-%{release}
%package slave
Summary: Linux Network Stack Test Slave Daemon
Requires: %{name} = %{version}-%{release}
-Requires(post): systemd
+Requires(post): systemd, policycoreutils-python
Requires(preun): systemd
-Requires(postun): systemd
+Requires(postun): systemd, policycoreutils-python
%description
Linux Network Stack Test is a tool useful for developing and performing
@@ -71,12 +71,15 @@ install -D -m 0644 dist/%{name}-slave.service %{buildroot}/%{_unitdir}/%{name}-s
%py_ocomp %{buildroot}%{python_sitelib}
%post slave
+semanage fcontext -a -t unconfined_exec_t -f f %{_bindir}/%{name}-slave
+restorecon -R %{_bindir}/%{name}-slave
%systemd_post lnst-slave.service
%preun slave
%systemd_preun lnst-slave.service
%postun slave
+semanage fcontext -d -t unconfined_exec_t -f f %{_bindir}/%{name}-slave
%systemd_postun_with_restart lnst-slave.service
%files
More information about the scm-commits
mailing list