|
|
3aee3c1 |
%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
|
|
|
875cb53 |
%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
|
|
|
3aee3c1 |
# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
|
|
|
3aee3c1 |
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
|
|
|
3aee3c1 |
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
|
|
3aee3c1 |
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
|
|
|
3aee3c1 |
|
|
|
618129e |
%define selinux_policy_types targeted mls minimum
|
|
|
e7fdaae |
|
|
|
e7fdaae |
Name: mod_selinux
|
|
|
618129e |
Version: 2.4.4
|
|
|
50e3048 |
Release: 16%{?dist}
|
|
|
e7fdaae |
Summary: Apache/SELinux plus module
|
|
|
e7fdaae |
License: ASL 2.0
|
|
|
e7fdaae |
URL: http://code.google.com/p/sepgsql/
|
|
|
e7fdaae |
Source0: http://sepgsql.googlecode.com/files/%{name}-%{version}.tgz
|
|
|
e7fdaae |
Source1: %{name}.conf
|
|
|
ceebecc |
BuildRequires: gcc
|
|
|
618129e |
BuildRequires: httpd-devel >= 2.2.0 libselinux-devel checkpolicy >= 2.0.19 policycoreutils selinux-policy-devel
|
|
|
618129e |
Requires: kernel >= 2.6.28 httpd >= 2.2.0 policycoreutils selinux-policy
|
|
|
3aee3c1 |
Requires: httpd-mmn = %{_httpd_mmn}
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%description
|
|
|
e7fdaae |
The Apache/SELinux plus is an extra module (mod_selinux.so) which enables
|
|
|
e7fdaae |
to launch contents-handler (it means both of references to static contents
|
|
|
e7fdaae |
and invocations of web applications) with individual and restrictive
|
|
|
e7fdaae |
privileges set, based on http authentication.
|
|
|
e7fdaae |
The mod_selinux.so generates a one-time worker thread for each request,
|
|
|
e7fdaae |
and it assigns the worker restrictive domain based on the authentication
|
|
|
e7fdaae |
prior to launching contents handlers.
|
|
|
e7fdaae |
It means we can apply valid access controls on web-applications, and
|
|
|
e7fdaae |
makes assurance operating system can prevent violated accesses, even if
|
|
|
e7fdaae |
web application contains security bugs or vulnerabilities.
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%prep
|
|
|
e7fdaae |
%setup -q
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%build
|
|
|
e7fdaae |
# mod_selinux.so
|
|
|
3aee3c1 |
%{__make} %{?_smp_mflags} APXS=%{_httpd_apxs}
|
|
|
e7fdaae |
|
|
|
e7fdaae |
# mod_selinux.pp
|
|
|
e7fdaae |
for policy in %{selinux_policy_types}
|
|
|
e7fdaae |
do
|
|
|
e7fdaae |
%{__make} NAME=${policy} -f %{?policy_devel_root}%{_datadir}/selinux/devel/Makefile
|
|
|
618129e |
mv %{name}.pp %{name}.${policy}.pp
|
|
|
e7fdaae |
done
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%install
|
|
|
e7fdaae |
rm -rf %{buildroot}
|
|
|
e7fdaae |
%{__install} -d %{buildroot}%{_libdir}/httpd/modules
|
|
|
e7fdaae |
%{__install} -d %{buildroot}%{_datadir}/selinux
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%{__make} install DESTDIR=%{buildroot}
|
|
|
e7fdaae |
|
|
|
3aee3c1 |
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
|
|
3aee3c1 |
# httpd 2.4.x config
|
|
|
3aee3c1 |
sed -n /^LoadModule/p %{SOURCE1} > 10-mod_selinux.conf
|
|
|
3aee3c1 |
sed /^LoadModule/d %{SOURCE1} > mod_selinux.conf
|
|
|
3aee3c1 |
touch -r %{SOURCE1} *.conf
|
|
|
3aee3c1 |
install -Dp 10-mod_selinux.conf %{buildroot}%{_httpd_modconfdir}/10-mod_selinux.conf
|
|
|
3aee3c1 |
install -Dp mod_selinux.conf %{buildroot}%{_httpd_confdir}/mod_selinux.conf
|
|
|
3aee3c1 |
%else
|
|
|
3aee3c1 |
# httpd 2.2.x
|
|
|
db20aeb |
install -Dp -m 644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_selinux.conf
|
|
|
3aee3c1 |
%endif
|
|
|
3aee3c1 |
|
|
|
618129e |
%{__install} -d %{buildroot}%{_datadir}/selinux/packages
|
|
|
e7fdaae |
for policy in %{selinux_policy_types}
|
|
|
e7fdaae |
do
|
|
|
618129e |
%{__install} -p -m 644 %{name}.${policy}.pp %{buildroot}%{_datadir}/selinux/packages
|
|
|
e7fdaae |
done
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%post
