[skylable-sx] Initial import (#1193175).
edwintorok
edwintorok at fedoraproject.org
Wed Mar 18 11:38:12 UTC 2015
commit 2912bc44613c2f8cae53537dc8719c0e5edcf3d2
Author: Török Edwin <edwin at skylable.com>
Date: Wed Mar 18 13:28:27 2015 +0200
Initial import (#1193175).
.gitignore | 1 +
skylable-sx-1.0-post-release-fixes.patch | 229 +++++++++++++++++++
skylable-sx.spec | 216 ++++++++++++++++++
sources | 1 +
sx-nginx.service | 16 ++
sxserver.conf | 2 +
sxserver.fc | 12 +
sxserver.if | 314 +++++++++++++++++++++++++++
sxserver.patch | 16 ++
sxserver.service | 12 +
sxserver.te | 94 ++++++++
sxserver_selinux.8 | 362 +++++++++++++++++++++++++++++++
12 files changed, 1275 insertions(+)
---
diff --git a/.gitignore b/.gitignore
index e69de29..34b5ddb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/sx-1.0.tar.gz
diff --git a/skylable-sx-1.0-post-release-fixes.patch b/skylable-sx-1.0-post-release-fixes.patch
new file mode 100644
index 0000000..d0479b6
--- /dev/null
+++ b/skylable-sx-1.0-post-release-fixes.patch
@@ -0,0 +1,229 @@
+From 5167d4e1e9cbd6bc656f53ea2e9cdb0910652505 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?T=C3=B6r=C3=B6k=20Edwin?= <edwin at skylable.com>
+Date: Mon, 29 Dec 2014 16:45:12 +0200
+Subject: [PATCH 1/4] fix make check when --disable-sxhttpd is used
+
+---
+ server/configure | 5 ++++-
+ server/configure.ac | 6 ++++--
+ server/test/run-nginx-test.sh | 2 +-
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/server/configure b/server/configure
+index a5b03bf..4c37a12 100755
+--- a/server/configure
++++ b/server/configure
+@@ -14341,7 +14341,7 @@ $as_echo "no" >&6; }
+ fi
+
+ if test "x$ac_pt_SXHTTPD" = x; then
+- SXHTTPD="as_fn_error $? "nginx is required when --disable-sxhttpd is used" "$LINENO" 5"
++ SXHTTPD="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+ yes:)
+@@ -14355,6 +14355,9 @@ else
+ SXHTTPD="$ac_cv_path_SXHTTPD"
+ fi
+
++ if test "$SXHTTPD" = "false"; then
++ as_fn_error $? "nginx is required when --disable-sxhttpd is used" "$LINENO" 5
++ fi
+ else
+ SXHTTPD="$sbindir/sxhttpd"
+ fi
+diff --git a/server/configure.ac b/server/configure.ac
+index 68614d9..e5d04eb 100644
+--- a/server/configure.ac
++++ b/server/configure.ac
+@@ -187,9 +187,11 @@ build_sxhttpd=$enableval, build_sxhttpd="yes")
+
+
+ if test "x$build_sxhttpd" = "xno"; then
+- AC_PATH_TOOL(SXHTTPD,nginx,
+- [AC_MSG_ERROR([nginx is required when --disable-sxhttpd is used])],
++ AC_PATH_TOOL(SXHTTPD,nginx, [false],
+ [/usr/sbin:/usr/local/sbin:$PATH])
++ if test "$SXHTTPD" = "false"; then
++ AC_MSG_ERROR([nginx is required when --disable-sxhttpd is used])
++ fi
+ else
+ SXHTTPD="$sbindir/sxhttpd"
+ fi
+diff --git a/server/test/run-nginx-test.sh b/server/test/run-nginx-test.sh
+index 6fd5545..a86b32d 100755
+--- a/server/test/run-nginx-test.sh
++++ b/server/test/run-nginx-test.sh
+@@ -32,7 +32,7 @@ if [ `uname` = 'SunOS' ]; then
+ else
+ FLAG=
+ fi
+-(cd sxscripts && make -s clean && make -s $FLAG prefix="$prefix" SXHTTPD="$prefix/sbin/sxhttpd" sbindir="$prefix/sbin" bindir="$prefix/bin" sysconfdir="$prefix/etc" localstatedir="$prefix/var" install)
++(cd sxscripts && make -s clean && make -s $FLAG prefix="$prefix" sbindir="$prefix/sbin" bindir="$prefix/bin" sysconfdir="$prefix/etc" localstatedir="$prefix/var" install)
+ (cd sxscripts && make -s clean && make -s)
+
+ ln -s `pwd`/../client/src/tools/init/sxinit "$prefix/bin/sxinit"
+--
+1.7.10.4
+
+
+From 31bb9700201affc838d8ddcdc1a433001a2e32d1 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?T=C3=B6r=C3=B6k=20Edwin?= <edwin at skylable.com>
+Date: Mon, 29 Dec 2014 16:58:25 +0200
+Subject: [PATCH 2/4] set other paths needed to run as non-root
+
+TODO: only when --disable-sxhttpd is given
+---
