Summary: SELinux tools for managing policy

Name: setools

Version: 2.2

Release: 4

License: GPL

Group: System Environment/Base

URL:	http://www.tresys.com/

Source: http://www.tresys.com/Downloads/selinux-tools/setools-%{version}.tar.bz2

Source1: setools.pam

Source2: apol.console

Source4: seaudit.console

Source5: apol.desktop

Source7: seaudit.desktop

Source8: sediffx.console

Source9: sediffx.desktop

Prefix: %{_prefix}

BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

Requires: checkpolicy, policycoreutils, tcl >= 8.3

Buildrequires: tk-devel >= 8.3, tcl-devel >= 8.3

BuildRequires: gtk2-devel, libglade2-devel

BuildRequires: libselinux-devel, libxml2-devel

BuildRequires: libcap-devel

BuildPrereq: bison, flex, pkgconfig

Patch0: setools-rhat.patch

%description

Security-enhanced Linux is a patch of the Linux kernel and a number of

utilities with enhanced security functionality designed to add

mandatory access 

controls to Linux.  The Security-enhanced Linux kernel contains new 

architectural components originally developed to improve the security

 of the Flask 

operating system. These architectural components provide general

 support for the 

enforcement of many kinds of mandatory access control policies, including

 those 

based on the concepts of Type Enforcement, Role-based Access Control, and 

Multi-level Security.

The tools and libraries in this release include:

1. libapol: The main policy.conf analysis library, which is the core 

library for all our tools.

See the help files for apol for help on using the 

tools.

%package gui

Summary: Graphical tools for handling SETools

Group: System Environment/Base

Requires: %{name} = %{version}-%{release}

Requires: tk >= 8.3, libglade2 > 2, usermode

%description gui

Security-enhanced Linux is a patch of the Linux kernel and a number of

utilities with enhanced security functionality designed to add

 mandatory access 

controls to Linux.  The Security-enhanced Linux kernel contains new 

architectural components originally developed to improve 

the security of the Flask 

operating system. These architectural components provide 

general support for the 

enforcement of many kinds of mandatory access control policies,

 including those 

based on the concepts of Type Enforcement, Role-based Access Control, and 

Multi-level Security.

The tools and libraries in this release include:

1. apol: The GUI-based policy analysis tool.

2. awish: A version of the TCL/TK wish interpreter that includes the 

setools libraries.  We use this to test our GUIs (apol have the 

interpreter compiled within them).  One could conceivably write one's own 

GUI tools using TCL/TK as extended via awish.

See the help files for apol for help on using the 

tools.

%prep

%setup -q

%patch0 -p1 -b .rhat

%build

make clean

make LIBDIR=%{_libdir} all 

%install

rm -rf ${RPM_BUILD_ROOT}

mkdir -p $RPM_BUILD_ROOT/%{_bindir}

mkdir -p $RPM_BUILD_ROOT/%{_sbindir}

mkdir -p $RPM_BUILD_ROOT/%_libdir

mkdir -p $RPM_BUILD_ROOT%{_includedir}/selinux/apol

mkdir -p $RPM_BUILD_ROOT/usr/share/doc/setools-%{version}

mkdir -p $RPM_BUILD_ROOT/usr/share/tcl8.4

make DESTDIR="${RPM_BUILD_ROOT}" INSTALL_HELPDIR=$RPM_BUILD_ROOT/usr/share/doc/setools-%{version} LIBDIR=%{_libdir} install install-bwidget

rm -f ${RPM_BUILD_ROOT}/usr/bin/findcon

rm -f ${RPM_BUILD_ROOT}/usr/bin/replcon

rm -f ${RPM_BUILD_ROOT}/usr/bin/searchcon

rm -f ${RPM_BUILD_ROOT}/usr/bin/indexcon

install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d

install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d/apol

install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d/seaudit

install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d/sediffx

install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps

install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/apol

install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/seaudit

install -m 644 %{SOURCE8} ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/sediffx

install -d -m 755 ${RPM_BUILD_ROOT}%{_datadir}/applications

install -m 664 %{SOURCE5} ${RPM_BUILD_ROOT}%{_datadir}/applications/apol.desktop

install -m 664 %{SOURCE7} ${RPM_BUILD_ROOT}%{_datadir}/applications/seaudit.desktop

install -m 664 %{SOURCE9} ${RPM_BUILD_ROOT}%{_datadir}/applications/sediffx.desktop

cd $RPM_BUILD_ROOT/%{_bindir}/

ln -sf consolehelper apol 

ln -sf consolehelper seaudit

ln -sf consolehelper sediffx

%clean

rm -rf ${RPM_BUILD_ROOT}

%files gui

%defattr(-,root,root)

