[packages/selinux-restorecond] - split from policycoreutils - added init patch (PLDify init script)

qboosh qboosh at pld-linux.org
Fri Nov 17 20:30:05 CET 2017 

commit 1f82d1411e4fed9329386074e26eb3f2c91f7cc2
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Fri Nov 17 20:30:51 2017 +0100

    - split from policycoreutils
    - added init patch (PLDify init script)

 restorecond-init.patch   | 92 +++++++++++++++++++++++++++++++++++++++++++++
 selinux-restorecond.spec | 98 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 190 insertions(+)
---
diff --git a/selinux-restorecond.spec b/selinux-restorecond.spec
new file mode 100644
index 0000000..5228bf0
--- /dev/null
+++ b/selinux-restorecond.spec
@@ -0,0 +1,98 @@
+%include	/usr/lib/rpm/macros.perl
+Summary:	restorecond - daemon which corrects contexts of newly created files
+Summary(pl.UTF-8):	restorecond - demon poprawiający konteksty nowo tworzonych plików
+Name:		selinux-restorecond
+Version:	2.7
+Release:	1
+License:	GPL v2+
+Group:		Daemons
+#Source0Download: https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0:	https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/restorecond-%{version}.tar.gz
+# Source0-md5:	46f8ad0a37f955ef148d4e19b8cc8b1f
+Patch0:		restorecond-init.patch
+URL:		https://github.com/SELinuxProject/selinux/wiki
+BuildRequires:	dbus-glib-devel
+BuildRequires:	glibc-devel >= 6:2.4
+BuildRequires:	pkgconfig
+BuildRequires:	pcre-devel
+BuildRequires:	libselinux-devel >= 2.7
+Requires(post,preun):	/sbin/chkconfig
+Requires:	libselinux >= 2.7
+Requires:	rc-scripts
+Obsoletes:	policycoreutils-restorecond < 2.7
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+Security-enhanced Linux is a patch of the Linux kernel and a number of
+utilities with enhanced security functionality designed to add
+mandatory access controls to Linux. The Security-enhanced Linux kernel
+contains new architectural components originally developed to improve
+the security of the Flask operating system. These architectural
+components provide general support for the enforcement of many kinds
+of mandatory access control policies, including those based on the
+concepts of Type Enforcement, Role-based Access Control, and
+Multi-level Security.
+
+restorecond daemon uses inotify to watch files listed in the
+/etc/selinux/restorecond.conf, when they are created, this daemon will
+make sure they have the correct file context associated with the
+policy.
+
+%description -l pl.UTF-8
+Security-enhanced Linux jest prototypem jądra Linuksa i wielu
+aplikacji użytkowych o funkcjach podwyższonego bezpieczeństwa.
+Zaprojektowany jest tak, aby w prosty sposób ukazać znaczenie
+obowiązkowej kontroli dostępu dla społeczności linuksowej. Ukazuje
+również jak taką kontrolę można dodać do istniejącego systemu typu
+Linux. Jądro SELinux zawiera nowe składniki architektury pierwotnie
+opracowane w celu ulepszenia bezpieczeństwa systemu operacyjnego
+Flask. Te elementy zapewniają ogólne wsparcie we wdrażaniu wielu typów
+polityk obowiązkowej kontroli dostępu, włączając te wzorowane na: Type
+Enforcement (TE), kontroli dostępu opartej na rolach (RBAC) i
+zabezpieczeniach wielopoziomowych.
+
+Demon restorecond używa inotify do śledzenia plików wymienionych w
+pliku /etc/selinux/restorecond.conf, aby przy ich tworzeniu upewnić
+się, że mają przypisane właściwe konteksty plików z polityki.
+
+%prep
+%setup -q -n restorecond-%{version}