|
|
|
e7fdaae |
/sbin/fixfiles -R %{name} restore || :
|
|
|
e7fdaae |
|
|
|
e7fdaae |
for policy in %{selinux_policy_types}
|
|
|
e7fdaae |
do
|
|
|
e7fdaae |
%{_sbindir}/semodule -s ${policy} \
|
|
|
618129e |
-i %{_datadir}/selinux/packages/%{name}.${policy}.pp 2>/dev/null || :
|
|
|
e7fdaae |
done
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%postun
|
|
|
e7fdaae |
# unload policy, if rpm -e
|
|
|
e7fdaae |
if [ $1 -eq 0 ]; then
|
|
|
e7fdaae |
for policy in %{selinux_policy_types}
|
|
|
e7fdaae |
do
|
|
|
e7fdaae |
%{_sbindir}/semodule -s ${policy} -r %{name} 2>/dev/null || :
|
|
|
e7fdaae |
done
|
|
|
e7fdaae |
fi
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%files
|
|
|
e7fdaae |
%doc LICENSE README
|
|
|
3aee3c1 |
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
|
|
3aee3c1 |
%config(noreplace) %{_httpd_modconfdir}/*.conf
|
|
|
3aee3c1 |
%endif
|
|
|
3aee3c1 |
%config(noreplace) %{_httpd_confdir}/*.conf
|
|
|
e7fdaae |
%{_libdir}/httpd/modules/%{name}.so
|
|
|
618129e |
%{_datadir}/selinux/packages/*
|
|
|
e7fdaae |
|
|
|
e7fdaae |
%changelog
|
|
|
50e3048 |
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-16
|
|
|
50e3048 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
50e3048 |
|
|
|
4527fef |
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-15
|
|
|
4527fef |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
4527fef |
|
|
|
dc16baa |
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-14
|
|
|
dc16baa |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
dc16baa |
|
|
|
0b2bea8 |
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-13
|
|
|
0b2bea8 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
0b2bea8 |
|
|
|
16fbedb |
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-12
|
|
|
16fbedb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
16fbedb |
|
|
|
81780ab |
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-11
|
|
|
81780ab |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
81780ab |
|
|
|
dc7bdd6 |
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-10
|
|
|
dc7bdd6 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
dc7bdd6 |
|
|
|
58b543b |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-9
|
|
|
58b543b |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
58b543b |
|
|
|
0dc4794 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-8
|
|
|
0dc4794 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
0dc4794 |
|
|
|
622323e |
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-7
|
|
|
622323e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
622323e |
|
|
|
02f035c |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-6
|
|
|
02f035c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
02f035c |
|
|
|
e06329b |
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-5
|
|
|
e06329b |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
e06329b |
|
|
|
98f9a5d |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-4
|
|
|
98f9a5d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
98f9a5d |
|
|
|
875cb53 |
* Thu Jan 23 2014 Joe Orton <jorton@redhat.com> - 2.4.4-3
|
|
|
875cb53 |
- fix _httpd_mmn expansion in absence of httpd-devel
|
|
|
875cb53 |
|
|
|
3495237 |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.4-2
|
|
|
3495237 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
3495237 |
|
|
|
8eeb69f |
* Thu Jun 6 2013 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.4.4-1
|
|
|
618129e |
- fix security policy module
|
|
|
618129e |
|
|
|
3d787ce |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-2
|
|
|
3d787ce |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
3d787ce |
|
|
|
6e215e0 |
* Tue Jul 24 2012 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.4.3
|
|
|
6e215e0 |
- fix build towards httpd-2.4.x
|
|
|
12d0971 |
|
|
|
f276754 |
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2454-6
|
|
|