%dir /usr/share/tcl8.4/BWidget-1.7.0

/usr/share/tcl8.4/BWidget-1.7.0/*

%{_bindir}/apol

%{_sbindir}/apol

%{_bindir}/sediffx

%{_sbindir}/sediffx

%{_bindir}/awish

%{_bindir}/seaudit

%{_sbindir}/seaudit

%{_sbindir}/seaudit-report

%{_datadir}/applications/apol.desktop

%{_datadir}/applications/seaudit.desktop

%{_datadir}/applications/sediffx.desktop

%config(noreplace) %{_sysconfdir}/pam.d/apol

%config(noreplace) %{_sysconfdir}/pam.d/seaudit

%config(noreplace) %{_sysconfdir}/pam.d/sediffx

%config(noreplace) %{_sysconfdir}/security/console.apps/apol

%config(noreplace) %{_sysconfdir}/security/console.apps/seaudit

%config(noreplace) %{_sysconfdir}/security/console.apps/sediffx

/usr/share/doc/setools-%{version}/apol*

/usr/share/doc/setools-%{version}/seaudit_help.txt

/usr/share/doc/setools-%{version}/types_relation_help.txt

/usr/share/doc/setools-%{version}/dta_help.txt

/usr/share/doc/setools-%{version}/file_relabel_help.txt

/usr/share/doc/setools-%{version}/flow_assertion_help.txt

/usr/share/doc/setools-%{version}/iflow_help.txt

/usr/share/doc/setools-%{version}/obj_perms_help.txt

%dir /usr/share/setools

/usr/share/setools/apol.tcl

/usr/share/setools/apol_help.txt

/usr/share/setools/apol_perm_mapping

/usr/share/setools/apol_perm_mapping_ver12

/usr/share/setools/apol_perm_mapping_ver15

/usr/share/setools/apol_perm_mapping_ver16

/usr/share/setools/apol_perm_mapping_ver17

/usr/share/setools/apol_perm_mapping_ver18

/usr/share/setools/apol_perm_mapping_ver19

/usr/share/setools/apol_perm_mapping_ver20

/usr/share/setools/customize_filter_window.glade

/usr/share/setools/dot_seaudit

/usr/share/setools/dta_help.txt

/usr/share/setools/filter_window.glade

/usr/share/setools/iflow_help.txt

/usr/share/setools/multifilter_window.glade

/usr/share/setools/obj_perms_help.txt

/usr/share/setools/prefer_window.glade

/usr/share/setools/query_window.glade

/usr/share/setools/report_window.glade

/usr/share/setools/seaudit-report.conf

/usr/share/setools/seaudit-report.css

/usr/share/setools/seaudit.glade

/usr/share/setools/seaudit_help.txt

%attr(755,root,root) %dir /usr/share/setools/sechecker

%attr(755,root,root) %dir /usr/share/setools/sechecker/profiles

/usr/share/setools/sechecker/profiles/all-checks.sechecker

/usr/share/setools/sechecker/profiles/analysis-checks.sechecker

/usr/share/setools/sechecker/profiles/devel-checks.sechecker

/usr/share/setools/sediff.glade

/usr/share/setools/sediff_help.txt

%package devel

Summary: Development environment for SETools

Group: System Environment/Base

Requires: %{name} = %{version}-%{release}

%description devel

Headers, static libraries and API docs for SETools.

