Tree - rpms/container-selinux - src.fedoraproject.org

packit / rpms / container-selinux

Forked from rpms/container-selinux a year ago

Blame container-selinux.spec

Blob History Raw

Packit	280f325	`%global debug_package %{nil}`
	7fa12a4
	7fa12a4	`# container-selinux stuff (prefix with ds_ for version/release etc.)`
	7fa12a4	`# Some bits borrowed from the openstack-selinux package`
	7fa12a4	`%global selinuxtype targeted`
	7fa12a4	`%global moduletype services`
	7fa12a4	`%global modulenames container`
	7fa12a4
	7fa12a4	`# Usage: _format var format`
	7fa12a4	`# Expand 'modulenames' into various formats as needed`
	7fa12a4	`# Format must contain '$x' somewhere to do anything useful`
	7fa12a4	`%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;`
	7fa12a4
Packit	280f325	`# RHEL 8 doesn't allow watch and systemd_chat_resolved`
Packit	b3d7d4b	`%if %{defined rhel} && 0%{?rhel} == 8`
Packit	b3d7d4b	`%define no_watch 1`
Packit	b3d7d4b	`%define no_systemd_chat_resolved 1`
Packit	b3d7d4b	`%global _selinux_policy_version 3.14.3-80.el8`
Packit	280f325	`%endif`
Packit	280f325
Packit	280f325	`# https://github.com/containers/container-selinux/issues/203`
Packit	b3d7d4b	`%if %{!defined fedora} && %{!defined rhel} \|\| %{defined fedora} && 0%{?fedora} <= 37 \|\| %{defined rhel} && 0%{?rhel} <= 9`
Packit	b3d7d4b	`%define no_user_namespace 1`
Packit	280f325	`%endif`
Packit	280f325
	7fa12a4	`Name: container-selinux`
Packit	280f325	`# Set different Epochs for copr and koji`
Packit	b3d7d4b	`%if %{defined copr_username}`
Packit	b3d7d4b	`Epoch: 102`
Packit	280f325	`%else`
	7fa12a4	`Epoch: 2`
Packit	280f325	`%endif`
Packit	280f325	`# Keep Version in upstream specfile at 0. It will be automatically set`
Packit	280f325	`# to the correct value by Packit for copr and koji builds.`
Packit	280f325	`# IGNORE this comment if you're looking at it in dist-git.`
Packit	f2ab676	`Version: 2.228.1`
	6e8d3c1	`Release: %autorelease`
	29543eb	`License: GPL-2.0-only`
Packit	b3d7d4b	`URL: https://github.com/containers/%{name}`
	7fa12a4	`Summary: SELinux policies for container runtimes`
Packit	b3d7d4b	`Source0: %{url}/archive/v%{version}.tar.gz`
	7fa12a4	`BuildArch: noarch`
	45f7c52	`BuildRequires: make`
	b449d2c	`BuildRequires: git-core`
	7fa12a4	`BuildRequires: pkgconfig(systemd)`
	b69eeb1	`BuildRequires: selinux-policy >= %_selinux_policy_version`
	b69eeb1	`BuildRequires: selinux-policy-devel >= %_selinux_policy_version`
	7fa12a4	`# RE: rhbz#1195804 - ensure min NVR for selinux-policy`
	b69eeb1	`Requires: selinux-policy >= %_selinux_policy_version`
	b69eeb1	`Requires(post): selinux-policy-base >= %_selinux_policy_version`
	b69eeb1	`Requires(post): selinux-policy-targeted >= %_selinux_policy_version`
	7fa12a4	`Requires(post): policycoreutils`
	7fa12a4	`Requires(post): libselinux-utils`
	be54b1d	`Requires(post): sed`
	7fa12a4	`Obsoletes: %{name} <= 2:1.12.5-13`
	7fa12a4	`Obsoletes: docker-selinux <= 2:1.12.4-28`
	5b189df	`Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release}`
	c1c245c	`Conflicts: udica < 0.2.6-1`
	cb5c675	`Conflicts: k3s-selinux <= 0.4-1`
	7fa12a4
	7fa12a4	`%description`
	7fa12a4	`SELinux policy modules for use with container runtimes.`
	7fa12a4
	7fa12a4	`%prep`
Packit	280f325	`%autosetup -Sgit %{name}-%{version}`
Packit	280f325
