From: František Dvořák Date: Thu, 5 Jun 2014 18:43:35 +0000 (+0200) Subject: SELinux policy from https://bugzilla.redhat.com/show_bug.cgi?id=1051461. X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=33cc2af201b40254f99011bf33ab6d7d9ae055ba;p=rubygem-passenger-packaging.git SELinux policy from https://bugzilla.redhat.com/show_bug.cgi?id=1051461. --- diff --git a/puppet_passenger.te b/passenger.te similarity index 89% rename from puppet_passenger.te rename to passenger.te index 7676bd5..e2e43af 100644 --- a/puppet_passenger.te +++ b/passenger.te @@ -13,6 +13,8 @@ require { type sysctl_net_t; type httpd_t; type proc_net_t; + type home_root_t; + type lib_t; class sock_file write; class tcp_socket listen; class dir { search create rmdir }; @@ -35,3 +37,7 @@ allow passenger_t sysctl_net_t:dir search; allow passenger_t sysfs_t:dir search; allow passenger_t sysfs_t:file { read open }; allow passenger_t user_tmp_t:file { read getattr open }; + +# passenger + occi server +allow passenger_t home_root_t:dir search; +allow passenger_t lib_t:file execute_no_trans; diff --git a/rubygem-passenger.spec b/rubygem-passenger.spec index 186f1d2..5f540ff 100644 --- a/rubygem-passenger.spec +++ b/rubygem-passenger.spec @@ -40,6 +40,7 @@ Source1: passenger.logrotate Source2: rubygem-passenger.tmpfiles Source10: apache-passenger.conf.in Source11: locations.ini +Source12: passenger.te # Include sys/types.h for GCC 4.7 Patch2: rubygem-passenger-4.0.18-gcc47-include-sys_types.patch @@ -70,6 +71,9 @@ Requires: ruby(release) %else Requires: ruby(abi) = 1.8 %endif +Requires(post): policycoreutils-python +Requires(preun): policycoreutils-python +Requires(postun): policycoreutils-python %if 0%{?rhel} >= 6 || 0%{?fedora} >= 15 BuildRequires: libcurl-devel @@ -88,6 +92,7 @@ BuildRequires: doxygen BuildRequires: graphviz BuildRequires: httpd-devel BuildRequires: libev-devel +BuildRequires: policycoreutils-python BuildRequires: ruby BuildRequires: ruby-devel BuildRequires: rubygems @@ -228,6 +233,10 @@ rake package:gem SKIP_SIGNING=1 rake apache2 #rake nginx +checkmodule -M -m -o passenger.mod %{SOURCE12} +semodule_package -o passenger.pp -m passenger.mod + + %install export USE_VENDORED_LIBEV=false @@ -324,6 +333,10 @@ find %{buildroot}%{gem_instdir} -type f -size 0c -delete %{__cp} -p doc/Users?guide?Apache.txt %{buildroot}%{_docdir}/mod_passenger-%{version} %endif +%{__mkdir_p} %{buildroot}%{_datadir}/selinux/packages/%{name} +install -m 0644 passenger.pp %{buildroot}%{_datadir}/selinux/packages/%{name} + + %check export USE_VENDORED_LIBEV=false # Run the tests, capture the output, but don't fail the build if the tests fail @@ -342,6 +355,25 @@ sed -i \ rake test --trace ||: + +%post +if [ "$1" -le "1" ] ; then # First install + semodule -i %{_datadir}/selinux/packages/%{name}/passenger.pp 2>/dev/null || : +fi + + +%preun +if [ "$1" -lt "1" ] ; then # Final removal + semodule -r passenger 2>/dev/null || : +fi + + +%postun +if [ "$1" -ge "1" ] ; then # Upgrade + semodule -i %{_datadir}/selinux/packages/%{name}/passenger.pp 2>/dev/null || : +fi + + %files %doc %{gem_instdir}/README.md %doc %{gem_instdir}/CHANGELOG @@ -370,6 +402,8 @@ rake test --trace ||: %exclude %{gem_instdir}/configure %exclude %{gem_instdir}/debian.template/ %exclude %{gem_cache} +%dir %{_datadir}/selinux/packages/%{name} +%{_datadir}/selinux/packages/%{name}/passenger.pp %files doc %doc %{gem_docdir}