File policycoreutils.spec of Package policycoreutils.10737
#
# spec file for package policycoreutils
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define libaudit_ver 2.2
%define libsepol_ver 2.6
%define libsemanage_ver 2.6
%define libselinux_ver 2.6
%define sepolgen_ver 2.6
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: policycoreutils
Version: 2.6
Release: 0
Summary: SELinux policy core utilities
License: GPL-2.0-or-later
Group: Productivity/Security
Url: https://github.com/SELinuxProject/selinux
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/%{name}-%{version}.tar.gz
Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-%{sepolgen_ver}.tar.gz
Source2: system-config-selinux.png
Source3: system-config-selinux.desktop
Source4: system-config-selinux.pam
Source5: system-config-selinux.console
Source6: selinux-polgengui.desktop
Source7: selinux-polgengui.console
Source8: policycoreutils_man_ru2.tar.bz2
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
Patch10: loadpolicy_path.patch
Patch11: CVE-2018-1063.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: dbus-1-glib-devel
BuildRequires: fdupes
BuildRequires: gettext
BuildRequires: hicolor-icon-theme
BuildRequires: libcap-devel
BuildRequires: libcap-ng-devel
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: libsemanage-devel >= %{libsemanage_ver}
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pam-devel
# needed only for dir /usr/share/polkit-1 from policycoreutils-gui
BuildRequires: polkit
BuildRequires: python-devel
BuildRequires: systemd-rpm-macros
BuildRequires: update-desktop-files
Requires: audit-libs-python
Requires: checkpolicy
Requires: gawk
Requires: python-selinux
Requires: policycoreutils-python
Requires: rpm
Requires: util-linux
# we need selinuxenabled
Requires(post): selinux-tools
Requires(pre): %fillup_prereq
Requires(pre): permissions
Recommends: %{name}-lang
%{?systemd_requires}
%description
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run %{_initddir} scripts in the proper
context.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%lang_package
%package python
Summary: SELinux policy core python utilities
Group: Productivity/Security
Requires: audit-libs-python >= %{libaudit_ver}
Requires: policycoreutils = %{version}
Requires: python-ipy
Requires: python-selinux >= %{libselinux_ver}
Requires: python-semanage >= %{libsemanage_ver}
Requires: python2-setools
Requires: python-enum34
Requires: python2-setuptools
Requires: python-xml
Requires: python-yum
Requires: python2-networkx
Requires: python2-selinux
Requires: yum-metadata-parser
%description python
The policycoreutils-python package contains the management tools used to manage an SELinux environment.
%package sandbox
Summary: SELinux sandbox utilities
Group: Productivity/Security
Requires: policycoreutils-python = %{version}
Requires: xorg-x11-server-extra
%description sandbox
The sandbox package contains the scripts to create graphical sandboxes.
%package newrole
Summary: The newrole application for RBAC/MLS
Group: Productivity/Security
Requires: policycoreutils = %{version}
Requires(pre): permissions
%description newrole
RBAC/MLS policy machines require newrole as a way of changing the role
or level of a logged-in user.
%if 0%{?suse_version} != 1500
%package gui
Summary: SELinux configuration GUI
Group: Productivity/Security
Requires: policycoreutils-python = %{version}
Requires: python
Requires: python-gnome
Requires: python-gtk
Requires: setools-console
%description gui
system-config-selinux is a utility for managing the SELinux environment.