Packit	280f325	`sed -i 's/^man: install-policy/man:/' Makefile`
Packit	280f325	`sed -i 's/^install: man/install:/' Makefile`
Packit	280f325
Packit	b3d7d4b	`%if %{defined no_watch}`
Packit	280f325	`sed -i 's/watch watch_reads//' container.if`
Packit	280f325	`sed -i 's/watch watch_reads//' container.te`
Packit	280f325	`sed -i '/sysfs_t:dir watch/d' container.te`
Packit	c63e681	`sed -i '/fifo_file watch/d' container.te`
Packit	280f325	`%endif`
Packit	280f325
Packit	b3d7d4b	`%if %{defined no_systemd_chat_resolved}`
Packit	280f325	`sed -i '/^systemd_chat_resolved/d' container.te`
Packit	280f325	`%endif`
Packit	280f325
Packit	b3d7d4b	`%if %{defined no_user_namespace}`
	24761d4	`sed -i '/user_namespace/d' container.te`
	24761d4	`%endif`
	7fa12a4
	7fa12a4	`%build`
	7fa12a4	`make`
	7fa12a4
	7fa12a4	`%install`
	7fa12a4	`# install policy modules`
	7fa12a4	`%_format MODULES $x.pp.bz2`
Packit	280f325	`%{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user`
	7fa12a4
	4738240	`# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120`
	4738240	`rm %{buildroot}%{_mandir}/man8/container_selinux.8`
	4738240
	cf0837d	`%pre`
	cf0837d	`%selinux_relabel_pre -s %{selinuxtype}`
	cf0837d
	7fa12a4	`%post`
	7fa12a4	`# Install all modules in a single transaction`
	7fa12a4	`if [ $1 -eq 1 ]; then`
	9db5509	`%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1`
	7fa12a4	`fi`
	7fa12a4	`%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2`
	85f5b33	`%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null`
	6028ccc	`%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null`
	85f5b33	`%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null`
	c36566c	`%selinux_modules_install -s %{selinuxtype} $MODULES`
	be54b1d	`. %{_sysconfdir}/selinux/config`
Packit	280f325	`sed -e "\\|container_file_t\|h; \${x;s\|container_file_t\|\|;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types`
	5c39536	`matchpathcon -qV %{_sharedstatedir}/containers \|\| restorecon -R %{_sharedstatedir}/containers &> /dev/null \|\| :`
	be54b1d
	7fa12a4	`%postun`
	7fa12a4	`if [ $1 -eq 0 ]; then`
	c36566c	`%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker`
	7fa12a4	`fi`
	7fa12a4
	c36566c	`%posttrans`
	c36566c	`%selinux_relabel_post -s %{selinuxtype}`
	c36566c
	7fa12a4	`#define license tag if not already defined`
	7fa12a4	`%{!?_licensedir:%global license %doc}`
	7fa12a4
	7fa12a4	`%files`
	7fa12a4	`%doc README.md`
	7fa12a4	`%{_datadir}/selinux/*`
	218d402	`%dir %{_datadir}/containers/selinux`
	218d402	`%{_datadir}/containers/selinux/contexts`
	c1c245c	`%dir %{_datadir}/udica/templates/`
	c1c245c	`%{_datadir}/udica/templates/*`
	4738240	`# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120`
	4738240	`#%%{_mandir}/man8/container_selinux.8.gz`
Packit	280f325	`%{_sysconfdir}/selinux/targeted/contexts/users/*`
Packit	280f325	`%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames}`
	7fa12a4
	2e560c5	`%triggerpostun -- container-selinux < 2:2.162.1-3`
	2e560c5	`if %{_sbindir}/selinuxenabled ; then`
	2e560c5	`echo "Fixing Rootless SELinux labels in homedir"`
	2e560c5	`%{_sbindir}/restorecon -R /home//.local/share/containers/storage/overlay 2> /dev/null`
	2e560c5	`fi`
	2e560c5
	7fa12a4	`%changelog`
	6e8d3c1	`%autochangelog`

packit / rpms / container-selinux

Source Code

Blame container-selinux.spec