File policycoreutils.spec of Package policycoreutils
#
# spec file for package policycoreutils (Version 2.0.79)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
%define libaudit_ver 1.4.2
%define libsepol_ver 2.0.41
%define libsemanage_ver 2.0.43
%define libselinux_ver 2.0.90
%define sepolgen_ver 1.0.19
Name: policycoreutils
Version: 2.0.79
Release: 4
Url: http://www.nsa.gov/selinux/
License: GPLv2+
Group: Productivity/Security
Summary: SELinux policy core utilities
Source: %{name}-%{version}.tar.bz2
Source1: sepolgen-%{sepolgen_ver}.tar.bz2
Source2: system-config-selinux.png
Source3: system-config-selinux.desktop
Source4: system-config-selinux.pam
Source5: system-config-selinux.console
Source6: selinux-polgengui.desktop
Source7: selinux-polgengui.console
Source8: policycoreutils_man_ru2.tar.bz2
Source9: sandbox.init
Patch0: policycoreutils-rhat.patch.bz2
Patch1: policycoreutils-po.patch.bz2
Patch2: policycoreutils-gui.patch.bz2
Patch3: policycoreutils-sepolgen.patch
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
Patch6: policycoreutils-setup_py-prefix.patch
Patch7: policycoreutils-gnusource.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gettext libcap-devel pam-devel python-devel update-desktop-files
BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: libsemanage-devel >= %{libsemanage_ver}
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: libcap-ng-devel
BuildRequires: dbus-1-glib-devel
PreReq: %insserv_prereq %fillup_prereq permissions
Requires: util-linux gawk rpm checkpolicy python-selinux audit-libs-python
%description
Security-enhanced Linux is a feature of the Linux(R) kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement(R), Role-based Access
Control, and Multi-level Security.
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.
%prep
%setup -q -a 1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4
%patch5
%patch6
%patch7
sleep 1
touch po/policycoreutils.pot
sleep 1
%build
export SUSE_ASNEEDED=0
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C sepolgen-%{sepolgen_ver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
%install
mkdir -p %{buildroot}/var/lib/selinux
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/sbin
mkdir -p %{buildroot}%{_mandir}/man1
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
install -D -m 0755 %{SOURCE9} %{buildroot}/%{_initddir}/sandbox
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" INITDIR="%{buildroot}%{_initddir}" install
make -C sepolgen-%{sepolgen_ver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
install -D -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
tar -jxf %{SOURCE8} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
ln -sf %{_initddir}/restorecond %{buildroot}%{_sbindir}/rcrestorecond
ln -sf %{_initddir}/sandbox %{buildroot}%{_sbindir}/rcsandbox
%suse_update_desktop_file -i system-config-selinux System Security Settings
%suse_update_desktop_file -i selinux-polgengui System Security Settings
%find_lang %{name}
%package python
License: GPLv2+
Summary: SELinux policy core python utilities
Group: Productivity/Security
Requires: policycoreutils = %{version}
Requires: python-semanage >= %{libsemanage_ver}
Requires: python-selinux >= %{libselinux_ver}
Requires: audit-libs-python >= %{libaudit_ver}
Requires: python-setools
%description python
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
%files python
%defattr(-,root,root,-)
%{_sbindir}/semanage
%{_bindir}/audit2allow
%{_bindir}/audit2why
%{_bindir}/chcat
%{_bindir}/sandbox
%{_bindir}/sepolgen-ifgen
%{python_sitearch}/seobject.py*
%{python_sitearch}/sepolgen
%{python_sitearch}/%{name}
%{python_sitearch}/%{name}*.egg-info
%dir /var/lib/sepolgen
%dir /var/lib/selinux
/var/lib/sepolgen/perm_map
%{_mandir}/man1/audit2allow.1*
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/sandbox.8*
%{_mandir}/man8/semanage.8*
%{_mandir}/ru/man8/semanage.8*
%post python
[ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen > /dev/null
exit 0
%package sandbox
License: GPLv2+
Summary: SELinux sandbox utilities
Group: System Environment/Base
Requires: policycoreutils-python = %{version}
# Requires: xorg-x11-server-Xephyr
# Requires: matchbox-window-manager
%description sandbox
The sandbox package contains the scripts to create graphical sandboxes
%files sandbox
%defattr(-,root,root,-)
%{_initddir}/sandbox
%{_sbindir}/rcsandbox
%attr(0755,root,root) %{_sbindir}/seunshare
%dir %{_datadir}/sandbox
%{_datadir}/sandbox/sandboxX.sh
%post sandbox
%fillup_and_insserv sandbox
%preun sandbox
if [ "$1" -eq "0" ]; then
%stop_on_removal sandbox
%insserv_cleanup
fi
%postun sandbox
if [ "$1" -ge "1" ]; then
%restart_on_update sandbox
%insserv_cleanup
fi
%package newrole
License: GPLv2+
Summary: The newrole application for RBAC/MLS
Group: Producitvity/Security
Requires: policycoreutils = %{version}
%description newrole
RBAC/MLS policy machines require newrole as a way of changing the role
or level of a logged in user.