+ server/sxscripts/sxserver/sxhttpd.conf.default.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/server/sxscripts/sxserver/sxhttpd.conf.default.in b/server/sxscripts/sxserver/sxhttpd.conf.default.in
+index 30882cc..16cc6f6 100644
+--- a/server/sxscripts/sxserver/sxhttpd.conf.default.in
++++ b/server/sxscripts/sxserver/sxhttpd.conf.default.in
+@@ -23,6 +23,9 @@ http {
+ client_max_body_size 150M;
+ client_body_temp_path @localstatedir@/lib/sxserver/sxhttpd;
+ fastcgi_temp_path @localstatedir@/lib/sxserver/sxhttpd;
++ proxy_temp_path @localstatedir@/lib/sxserver/sxhttpd;
++ uwsgi_temp_path @localstatedir@/lib/sxserver/sxhttpd;
++ scgi_temp_path @localstatedir@/lib/sxserver/sxhttpd;
+ server {
+ # ssl on;
+ # ssl_certificate @sysconfdir@/ssl/certs/sxcert.pem;
+--
+1.7.10.4
+
+
+From fb3ab4fc91edcf79f5a6cc1c8087a529993e3e61 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?T=C3=B6r=C3=B6k=20Edwin?= <edwin at skylable.com>
+Date: Wed, 31 Dec 2014 11:40:24 +0200
+Subject: [PATCH 3/4] fix manpage-has-bad-whatis-entry
+
+https://lintian.debian.org/tags/manpage-has-bad-whatis-entry.html
+---
+ client/man/sxrev-copy.1.in | 2 +-
+ client/man/sxrev-delete.1.in | 2 +-
+ client/man/sxrev-list.1.in | 2 +-
+ client/man/sxvol-create.1.in | 2 +-
+ client/man/sxvol-filter.1.in | 2 +-
+ client/man/sxvol-modify.1.in | 2 +-
+ client/man/sxvol-remove.1.in | 2 +-
+ 7 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/client/man/sxrev-copy.1.in b/client/man/sxrev-copy.1.in
+index 1a21608..cad7c5e 100644
+--- a/client/man/sxrev-copy.1.in
++++ b/client/man/sxrev-copy.1.in
+@@ -1,6 +1,6 @@
+ .TH SXREV-COPY "1" "September 2014" "sxrev @VERSION@" "Skylable SX Manual"
+ .SH NAME
+-sxrev copy \- copy a specific revision of a file
++sxrev-copy \- copy a specific revision of a file
+ .SH SYNOPSIS
+ .B sxrev copy
+ [\fI\,OPTIONS\/\fR] \fI\,sx://\/\fR[\fI\,profile@\/\fR]\fI\,cluster/volume/path DEST\/\fR
+diff --git a/client/man/sxrev-delete.1.in b/client/man/sxrev-delete.1.in
+index 062a7f2..a195868 100644
+--- a/client/man/sxrev-delete.1.in
++++ b/client/man/sxrev-delete.1.in
+@@ -1,6 +1,6 @@
+ .TH SXREV-DELETE "1" "September 2014" "sxrev @VERSION@" "Skylable SX Manual"
+ .SH NAME
+-sxrev delete \- delete a revision
++sxrev-delete \- delete a revision
+ .SH SYNOPSIS
+ .B sxrev delete
+ [\fI\,OPTIONS\/\fR] \fI sx://\/\fR[\fI\,profile@\/\fR]\fI\,cluster/volume/path\/\fR
+diff --git a/client/man/sxrev-list.1.in b/client/man/sxrev-list.1.in
+index 9bd7506..5d1b8cc 100644
+--- a/client/man/sxrev-list.1.in
++++ b/client/man/sxrev-list.1.in
+@@ -1,6 +1,6 @@
+ .TH SXREV-LIST "1" "September 2014" "sxrev @VERSION@" "Skylable SX Manual"
+ .SH NAME
+-sxrev list \- list revisions
++sxrev-list \- list revisions
+ .SH SYNOPSIS
+ .B sxrev list
+ \fIsx://\/\fR[\fI\,profile@\/\fR]\fI\,cluster/volume/path\/\fR
+diff --git a/client/man/sxvol-create.1.in b/client/man/sxvol-create.1.in
+index b35b7e1..c1812d4 100644
+--- a/client/man/sxvol-create.1.in
++++ b/client/man/sxvol-create.1.in
+@@ -1,6 +1,6 @@
+ .TH SXVOL-CREATE "1" "September 2014" "sxvol @VERSION@" "Skylable SX Manual"
+ .SH NAME
+-sxvol create \- create volumes on SX clusters
++sxvol-create \- create volumes on SX clusters
+ .SH SYNOPSIS
+ .B sxvol create
+ \fR[\fI\,OPTIONS\/\fR] \fI\,-r N -s SIZE -o username sx://\/\fR[\fI\,profile@\/\fR]\fI\,cluster/volume\/\fR
+diff --git a/client/man/sxvol-filter.1.in b/client/man/sxvol-filter.1.in
+index 176bb39..f5e0b26 100644
+--- a/client/man/sxvol-filter.1.in
++++ b/client/man/sxvol-filter.1.in
+@@ -1,6 +1,6 @@
+ .TH SXVOL-FILTER "1" "September 2014" "sxvol @VERSION@" "Skylable SX Manual"
+ .SH NAME
+-sxvol filter \- display information about filters
++sxvol-filter \- display information about filters
+ .SH SYNOPSIS
+ .B sxvol
+ \fI\,filter <OPTIONS>\/\fR...