%endif
%prep
%setup -q -a 1
%patch4
%patch5
%patch10 -p1
%patch11
%build
make %{?_smp_mflags} LSPP_PRIV=y LIBDIR="%{_libdir}" LIBEXECDIR="%{_libexecdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make %{?_smp_mflags} -C sepolgen-%{sepolgen_ver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
%install
mkdir -p %{buildroot}%{_localstatedir}/lib/selinux
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/sbin
mkdir -p %{buildroot}%{_mandir}/man1
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
make LSPP_PRIV=y DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" LIBEXECDIR="%{buildroot}%{_libexecdir}" INITDIR="%{buildroot}%{_initddir}" install
make -C sepolgen-%{sepolgen_ver} DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" install
install -D -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png
# Don't install initscript if systemd is available
rm -r %{buildroot}%{_initddir}
ln -sf service %{buildroot}%{_sbindir}/rcrestorecond
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
tar -jxf %{SOURCE8} -C %{buildroot}/
rm -f %{buildroot}%{_mandir}/ru/man8/genhomedircon.8.gz
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
mkdir -p %{buildroot}%{_fillupdir}/
mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox %{buildroot}%{_fillupdir}/sysconfig.sandbox
rmdir %{buildroot}/%{_sysconfdir}/sysconfig
%suse_update_desktop_file -i system-config-selinux System Security Settings
%suse_update_desktop_file -i sepolicy System Security Settings
%suse_update_desktop_file -i selinux-polgengui System Security Settings
%find_lang %{name}
%fdupes -s %{buildroot}/%{_datadir}
%if 0%{?suse_version} == 1500
rm %{buildroot}/etc/dbus-1/system.d/org.selinux.conf %{buildroot}/etc/pam.d/selinux-polgengui %{buildroot}/etc/pam.d/system-config-selinux %{buildroot}/etc/security/console.apps/selinux-polgengui %{buildroot}/etc/security/console.apps/system-config-selinux %{buildroot}/usr/bin/selinux-polgengui %{buildroot}/usr/bin/sepolgen %{buildroot}/usr/bin/system-config-selinux %{buildroot}/usr/share/applications/selinux-polgengui.desktop %{buildroot}/usr/share/applications/sepolicy.desktop %{buildroot}/usr/share/applications/system-config-selinux.desktop %{buildroot}/usr/share/icons/hicolor/16x16/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/22x22/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/24x24/apps/system-config-selinux.png %{buildroot}/usr/share/icons/hicolor/256x256/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/32x32/apps/sepolicy.png %{buildroot}/usr/share/icons/hicolor/48x48/apps/sepolicy.png %{buildroot}/usr/share/man/man8/selinux-polgengui.8 %{buildroot}/usr/share/pixmaps/sepolicy.png %{buildroot}/usr/share/pixmaps/system-config-selinux.png %{buildroot}/usr/share/polkit-1/actions/org.selinux.config.policy %{buildroot}/usr/share/polkit-1/actions/org.selinux.policy %{buildroot}/usr/share/system-config-selinux/booleansPage.py %{buildroot}/usr/share/system-config-selinux/domainsPage.py %{buildroot}/usr/share/system-config-selinux/fcontextPage.py %{buildroot}/usr/share/system-config-selinux/html_util.py %{buildroot}/usr/share/system-config-selinux/loginsPage.py %{buildroot}/usr/share/system-config-selinux/mappingsPage.py %{buildroot}/usr/share/system-config-selinux/modulesPage.py %{buildroot}/usr/share/system-config-selinux/polgen.glade %{buildroot}/usr/share/system-config-selinux/polgengui.py %{buildroot}/usr/share/system-config-selinux/portsPage.py %{buildroot}/usr/share/system-config-selinux/selinux-polgengui.desktop %{buildroot}/usr/share/system-config-selinux/selinux_server.py %{buildroot}/usr/share/system-config-selinux/semanagePage.py %{buildroot}/usr/share/system-config-selinux/sepolicy.desktop %{buildroot}/usr/share/system-config-selinux/statusPage.py %{buildroot}/usr/share/system-config-selinux/system-config-selinux.desktop %{buildroot}/usr/share/system-config-selinux/system-config-selinux.glade %{buildroot}/usr/share/system-config-selinux/system-config-selinux.png %{buildroot}/usr/share/system-config-selinux/system-config-selinux.py %{buildroot}/usr/share/system-config-selinux/usersPage.py %{buildroot}/usr/share/man/man8/system-config-selinux.8
%endif
%pre
%service_add_pre restorecond.service
%post
%service_add_post restorecond.service
%fillup_only
%preun
%service_del_preun restorecond.service
%postun
%service_del_postun restorecond.service
%post python
selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen 2>/dev/null
exit 0
%post newrole
%set_permissions %{_bindir}/newrole
%verifyscript
%verify_permissions -e %{_bindir}/newrole
%files
/sbin/restorecon
/sbin/fixfiles
/sbin/setfiles
/sbin/load_policy
/sbin/restorecon_xattr
%{_sbindir}/genhomedircon
%{_sbindir}/load_policy
%{_sbindir}/restorecond
%{_sbindir}/setsebool
%{_sbindir}/semodule
%{_sbindir}/sestatus
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
%{_bindir}/secon
%{_bindir}/semodule_deps
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%{_bindir}/semodule_unpackage
%attr(644,root,root) %{_unitdir}/restorecond.service
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%{_sbindir}/rcrestorecond
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
%{_sysconfdir}/xdg/autostart/restorecond.desktop
%dir %{_libexecdir}/selinux
%dir %{_libexecdir}/selinux/hll
%{_libexecdir}/selinux/hll/pp
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
%{_datadir}/dbus-1/system-services/org.selinux.service
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%dir %{_mandir}/ru
%dir %{_mandir}/ru/man1
%dir %{_mandir}/ru/man8
%{_mandir}/man8/restorecon_xattr.8%{?ext_man}
%{_mandir}/man5/selinux_config.5%{?ext_man}
%{_mandir}/man5/sestatus.conf.5%{?ext_man}
%{_mandir}/man8/semodule_unpackage.8%{?ext_man}
%{_mandir}/man8/fixfiles.8%{?ext_man}
%{_mandir}/ru/man8/fixfiles.8%{?ext_man}
%{_mandir}/man8/load_policy.8%{?ext_man}
%{_mandir}/ru/man8/load_policy.8%{?ext_man}
%{_mandir}/man8/open_init_pty.8%{?ext_man}
%{_mandir}/ru/man8/open_init_pty.8%{?ext_man}
%{_mandir}/man8/restorecon.8%{?ext_man}
%{_mandir}/ru/man8/restorecon.8%{?ext_man}
%{_mandir}/man8/restorecond.8%{?ext_man}
%{_mandir}/ru/man8/restorecond.8%{?ext_man}
%{_mandir}/man8/run_init.8%{?ext_man}
%{_mandir}/ru/man8/run_init.8%{?ext_man}
%{_mandir}/man8/semodule.8%{?ext_man}
%{_mandir}/ru/man8/semodule.8%{?ext_man}
%{_mandir}/man8/semodule_deps.8%{?ext_man}
%{_mandir}/ru/man8/semodule_deps.8%{?ext_man}
%{_mandir}/man8/semodule_expand.8%{?ext_man}
%{_mandir}/ru/man8/semodule_expand.8%{?ext_man}
%{_mandir}/man8/semodule_link.8%{?ext_man}
%{_mandir}/ru/man8/semodule_link.8%{?ext_man}
%{_mandir}/man8/semodule_package.8%{?ext_man}
%{_mandir}/ru/man8/semodule_package.8%{?ext_man}
%{_mandir}/man8/sestatus.8%{?ext_man}
%{_mandir}/ru/man8/sestatus.8%{?ext_man}