f276754 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
f276754 |
|
|
|
3aee3c1 |
* Tue May 1 2012 Joe Orton <jorton@redhat.com> - 2.2.2454-5
|
|
|
3aee3c1 |
- packaging fixes (#803075)
|
|
|
3aee3c1 |
|
|
|
618129e |
* Tue May 1 2012 Joe Orton <jorton@redhat.com> - 2.2.2454-5
|
|
|
618129e |
- packaging fixes (#803075)
|
|
|
618129e |
|
|
|
88e3423 |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2454-4
|
|
|
88e3423 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
88e3423 |
|
|
|
f2c55ac |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2454-3
|
|
|
f2c55ac |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
f2c55ac |
|
|
|
b82fdf0 |
* Fri Dec 4 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.2454-2
|
|
|
eb55812 |
- rebuild for the base policy of F-13
|
|
|
eb55812 |
|
|
|
b8ab622 |
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2015-2
|
|
|
b8ab622 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
b8ab622 |
|
|
|
3abd944 |
* Thu Jun 11 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.2015-1
|
|
|
3abd944 |
- update: add support to use translated format in MLS-range
|
|
|
3abd944 |
|
|
|
2b397f6 |
* Wed May 27 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1938-1
|
|
|
2b397f6 |
- bugfix: it may returns OK, instead of HTTP_INTERNAL_SERVER_ERROR,
|
|
|
2b397f6 |
when the contents handler crashed.
|
|
|
2b397f6 |
|
|
|
e7fdaae |
* Fri May 22 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1930-1
|
|
|
e7fdaae |
- rework: libselinux was dropped from explicit dependencies due to
|
|
|
e7fdaae |
http://fedoraproject.org/wiki/Packaging/Guidelines#Explicit_Requires
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Tue May 19 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1904-1
|
|
|
e7fdaae |
- bugfix: update Makefile to allow to build for 64bit architecture
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Mon May 18 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1903-1
|
|
|
e7fdaae |
- rework: add selinux_merge_conf()
|
|
|
e7fdaae |
- rework: remove mod_authn_sepgsql, instead of documentation
|
|
|
e7fdaae |
to use mod_authn_dbd with pgsql driver.
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Fri May 15 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1898-1
|
|
|
e7fdaae |
- rework: mod_authn_sepgsql cleanups
|
|
|
e7fdaae |
- update: README updates.
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Wed May 13 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1884-1
|
|
|
e7fdaae |
- rework: add mod_authn_sepgsql module
|
|
|
e7fdaae |
- rework: directives were reorganized
|
|
|
e7fdaae |
- rework: simultaneous usage with keep-alive
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Fri Apr 17 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1817-1
|
|
|
e7fdaae |
- bugfix: add kernel >= 2.6.28 because of typebounds feature
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Thu Apr 16 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1803-1
|
|
|
e7fdaae |
- rework: reverted to multi-threading design
|
|
|
e7fdaae |
- bugfix: security policy didn't allow prosess:{setcurrent}
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Wed Apr 15 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1800-1
|
|
|
e7fdaae |
- rework: worker was redesigned to use a process, instead of thread,
|
|
|
e7fdaae |
on process_connection hook.
|
|
|
e7fdaae |
- rework: "selinuxAllowCaches" and "selinuxAllowKeepAlive" were added.
|
|
|
e7fdaae |
- rework: README was revised
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Tue Apr 14 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1795-1
|
|
|
e7fdaae |
- bugfix: install script didn't work correctly.
|
|
|
e7fdaae |
- update: add some of inline source comments.
|
|
|
e7fdaae |
- update: specfile improvement.
|
|
|
e7fdaae |
|
|
|
e7fdaae |
* Sun Apr 12 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1792-1
|
|
|
e7fdaae |
- Initial build
|