+diff --git a/client/man/sxvol-modify.1.in b/client/man/sxvol-modify.1.in
+index 1972bc0..bc758c0 100644
+--- a/client/man/sxvol-modify.1.in
++++ b/client/man/sxvol-modify.1.in
+@@ -1,6 +1,6 @@
+ .TH SXVOL-MODIFY "1" "November 2014" "sxvol @VERSION@" "Skylable SX Manual"
+ .SH NAME
+-sxvol modify \- modify existing volumes
++sxvol-modify \- modify existing volumes
+ .SH SYNOPSIS
+ .B sxvol modify
+ \fR<\fI\,OPTIONS\/\fR> \fI\,sx://\/\fR[\fI\,profile@\/\fR]\fI\,cluster/volume\/\fR
+diff --git a/client/man/sxvol-remove.1.in b/client/man/sxvol-remove.1.in
+index e19823c..775aa71 100644
+--- a/client/man/sxvol-remove.1.in
++++ b/client/man/sxvol-remove.1.in
+@@ -1,6 +1,6 @@
+ .TH SXVOL-REMOVE "1" "September 2014" "sxvol @VERSION@" "Skylable SX Manual"
+ .SH NAME
+-sxvol remove \- remove volumes from SX clusters
++sxvol-remove \- remove volumes from SX clusters
+ .SH SYNOPSIS
+ .B sxvol remove
+ [\fI\,OPTIONS\/\fR] \fI\,sx://\/\fR[\fI\,profile@\/\fR]\fI\,cluster/volume\/\fR
+--
+1.7.10.4
+
+
+From bc83e3934fbc6cc1a20848d3e0c5c5cf50fee671 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?T=C3=B6r=C3=B6k=20Edwin?= <edwin at skylable.com>
+Date: Fri, 2 Jan 2015 13:32:22 +0200
+Subject: [PATCH 4/4] disable gzip so that ETag works
+
+---
+ server/sxscripts/sxserver/sxhttpd.conf.default.in | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/server/sxscripts/sxserver/sxhttpd.conf.default.in b/server/sxscripts/sxserver/sxhttpd.conf.default.in
+index 16cc6f6..d61dbd0 100644
+--- a/server/sxscripts/sxserver/sxhttpd.conf.default.in
++++ b/server/sxscripts/sxserver/sxhttpd.conf.default.in
+@@ -16,10 +16,7 @@ http {
+ '"$http_referer" "$http_user_agent"';
+ # access_log @localstatedir@/log/sxserver/sxhttpd-access.log ours;
+ access_log off;
+- gzip on;
+- gzip_disable "msie6";
+- gzip_vary on;
+- gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
++ gzip off;
+ client_max_body_size 150M;
+ client_body_temp_path @localstatedir@/lib/sxserver/sxhttpd;
+ fastcgi_temp_path @localstatedir@/lib/sxserver/sxhttpd;
+--
+1.7.10.4
+
diff --git a/skylable-sx.spec b/skylable-sx.spec
new file mode 100644
index 0000000..406d7a7
--- /dev/null
+++ b/skylable-sx.spec
@@ -0,0 +1,216 @@
+%global _hardened_build 1
+%define relabel_files() \
+restorecon -R /usr/sbin/sx.fcgi; \
+restorecon -R /usr/lib/systemd/system/sx-nginx.service; \
+restorecon -R /usr/lib/systemd/system/sxserver.service; \
+restorecon -R /var/lib/sxserver/storage; \
+restorecon -R /var/log/sxserver; \
+restorecon -R /var/run/sxserver; \
+
+%define selinux_policyver 3.13.1-105
+
+Name: skylable-sx
+Version: 1.0
+Release: 5%{?dist}
+Summary: Scalable public and private cloud storage
+Group: System Environment/Daemons
+# See COPYING for license breakdown
+License: GPLv2 with exceptions and LGPLv2+ and BSD and MIT
+URL: http://www.skylable.com/products/sx
+Source0: http://cdn.skylable.com/source/sx-1.0.tar.gz
+Patch0: skylable-sx-1.0-post-release-fixes.patch
+Patch1: sxserver.patch
+Source1: sx-nginx.service
+Source2: sxserver.service
+Source3: sxserver.conf
+Source4: sxserver.te
+Source5: sxserver.if
+Source6: sxserver.fc
+Source7: sxserver_selinux.8
+BuildRequires: libtool-ltdl-devel, libtool, yajl-devel, pkgconfig(libcrypto), pkgconfig(openssl), zlib-devel, perl(List::Util), perl(Time::HiRes), perl(LWP::UserAgent), perl(URI), perl(URI::Escape), perl(HTTP::Date), perl(MIME::Base64), perl(Digest::HMAC_SHA1), perl(Digest::SHA), perl(JSON), pkgconfig(nss), fcgi-devel, pkgconfig(sqlite3), nginx, curl-devel
+Requires: %{name}-client%{?_isa} = %{version}-%{release}, logrotate, nginx, openssl, policycoreutils, libselinux-utils
+BuildRequires: systemd, selinux-policy-devel
+Requires(post): systemd, selinux-policy-base >= %{selinux_policyver}, policycoreutils
+Requires(preun): systemd
+Requires(postun): systemd, policycoreutils
+
+%description
+Skylable Sx is a reliable, fully distributed cluster solution for your data
+storage needs.
+
+With Sx you can aggregate the disk space available on multiple servers and
+merge it into a single storage system.
+The cluster makes sure that your data is always replicated over multiple nodes
+(the exact number of copies is defined by the sysadmin) and synchronized.
+
+Additionally Sx has built-in support for deduplication, client-side encryption,
+on-the-fly compression and much more.
+
+%package client
+Summary: Skylable SX client
+Group: Cloud Infrastructure
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description client
+Skylable SX client software.
