plautrba pushed to setroubleshoot (master). "* Thu Apr 09 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.23-1 (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 9 13:43:57 UTC 2015
>From 0d5986d28bf8a5b854484154a2afc4bb2a1db3f0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba at redhat.com>
Date: Thu, 9 Apr 2015 15:42:50 +0200
Subject: * Thu Apr 09 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.23-1 -
setroubleshootd is set to be run as setroubleshoot user instead of root user
- several bugfixes
diff --git a/.gitignore b/.gitignore
index cd12c21..3aeebee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -183,3 +183,4 @@ setroubleshoot-2.2.93.tar.gz
/setroubleshoot-3.2.20.tar.gz
/setroubleshoot-3.2.21.tar.gz
/setroubleshoot-3.2.22.tar.gz
+/setroubleshoot-3.2.23.tar.gz
diff --git a/setroubleshoot.spec b/setroubleshoot.spec
index bf2b46d..684fffb 100644
--- a/setroubleshoot.spec
+++ b/setroubleshoot.spec
@@ -1,7 +1,7 @@
Summary: Helps troubleshoot SELinux problems
Name: setroubleshoot
-Version: 3.2.22
-Release: 2%{?dist}
+Version: 3.2.23
+Release: 1%{?dist}
License: GPLv2+
Group: Applications/System
URL: https://fedorahosted.org/setroubleshoot
@@ -11,6 +11,7 @@ URL: https://fedorahosted.org/setroubleshoot
# ./autogen.sh
# make dist
Source0: %{name}-%{version}.tar.gz
+Source1: %{name}.tmpfiles
BuildRequires: perl-XML-Parser
BuildRequires: libcap-ng-devel
BuildRequires: intltool gettext python
@@ -34,6 +35,7 @@ Requires: xdg-utils
%define pkgvardatadir %{_localstatedir}/lib/%{name}
%define pkgconfigdir %{_sysconfdir}/%{name}
%global pkgdatabase %{pkgvardatadir}/setroubleshoot_database.xml
+%define username setroubleshoot
%description
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
@@ -54,7 +56,8 @@ to user preference. The same tools can be run on existing log files.
%{pkgpythondir}/browser.py*
%{pkgpythondir}/gui_utils.py*
%{_bindir}/seapplet
-%ghost /var/run/setroubleshoot
+%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
+%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
%post
touch --no-create %{_datadir}/icons/hicolor || :
@@ -84,48 +87,13 @@ rm -rf %{buildroot}
make DESTDIR=%{buildroot} install
desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop
mkdir -p %{buildroot}%{pkgvardatadir}
+mkdir -p %{buildroot}%{_rundir}/setroubleshoot
touch %{buildroot}%{pkgdatabase}
touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
rm -rf %{buildroot}/usr/share/doc/
+# create /run/setroubleshoot on boot
+install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
-# Register as an application to be visible in the software center
-#
-# NOTE: It would be *awesome* if this file was maintained by the upstream
-# project, translated and installed into the right place during `make install`.
-#
-# See http://www.freedesktop.org/software/appstream/docs/ for more details.
-#
-mkdir -p $RPM_BUILD_ROOT%{_datadir}/appdata
-cat > $RPM_BUILD_ROOT%{_datadir}/appdata/%{name}.appdata.xml <<EOF
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Copyright 2014 Ryan Lerch <rlerch at redhat.com> -->
-<!--
-BugReportURL: https://fedorahosted.org/setroubleshoot/ticket/14
-SentUpstream: 2014-07-02
--->
-<application>
- <id type="desktop">setroubleshoot.desktop</id>
- <metadata_license>CC0-1.0</metadata_license>
- <summary>Troubleshoot SELinux policy and access denials</summary>
- <description>
- <p>
- The SELinux Troubleshooter provides a graphical user interface to help
- diagnose SELinux policy issues.
- When Access Vector Cache (AVC) denial messages are logged by SELinux,
- the SELinux Troubleshooter generates a desktop notification containing
- information about the problem and allows the user to launch the
- troubleshooting interface to help track down the cause of the denial.
- </p>
- </description>
- <url type="homepage">https://fedorahosted.org/setroubleshoot/</url>
- <screenshots>
- <screenshot type="default">https://fedorahosted.org/setroubleshoot/raw-attachment/wiki/WikiStart/setroubleshoot.png</screenshot>
- </screenshots>
- <!-- FIXME: change this to an upstream email address for spec updates
- <updatecontact>someone_who_cares at upstream_project.org</updatecontact>
- -->
-</application>
-EOF
%find_lang %{name}
@@ -147,6 +115,7 @@ Requires: pygobject2
Requires: dbus
Requires: dbus-python
Requires: polkit
+Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
%description server
Provides tools to help diagnose SELinux problems. When AVC messages
@@ -154,6 +123,9 @@ are generated an alert can be generated that will give information
about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.
+%pre server
+getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
+
%post server
%systemd_post auditd.service
@@ -199,9 +171,9 @@ rm -rf %{buildroot}
%{pkgdatadir}/updater.py*
%config(noreplace) %{pkgconfigdir}/%{name}.conf
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf
-%dir %{pkgvardatadir}
-%ghost %attr(0600,root,root) %{pkgdatabase}
-%ghost %attr(0644,root,root) %{pkgvardatadir}/email_alert_recipients
+%attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir}
+%attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase}
+%attr(0644,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
%{_mandir}/man8/sealert.8.gz
%{_mandir}/man8/sedispatch.8.gz
%{_mandir}/man8/setroubleshootd.8.gz
@@ -212,6 +184,10 @@ rm -rf %{buildroot}
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
%changelog
+* Thu Apr 09 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.23-1
+- setroubleshootd is set to be run as setroubleshoot user instead of root user
+- several bugfixes
+
* Thu Mar 26 2015 Richard Hughes <rhughes at redhat.com> - 3.2.22-2
- Add an AppData file for the software center
diff --git a/setroubleshoot.tmpfiles b/setroubleshoot.tmpfiles
new file mode 100644
index 0000000..8f68570
--- /dev/null
+++ b/setroubleshoot.tmpfiles
@@ -0,0 +1 @@
+d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
diff --git a/sources b/sources
index 819cef4..8664cca 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
ed14365d69cc9469e190cbe8cb88377e setroubleshoot-3.2.22.tar.gz
+5623b088d6847e79c00a2b1cabad9555 setroubleshoot-3.2.23.tar.gz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/setroubleshoot.git/commit/?h=master&id=0d5986d28bf8a5b854484154a2afc4bb2a1db3f0
More information about the scm-commits
mailing list