diff --git a/sudo.spec b/sudo.spec index 06059b6..d35617e 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,14 +1,20 @@ +%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} +%define WITH_SELINUX 1 +%endif Summary: Allows restricted root access for specified users. Name: sudo Version: 1.6.7p5 -Release: 2 +Release: 16 License: BSD Group: Applications/System Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz +Patch1: sudo-selinux.patch URL: http://www.courtesan.com/sudo/ BuildRoot: %{_tmppath}/%{name}-root -Requires: /etc/pam.d/system-auth -BuildRequires: pam-devel +Requires: /etc/pam.d/system-auth, vim-minimal +BuildRequires: pam-devel, groff +Source1: sudo.te +Source2: sudo.fc %description Sudo (superuser do) allows a system administrator to give certain @@ -23,6 +29,10 @@ on many different machines. %prep %setup -q +%if %{WITH_SELINUX} +#SELinux +%patch1 -p1 -b .selinux +%endif %build %configure \ @@ -34,12 +44,12 @@ on many different machines. --with-editor=/bin/vi \ --with-env-editor \ --with-ignore-dot \ - --with-tty-tickets + --with-tty-tickets \ + --without-interfaces make %install rm -rf $RPM_BUILD_ROOT - mkdir $RPM_BUILD_ROOT %{makeinstall} install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* @@ -53,6 +63,14 @@ account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth EOF +%if %{WITH_SELINUX} +#SELinux +#mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/security/selinux/src/policy/domains/program/ +#install -c -m644 %SOURCE1 ${RPM_BUILD_ROOT}%{_sysconfdir}/security/selinux/src/policy/domains/program/ +#mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/security/selinux/src/policy/file_contexts/program +#install -c -m644 %SOURCE2 ${RPM_BUILD_ROOT}%{_sysconfdir}/security/selinux/src/policy/file_contexts/program +%endif + %clean rm -rf $RPM_BUILD_ROOT @@ -68,12 +86,70 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man5/sudoers.5* %{_mandir}/man8/sudo.8* %{_mandir}/man8/visudo.8* +%if %{WITH_SELINUX} +#%{_sysconfdir}/security/selinux/src/policy/domains/program/sudo.te +#%{_sysconfdir}/security/selinux/src/policy/file_contexts/program/sudo.fc +%endif # Make sure permissions are ok even if we're updating %post /bin/chmod 0440 /etc/sudoers || : +%if %{WITH_SELINUX} +#if test -x /usr/bin/selinuxenabled && `/usr/bin/selinuxenabled`; then +# cd /etc/security/selinux/src/policy +# make reload +# make file_contexts/file_contexts +# setfiles file_contexts/file_contexts /etc/sudoers %{_bindir}/sudo %{_sbindir}/visudo /var/run/sudo +#fi +%endif %changelog +* Tue Jan 27 2004 Dan Walsh 1.6.7p5-16 +- Eliminate interfaces call, since this requires big SELinux privs +- and it seems to be useless. + +* Tue Jan 27 2004 Karsten Hopp 1.6.7p5-15 +- visudo requires vim-minimal or setting EDITOR to something useful (#68605) + +* Mon Jan 26 2004 Dan Walsh 1.6.7p5-14 +- Fix is_selinux_enabled call + +* Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 +- Clean up patch on failure + +* Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 +- Remove sudo.te for now. + +* Fri Jan 2 2004 Dan Walsh 1.6.7p5-11 +- Fix usage message + +* Mon Dec 22 2003 Dan Walsh 1.6.7p5-10 +- Clean up sudo.te to not blow up if pam.te not present + +* Thu Dec 18 2003 Thomas Woerner +- added missing BuildRequires for groff + +* Tue Dec 16 2003 Jeremy Katz 1.6.7p5-9 +- remove left-over debugging code + +* Tue Dec 16 2003 Dan Walsh 1.6.7p5-8 +- Fix terminal handling that caused Sudo to exit on non selinux machines. + +* Mon Dec 15 2003 Dan Walsh 1.6.7p5-7 +- Remove sudo_var_run_t which is now pam_var_run_t + +* Fri Dec 12 2003 Dan Walsh 1.6.7p5-6 +- Fix terminal handling and policy + +* Thu Dec 11 2003 Dan Walsh 1.6.7p5-5 +- Fix policy + +* Thu Nov 13 2003 Dan Walsh 1.6.7p5-4.sel +- Turn on SELinux support + +* Tue Jul 29 2003 Dan Walsh 1.6.7p5-3 +- Add support for SELinux + * Wed Jun 04 2003 Elliot Lee - rebuilt