+
+%package devel
+Summary: Skylable SX devel
+Group: Development/Libraries
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+License: LGPLv2+ with exceptions
+
+%description devel
+Development files for Skylable SX.
+
+%package libs
+Summary: Skylable SX library and plugins
+Group: System Environment/Libraries
+License: LGPLv2+ with exceptions and MIT
+
+%description libs
+Skylable SX library and plugins.
+
+%prep
+%setup -q -n sx-%{version}
+%patch0 -p 1
+%patch1 -p 1
+rm -rf 3rdparty/
+
+%build
+cp %{SOURCE4} .
+cp %{SOURCE5} .
+cp %{SOURCE6} .
+make -f /usr/share/selinux/devel/Makefile sxserver.pp
+#sepolicy manpage -p . -d sxserver
+# libtool doesn't detect that /usr/lib64 should be in sys_lib_dlsearch_path_spec
+# use the patched system libtool instead of shipped one
+%configure --with-nss --without-ssl --with-system-libs --disable-sxhttpd --disable-static
+(cd client && rm -f libtool && ln -s /usr/bin/libtool .)
+(cd server && rm -f libtool && ln -s /usr/bin/libtool .)
+(cd libsx && rm -f libtool && ln -s /usr/bin/libtool .)
+
+make %{?_smp_mflags}
+
+%install
+make install DESTDIR=%{buildroot}
+%{__install} -d %{buildroot}%{_sysconfdir}/logrotate.d/
+%{__install} -d %{buildroot}%{_sysconfdir}/sysconfig/
+mv %{buildroot}/usr/share/doc/sx/logrotate.d/sxserver %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+mkdir -p %{buildroot}%{_unitdir}
+%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}
+%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}
+rm -rf %{buildroot}/usr/share/doc/sx/*
+
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 0644 %{SOURCE3} %{buildroot}%{_tmpfilesdir}/
+mkdir -p %{buildroot}/run
+install -d -m 0755 %{buildroot}/run/sxserver/
+
+install -d %{buildroot}%{_datadir}/selinux/packages
+install -m 644 sxserver.pp %{buildroot}%{_datadir}/selinux/packages
+install -d %{buildroot}%{_datadir}/selinux/devel/include/contrib
+install -m 644 %{SOURCE5} %{buildroot}%{_datadir}/selinux/devel/include/contrib/
+install -d %{buildroot}%{_mandir}/man8/
+install -m 644 %{SOURCE7} %{buildroot}%{_mandir}/man8/sxserver_selinux.8
+install -d %{buildroot}/etc/selinux/targeted/contexts/users/
+
+
+
+%check
+make check VERBOSE=1
+
+# This informs systemd about our services.
+%post
+%systemd_post sxserver.service
+%systemd_post sx-nginx.service
+# This sets up the SELinux policy
+semodule -n -i %{_datadir}/selinux/packages/sxserver.pp
+if /usr/sbin/selinuxenabled ; then
+ /usr/sbin/load_policy
+ %relabel_files
+
+fi;
+exit 0
+
+%preun
+%systemd_preun sxserver.service
+%systemd_preun sx-nginx.service
+
+%postun
+%systemd_postun_with_restart sxserver.service
+%systemd_postun_with_restart sx-nginx.service
+# This removes the SELinux policy
+if [ $1 -eq 0 ]; then
+ semodule -n -r sxserver
+ if /usr/sbin/selinuxenabled ; then
+ /usr/sbin/load_policy
+ %relabel_files
+
+ fi;
+fi;
+exit 0
+
+%post libs -p /sbin/ldconfig
+
+%postun libs -p /sbin/ldconfig
+
+%files
+%doc COPYING README NEWS QUICKSTART UPGRADE doc/manual/manual.pdf
+%{_sbindir}/sx*
+%config(noreplace) %{_sysconfdir}/sxserver/
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%{_unitdir}/sx-nginx.service
+%{_unitdir}/sxserver.service
+%exclude /var/run/sxserver
+# do not remove logfiles, but still associate with package
+%attr(755,nobody,nobody) %dir /var/log/sxserver/
+# exclude symlinks that belong in dev packages
+%exclude %{_libdir}/*.la
+%exclude %{_libdir}/sxclient/*.la
+%exclude %{_libdir}/*.a
+%exclude %{_libdir}/sxclient/*.a
+%attr(755,nobody,nobody) %dir /run/sxserver/
+%{_tmpfilesdir}/sxserver.conf
+
+%attr(0600,root,root) %{_datadir}/selinux/packages/sxserver.pp
+%{_datadir}/selinux/devel/include/contrib/sxserver.if
+%{_mandir}/man8/sxserver_selinux.8.*
+
+%files libs
+%doc COPYING
+%dir %{_libdir}/sxclient
+%{_libdir}/libsx.so.*
+%{_libdir}/sxclient/libsxf_*-*.so
+
+%files devel
+%doc COPYING
+%{_includedir}/sx.h
+%{_libdir}/*.so
+%exclude %{_libdir}/sxclient/libsxf_*-*.so
+%{_libdir}/sxclient/libsxf*.so
+
+%files client
+%doc COPYING README NEWS
+%{_bindir}/sx*
+%{_mandir}/man1/*
+
+%changelog
+* Thu Mar 12 2015 Skylable Dev Team <dev-team at skylable.com> - 1.0-5
+- License field updated
+
+* Mon Feb 16 2015 Skylable Dev Team <dev-team at skylable.com> - 1.0-4
+- SELinux policy
+
+* Fri Feb 13 2015 Skylable Dev Team <dev-team at skylable.com> - 1.0-3
+- create required directories in package
+- fix pidfile in sxnginx.service
+- redirect /usr/sbin/sxserver to systemctl
+- set SELinux label on sxserver to allow nginx <-> sx.fcgi communication via socket
+
+* Thu Feb 5 2015 Tom Callaway <spot at fedoraproject.org> - 1.0-2
+- clean up spec file
+- add systemd support
+
