Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:12.3
selinux-policy
selinux-policy.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File selinux-policy.spec of Package selinux-policy
# # spec file for package selinux-policy # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define distro suse %define polyinstatiate n %define monolithic n %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1} %define BUILD_DOC 0 %endif %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1} %define BUILD_TARGETED 1 %endif # minimum policy is currently disabled a may not even build %if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1} %define BUILD_MINIMUM 0 %endif %if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} %define BUILD_MLS 1 %endif %define POLICYVER 27 %define libsepolver 2.0.20-1 %define POLICYCOREUTILSVER 2.0.71-2 %define CHECKPOLICYVER 2.0.16-3 Summary: SELinux policy configuration License: GPL-2.0+ Group: System/Management Name: selinux-policy Version: 2.20120725 Release: 1%{?dist} Source: refpolicy-%{version}.tar.bz2 Source1: modules-targeted.conf Source2: booleans-targeted.conf Source3: Makefile.devel Source4: setrans-targeted.conf Source5: modules-mls.conf Source6: booleans-mls.conf Source8: setrans-mls.conf Source14: securetty_types-targeted Source15: securetty_types-mls Source16: modules-minimum.conf Source17: booleans-minimum.conf Source18: setrans-minimum.conf Source19: securetty_types-minimum Source20: customizable_types Source21: config.tgz Source22: users-mls Source23: users-targeted Source25: users-minimum Source26: selinux-policy.sysconfig Source27: selinux-policy.conf Source28: file_contexts.subs_dist Source30: booleans.subs_dist # the following two files are more like a packaging documentation Source40: Alan_Rouse-openSUSE_with_SELinux.txt Source41: Alan_Rouse-Policy_Development_Process.txt # PATCH-FEATURE-OPENSUSE SUSE specific policy from Alan Rouse Patch1: selinux-policy-SUSE.patch # PATCH-FEATURE-OPENSUSE check for errors in .if files Patch3: selinux-policy-run_sepolgen_during_build.patch Url: http://oss.tresys.com/repos/refpolicy/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch BuildRequires: %fillup_prereq BuildRequires: %insserv_prereq BuildRequires: bzip2 BuildRequires: checkpolicy >= %{CHECKPOLICYVER} BuildRequires: gawk BuildRequires: m4 BuildRequires: policycoreutils-python >= %{POLICYCOREUTILSVER} BuildRequires: python BuildRequires: python-xml # we need selinuxenabled Requires(post): selinux-tools Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(post): /usr/bin/bunzip2 /bin/mktemp /bin/awk Requires: checkpolicy >= %{CHECKPOLICYVER} Requires: m4 Recommends: audit Recommends: selinux-tools Obsoletes: selinux-policy-devel <= %{version}-%{release} Provides: selinux-policy-devel = %{version}-%{release} %description SELinux Base package %files %defattr(-,root,root,-) %dir %{_usr}/share/selinux %dir %{_usr}/share/selinux/packages %dir %{_sysconfdir}/selinux %attr(0600,root,root) %ghost %config(noreplace) %{_sysconfdir}/selinux/config %dir /usr/lib/tmpfiles.d %{_usr}/lib/tmpfiles.d/selinux-policy.conf %{_mandir}/man*/* # policycoreutils owns these manpage directories, we only own the files within them %{_mandir}/ru/*/* %dir %{_usr}/share/selinux/devel %dir %{_usr}/share/selinux/devel/include %{_usr}/share/selinux/devel/include/* %{_usr}/share/selinux/devel/Makefile %{_usr}/share/selinux/devel/example.* %{_usr}/share/selinux/devel/policy.* %dir %{_localstatedir}/adm/fillup-templates %dir %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %package doc Summary: SELinux policy documentation Group: System/Management Requires(pre): selinux-policy = %{version}-%{release} Requires: /usr/bin/xdg-open %description doc SELinux policy documentation package %files doc %defattr(-,root,root,-) %doc %{_usr}/share/doc/%{name}-%{version} %attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp #TODO: this doesn't work currently #%%check #/usr/bin/sepolgen-ifgen -v -d -i %{buildroot}%{_usr}/share/selinux/devel/include -o /dev/null %define makeCmds() \ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \ cp -f selinux_config/modules-%1.conf ./policy/modules.conf \ cp -f selinux_config/booleans-%1.conf ./policy/booleans.conf \ cp -f selinux_config/users-%1 ./policy/users \ %define installCmds() \ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \ make validate UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 modules \ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install \ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install-appconfig \ %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/logins \ %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/policy \ %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules \ %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/contexts/files \ touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \ touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \ rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/booleans \ touch %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \ touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \ install -m0644 selinux_config/securetty_types-%1 %{buildroot}%{_sysconfdir}/selinux/%1/contexts/securetty_types \ install -m0644 selinux_config/file_contexts.subs_dist %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files \ install -m0644 selinux_config/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \ install -m0644 selinux_config/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/seusers \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.local \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/nodes.local \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users_extra.local \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users.local \ cp %{SOURCE30} %{buildroot}%{_sysconfdir}/selinux/%1 \ bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \ rm -f %{buildroot}/%{_usr}/share/selinux/%1/base.pp \ for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/`basename $i`; done \ rm -f %{buildroot}/%{_usr}/share/selinux/%1/*pp* \ /usr/sbin/semodule -s %1 -n -B -p %{buildroot}; \ /usr/bin/sha512sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f 1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policy.sha512; \ rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \ rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern %nil %define fileList() \ %defattr(-,root,root) \ %dir %{_sysconfdir}/selinux/%1 \ #%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \ %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \ %ghost %{_sysconfdir}/selinux/%1/seusers \ %dir %{_sysconfdir}/selinux/%1/logins \ %dir %{_sysconfdir}/selinux/%1/modules \ %verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \ %verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \ %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \ %dir %{_sysconfdir}/selinux/%1/modules/active/modules \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/policy.kern \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/commit_num \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/base.pp \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.homedirs \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.template \ %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/seusers.final \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/netfilter_contexts \ %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/users_extra \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/homedir_template \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/*.pp \ %ghost %{_sysconfdir}/selinux/%1/modules/active/*.local \ %ghost %{_sysconfdir}/selinux/%1/modules/active/seusers \ %dir %{_sysconfdir}/selinux/%1/policy/ \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \ %{_sysconfdir}/selinux/%1/.policy.sha512 \ %dir %{_sysconfdir}/selinux/%1/contexts \ %config %{_sysconfdir}/selinux/%1/contexts/customizable_types \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/securetty_types \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \ %config %{_sysconfdir}/selinux/%1/contexts/x_contexts \ %config %{_sysconfdir}/selinux/%1/contexts/default_contexts \ %config %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \ %config %{_sysconfdir}/selinux/%1/contexts/virtual_image_context \ #%config %{_sysconfdir}/selinux/%1/contexts/lxc_contexts \ %config %{_sysconfdir}/selinux/%1/contexts/sepgsql_contexts \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/failsafe_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/removable_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/userhelper_context \ %dir %{_sysconfdir}/selinux/%1/contexts/files \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts \ %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \ %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \ %{_sysconfdir}/selinux/%1/booleans.subs_dist \ %config %{_sysconfdir}/selinux/%1/contexts/files/media \ %dir %{_sysconfdir}/selinux/%1/contexts/users \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/sepgsql_contexts \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/virtual_image_context %define relabel() \ . %{_sysconfdir}/sysconfig/selinux-policy; \ FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ selinuxenabled; \ if [ $? = 0 -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \ fixfiles -C ${FILE_CONTEXT}.pre restore; \ restorecon -R /root /var/log /var/run /var/lib 2> /dev/null; \ rm -f ${FILE_CONTEXT}.pre; \ fi; %define preInstall() \ if [ $1 -ne 1 ] && [ -s %{_sysconfdir}/selinux/config ]; then \ . %{_sysconfdir}/selinux/config; \ FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \ [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \ fi; \ touch /etc/selinux/%1/.rebuild; \ if [ -e /etc/selinux/%1/.policy.sha512 ]; then \ sha512=`sha512sum /etc/selinux/%1/modules/active/policy.kern | cut -d ' ' -f 1`; \ checksha512=`cat /etc/selinux/%1/.policy.sha512`; \ if [ "$sha512" == "$checksha512" ] ; then \ rm /etc/selinux/%1/.rebuild; \ fi; \ fi; \ fi; %define postInstall() \ . %{_sysconfdir}/selinux/config; \ if [ -e /etc/selinux/%2/.rebuild ]; then \ rm /etc/selinux/%2/.rebuild; \ /usr/sbin/semodule -B -n -s %2; \ fi; \ if [ "${SELINUXTYPE}" == "%2" ]; then \ if selinuxenabled; then \ load_policy; \ else \ # selinux isn't enabled \ # (probably a first install of the policy) \ # -> we can't load the policy \ true; \ fi; \ fi; \ if selinuxenabled; then \ if [ %1 -eq 1 ]; then \ /sbin/restorecon -R /root /var/log /var/run 2> /dev/null; \ else \ %relabel %2; \ fi; \ else \ # run fixfiles on next boot \ touch /.autorelabel \ fi; \ %define modulesList() \ awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules.lst \ %description SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20120725 %prep %setup -n refpolicy -q %patch1 -p1 %patch3 -p1 #%patch4 -p1 %build %install mkdir selinux_config for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE28};do cp $i selinux_config done tar zxvf selinux_config/config.tgz # Build targeted policy %{__rm} -fR %{buildroot} mkdir -p %{buildroot}%{_mandir} cp -R man/* %{buildroot}%{_mandir} mkdir -p %{buildroot}%{_sysconfdir}/selinux mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/ cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/ # Always create policy module package directories mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls,minimum,modules}/ # Install devel make clean %if %{BUILD_TARGETED} # Build targeted policy %makeCmds targeted mcs n y allow %installCmds targeted mcs n y allow %endif %if %{BUILD_MINIMUM} # Build minimum policy %makeCmds minimum mcs n y allow %installCmds minimum mcs n y allow %modulesList minimum %endif %if %{BUILD_MLS} # Build mls policy %makeCmds mls mls n y deny %installCmds mls mls n y deny %endif make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs mkdir %{buildroot}%{_usr}/share/selinux/devel/ mkdir %{buildroot}%{_usr}/share/selinux/packages/ mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include install -m 644 selinux_config/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/ install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/ echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp rm -rf selinux_config # fillup sysconfig mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates cp %{SOURCE26} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %clean #%%{__rm} -fR %{buildroot} #TODO: add minimum to the policies list in /etc/selinux/config once the package is built # minimum - Modification of targeted policy. Only selected processes are protected. %post if [ ! -s /etc/sysconfig/selinux-policy ]; then # New install so we will default to targeted policy %{fillup_only} ln -sf /etc/sysconfig/selinux-policy /etc/selinux/config restorecon /etc/selinux/config 2> /dev/null || : else %{fillup_only} . /etc/sysconfig/selinux-policy # if first time update booleans.local needs to be copied to sandbox [ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/ [ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers fi exit 0 %postun if [ $1 = 0 ]; then setenforce 0 2> /dev/null if [ ! -s /etc/selinux/config ]; then echo "SELINUX=disabled" > /etc/selinux/config else sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config fi fi exit 0 %if %{BUILD_TARGETED} %package targeted Summary: SELinux targeted base policy Group: System/Management Provides: selinux-policy-base = %{version}-%{release} Obsoletes: selinux-policy-targeted-sources < 2 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): coreutils Requires(pre): selinux-policy = %{version}-%{release} Requires: selinux-policy = %{version}-%{release} Conflicts: audispd-plugins <= 1.7.7-1 Obsoletes: mod_fcgid-selinux <= %{version}-%{release} Conflicts: seedit %description targeted SELinux Reference policy targeted base module. %pre targeted %preInstall targeted %post targeted %postInstall $1 targeted exit 0 %triggerpostun targeted -- selinux-policy-targeted < 3.9.0 restorecon -R -p /home exit 0 %files targeted %defattr(-,root,root,-) %config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u %fileList targeted %endif %if %{BUILD_MINIMUM} %package minimum Summary: SELinux minimum base policy Group: System/Management Provides: selinux-policy-base = %{version}-%{release} Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER} Requires(pre): coreutils Requires(pre): selinux-policy = %{version}-%{release} Requires: selinux-policy = %{version}-%{release} Conflicts: seedit %description minimum SELinux Reference policy minimum base module. %pre minimum %preInstall minimum if [ $1 -ne 1 ]; then /usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ print $1 }' > /usr/share/selinux/minimum/instmodules.lst fi %post minimum allpackages=`cat /usr/share/selinux/minimum/modules.lst` if [ $1 -eq 1 ]; then packages="clock.pp execmem.pp unconfined.pp unconfineduser.pp application.pp userdomain.pp authlogin.pp logging.pp selinuxutil.pp init.pp systemd.pp sysnetwork.pp miscfiles.pp libraries.pp modutils.pp sysadm.pp locallogin.pp dbus.pp rpm.pp mount.pp fstools.pp usermanage.pp mta.pp" for p in $allpackages; do touch /etc/selinux/minimum/modules/active/modules/$p.disabled done for p in $packages; do rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled done /usr/sbin/semanage -S minimum -i - << __eof login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ login -m -s unconfined_u -r s0-s0:c0.c1023 root __eof /sbin/restorecon -R /root /var/log /var/run 2> /dev/null /usr/sbin/semodule -B -s minimum else instpackages=`cat /usr/share/selinux/minimum/instmodules.lst` for p in $allpackages; do touch /etc/selinux/minimum/modules/active/modules/$p.disabled done for p in $instpackages; do rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled done /usr/sbin/semodule -B -s minimum %relabel minimum fi exit 0 %files minimum %defattr(-,root,root,-) %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u %fileList minimum %dir %{_usr}/share/selinux/minimum %{_usr}/share/selinux/minimum/modules.lst %endif %if %{BUILD_MLS} %package mls Summary: SELinux mls base policy Group: System/Management Provides: selinux-policy-base = %{version}-%{release} Obsoletes: selinux-policy-mls-sources < 2 Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} Requires: setransd Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): coreutils Requires(pre): selinux-policy = %{version}-%{release} Requires: selinux-policy = %{version}-%{release} Conflicts: seedit %description mls SELinux Reference policy mls base module. %pre mls %preInstall mls %post mls %postInstall $1 mls exit 0 %files mls %defattr(-,root,root,-) %config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u %fileList mls %endif %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor