From 46e72611908c8faa391cc63485f883f8ce24513e Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Nov 15 2005 00:01:46 +0000 Subject: try this --- diff --git a/selinux-policy.spec b/selinux-policy.spec index 7bd2548..f76c700 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -25,6 +25,59 @@ BuildRequires: checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCO Requires: policycoreutils >= %{POLICYCOREUTILSVER} Obsoletes: policy +%package %{polname1} +Summary: SELinux %{polname1} base policy +Group: System Environment/Base +Provides: selinux-policy-base +Obsoletes: selinux-policy-%{polname1}-sources + +%description %{polname1} +SELinux Reference policy targeted base module. + +%files %{polname1} +%fileList %{polname1} + +%pre %{polname1} +%saveFileContext %{polname1} + +%post %{polname1} +if [ ! -s /etc/selinux/config ]; then + # + # New install so we will default to targeted policy + # + echo " +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=enforcing +# SELINUXTYPE= can take one of these two values: +# targeted - Only targeted network daemons are protected. +# strict - Full SELinux protection. +# mls - Multi Level Security protection. +SELINUXTYPE=targeted +# SETLOCALDEFS= Check local definition changes +SETLOCALDEFS=0 + +" > /etc/selinux/config + + ln -sf /etc/selinux/config /etc/sysconfig/selinux + restorecon /etc/selinux/config 2> /dev/null +else + # if first time update booleans.local needs to be copied to sandbox + [ -f /etc/selinux/%{polname1}/booleans.local ] && mv /etc/selinux/%{polname1}/booleans.local /etc/selinux/%{polname1}/modules/active/ + [ -f /etc/selinux/%{polname1}/seusers ] && cp -f /etc/selinux/%{polname1}/seusers /etc/selinux/%{polname1}/modules/active/seusers + grep -q "^SETLOCALDEFS" /etc/selinux/config || echo -n " +# SETLOCALDEFS= Check local definition changes +SETLOCALDEFS=0 +">> /etc/selinux/config +fi +%rebuildpolicy %{polname1} +%relabel %{polname1} + +%triggerpostun %{polname1} -- selinux-policy-%{polname1} <= 2.0.0 +%rebuildpolicy %{polname1} %define installCmds() \ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} base.pp \ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} modules \ @@ -42,8 +95,7 @@ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \ -touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ -%{nil} +touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs %define fileList() \ %defattr(-,root,root) \ @@ -117,59 +169,6 @@ make conf %clean %{__rm} -fR $RPM_BUILD_ROOT -%package %{polname1} -Summary: SELinux %{polname1} base policy -Group: System Environment/Base -Provides: selinux-policy-base -Obsoletes: selinux-policy-%{polname1}-sources - -%description %{polname1} -SELinux Reference policy targeted base module. - -%files %{polname1} -%fileList %{polname1} - -%pre %{polname1} -%saveFileContext %{polname1} - -%post %{polname1} -if [ ! -s /etc/selinux/config ]; then - # - # New install so we will default to targeted policy - # - echo " -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=enforcing -# SELINUXTYPE= can take one of these two values: -# targeted - Only targeted network daemons are protected. -# strict - Full SELinux protection. -# mls - Multi Level Security protection. -SELINUXTYPE=targeted -# SETLOCALDEFS= Check local definition changes -SETLOCALDEFS=0 - -" > /etc/selinux/config - - ln -sf /etc/selinux/config /etc/sysconfig/selinux - restorecon /etc/selinux/config 2> /dev/null -else - # if first time update booleans.local needs to be copied to sandbox - [ -f /etc/selinux/%{polname1}/booleans.local ] && mv /etc/selinux/%{polname1}/booleans.local /etc/selinux/%{polname1}/modules/active/ - [ -f /etc/selinux/%{polname1}/seusers ] && cp -f /etc/selinux/%{polname1}/seusers /etc/selinux/%{polname1}/modules/active/seusers - grep -q "^SETLOCALDEFS" /etc/selinux/config || echo -n " -# SETLOCALDEFS= Check local definition changes -SETLOCALDEFS=0 -">> /etc/selinux/config -fi -%rebuildpolicy %{polname1} -%relabel %{polname1} - -%triggerpostun %{polname1} -- selinux-policy-%{polname1} <= 2.0.0 -%rebuildpolicy %{polname1} %if 0 %package %{polname2} Summary: SELinux %{polname2} base policy