+* Tue Dec 9 2014 Skylable Dev Team <dev-team at skylable.com> - 1.0
+- initial packaging
diff --git a/sources b/sources
index e69de29..adf51ea 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+937145cbdc41167ba7b6aea9aef02fba sx-1.0.tar.gz
diff --git a/sx-nginx.service b/sx-nginx.service
new file mode 100644
index 0000000..50c959d
--- /dev/null
+++ b/sx-nginx.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=The SX nginx HTTP server instance
+After=syslog.target network.target remote-fs.target sxserver.service
+PartOf=sxserver.service
+
+[Service]
+Type=forking
+PIDFile=/run/sxserver/sxhttpd.pid
+ExecStartPre=/usr/sbin/nginx -t -c /etc/sxserver/sxhttpd.conf
+ExecStart=/usr/sbin/nginx -c /etc/sxserver/sxhttpd.conf
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s QUIT $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sxserver.conf b/sxserver.conf
new file mode 100644
index 0000000..8f39925
--- /dev/null
+++ b/sxserver.conf
@@ -0,0 +1,2 @@
+d /run/sxserver 0755 nobody nobody -
+Z /run/sxserver - - - -
diff --git a/sxserver.fc b/sxserver.fc
new file mode 100644
index 0000000..b613b29
--- /dev/null
+++ b/sxserver.fc
@@ -0,0 +1,12 @@
+/usr/lib/systemd/system/sx-nginx.service -- gen_context(system_u:object_r:sxserver_unit_file_t,s0)
+
+/usr/lib/systemd/system/sxserver.service -- gen_context(system_u:object_r:sxserver_unit_file_t,s0)
+
+/usr/sbin/sx.fcgi -- gen_context(system_u:object_r:sxserver_exec_t,s0)
+/usr/sbin/sxadm -- gen_context(system_u:object_r:sxserver_exec_t,s0)
+
+/var/log/sxserver(/.*)? gen_context(system_u:object_r:sxserver_log_t,s0)
+/var/log/sxserver/sxhttp.*.log gen_context(system_u:object_r:httpd_log_t,s0)
+
+/var/run/sxserver(/.*)? gen_context(system_u:object_r:sxserver_var_run_t,s0)
+/var/lib/sxserver/storage(/.*)? gen_context(system_u:object_r:sxserver_var_lib_t,s0)
diff --git a/sxserver.if b/sxserver.if
new file mode 100644
index 0000000..4c731d8
--- /dev/null
+++ b/sxserver.if
@@ -0,0 +1,314 @@
+
+## <summary>policy for sxserver</summary>
+
+########################################
+## <summary>
+## Execute TEMPLATE in the sxserver domin.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`sxserver_domtrans',`
+ gen_require(`
+ type sxserver_t, sxserver_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, sxserver_exec_t, sxserver_t)
+')
+########################################
+## <summary>
+## Read sxserver's log files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`sxserver_read_log',`
+ gen_require(`
+ type sxserver_log_t;
+ ')
+
+ logging_search_logs($1)
+ read_files_pattern($1, sxserver_log_t, sxserver_log_t)
+')
+
+########################################
+## <summary>
+## Append to sxserver log files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_append_log',`
+ gen_require(`
+ type sxserver_log_t;
+ ')
+
+ logging_search_logs($1)
+ append_files_pattern($1, sxserver_log_t, sxserver_log_t)
+')
+
+########################################
+## <summary>
+## Manage sxserver log files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_manage_log',`
+ gen_require(`
+ type sxserver_log_t;
+ ')
+
+ logging_search_logs($1)
+ manage_dirs_pattern($1, sxserver_log_t, sxserver_log_t)
+ manage_files_pattern($1, sxserver_log_t, sxserver_log_t)
+ manage_lnk_files_pattern($1, sxserver_log_t, sxserver_log_t)
+')
+
+########################################
+## <summary>
+## Do not audit attempts to read,
+## sxserver tmp files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`sxserver_dontaudit_read_tmp_files',`
+ gen_require(`
+ type sxserver_tmp_t;
+ ')
+
+ dontaudit $1 sxserver_tmp_t:file read_file_perms;
+')
+
+########################################
+## <summary>
+## Read sxserver tmp files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_read_tmp_files',`
+ gen_require(`
+ type sxserver_tmp_t;
+ ')
+
+ files_search_tmp($1)
+ read_files_pattern($1, sxserver_tmp_t, sxserver_tmp_t)
+')
+
+########################################
+## <summary>
+## Manage sxserver tmp files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_manage_tmp',`
+ gen_require(`
+ type sxserver_tmp_t;
+ ')
+
+ files_search_tmp($1)
+ manage_dirs_pattern($1, sxserver_tmp_t, sxserver_tmp_t)
+ manage_files_pattern($1, sxserver_tmp_t, sxserver_tmp_t)
+ manage_lnk_files_pattern($1, sxserver_tmp_t, sxserver_tmp_t)
+')
+
+########################################
+## <summary>
+## Search sxserver lib directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_search_lib',`
+ gen_require(`
+ type sxserver_var_lib_t;
+ ')
+
+ allow $1 sxserver_var_lib_t:dir search_dir_perms;
+ files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+## Read sxserver lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_read_lib_files',`
