[cockpit/f20] Include the selinux cockpit policy as part of cockpit

[Stef Walter]

commit bc677043977db822436e919ec9019408fd0e6a49
Author: Stef Walter <stefw at redhat.com>
Date:   Fri Aug 1 13:41:33 2014 +0200

    Include the selinux cockpit policy as part of cockpit

 cockpit.spec |   31 +++++++++++++++++++++++++++++--
 1 files changed, 29 insertions(+), 2 deletions(-)
---
diff --git a/cockpit.spec b/cockpit.spec
index b07b58e..5988678 100644
--- a/cockpit.spec
+++ b/cockpit.spec
@@ -1,6 +1,6 @@
 Name:           cockpit
 Version:        0.18
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A user interface for Linux servers
 
 License:        LGPLv2+
@@ -39,6 +39,11 @@ BuildRequires: docbook-style-xsl
 BuildRequires: dbus-devel
 BuildRequires: glib-networking
 
+# For selinux
+BuildRequires: selinux-policy-devel
+BuildRequires: checkpolicy
+BuildRequires: /usr/share/selinux/devel/policyhelp
+
 Requires: dbus
 Requires: glib-networking
 Requires: realmd
@@ -49,6 +54,12 @@ Requires: storaged
 
 Requires: cockpit-assets
 
+# For selinux
+Requires: selinux-policy
+Requires: selinux-policy-targeted
+Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
+Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
+
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -75,7 +86,7 @@ rm -rf src/libgsystem/*.{c,doap}
 
 %build
 %configure --disable-static --disable-silent-rules --with-cockpit-user=cockpit-ws
-make %{?_smp_mflags}
+make %{?_smp_mflags} all selinux
 
 %check
 # The check doesnt run on koji as it requires network
@@ -85,6 +96,8 @@ make %{?_smp_mflags}
 %make_install
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
 install -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit
+install -d %{buildroot}%{_datadir}/selinux/targeted
+install -p -m 644 cockpit.pp %{buildroot}%{_datadir}/selinux/targeted/
 rm -f %{buildroot}/%{_libdir}/cockpit/*.so
 rm -f %{buildroot}%{_sysconfdir}/dbus-1/system.d/com.redhat.Cockpit.DBusTests.Test.conf
 rm -f %{buildroot}%{_unitdir}/cockpit-testing.service
@@ -115,6 +128,7 @@ rm -rf %{buildroot}%{_datadir}/cockpit-test-assets
 %attr(4750, root, cockpit-ws) %{_libexecdir}/cockpit-session
 %{_libdir}/security/pam_reauthorize.so
 %attr(775, -, wheel) %{_sharedstatedir}/%{name}
+%attr(755, root, root) %{_datadir}/selinux/targeted/cockpit.pp
 
 %files assets
 %{_datadir}/%{name}
@@ -130,15 +144,28 @@ getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d / -s /sbin/no
 %systemd_post cockpit.service
 # firewalld only partially picks up changes to its services files without this
 test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
+/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/cockpit.pp &> /d
+/sbin/fixfiles -R cockpit restore || :
+/sbin/restorecon -R %{_sharedstatedir}/%{name} || :
 
 %preun
 %systemd_preun cockpit.service
+if [ $1 -eq 0 ] ; then
+  /usr/sbin/semodule -s targeted -r cockpit &> /dev/null || :
+  /sbin/fixfiles -R cockpit restore || :
+  [ -d %{_sharedstatedir}/%{name} ]  && \
+    /sbin/restorecon -R %{_sharedstatedir}/%{name} &> /dev/null || :
+fi
 
 %postun
 %systemd_postun_with_restart cockpit.service 
 
 
 %changelog
+* Fri Aug 01 2014 Stef Walter <stefw at redhat.com> 0.18-2
+- Distribute our own selinux policy in cockpit RPM
+  until available for real in F21 and later
+
 * Wed Jul 30 2014 Stef Walter <stefw at redhat.com> 0.18-1
 - Update to 0.18 release
 - Add glib-networking build requirement