+%patch0 -p1
+
+%build
+CFLAGS="%{rpmcflags} %{rpmcppflags} -Wall -W" \
+%{__make} \
+	CC="%{__cc}" \
+	LDFLAGS="%{rpmldflags}"
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+%{__make} install \
+	DESTDIR=$RPM_BUILD_ROOT \
+	MANDIR=$RPM_BUILD_ROOT%{_mandir} \
+	SYSTEMDDIR=$RPM_BUILD_ROOT/lib/systemd
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+/sbin/chkconfig --add restorecond
+%service restorecond restart
+
+%preun
+if [ "$1" = "0" ]; then
+	%service restorecond stop
+	/sbin/chkconfig --del restorecond
+fi
+
+%files
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_sbindir}/restorecond
+%attr(754,root,root) /etc/rc.d/init.d/restorecond
+%{systemdunitdir}/restorecond.service
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/selinux/restorecond.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/selinux/restorecond_user.conf
+%{_mandir}/man8/restorecond.8*
+%{_sysconfdir}/xdg/autostart/restorecond.desktop
+%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
diff --git a/restorecond-init.patch b/restorecond-init.patch
new file mode 100644
index 0000000..5f57ef1
--- /dev/null
+++ b/restorecond-init.patch
@@ -0,0 +1,92 @@
+--- restorecond-2.7/restorecond.init.orig	2017-08-04 15:31:00.000000000 +0200
++++ restorecond-2.7/restorecond.init	2017-11-17 20:25:02.319336381 +0100
+@@ -26,35 +26,41 @@
+ # Source function library.
+ . /etc/rc.d/init.d/functions
+ 
++[ -f /etc/sysconfig/restorecond ] && . /etc/sysconfig/restorecond
++
+ [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+ 
+ # Check that we are root ... so non-root users stop here
+ test $EUID = 0  || exit 4
+ 
+-test -x /usr/sbin/restorecond  || exit 5
+ test -f /etc/selinux/restorecond.conf  || exit 6
+ 
+ RETVAL=0
+ 
+ start() 
+ {
+-        echo -n $"Starting restorecond: "
++	if [ -f /var/lock/subsys/restorecond ]; then
++		msg_already_running "restorecond"
++		return
++	fi
++        msg_starting "restorecond"
+ 	unset HOME MAIL USER USERNAME
+-        daemon /usr/sbin/restorecond 
++        daemon /usr/sbin/restorecond
+ 	RETVAL=$?
+-	touch /var/lock/subsys/restorecond
+-        echo
+-	return $RETVAL
++	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/restorecond
+ }
+ 
+ stop() 
+ {
+-        echo -n $"Shutting down restorecond: "
++	if [ ! -f /var/lock/subsys/restorecond ]; then
++		msg_not_running "restorecond"
++		return
++	fi
++
++        msg_stopping "restorecond"
+ 	killproc restorecond
+ 	RETVAL=$?
+ 	rm -f  /var/lock/subsys/restorecond
+-        echo
+-	return $RETVAL
+ }
+ 
+ restart() 
+@@ -63,6 +69,16 @@
+     start
+ }
+ 
++condrestart()
++{
++	if [ ! -f /var/lock/subsys/restorecond ]; then
++		msg_not_running "restorecond"
++		RETVAL=$1
++		return
++	fi
++	restart
++}
++
+ # See how we were called.
+ case "$1" in
+   start)
+@@ -75,14 +91,17 @@
+ 	status restorecond
+ 	RETVAL=$?
+ 	;;
+-  force-reload|restart|reload)
++  restart)
+ 	restart
+ 	;;
+-  condrestart)
+-	[ -e /var/lock/subsys/restorecond ] && restart || :
++  force-reload)
++	condrestart 7
++	;;
++  try-restart|condrestart)
++	condrestart 0
+ 	;;
+   *)
+-        echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
++        msg_usage "$0 {start|stop|restart|try-restart|force-reload|status}"
+         RETVAL=3
+ esac
+ 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/selinux-restorecond.git/commitdiff/1f82d1411e4fed9329386074e26eb3f2c91f7cc2

More information about the pld-cvs-commit mailing list