+ gen_require(`
+ type sxserver_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ read_files_pattern($1, sxserver_var_lib_t, sxserver_var_lib_t)
+')
+
+########################################
+## <summary>
+## Manage sxserver lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_manage_lib_files',`
+ gen_require(`
+ type sxserver_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_files_pattern($1, sxserver_var_lib_t, sxserver_var_lib_t)
+')
+
+########################################
+## <summary>
+## Manage sxserver lib directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_manage_lib_dirs',`
+ gen_require(`
+ type sxserver_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_dirs_pattern($1, sxserver_var_lib_t, sxserver_var_lib_t)
+')
+
+########################################
+## <summary>
+## Read sxserver PID files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sxserver_read_pid_files',`
+ gen_require(`
+ type sxserver_var_run_t;
+ ')
+
+ files_search_pids($1)
+ read_files_pattern($1, sxserver_var_run_t, sxserver_var_run_t)
+')
+
+########################################
+## <summary>
+## Execute sxserver server in the sxserver domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`sxserver_systemctl',`
+ gen_require(`
+ type sxserver_t;
+ type sxserver_unit_file_t;
+ ')
+
+ systemd_exec_systemctl($1)
+ systemd_read_fifo_file_passwd_run($1)
+ allow $1 sxserver_unit_file_t:file read_file_perms;
+ allow $1 sxserver_unit_file_t:service manage_service_perms;
+
+ ps_process_pattern($1, sxserver_t)
+')
+
+
+########################################
+## <summary>
+## All of the rules required to administrate
+## an sxserver environment
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`sxserver_admin',`
+ gen_require(`
+ type sxserver_t;
+ type sxserver_log_t;
+ type sxserver_tmp_t;
+ type sxserver_var_lib_t;
+ type sxserver_var_run_t;
+ type sxserver_unit_file_t;
+ ')
+
+ allow $1 sxserver_t:process { signal_perms };
+ ps_process_pattern($1, sxserver_t)
+
+ tunable_policy(`deny_ptrace',`',`
+ allow $1 sxserver_t:process ptrace;
+ ')
+
+ logging_search_logs($1)
+ admin_pattern($1, sxserver_log_t)
+
+ files_search_tmp($1)
+ admin_pattern($1, sxserver_tmp_t)
+
+ files_search_var_lib($1)
+ admin_pattern($1, sxserver_var_lib_t)
+
+ files_search_pids($1)
+ admin_pattern($1, sxserver_var_run_t)
+
+ sxserver_systemctl($1)
+ admin_pattern($1, sxserver_unit_file_t)
+ allow $1 sxserver_unit_file_t:service all_service_perms;
+ optional_policy(`
+ systemd_passwd_agent_exec($1)
+ systemd_read_fifo_file_passwd_run($1)
+ ')
+')
diff --git a/sxserver.patch b/sxserver.patch
new file mode 100644
index 0000000..121bc5a
--- /dev/null
+++ b/sxserver.patch
@@ -0,0 +1,16 @@
+Redirect /usr/sbin/sxserver commands to systemd unit.
+After sxsetup is run this ensures that sxserver can be controlled with systemd
+
+--- a/server/sxscripts/sbin/sxserver.in 2015-02-13 13:50:32.000000000 +0200
++++ b/server/sxscripts/sbin/sxserver.in 2015-02-13 15:54:09.804283967 +0200
+@@ -13,6 +13,10 @@
+ echo "No permission to read $CONFIG"
+ exit 1
+ fi
++if [ `id -u` -eq 0 ]; then
++ exec /bin/systemctl "$1" sxserver.service
++fi
++
+ . $CONFIG
+
+ if [ -z "$SX_NO_ROOT" -a `id -u` -ne 0 ]; then
diff --git a/sxserver.service b/sxserver.service
new file mode 100644
index 0000000..228ad7a
--- /dev/null
+++ b/sxserver.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Scalable public and private cloud storage server
+After=network.target
+Before=sx-nginx.service
+Requires=sx-nginx.service
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/sx.fcgi
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sxserver.te b/sxserver.te
new file mode 100644
index 0000000..58ea102
--- /dev/null
+++ b/sxserver.te
@@ -0,0 +1,94 @@
+policy_module(sxserver, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type sxserver_t;
+type sxserver_exec_t;
+init_daemon_domain(sxserver_t, sxserver_exec_t)
+
+permissive sxserver_t;
+
+type sxserver_log_t;
+logging_log_file(sxserver_log_t)
+
+type sxserver_tmp_t;
+files_tmp_file(sxserver_tmp_t)
+
+type sxserver_var_lib_t;
+files_type(sxserver_var_lib_t)
+
+type sxserver_unit_file_t;
+systemd_unit_file(sxserver_unit_file_t)
+
+########################################
+#
+# sxserver local policy
+#
+allow sxserver_t self:capability { setgid setuid };
+allow sxserver_t self:process { fork setrlimit signal_perms };
+allow sxserver_t self:fifo_file rw_fifo_file_perms;
+allow sxserver_t self:unix_stream_socket create_stream_socket_perms;
+
+manage_dirs_pattern(sxserver_t, sxserver_log_t, sxserver_log_t)
+manage_files_pattern(sxserver_t, sxserver_log_t, sxserver_log_t)
