From b24be705ed93a2a6704c888f8673922749b664f0 Mon Sep 17 00:00:00 2001 From: Aurelien Bompard Date: Mar 15 2008 15:02:50 +0000 Subject: - SELinux policy is included upstream - Fix cron job (bug 435101) --- diff --git a/awstats.README.SELinux b/awstats.README.SELinux index 2d29be3..efb6ff4 100644 --- a/awstats.README.SELinux +++ b/awstats.README.SELinux @@ -2,34 +2,7 @@ SELinux support in AWStats ========================== - -What is the problem ? ---------------------- - -AWStats is a CGI script, and needs to be labelled correctly to be called -from Apache. -The files in ``/usr/share/awstats/wwwroot/cgi-bin`` need to have the -``httpd_sys_script_exec_t`` type, and the databases files in -``/var/lib/awstats`` need to have the ``httpd_sys_script_rw_t`` type. - - -How do we solve it ? --------------------- - -You can change the type with the ``chcon`` command:: - - chcon -R -t httpd_sys_script_exec_t /usr/share/awstats/wwwroot/cgi-bin - chcon -R -t httpd_sys_script_rw_t /var/lib/awstats - -But these modifications will be lost if the system is relabeled (you can -request a relabel with the system-config-security tool). - -To make these changes permanent, this package sets the contexts by running -the following commands:: - - semanage fcontext -a -t httpd_sys_script_exec_t \ - '/usr/share/awstats/wwwroot/cgi-bin(/.*)?' - semanage fcontext -a -t httpd_sys_script_rw_t '/var/lib/awstats(/.*)?' - - -Please send your bug reports (if any ;) ) to https://bugzilla.redhat.com +SELinux support for AWStats used to be provided by this package, but is now +included in the main SELinux policy. This package is only there to help you +move to the upstream module. +You can now safely remove it diff --git a/awstats.spec b/awstats.spec index 76fc2c7..83c1d4e 100644 --- a/awstats.spec +++ b/awstats.spec @@ -1,6 +1,6 @@ Name: awstats Version: 6.7 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Advanced Web Statistics License: GPLv2 Group: Applications/Internet @@ -15,11 +15,15 @@ Patch0: awstats-6.7-xmlhistory.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: checkpolicy, selinux-policy-devel Requires: perl Requires(post): perl Requires(postun): /sbin/service +## SELinux policy is now included upstream +#Obsoletes: awstats-selinux <= 6.7-2 +#Provides: awstats-selinux = %{version}-%{release} + + %description Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works @@ -36,16 +40,15 @@ The program also supports virtual servers, plugins and a lot of features. With the default configuration, the statistics are available: http://localhost/awstats/awstats.pl + %package selinux Summary: SELinux support for Awstats Group: Applications/Internet Requires: %{name} = %{version} -Requires(post): policycoreutils -Requires(preun): policycoreutils -Requires(postun): policycoreutils +Requires(postun): policycoreutils, selinux-policy %description selinux -This package adds SELinux enforcement to AWstats. +This package helps moving to the upstream SELinux module. %prep @@ -62,7 +65,6 @@ find tools/xslt -type f | xargs chmod -x perl -pi -e 's/\r//g' tools/httpd_conf tools/logresolvemerge.pl # SELinux README cp -a %{SOURCE1} README.SELinux -mkdir selinux %install @@ -71,12 +73,9 @@ rm -rf $RPM_BUILD_ROOT ### Create cron job cat <awstats.cron #!/bin/bash - -if [ -f %{_localstatedir}/log/httpd/access_log ] ; then - exec perl %{_datadir}/awstats/tools/awstats_updateall.pl now \ - -configdir="%{_sysconfdir}/awstats" \ - -awstatsprog="%{_datadir}/awstats/wwwroot/cgi-bin/awstats.pl" >/dev/null -fi +exec %{_datadir}/awstats/tools/awstats_updateall.pl now \ + -configdir="%{_sysconfdir}/awstats" \ + -awstatsprog="%{_datadir}/awstats/wwwroot/cgi-bin/awstats.pl" >/dev/null exit 0 EOF @@ -131,15 +130,6 @@ echo "# Additional Perl modules # Cron job install -m 0755 awstats.cron $RPM_BUILD_ROOT%{_sysconfdir}/cron.hourly/%{name} -# SELinux support -cd selinux -echo 'policy_module(%{name}, 1.0)' > %{name}.te -echo '%{_datadir}/awstats/wwwroot/cgi-bin(/.*)? system_u:object_r:httpd_sys_script_exec_t:s0' > %{name}.fc -echo '%{_localstatedir}/lib/awstats(/.*)? system_u:object_r:httpd_sys_script_rw_t:s0' >> %{name}.fc -touch %{name}.if -make -f %{_datadir}/selinux/devel/Makefile -install -p -m 644 -D %{name}.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/%{name}.pp - %clean rm -rf $RPM_BUILD_ROOT @@ -161,28 +151,21 @@ if [ $1 -ne 0 ]; then fi %post selinux -if [ "$1" -le "1" ]; then # Fist install - semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp 2>/dev/null || : - fixfiles -R %{name} restore -fi - -%preun selinux -if [ "$1" -lt "1" ]; then # Final removal - semodule -r %{name} 2>/dev/null || : - fixfiles -R %{name} restore -fi - -%postun selinux -if [ "$1" -ge "1" ]; then # Upgrade - # Replaces the module if it is already loaded - semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp 2>/dev/null || : +if selinuxenabled; then + # Replace the module by the upstream one + . /etc/selinux/config 2>/dev/null || : + semodule -i %{_datadir}/selinux/$SELINUXTYPE/%{name}.pp 2>/dev/null || : + # relabel files + fixfiles -R %{name} restore || : + # relabel data + restorecon -R %{_localstatedir}/lib/%{name} || : fi %files %defattr(-,root,root,755) # Apache configuration file -%config %{_sysconfdir}/httpd/conf.d/%{name}.conf +%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf %config(noreplace) %attr(755,root,root) %{_sysconfdir}/cron.hourly/%{name} %config(noreplace) %{_sysconfdir}/%{name}/ %{_localstatedir}/lib/%{name} @@ -201,14 +184,16 @@ fi %{_datadir}/%{name}/wwwroot/icon %{_datadir}/%{name}/wwwroot/js - %files selinux %defattr(644, root, root, 755) %doc README.SELinux -%{_datadir}/selinux/packages/%{name}/%{name}.pp %changelog +* Fri Mar 14 2008 Aurelien Bompard 6.7-3 +- SELinux policy is included upstream +- Fix cron job (bug 435101) + * Sun Dec 02 2007 Aurelien Bompard 6.7-2 - awstats does not actually require httpd (bug 406901)