File policycoreutils.spec of Package policycoreutils

Overview Repositories Revisions Requests Users Attributes Meta

File policycoreutils.spec of Package policycoreutils

#
# spec file for package policycoreutils
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

%define libaudit_ver     2.2
%define libsepol_ver     2.3
%define libsemanage_ver  2.3
%define libselinux_ver   2.3
%define sepolgen_ver     1.2.1

Name:           policycoreutils
Version:        2.3
Release:        0
Url:            http://userspace.selinuxproject.org/
Summary:        SELinux policy core utilities
License:        GPL-2.0+
Group:          Productivity/Security
Source:         http://userspace.selinuxproject.org/releases/20140506/%{name}-%{version}.tar.gz
Source1:        http://userspace.selinuxproject.org/releases/20140506/sepolgen-%{sepolgen_ver}.tar.gz
Source2:        system-config-selinux.png
Source3:        system-config-selinux.desktop
Source4:        system-config-selinux.pam
Source5:        system-config-selinux.console
Source6:        selinux-polgengui.desktop
Source7:        selinux-polgengui.console
Source8:        policycoreutils_man_ru2.tar.bz2
Patch4:         policycoreutils-initscript.patch
Patch5:         policycoreutils-pam-common.patch
Patch10:        loadpolicy_path.patch
Patch11:        CVE-2016-7545_sandbox_escape.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  audit-devel >= %{libaudit_ver}
BuildRequires:  dbus-1-glib-devel
BuildRequires:  fdupes
BuildRequires:  gettext
BuildRequires:  hicolor-icon-theme
BuildRequires:  libcap-devel
BuildRequires:  libcap-ng-devel
BuildRequires:  libcgroup-devel
BuildRequires:  libselinux-devel >= %{libselinux_ver}
BuildRequires:  libsemanage-devel >= %{libsemanage_ver}
BuildRequires:  libsepol-devel-static >= %{libsepol_ver}
BuildRequires:  pam-devel
BuildRequires:  python-devel
BuildRequires:  setools-devel
BuildRequires:  update-desktop-files
%if 0%{?suse_version} > 1140
BuildRequires:  systemd
%{?systemd_requires}
%else
Requires(pre):  %insserv_prereq
%endif
Requires(pre):  %fillup_prereq permissions
Requires:       audit-libs-python
Requires:       checkpolicy
Requires:       gawk
Requires:       python-selinux
Requires:       rpm
Requires:       util-linux
# we need selinuxenabled
Requires(post): selinux-tools

Recommends:     %{name}-lang

%description
Security-enhanced Linux is a feature of the Linux(R) kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement(R), Role-based Access
Control, and Multi-level Security.

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.

%lang_package

%prep
%setup -q -a 1
%patch4
%patch5
%patch10 -p1
%patch11 -p1
# sleep 5
# touch po/policycoreutils.pot
# sleep 5

%build
export SUSE_ASNEEDED=0
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C sepolgen-%{sepolgen_ver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all

%install
mkdir -p %{buildroot}/var/lib/selinux
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/sbin
mkdir -p %{buildroot}%{_mandir}/man1
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" INITDIR="%{buildroot}%{_initddir}" install
make -C sepolgen-%{sepolgen_ver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
install -D -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png
# Don't install initscript if systemd is available
%if 0%{?suse_version} > 1140
rm -r %{buildroot}%{_initddir}
ln -sf /sbin/service %{buildroot}%{_sbindir}/rcrestorecond
%else
rm -r %{buildroot}%{_unitdir}
ln -sf %{_initddir}/restorecond %{buildroot}%{_sbindir}/rcrestorecond
%endif
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
tar -jxf %{SOURCE8} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
mkdir -p %{buildroot}/var/adm/fillup-templates/
mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox %{buildroot}/var/adm/fillup-templates/sysconfig.sandbox
rmdir %{buildroot}/%{_sysconfdir}/sysconfig
%suse_update_desktop_file -i system-config-selinux System Security Settings
%suse_update_desktop_file -i sepolicy System Security Settings
%suse_update_desktop_file -i selinux-polgengui System Security Settings
%find_lang %{name}
%fdupes -s %{buildroot}/%{_datadir}

%package python
Summary:        SELinux policy core python utilities
Group:          Productivity/Security
Requires:       audit-libs-python >= %{libaudit_ver}
Requires:       policycoreutils = %{version}
Requires:       python-ipy
Requires:       python-selinux >= %{libselinux_ver}
Requires:       python-semanage >= %{libsemanage_ver}
Requires:       python-setools
Requires:       python-xml

%description python
The policycoreutils-python package contains the management tools used to manage an SELinux environment.