+manage_lnk_files_pattern(sxserver_t, sxserver_log_t, sxserver_log_t)
+logging_log_filetrans(sxserver_t, sxserver_log_t, { dir file lnk_file })
+
+manage_dirs_pattern(sxserver_t, sxserver_tmp_t, sxserver_tmp_t)
+manage_files_pattern(sxserver_t, sxserver_tmp_t, sxserver_tmp_t)
+manage_lnk_files_pattern(sxserver_t, sxserver_tmp_t, sxserver_tmp_t)
+files_tmp_filetrans(sxserver_t, sxserver_tmp_t, { dir file lnk_file })
+
+manage_dirs_pattern(sxserver_t, sxserver_var_lib_t, sxserver_var_lib_t)
+manage_files_pattern(sxserver_t, sxserver_var_lib_t, sxserver_var_lib_t)
+manage_lnk_files_pattern(sxserver_t, sxserver_var_lib_t, sxserver_var_lib_t)
+files_var_lib_filetrans(sxserver_t, sxserver_var_lib_t, { dir file lnk_file })
+rw_files_pattern(sxserver_t, sxserver_var_lib_t, sxserver_var_lib_t)
+
+sysnet_dns_name_resolve(sxserver_t)
+corenet_all_recvfrom_unlabeled(sxserver_t)
+
+allow sxserver_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(sxserver_t)
+corenet_tcp_sendrecv_generic_node(sxserver_t)
+corenet_tcp_sendrecv_all_ports(sxserver_t)
+# default only port 443, but customizable during sxsetup
+corenet_tcp_connect_all_ports(sxserver_t)
+
+domain_use_interactive_fds(sxserver_t)
+
+files_read_etc_files(sxserver_t)
+
+auth_use_nsswitch(sxserver_t)
+
+logging_send_syslog_msg(sxserver_t)
+
+miscfiles_read_localization(sxserver_t)
+
+# customization
+require {
+ type httpd_var_run_t;
+ type httpd_t;
+}
+
+files_search_pids(sxserver_t)
+auth_read_passwd(sxserver_t)
+files_rw_pid_dirs(sxserver_t)
+kernel_read_system_state(sxserver_t)
+dev_read_urand(sxserver_t)
+
+typealias httpd_var_run_t alias sxserver_var_run_t;
+files_pid_filetrans(sxserver_t, sxserver_var_run_t, { dir file lnk_file })
+manage_sock_files_pattern(sxserver_t, sxserver_var_run_t, sxserver_var_run_t)
+manage_files_pattern(sxserver_t, sxserver_var_run_t, sxserver_var_run_t)
+rw_files_pattern(sxserver_t, sxserver_var_run_t, sxserver_var_run_t)
+
+#============= httpd_t ==============
+# allow communication with sxserver
+allow httpd_t sxserver_log_t:dir rw_dir_perms;
+allow httpd_t sxserver_log_t:file rw_file_perms;
+allow httpd_t sxserver_log_t:file create;
+stream_connect_pattern(httpd_t, sxserver_var_run_t, sxserver_var_run_t, sxserver_t)
diff --git a/sxserver_selinux.8 b/sxserver_selinux.8
new file mode 100644
index 0000000..422a25f
--- /dev/null
+++ b/sxserver_selinux.8
@@ -0,0 +1,362 @@
+.TH "sxserver_selinux" "8" "15-02-16" "sxserver" "SELinux Policy sxserver"
+.SH "NAME"
+sxserver_selinux \- Security Enhanced Linux Policy for the sxserver processes
+.SH "DESCRIPTION"
+
+Security-Enhanced Linux secures the sxserver processes via flexible mandatory access control.
+
+The sxserver processes execute with the sxserver_t SELinux type. You can check if you have these processes running by executing the \fBps\fP command with the \fB\-Z\fP qualifier.
+
+For example:
+
+.B ps -eZ | grep sxserver_t
+
+
+.SH "ENTRYPOINTS"
+
+The sxserver_t SELinux type can be entered via the \fBsxserver_exec_t\fP file type.
+
+The default entrypoint paths for the sxserver_t domain are the following:
+
+/usr/sbin/sx.fcgi, /usr/sbin/sxadm
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
+SELinux sxserver policy is very flexible allowing users to setup their sxserver processes in as secure a method as possible.
+.PP
+The following process types are defined for sxserver:
+
+.EX
+.B sxserver_t
+.EE
+.PP
+Note:
+.B semanage permissive -a sxserver_t
+can be used to make the process type sxserver_t permissive. SELinux does not deny access to permissive process types, but the AVC (SELinux denials) messages are still generated.
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. sxserver policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sxserver with the tightest access possible.
+
+
+.PP
+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlogin_nsswitch_use_ldap boolean. Disabled by default.
+
+.EX
+.B setsebool -P authlogin_nsswitch_use_ldap 1
+
+.EE
+
+.PP
+If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean. Disabled by default.
+
+.EX
+.B setsebool -P daemons_dump_core 1
+
+.EE
+
+.PP
+If you want to enable cluster mode for daemons, you must turn on the daemons_enable_cluster_mode boolean. Disabled by default.
+
+.EX
+.B setsebool -P daemons_enable_cluster_mode 1
+
+.EE
+
+.PP
+If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean. Disabled by default.
+
+.EX
+.B setsebool -P daemons_use_tcp_wrapper 1
+
+.EE
+
+.PP
+If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default.
+
+.EX
+.B setsebool -P daemons_use_tty 1
+
+.EE
+
+.PP
+If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Disabled by default.
