packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove custom SELinux policy 

This was a temporary hack until the requisite bits landed upstream in
the Fedora SELinux policy.
This commit is contained in:
Colin Walters 2014-03-15 13:15:58 -04:00
parent b6b7d37c9d
commit ba4f7ac7be
8 changed files with 0 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.am
View File

@ -31,10 +31,6 @@ endif
SUBDIRS += . SUBDIRS += .
if BUILD_SELINUX_CUSTOM_POLICY
SUBDIRS += selinux
endif
if ENABLE_GTK_DOC if ENABLE_GTK_DOC
SUBDIRS += doc SUBDIRS += doc
endif endif

7
configure.ac
View File

@ -164,12 +164,6 @@ AS_IF([ test x$with_selinux != xno ], [
if test x$with_selinux != xno; then OSTREE_FEATURES="$OSTREE_FEATURES +selinux"; fi if test x$with_selinux != xno; then OSTREE_FEATURES="$OSTREE_FEATURES +selinux"; fi
AM_CONDITIONAL(USE_SELINUX, test $with_selinux != no) AM_CONDITIONAL(USE_SELINUX, test $with_selinux != no)
dnl FIXME remove this
AC_ARG_ENABLE(selinux-custom-policy,
AS_HELP_STRING([--enable-selinux-custom-policy], [Custom policy overrides]),,
enable_selinux_custom_policy=no)
AM_CONDITIONAL(BUILD_SELINUX_CUSTOM_POLICY, test x$enable_selinux_custom_policy = xyes)
AC_ARG_WITH(dracut, AC_ARG_WITH(dracut,
AS_HELP_STRING([--with-dracut], AS_HELP_STRING([--with-dracut],
[Install dracut module (default: no)]),, [Install dracut module (default: no)]),,
@ -209,7 +203,6 @@ AC_CONFIG_FILES([
Makefile Makefile
embedded-dependencies/Makefile embedded-dependencies/Makefile
doc/Makefile doc/Makefile
selinux/Makefile
src/libostree/ostree-1.pc src/libostree/ostree-1.pc
]) ])
AC_OUTPUT AC_OUTPUT

25
packaging/ostree.spec.in
View File

@ -44,19 +44,6 @@ Requires: %{name} = %{version}-%{release}
%description devel %description devel
The %{name}-devel package includes the header files for the %{name} library. The %{name}-devel package includes the header files for the %{name} library.
%package selinux
Summary: SELinux policy module for %{name}
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}
Requires: policycoreutils, libselinux-utils
Requires(post): selinux-policy-base, policycoreutils
Requires(postun): policycoreutils
BuildRequires: selinux-policy-devel
BuildArch: noarch
%description selinux
This package installs and sets up the SELinux policy security module for %{name}.
%prep %prep
%setup -q -n ostree-%{version} %setup -q -n ostree-%{version}
@ -65,7 +52,6 @@ env NOCONFIGURE=1 ./autogen.sh
%configure --disable-silent-rules \ %configure --disable-silent-rules \
--enable-gtk-doc \ --enable-gtk-doc \
--with-selinux \ --with-selinux \
--enable-selinux-custom-policy \
--with-dracut --with-dracut
make %{?_smp_mflags} make %{?_smp_mflags}
@ -83,14 +69,6 @@ rm -rf $RPM_BUILD_ROOT
%preun %preun
%systemd_preun ostree-remount.service %systemd_preun ostree-remount.service
%post selinux
semodule -n -i %{_datadir}/selinux/packages/%{name}.pp
%postun selinux
if [ $1 -eq 0 ]; then
semodule -n -r %{name}
fi
%files %files
%doc COPYING README.md %doc COPYING README.md
%{_bindir}/ostree %{_bindir}/ostree
@ -113,6 +91,3 @@ fi
%dir %{_datadir}/gtk-doc/html/ostree %dir %{_datadir}/gtk-doc/html/ostree
%{_datadir}/gtk-doc/html/ostree %{_datadir}/gtk-doc/html/ostree
%{_datadir}/gir-1.0/OSTree-1.0.gir %{_datadir}/gir-1.0/OSTree-1.0.gir
%files selinux
%attr(0600,root,root) %{_datadir}/selinux/packages/%{name}.pp

2
selinux/.gitignore vendored
View File

@ -1,2 +0,0 @@
ostree.pp
tmp

24
selinux/Makefile.am
View File

@ -1,24 +0,0 @@
# Copyright (C) 2014 Colin Walters <walters@verbum.org>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
ostree.pp: ostree.fc ostree.if ostree.te
make -f /usr/share/selinux/devel/Makefile
selinuxpkgdir = $(datadir)/selinux/packages
selinuxpkg_DATA = ostree.pp
EXTRA_DIST = ostree.fc ostree.if ostree.te

9
selinux/ostree.fc
View File

@ -1,9 +0,0 @@
# Core definitions
/sysroot -d gen_context(system_u:object_r:usr_t,s0)
/ostree -d gen_context(system_u:object_r:usr_t,s0)
/ostree -l gen_context(system_u:object_r:usr_t,s0)
/media -l gen_context(system_u:object_r:mnt_t,s0)
/mnt -l gen_context(system_u:object_r:mnt_t,s0)
/var/roothome -d gen_context(system_u:object_r:admin_home_t,s0)
/var/home -d gen_context(system_u:object_r:home_root_t,s0)

1
selinux/ostree.if
View File

@ -1 +0,0 @@
# Empty.

33
selinux/ostree.te
View File

@ -1,33 +0,0 @@
policy_module(ostree, 1.3.0)
require {
type init_t;
type root_t;
type var_log_t;
type games_data_t;
type var_yp_t;
type systemd_tmpfiles_t;
type local_login_t;
type admin_home_t;
type ldconfig_cache_t;
type var_t;
type var_run_t;
class lnk_file { relabelfrom relabelto read getattr };
class dir { relabelfrom relabelto create setattr write };
}
# init_t
allow init_t admin_home_t:lnk_file { read getattr };
allow init_t root_t:dir { write };
#============= systemd_tmpfiles_t ==============
allow systemd_tmpfiles_t games_data_t:dir relabelto;
allow systemd_tmpfiles_t var_log_t:dir create;
allow systemd_tmpfiles_t var_run_t:lnk_file { relabelfrom relabelto };
allow systemd_tmpfiles_t var_t:dir { create relabelfrom relabelto setattr };
allow systemd_tmpfiles_t var_yp_t:dir relabelto;
allow systemd_tmpfiles_t ldconfig_cache_t:dir { relabelfrom relabelto setattr };
allow systemd_tmpfiles_t var_t:dir { relabelfrom relabelto setattr };
#============= local_login_t ==============
allow local_login_t admin_home_t:lnk_file read;