%files python
%defattr(-,root,root,-)
%{_sbindir}/semanage
%{_bindir}/audit2allow
%{_bindir}/audit2why
%{_bindir}/chcat
%{_bindir}/sandbox
%{_bindir}/sepolicy
%{_bindir}/sepolgen-ifgen
%{_bindir}/sepolgen-ifgen-attr-helper
%{python_sitearch}/seobject.py*
%{python_sitearch}/sepolgen
%{python_sitearch}/sepolicy
%{python_sitearch}/sepolicy*.egg-info
#%{python_sitearch}/%{name}*.egg-info
%dir  /var/lib/sepolgen
%dir  /var/lib/selinux
/var/lib/sepolgen/perm_map
%{_mandir}/man1/audit2allow.1*
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/sandbox.8*
%{_mandir}/man5/sandbox*
%{_mandir}/man8/semanage*.8*
%{_mandir}/man8/sepolicy*.8*
%{_mandir}/man8/sepolgen.8*
%{_mandir}/ru/man8/semanage.8*
%{_datadir}/bash-completion/completions/semanage
%{_datadir}/bash-completion/completions/sepolicy
%{_datadir}/bash-completion/completions/setsebool

%post python
selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen 2>/dev/null
exit 0

%package sandbox
Summary:        SELinux sandbox utilities
Group:          Productivity/Security
Requires:       policycoreutils-python = %{version}
Requires:       xorg-x11-server-extra
# Requires:       matchbox-window-manager

%description sandbox
The sandbox package contains the scripts to create graphical sandboxes

%files sandbox
%defattr(-,root,root,-)
%attr(0755,root,root) %{_sbindir}/seunshare
%dir %{_datadir}/sandbox
%{_datadir}/sandbox/sandboxX.sh
%{_datadir}/sandbox/start
/var/adm/fillup-templates/sysconfig.sandbox
%doc %{_mandir}/man8/seunshare.8*

%package newrole
Summary:        The newrole application for RBAC/MLS
Group:          Productivity/Security
Requires:       policycoreutils = %{version}
Requires(pre):  permissions

%description newrole
RBAC/MLS policy machines require newrole as a way of changing the role
or level of a logged in user.

%files newrole
%defattr(-,root,root)
%verify(not mode) %attr(0755,root,root) %{_bindir}/newrole
%{_mandir}/man1/newrole.1.gz
%config(noreplace) %{_sysconfdir}/pam.d/newrole

%post newrole
%set_permissions %{_bindir}/newrole

%verifyscript
%verify_permissions -e %{_bindir}/newrole

%package gui
Summary:        SELinux configuration GUI
Group:          Productivity/Security
Requires:       policycoreutils-python = %{version}
Requires:       python-gnome
Requires:       python-gtk
# Requires:    gnome-python2-canvas
# Requires:    usermode-gtk
Requires:       python
Requires:       selinux-policy
Requires:       setools-console

%description gui
system-config-selinux is a utility for managing the SELinux environment

