Add SELinux policy for qarshd

We generate the policy based on which services we want to test.
author: Nathan Straz <nstraz@redhat.com> 2009-10-22 17:54:49 -0400
committer: Nathan Straz <nstraz@redhat.com> 2009-10-22 17:54:49 -0400
commit: 6ec522d33eed9bf993c9a5a5f80a21f5db5ce113 (patch)
tree: 437f91ff8acc26b54950572c7e86c5235da3cff8 /qarsh.spec
parent: 0d65048dd98bc1b408fe9a2f3e6157c28a1c4c7d (diff)
download: qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.tar.gz
qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.tar.xz
qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.zip
1 files changed, 44 insertions, 1 deletions
diff --git a/qarsh.spec b/qarsh.spec
index 9baf81e..69effb2 100644
--- a/qarsh.spec
+++ b/qarsh.spec
@@ -1,7 +1,7 @@
 Summary:        QA Remote Shell
 Name:           qarsh
 Version:        1.24
-Release: 	2%{?dist}
+Release: 	3%{?dist}
 Group:          QA
 License:        GPL
 Buildroot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -31,17 +31,41 @@ allows anyone to connect to the host as any user and do any thing.
 
 WARNING: THIS PACKAGE PROVIDES REMOTE ROOT ACCESS WITHOUT AUTHENTICATION 
 
+
+
+%global selinux_variants targeted
+%global selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0)
+
+%package selinux
+Summary:	SELinux policy module supporting qarsh
+Group:		QA
+BuildRequires:  checkpolicy, selinux-policy-devel, /usr/share/selinux/devel/policyhelp, hardlink
+%if "%{selinux_policyver}" != ""
+Requires:	selinux-policy >= %{selinux_policyver}
+%endif
+Requires:	%{name} = %{version}-%{release}
+Requires(post):		/usr/sbin/semodule, /sbin/fixfiles, qarsh-server
+Requires(postun):	/usr/sbin/semodule
+
+
+%description selinux
+SELinux policy maker for qarsh
+
 %prep
 
 %setup -q
 
 %build
 make %{?_smp_mflags}
+make -C SELinux
 
 %install
 rm -rf $RPM_BUILD_ROOT
 make install INSTROOT=$RPM_BUILD_ROOT
 
+mkdir -p $RPM_BUILD_ROOT%{_datadir}/selinux/packages/qarsh
+cp -p SELinux/qarshd.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/qarsh
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -53,6 +77,15 @@ if [ $1 = 0 ]; then
     /sbin/service xinetd reload > /dev/null 2>&1 || :
 fi
 
+%post selinux
+/usr/sbin/semodule -i %{_datadir}/selinux/packages/qarsh/qarshd.pp || :
+/sbin/fixfiles -R qarsh-server restore || :
+
+%postun selinux
+if [ $1 = 0 ]; then
+	/usr/sbin/semodule -r qarshd || :
+fi
+
 %files
 %defattr(-,root,root)
 /usr/bin/qarsh
@@ -68,7 +101,17 @@ fi
 %config /etc/xinetd.d/btimed
 %doc %{_mandir}/man8/*
 
+%files selinux
+%defattr(-,root,root)
+%doc SELinux/*
+%{_datadir}/selinux/packages/qarsh
+
+
 %changelog
+* Thu Oct 22 2009 Nate Straz <nstraz@redhat.com>
++ qarsh-1.24-3
+- Add SELinux policy build
+
 * Fri Apr 17 2009 Nate Straz <nstraz@redhat.com> 
 + qarsh-1.24-2
 - Fix up spec file for tarballs with prefixes
author	Nathan Straz <nstraz@redhat.com>	2009-10-22 17:54:49 -0400
committer	Nathan Straz <nstraz@redhat.com>	2009-10-22 17:54:49 -0400
commit	6ec522d33eed9bf993c9a5a5f80a21f5db5ce113 (patch)
tree	437f91ff8acc26b54950572c7e86c5235da3cff8 /qarsh.spec
parent	0d65048dd98bc1b408fe9a2f3e6157c28a1c4c7d (diff)
download	qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.tar.gz qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.tar.xz qarsh-6ec522d33eed9bf993c9a5a5f80a21f5db5ce113.zip