From c6e97e93a61b02602f14606a60b6154880308123 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 1 May 2014 13:16:14 -0400
Subject: Make SELinux happy

Add proper context to shared state directories so that httpd can write there.

Relax SElinux boolans to allow use of pam modules
This allows running Ipsilon in fully enforcing mode when pam auth
using the python-pam modules is used.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 contrib/fedora/ipsilon.spec | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'contrib')

diff --git a/contrib/fedora/ipsilon.spec b/contrib/fedora/ipsilon.spec
index 08f2c70..f86e4de 100644
--- a/contrib/fedora/ipsilon.spec
+++ b/contrib/fedora/ipsilon.spec
@@ -62,6 +62,15 @@ getent passwd ipsilon >/dev/null || \
     -c "Ipsilon Server" ipsilon
 exit 0
 
+%post
+semanage fcontext -a -t httpd_var_lib_t '%{_sharedstatedir}/ipsilon(/.*)?' 2>/dev/null || :
+semanage fcontext -a -t var_lib_t '%{_sharedstatedir}/ipsilon(/.*)/*.conf' 2>/dev/null || :
+restorecon -R %{_sharedstatedir}/ipsilon || :
+
+%postun
+semanage fcontext -d -t var_lib_t '%{_sharedstatedir}/ipsilon(/.*)/*.conf' 2>/dev/null || :
+semanage fcontext -d -t httpd_var_lib_t '%{_sharedstatedir}/ipsilon(/.*)?' 2>/dev/null || :
+
 %files
 %doc COPYING
 %{python2_sitelib}/ipsilon-*.egg-info
-- 
cgit