[lnst/el6] lnst.spec: fix selinux label of lnst-slave
Jiří Pírko
jirka at fedoraproject.org
Tue Jul 29 13:37:51 UTC 2014
commit 7ed7a39f8c804c5ba78ed0aef68eedd46a81b4b5
Author: Jiri Pirko <jiri at resnulli.us>
Date: Mon Jul 28 15:51:30 2014 +0200
lnst.spec: fix selinux label of lnst-slave
backport of:
From: Ondrej Lichtner <olichtne at redhat.com>
Date: Tue, 22 Jul 2014 09:22:06 +0200
Subject: lnst.spec: fix selinux label of lnst-slave
This patch relabels the lnst-slave executable to the unconfined_exec_t
type. This fixes our issues with lnst-slave, started by systemd, not
being able to properly use tcpdump and other netutils.
Signed-off-by: Jiri Pirko <jiri at resnulli.us>
lnst.spec | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/lnst.spec b/lnst.spec
index e43642d..af03002 100644
--- a/lnst.spec
+++ b/lnst.spec
@@ -35,6 +35,8 @@ Requires: %{name} = %{version}-%{release}
%package slave
Summary: Linux Network Stack Test Slave Daemon
Requires: %{name} = %{version}-%{release}
+Requires(post): policycoreutils-python
+Requires(postun): policycoreutils-python
%description
Linux Network Stack Test is a tool useful for developing and performing
@@ -71,6 +73,8 @@ install -D -p -m 0755 dist/%{name}-slave %{buildroot}%{_sysconfdir}/rc.d/init.d/
%py_ocomp %{buildroot}%{python_sitelib}
%post slave
+semanage fcontext -a -t unconfined_exec_t %{_bindir}/%{name}-slave
+restorecon -R %{_bindir}/%{name}-slave
/sbin/chkconfig --add lnst-slave
%preun slave
@@ -78,6 +82,7 @@ install -D -p -m 0755 dist/%{name}-slave %{buildroot}%{_sysconfdir}/rc.d/init.d/
/sbin/chkconfig --del lnst-slave
%postun slave
+semanage fcontext -d -t unconfined_exec_t %{_bindir}/%{name}-slave
/sbin/service lnst-slave condrestart &> /dev/null || :
%files
More information about the scm-commits
mailing list