%files gui
%defattr(-,root,root)
%{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui
%{_datadir}/applications/system-config-selinux.desktop
%{_datadir}/system-config-selinux/system-config-selinux.desktop
%{_bindir}/sepolgen
%{_datadir}/applications/selinux-polgengui.desktop
%{_datadir}/applications/sepolicy.desktop
%{_datadir}/system-config-selinux/selinux-polgengui.desktop
%{_datadir}/system-config-selinux/sepolicy.desktop
#%dir %{_datadir}/icons
#%dir %{_datadir}/icons/hicolor
#%dir %{_datadir}/icons/hicolor/24x24
#%dir %{_datadir}/icons/hicolor/24x24/apps
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
%{_datadir}/icons/hicolor/16x16/apps/sepolicy.png
%{_datadir}/icons/hicolor/22x22/apps/sepolicy.png
%{_datadir}/icons/hicolor/256x256/apps/sepolicy.png
%{_datadir}/icons/hicolor/32x32/apps/sepolicy.png
%{_datadir}/icons/hicolor/48x48/apps/sepolicy.png
%{_datadir}/pixmaps/sepolicy.png
%{_datadir}/pixmaps/system-config-selinux.png
%{_datadir}/polkit-1/actions/org.selinux.config.policy
%{_datadir}/polkit-1/actions/org.selinux.policy
%dir %{_datadir}/system-config-selinux
#%dir %{_datadir}/system-config-selinux/templates
%{_datadir}/system-config-selinux/system-config-selinux.png
%{_datadir}/system-config-selinux/*.py*
#%{_datadir}/system-config-selinux/selinux.tbl
%{_datadir}/system-config-selinux/*.glade
%{_mandir}/man8/selinux-polgengui.8.*
%{_mandir}/man8/system-config-selinux.8.*
#%%{_datadir}/system-config-selinux/templates/*.py*
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
%dir %{_sysconfdir}/security/console.apps
%config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux

%files
%defattr(-,root,root)
/sbin/restorecon
/sbin/fixfiles
/sbin/setfiles
/sbin/load_policy
%{_sbindir}/genhomedircon
%{_sbindir}/load_policy
%{_sbindir}/restorecond
%{_sbindir}/setsebool
%{_sbindir}/semodule
%{_sbindir}/sestatus
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
%{_bindir}/secon
%{_bindir}/semodule_deps
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%{_bindir}/semodule_unpackage
%if 0%{?suse_version} > 1140
%attr(644,root,root) %{_unitdir}/restorecond.service
%else
%attr(755,root,root) %{_initddir}/restorecond
%endif
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%{_sbindir}/rcrestorecond
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
%{_sysconfdir}/xdg/autostart/restorecond.desktop
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
%{_datadir}/dbus-1/system-services/org.selinux.service
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%dir %{_mandir}/ru
%dir %{_mandir}/ru/man1
%dir %{_mandir}/ru/man8
%{_mandir}/man5/selinux_config.5*
%{_mandir}/man5/sestatus.conf.5*
%{_mandir}/man8/semodule_unpackage.8*
%{_mandir}/man8/fixfiles.8*
%{_mandir}/ru/man8/fixfiles.8*
%{_mandir}/man8/load_policy.8*
%{_mandir}/ru/man8/load_policy.8*
%{_mandir}/man8/open_init_pty.8*
%{_mandir}/ru/man8/open_init_pty.8*
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
%{_mandir}/man8/run_init.8*
%{_mandir}/ru/man8/run_init.8*
%{_mandir}/man8/semodule.8*
%{_mandir}/ru/man8/semodule.8*
%{_mandir}/man8/semodule_deps.8*
%{_mandir}/ru/man8/semodule_deps.8*
%{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8*
%{_mandir}/ru/man8/semodule_link.8*
%{_mandir}/man8/semodule_package.8*
%{_mandir}/ru/man8/semodule_package.8*
%{_mandir}/man8/sestatus.8*
%{_mandir}/ru/man8/sestatus.8*
%{_mandir}/man8/setfiles.8*
%{_mandir}/ru/man8/setfiles.8*
%{_mandir}/man8/setsebool.8*
%{_mandir}/ru/man8/setsebool.8*
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/genhomedircon.8*

%files lang -f %{name}.lang

%pre
%if 0%{?suse_version} > 1140
%service_add_pre restorecond.service
%endif

%post
%if 0%{?suse_version} > 1140
%service_add_post restorecond.service
%{fillup_only}
%else
%fillup_and_insserv restorecond
%endif

%preun
%if 0%{?suse_version} > 1140
%service_del_preun restorecond.service
%else
if [ "$1" -eq "0" ]; then
    %stop_on_removal restorecond
    %insserv_cleanup
fi
%endif
%postun
%if 0%{?suse_version} > 1140
%service_del_postun restorecond.service
%else
if [ "$1" -ge "1" ]; then
    %restart_on_update restorecond
    %insserv_cleanup
fi
%endif

%changelog

Places

File policycoreutils.spec of Package policycoreutils

Places