%files newrole
%defattr(-,root,root)
%verify(not mode) %attr(0755,root,root) %{_bindir}/newrole
%{_mandir}/man1/newrole.1.gz
%post newrole
%run_permissions
%verifyscript
%verify_permissions -e %{_bindir}/newrole
%package gui
License: GPLv2+
Summary: SELinux configuration GUI
Group: Producitvity/Security
Requires: policycoreutils-python = %{version}
Requires: python-gnome
Requires: python-gtk
# Requires: gnome-python2-canvas
# Requires: usermode-gtk
Requires: setools-console
Requires: selinux-policy
Requires: python
%description gui
system-config-selinux is a utility for managing the SELinux environment
%files gui
%defattr(-,root,root)
%{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui
%{_bindir}/sepolgen
%dir %{_datadir}/system-config-selinux
%dir %{_datadir}/system-config-selinux/templates
%{_datadir}/system-config-selinux/*.py*
%{_datadir}/system-config-selinux/selinux.tbl
%{_datadir}/system-config-selinux/*.glade
%{_datadir}/system-config-selinux/templates/*.py*
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
%dir %{_sysconfdir}/security/console.apps
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
%config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
%{_datadir}/applications/selinux-polgengui.desktop
%{_datadir}/applications/system-config-selinux.desktop
%{_datadir}/pixmaps/system-config-selinux.png
%clean
rm -rf %{buildroot}
%files -f %{name}.lang
%defattr(-,root,root)
/sbin/restorecon
/sbin/fixfiles
/sbin/setfiles
/sbin/load_policy
%{_sbindir}/genhomedircon
%{_sbindir}/load_policy
%{_sbindir}/restorecond
%{_sbindir}/setsebool
%{_sbindir}/semodule
%{_sbindir}/sestatus
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
%{_bindir}/secon
%{_bindir}/semodule_deps
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%config(noreplace) %{_sysconfdir}/pam.d/newrole
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%attr(755,root,root) %{_initddir}/restorecond
%{_sbindir}/rcrestorecond
%config(noreplace) /etc/selinux/restorecond.conf
%config(noreplace) /etc/selinux/restorecond_user.conf
%{_sysconfdir}/xdg/autostart/restorecond.desktop
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%dir %{_mandir}/ru
%dir %{_mandir}/ru/man1
%dir %{_mandir}/ru/man8
%{_mandir}/man8/fixfiles.8*
%{_mandir}/ru/man8/fixfiles.8*
%{_mandir}/man8/load_policy.8*
%{_mandir}/ru/man8/load_policy.8*
%{_mandir}/man8/open_init_pty.8*
%{_mandir}/ru/man8/open_init_pty.8*
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
%{_mandir}/man8/run_init.8*
%{_mandir}/ru/man8/run_init.8*
%{_mandir}/man8/semodule.8*
%{_mandir}/ru/man8/semodule.8*
%{_mandir}/man8/semodule_deps.8*
%{_mandir}/ru/man8/semodule_deps.8*
%{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8*
%{_mandir}/ru/man8/semodule_link.8*
%{_mandir}/man8/semodule_package.8*
%{_mandir}/ru/man8/semodule_package.8*
%{_mandir}/man8/sestatus.8*
%{_mandir}/ru/man8/sestatus.8*
%{_mandir}/man8/setfiles.8*
%{_mandir}/ru/man8/setfiles.8*
%{_mandir}/man8/setsebool.8*
%{_mandir}/ru/man8/setsebool.8*
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
%post
%fillup_and_insserv restorecond
%preun
if [ "$1" -eq "0" ]; then
%stop_on_removal restorecond
%insserv_cleanup
fi
%postun
if [ "$1" -ge "1" ]; then
%restart_on_update restorecond
%insserv_cleanup
fi
%changelog
