[cockpit/f20] Include the selinux cockpit policy as part of cockpit
Stef Walter
stefw at fedoraproject.org
Fri Aug 1 11:42:06 UTC 2014
commit bc677043977db822436e919ec9019408fd0e6a49
Author: Stef Walter <stefw at redhat.com>
Date: Fri Aug 1 13:41:33 2014 +0200
Include the selinux cockpit policy as part of cockpit
cockpit.spec | 31 +++++++++++++++++++++++++++++--
1 files changed, 29 insertions(+), 2 deletions(-)
---
diff --git a/cockpit.spec b/cockpit.spec
index b07b58e..5988678 100644
--- a/cockpit.spec
+++ b/cockpit.spec
@@ -1,6 +1,6 @@
Name: cockpit
Version: 0.18
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A user interface for Linux servers
License: LGPLv2+
@@ -39,6 +39,11 @@ BuildRequires: docbook-style-xsl
BuildRequires: dbus-devel
BuildRequires: glib-networking
+# For selinux
+BuildRequires: selinux-policy-devel
+BuildRequires: checkpolicy
+BuildRequires: /usr/share/selinux/devel/policyhelp
+
Requires: dbus
Requires: glib-networking
Requires: realmd
@@ -49,6 +54,12 @@ Requires: storaged
Requires: cockpit-assets
+# For selinux
+Requires: selinux-policy
+Requires: selinux-policy-targeted
+Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
+Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles
+
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@@ -75,7 +86,7 @@ rm -rf src/libgsystem/*.{c,doap}
%build
%configure --disable-static --disable-silent-rules --with-cockpit-user=cockpit-ws
-make %{?_smp_mflags}
+make %{?_smp_mflags} all selinux
%check
# The check doesnt run on koji as it requires network
@@ -85,6 +96,8 @@ make %{?_smp_mflags}
%make_install
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
install -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit
+install -d %{buildroot}%{_datadir}/selinux/targeted
+install -p -m 644 cockpit.pp %{buildroot}%{_datadir}/selinux/targeted/
rm -f %{buildroot}/%{_libdir}/cockpit/*.so
rm -f %{buildroot}%{_sysconfdir}/dbus-1/system.d/com.redhat.Cockpit.DBusTests.Test.conf
rm -f %{buildroot}%{_unitdir}/cockpit-testing.service
@@ -115,6 +128,7 @@ rm -rf %{buildroot}%{_datadir}/cockpit-test-assets
%attr(4750, root, cockpit-ws) %{_libexecdir}/cockpit-session
%{_libdir}/security/pam_reauthorize.so
%attr(775, -, wheel) %{_sharedstatedir}/%{name}
+%attr(755, root, root) %{_datadir}/selinux/targeted/cockpit.pp
%files assets
%{_datadir}/%{name}
@@ -130,15 +144,28 @@ getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d / -s /sbin/no
%systemd_post cockpit.service
# firewalld only partially picks up changes to its services files without this
test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
+/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/cockpit.pp &> /d
+/sbin/fixfiles -R cockpit restore || :
+/sbin/restorecon -R %{_sharedstatedir}/%{name} || :
%preun
%systemd_preun cockpit.service
+if [ $1 -eq 0 ] ; then
+ /usr/sbin/semodule -s targeted -r cockpit &> /dev/null || :
+ /sbin/fixfiles -R cockpit restore || :
+ [ -d %{_sharedstatedir}/%{name} ] && \
+ /sbin/restorecon -R %{_sharedstatedir}/%{name} &> /dev/null || :
+fi
%postun
%systemd_postun_with_restart cockpit.service
%changelog
+* Fri Aug 01 2014 Stef Walter <stefw at redhat.com> 0.18-2
+- Distribute our own selinux policy in cockpit RPM
+ until available for real in F21 and later
+
* Wed Jul 30 2014 Stef Walter <stefw at redhat.com> 0.18-1
- Update to 0.18 release
- Add glib-networking build requirement
More information about the scm-commits
mailing list