+
+.EX
+.B setsebool -P deny_ptrace 1
+
+.EE
+
+.PP
+If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.
+
+.EX
+.B setsebool -P domain_fd_use 1
+
+.EE
+
+.PP
+If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by default.
+
+.EX
+.B setsebool -P domain_kernel_load_modules 1
+
+.EE
+
+.PP
+If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.
+
+.EX
+.B setsebool -P fips_mode 1
+
+.EE
+
+.PP
+If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.
+
+.EX
+.B setsebool -P global_ssp 1
+
+.EE
+
+.PP
+If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.
+
+.EX
+.B setsebool -P kerberos_enabled 1
+
+.EE
+
+.PP
+If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.
+
+.EX
+.B setsebool -P nis_enabled 1
+
+.EE
+
+.PP
+If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Enabled by default.
+
+.EX
+.B setsebool -P nscd_use_shm 1
+
+.EE
+
+.SH "MANAGED FILES"
+
+The SELinux process type sxserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
+.B cluster_conf_t
+
+ /etc/cluster(/.*)?
+.br
+
+.br
+.B cluster_var_lib_t
+
+ /var/lib/pcsd(/.*)?
+.br
+ /var/lib/cluster(/.*)?
+.br
+ /var/lib/openais(/.*)?
+.br
+ /var/lib/pengine(/.*)?
+.br
+ /var/lib/corosync(/.*)?
+.br
+ /usr/lib/heartbeat(/.*)?
+.br
+ /var/lib/heartbeat(/.*)?
+.br
+ /var/lib/pacemaker(/.*)?
+.br
+
+.br
+.B cluster_var_run_t
+
+ /var/run/crm(/.*)?
+.br
+ /var/run/cman_.*
+.br
+ /var/run/rsctmp(/.*)?
+.br
+ /var/run/aisexec.*
+.br
+ /var/run/heartbeat(/.*)?
+.br
+ /var/run/cpglockd\.pid
+.br
+ /var/run/corosync\.pid
+.br
+ /var/run/rgmanager\.pid
+.br
+ /var/run/cluster/rgmanager\.sk
+.br
+
+.br
+.B httpd_var_run_t
+
+ /var/run/mod_.*
+.br
+ /var/run/wsgi.*
+.br
+ /var/run/httpd.*
+.br
+ /var/run/nginx.*
+.br
+ /var/run/apache.*
+.br
+ /var/run/php-fpm(/.*)?
+.br
+ /var/run/lighttpd(/.*)?
+.br
+ /var/lib/php/session(/.*)?
+.br
+ /var/lib/php/wsdlcache(/.*)?
+.br
+ /var/run/dirsrv/admin-serv.*
+.br
+ /var/www/openshift/broker/httpd/run(/.*)?
+.br
+ /var/www/openshift/console/httpd/run(/.*)?
+.br
+ /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?
+.br
+ /var/run/thttpd\.pid
+.br
+ /var/run/gcache_port
+.br
+ /var/run/cherokee\.pid
+.br
+
+.br
+.B root_t
+
+ /
+.br
+ /initrd
+.br
+
+.br
+.B sxserver_log_t
+
+ /var/log/sxserver(/.*)?
+.br
+
+.br
+.B sxserver_tmp_t
+
+
+.br
+.B sxserver_var_lib_t
+
+ /var/lib/sxserver/storage(/.*)?
+.br
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
+SELinux sxserver policy is very flexible allowing users to setup their sxserver processes in as secure a method as possible.
+.PP
+
+.PP
+.B STANDARD FILE CONTEXT
+
+SELinux defines the file context types for the sxserver, if you wanted to
+store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
+
+.B semanage fcontext -a -t sxserver_var_lib_t '/srv/mysxserver_content(/.*)?'
+.br
+.B restorecon -R -v /srv/mysxserver_content
+
+Note: SELinux often uses regular expressions to specify labels that match multiple files.
+
+.I The following file types are defined for sxserver:
+
+
+.EX
+.PP
+.B sxserver_exec_t
+.EE
+
+- Set files with the sxserver_exec_t type, if you want to transition an executable to the sxserver_t domain.
+
+.br
+.TP 5
+Paths:
+/usr/sbin/sx.fcgi, /usr/sbin/sxadm
+
+.EX
+.PP
+.B sxserver_log_t
+.EE
+
+- Set files with the sxserver_log_t type, if you want to treat the data as sxserver log data, usually stored under the /var/log directory.
+
+
+.EX
+.PP
+.B sxserver_tmp_t
+.EE
+
+- Set files with the sxserver_tmp_t type, if you want to store sxserver temporary files in the /tmp directories.
+
+
+.EX
+.PP
+.B sxserver_unit_file_t
+.EE
+
+- Set files with the sxserver_unit_file_t type, if you want to treat the files as sxserver unit content.
+
+.br
+.TP 5
+Paths:
+/usr/lib/systemd/system/sx-nginx.service, /usr/lib/systemd/system/sxserver.service
+
+.EX
+.PP
+.B sxserver_var_lib_t
+.EE
+
+- Set files with the sxserver_var_lib_t type, if you want to store the sxserver files under the /var/lib directory.
+
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
+to apply the labels.
+
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
+.PP
+.B semanage permissive
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
+can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
+
+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
+This manual page was auto-generated using
+.B "sepolicy manpage".
+
+.SH "SEE ALSO"
+selinux(8), sxserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
More information about the scm-commits
mailing list