[packages/selinux-sandbox] - split from policycoreutils - added init patch (PLDify init script)

Mon Nov 20 21:18:37 CET 2017

commit caf1e72f9263b379c8a02e8ec826ab0ae61c0048
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Mon Nov 20 21:19:26 2017 +0100

    - split from policycoreutils
    - added init patch (PLDify init script)

 selinux-sandbox-init.patch | 94 ++++++++++++++++++++++++++++++++++++++++++++++
 selinux-sandbox.spec       | 84 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 178 insertions(+)
---

diff --git a/selinux-sandbox.spec b/selinux-sandbox.spec
new file mode 100644
index 0000000..49c4e2e
--- /dev/null
+++ b/selinux-sandbox.spec
@@ -0,0 +1,84 @@
+# TODO: install and package init script?
+Summary:	SELinux sandbox utilities
+Summary(pl.UTF-8):	Narzędzia do obsługi piaskownic SELinuksa
+Name:		selinux-sandbox
+Version:	2.7
+Release:	1
+License:	GPL v2
+Group:		Applications/System
+#Source0Download: https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0:	https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
+# Source0-md5:	7360e9dc7b1757b7f82face655982bfa
+Patch0:		%{name}-init.patch
+URL:		https://github.com/SELinuxProject/selinux/wiki
+BuildRequires:	libcap-ng-devel
+BuildRequires:	libselinux-devel >= 2.7
+BuildRequires:	rpm-pythonprov
+Requires:	libselinux >= 2.7
+# uses "policycoreutils" translations domain
+Requires:	policycoreutils >= 2.7
+Requires:	python-selinux >= 2.7
+Requires:	python-sepolicy >= 2.7
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+Security-enhanced Linux is a patch of the Linux kernel and a number of
+utilities with enhanced security functionality designed to add
+mandatory access controls to Linux. The Security-enhanced Linux kernel
+contains new architectural components originally developed to improve
+the security of the Flask operating system. These architectural
+components provide general support for the enforcement of many kinds
+of mandatory access control policies, including those based on the
+concepts of Type Enforcement, Role-based Access Control, and
+Multi-level Security.
+
+This package contains SELinux sandbox utilities.
+
+%description -l pl.UTF-8
+Security-enhanced Linux jest prototypem jądra Linuksa i wielu
+aplikacji użytkowych o funkcjach podwyższonego bezpieczeństwa.
+Zaprojektowany jest tak, aby w prosty sposób ukazać znaczenie
+obowiązkowej kontroli dostępu dla społeczności linuksowej. Ukazuje
+również jak taką kontrolę można dodać do istniejącego systemu typu
+Linux. Jądro SELinux zawiera nowe składniki architektury pierwotnie
+opracowane w celu ulepszenia bezpieczeństwa systemu operacyjnego
+Flask. Te elementy zapewniają ogólne wsparcie we wdrażaniu wielu typów
+polityk obowiązkowej kontroli dostępu, włączając te wzorowane na: Type
+Enforcement (TE), kontroli dostępu opartej na rolach (RBAC) i
+zabezpieczeniach wielopoziomowych.
+
+Ten pakiet zawiera narzędzia do obsługi piaskownic SELinuksa.
+
+%prep
+%setup -q
+%patch0 -p1
+
+%build
+CFLAGS="%{rpmcflags} %{rpmcppflags}" \
+%{__make} \
+	CC="%{__cc}" \
+	LDFLAGS="%{rpmldflags}"
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+%{__make} install \
+	DESTDIR=$RPM_BUILD_ROOT
+
+#install -Dp sandbox.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sandbox
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_bindir}/sandbox
+%attr(755,root,root) %{_sbindir}/seunshare
+#%attr(754,root,root) /etc/rc.d/init.d/sandbox
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sandbox
+%dir %{_datadir}/sandbox
+%attr(755,root,root) %{_datadir}/sandbox/*.sh
+%attr(755,root,root) %{_datadir}/sandbox/start
+%{_mandir}/man5/sandbox.5*
+%{_mandir}/man8/sandbox.8*
+%{_mandir}/man8/seunshare.8*
diff --git a/selinux-sandbox-init.patch b/selinux-sandbox-init.patch
new file mode 100644
index 0000000..4fb61cc
--- /dev/null
+++ b/selinux-sandbox-init.patch
@@ -0,0 +1,94 @@
+--- selinux-sandbox-2.7/sandbox.init.orig	2017-08-04 15:31:00.000000000 +0200
++++ selinux-sandbox-2.7/sandbox.init	2017-11-20 19:05:49.396431050 +0100
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ ## BEGIN INIT INFO
+ # Provides: sandbox
+ # Default-Start: 3 4 5
+@@ -19,50 +19,50 @@
+ #
+ 
+ # Source function library.
+-. /etc/init.d/functions
++. /etc/rc.d/init.d/functions
++
++[ -f /etc/sysconfig/sandbox-init ] && . /etc/sysconfig/sandbox-init
+ 
+ LOCKFILE=/var/lock/subsys/sandbox
+ 
+-base=${0##*/}
++RETVAL=0
+ 
+ start() {
+-	echo -n "Starting sandbox"
+-
+-	[ -f "$LOCKFILE" ] && return 0
+-
+-	touch $LOCKFILE
+-	mount --make-rshared / || return $? 
+-	return 0
++	if [ -f "$LOCKFILE" ]; then
++		msg_already_running "sandbox"
++		return
++	fi
++	msg_starting "sandbox"
++	mount --make-rshared /
++	RETVAL=$? 
++	[ $RETVAL -eq 0 ] && touch "$LOCKFILE"
+ }
+ 
+ stop() {
+-	echo -n "Stopping sandbox"
+-
+-	[ -f "$LOCKFILE" ] || return 1
++	if [ ! -f "$LOCKFILE" ]; then
++		msg_not_running "sandbox"
++		return
++	fi
++	msg_stopping "sandbox"
++	rm -f "$LOCKFILE"
+ }
+ 
+ status() {
+ 	if [ -f "$LOCKFILE" ]; then 
+-	    echo "$base is running"
++	    echo "sandbox is running"
+ 	else
+-	    echo "$base is stopped"
++	    echo "sandbox is stopped"
+ 	fi
+ 	exit 0
+ }
+ 
+ case "$1" in
+-    restart)
+-	start && success || failure
+-	;;
+-
+-    start)
+-	start && success || failure
+-	echo
++    start|restart)
++	start
+ 	;;
+ 
+     stop)
+-	stop && success || failure
+-	echo
++	stop
+ 	;;
+ 
+     status)
+@@ -70,7 +70,9 @@
+ 	;;
+ 
+     *)
+-	echo $"Usage: $0 {start|stop|status|restart}"
+-	exit 3
++	msg_usage "$0 {start|stop|status|restart}"
++	RETVAL=3
+ 	;;
+ esac
++
++exit $RETVAL
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/selinux-sandbox.git/commitdiff/caf1e72f9263b379c8a02e8ec826ab0ae61c0048

