diff options
author | Nathan Straz <nstraz@redhat.com> | 2009-10-22 17:54:49 -0400 |
---|---|---|
committer | Nathan Straz <nstraz@redhat.com> | 2009-10-22 17:54:49 -0400 |
commit | 6ec522d33eed9bf993c9a5a5f80a21f5db5ce113 (patch) | |
tree | 437f91ff8acc26b54950572c7e86c5235da3cff8 /qarsh.spec | |
parent | 0d65048dd98bc1b408fe9a2f3e6157c28a1c4c7d (diff) | |
download | qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.tar.gz qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.tar.xz qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.zip |
Add SELinux policy for qarshd
We generate the policy based on which services we want to test.
Diffstat (limited to 'qarsh.spec')
-rw-r--r-- | qarsh.spec | 45 |
1 files changed, 44 insertions, 1 deletions
@@ -1,7 +1,7 @@ Summary: QA Remote Shell Name: qarsh Version: 1.24 -Release: 2%{?dist} +Release: 3%{?dist} Group: QA License: GPL Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) @@ -31,17 +31,41 @@ allows anyone to connect to the host as any user and do any thing. WARNING: THIS PACKAGE PROVIDES REMOTE ROOT ACCESS WITHOUT AUTHENTICATION + + +%global selinux_variants targeted +%global selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0) + +%package selinux +Summary: SELinux policy module supporting qarsh +Group: QA +BuildRequires: checkpolicy, selinux-policy-devel, /usr/share/selinux/devel/policyhelp, hardlink +%if "%{selinux_policyver}" != "" +Requires: selinux-policy >= %{selinux_policyver} +%endif +Requires: %{name} = %{version}-%{release} +Requires(post): /usr/sbin/semodule, /sbin/fixfiles, qarsh-server +Requires(postun): /usr/sbin/semodule + + +%description selinux +SELinux policy maker for qarsh + %prep %setup -q %build make %{?_smp_mflags} +make -C SELinux %install rm -rf $RPM_BUILD_ROOT make install INSTROOT=$RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT%{_datadir}/selinux/packages/qarsh +cp -p SELinux/qarshd.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/qarsh + %clean rm -rf $RPM_BUILD_ROOT @@ -53,6 +77,15 @@ if [ $1 = 0 ]; then /sbin/service xinetd reload > /dev/null 2>&1 || : fi +%post selinux +/usr/sbin/semodule -i %{_datadir}/selinux/packages/qarsh/qarshd.pp || : +/sbin/fixfiles -R qarsh-server restore || : + +%postun selinux +if [ $1 = 0 ]; then + /usr/sbin/semodule -r qarshd || : +fi + %files %defattr(-,root,root) /usr/bin/qarsh @@ -68,7 +101,17 @@ fi %config /etc/xinetd.d/btimed %doc %{_mandir}/man8/* +%files selinux +%defattr(-,root,root) +%doc SELinux/* +%{_datadir}/selinux/packages/qarsh + + %changelog +* Thu Oct 22 2009 Nate Straz <nstraz@redhat.com> ++ qarsh-1.24-3 +- Add SELinux policy build + * Fri Apr 17 2009 Nate Straz <nstraz@redhat.com> + qarsh-1.24-2 - Fix up spec file for tarballs with prefixes |