%{_mandir}/man8/setfiles.8%{?ext_man}
%{_mandir}/ru/man8/setfiles.8%{?ext_man}
%{_mandir}/man8/setsebool.8%{?ext_man}
%{_mandir}/ru/man8/setsebool.8%{?ext_man}
%{_mandir}/man1/secon.1%{?ext_man}
%{_mandir}/ru/man1/secon.1%{?ext_man}
%{_mandir}/man8/genhomedircon.8%{?ext_man}
%files lang -f %{name}.lang
%files python
%{_sbindir}/semanage
%{_bindir}/audit2allow
%{_bindir}/audit2why
%{_bindir}/chcat
%{_bindir}/sandbox
%{_bindir}/sepolicy
%{_bindir}/sepolgen-ifgen
%{_bindir}/sepolgen-ifgen-attr-helper
%{python_sitearch}/seobject.py*
%{python_sitearch}/sepolgen
%{_prefix}/lib*/python2.7/site-packages/sepolicy
%{_prefix}/lib*/python2.7/site-packages/sepolicy*.egg-info
%dir %{_localstatedir}/lib/sepolgen
%dir %{_localstatedir}/lib/selinux
%{_localstatedir}/lib/sepolgen/perm_map
%{_mandir}/man1/audit2allow.1%{?ext_man}
%{_mandir}/ru/man1/audit2allow.1%{?ext_man}
%{_mandir}/man1/audit2why.1%{?ext_man}
%{_mandir}/man8/chcat.8%{?ext_man}
%{_mandir}/ru/man8/chcat.8%{?ext_man}
%{_mandir}/man8/sandbox.8%{?ext_man}
%{_mandir}/man5/sandbox*
%{_mandir}/man8/semanage*.8%{?ext_man}
%{_mandir}/man8/sepolicy*.8%{?ext_man}
%{_mandir}/man8/sepolgen.8%{?ext_man}
%{_mandir}/ru/man8/semanage.8%{?ext_man}
%{_datadir}/bash-completion/completions/semanage
%{_datadir}/bash-completion/completions/sepolicy
%{_datadir}/bash-completion/completions/setsebool
%files sandbox
%attr(0755,root,root) %{_sbindir}/seunshare
%dir %{_datadir}/sandbox
%{_datadir}/sandbox/sandboxX.sh
%{_datadir}/sandbox/start
%{_fillupdir}/sysconfig.sandbox
%{_mandir}/man8/seunshare.8%{?ext_man}
%files newrole
%verify(not mode) %attr(0755,root,root) %{_bindir}/newrole
%{_mandir}/man1/newrole.1%{?ext_man}
%config(noreplace) %{_sysconfdir}/pam.d/newrole
%if 0%{?suse_version} != 1500
%files gui
%{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui
%{_datadir}/applications/system-config-selinux.desktop
%{_datadir}/system-config-selinux/system-config-selinux.desktop
%{_bindir}/sepolgen
%{_datadir}/applications/selinux-polgengui.desktop
%{_datadir}/applications/sepolicy.desktop
%{_datadir}/system-config-selinux/selinux-polgengui.desktop
%{_datadir}/system-config-selinux/sepolicy.desktop
#%dir %{_datadir}/icons
#%dir %{_datadir}/icons/hicolor
#%dir %{_datadir}/icons/hicolor/24x24
#%dir %{_datadir}/icons/hicolor/24x24/apps
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
%{_datadir}/icons/hicolor/16x16/apps/sepolicy.png
%{_datadir}/icons/hicolor/22x22/apps/sepolicy.png
%{_datadir}/icons/hicolor/256x256/apps/sepolicy.png
%{_datadir}/icons/hicolor/32x32/apps/sepolicy.png
%{_datadir}/icons/hicolor/48x48/apps/sepolicy.png
%{_datadir}/pixmaps/sepolicy.png
%{_datadir}/pixmaps/system-config-selinux.png
%{_datadir}/polkit-1/actions/org.selinux.config.policy
%{_datadir}/polkit-1/actions/org.selinux.policy
%dir %{_datadir}/system-config-selinux
#%dir %{_datadir}/system-config-selinux/templates
%{_datadir}/system-config-selinux/system-config-selinux.png
%{_datadir}/system-config-selinux/*.py*
#%{_datadir}/system-config-selinux/selinux.tbl
%{_datadir}/system-config-selinux/*.glade
%{_mandir}/man8/selinux-polgengui.8%{?ext_man}
%{_mandir}/man8/system-config-selinux.8%{?ext_man}
#%%{_datadir}/system-config-selinux/templates/*.py*
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
%dir %{_sysconfdir}/security/console.apps
%config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
%endif
%changelog