%files devel

%defattr(-,root,root)

%{_includedir}/setools

%{_libdir}/lib*

%post devel -p /sbin/ldconfig

%postun devel -p /sbin/ldconfig

%files

%defattr(-,root,root)

%{_bindir}/seinfo

%{_bindir}/sesearch

%{_bindir}/sechecker

%{_bindir}/sediff

%dir /usr/share/doc/setools-%{version}

/usr/share/doc/setools-%{version}/KNOWN-BUGS

/usr/share/doc/setools-%{version}/README

%changelog

* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.2-4

- Fix dessktop files

- Apply fixes from bkyoung

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>

- rebuilt

* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-3

- Move more gui files out of base into gui 

* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-2

- Move sediff from gui to main package

* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-1

- Upgrade to upstream version

* Thu Oct 13 2005 Dan Walsh <dwalsh@redhat.com> 2.1.3-1

- Upgrade to upstream version

* Mon Oct 10 2005 Tomas Mraz <tmraz@redhat.com> 2.1.2-3

- use include instead of pam_stack in pam config

* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-2

- Fix spec file

* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1

- Upgrade to upstream version

* Thu Aug 18 2005 Florian La Roche <laroche@redhat.com>

- do not package debug files into the -devel package

* Wed Aug 17 2005 Jeremy Katz <katzj@redhat.com> - 2.1.1-3

- rebuild against new cairo

* Wed May 25 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-0

- Upgrade to upstream version

* Mon May 23 2005 Bill Nottingham <notting@redhat.com> 2.1.0-5

- put libraries in the right place (also puts debuginfo in the right

  package)

- add %%defattr for -devel too

* Thu May 12 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-4

- Move sepcut to gui apps.

* Fri May 6 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-3

- Fix Missing return code.

* Wed Apr 20 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-2

- Fix requires line

* Tue Apr 19 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-1

- Update to latest from tresys

* Tue Apr 5 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-2

- Fix buildrequires lines in spec file

* Tue Mar 2 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-1

- Update to latest from tresys

* Mon Nov 29 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-6

- add FALLBACK=true to /etc/security/console.apps/apol

* Wed Nov 10 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-3

- Add badtcl patch from Tresys.

* Mon Nov 8 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-2

- Apply malloc problem patch provided by  Sami Farin 

* Mon Nov 1 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-1

- Update to latest from Upstream

* Wed Oct 6 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-5

- Update tresys patch

* Mon Oct 4 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-4

- Fix directory ownership

* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-1

- Latest from Tresys

* Wed Jun 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5

- Add build requires libselinux

* Tue Jun 22 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4

- Add support for policy.18

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Thu Jun 10 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2

- Fix install locations of policy_src_dir

* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 1.4-1

- Update to latest from TRESYS.

* Tue Jun 1 2004 Dan Walsh <dwalsh@redhat.com> 1.3-3

- Make changes to work with targeted/strict policy

* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-2

- Take out requirement for policy file

* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1

- Fix doc location

* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1

- Latest from TRESYS

* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-8

- fix location of policy.conf file

* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-7

- Obsolete setools-devel

* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-6

- Fix location of 

* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-5

- Remove devel libraries

- Fix installdir for lib64

* Sat Apr 3 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-4

- Add usr_t file read to policy

* Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-3

- Use tcl8.4

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-1

- New patch

* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2-1

- Latest upstream version

* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1.1-1

- New version from upstream

- Remove seuser.te.  Now in policy file.

* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2

- Add Defattr to devel

- move libs to base kit

* Fri Dec 19 2003 Dan Walsh <dwalsh@redhat.com> 1.1-1

- Update to latest code from tresys

- Break into three separate packages for cmdline, devel and gui

- Incorporate the tcl patch

* Mon Dec 15 2003 Jens Petersen <petersen@redhat.com> - 1.0.1-3

- apply setools-1.0.1-tcltk.patch to build against tcl/tk 8.4

- buildrequire tk-devel

* Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-2

- Add Bwidgets to this RPM

* Tue Nov 4 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-1

- Upgrade to 1.0.1

* Wed Oct 15 2003 Dan Walsh <dwalsh@redhat.com> 1.0-6

- Clean up build

* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.0-5

- Update with correct seuser.te

* Wed Oct 1 2003 Dan Walsh <dwalsh@redhat.com> 1.0-4

- Update with final release from Tresys

* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1

- Initial version