[packages/selinux-sandbox] - split from policycoreutils - added init patch (PLDify init script)
qboosh
qboosh at pld-linux.org
Mon Nov 20 21:18:37 CET 2017
commit caf1e72f9263b379c8a02e8ec826ab0ae61c0048
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Mon Nov 20 21:19:26 2017 +0100
- split from policycoreutils
- added init patch (PLDify init script)
selinux-sandbox-init.patch | 94 ++++++++++++++++++++++++++++++++++++++++++++++
selinux-sandbox.spec | 84 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 178 insertions(+)
---
diff --git a/selinux-sandbox.spec b/selinux-sandbox.spec
new file mode 100644
index 0000000..49c4e2e
--- /dev/null
+++ b/selinux-sandbox.spec
@@ -0,0 +1,84 @@
+# TODO: install and package init script?
+Summary: SELinux sandbox utilities
+Summary(pl.UTF-8): Narzędzia do obsługi piaskownic SELinuksa
+Name: selinux-sandbox
+Version: 2.7
+Release: 1
+License: GPL v2
+Group: Applications/System
+#Source0Download: https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
+# Source0-md5: 7360e9dc7b1757b7f82face655982bfa
+Patch0: %{name}-init.patch
+URL: https://github.com/SELinuxProject/selinux/wiki
+BuildRequires: libcap-ng-devel
+BuildRequires: libselinux-devel >= 2.7
+BuildRequires: rpm-pythonprov
+Requires: libselinux >= 2.7
+# uses "policycoreutils" translations domain
+Requires: policycoreutils >= 2.7
+Requires: python-selinux >= 2.7
+Requires: python-sepolicy >= 2.7
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+Security-enhanced Linux is a patch of the Linux kernel and a number of
+utilities with enhanced security functionality designed to add
+mandatory access controls to Linux. The Security-enhanced Linux kernel
+contains new architectural components originally developed to improve
+the security of the Flask operating system. These architectural
+components provide general support for the enforcement of many kinds
+of mandatory access control policies, including those based on the
+concepts of Type Enforcement, Role-based Access Control, and
+Multi-level Security.
+
+This package contains SELinux sandbox utilities.
+
+%description -l pl.UTF-8
+Security-enhanced Linux jest prototypem jądra Linuksa i wielu
+aplikacji użytkowych o funkcjach podwyższonego bezpieczeństwa.
+Zaprojektowany jest tak, aby w prosty sposób ukazać znaczenie
+obowiązkowej kontroli dostępu dla społeczności linuksowej. Ukazuje
+również jak taką kontrolę można dodać do istniejącego systemu typu
+Linux. Jądro SELinux zawiera nowe składniki architektury pierwotnie
+opracowane w celu ulepszenia bezpieczeństwa systemu operacyjnego
+Flask. Te elementy zapewniają ogólne wsparcie we wdrażaniu wielu typów
+polityk obowiązkowej kontroli dostępu, włączając te wzorowane na: Type
+Enforcement (TE), kontroli dostępu opartej na rolach (RBAC) i
+zabezpieczeniach wielopoziomowych.
+
+Ten pakiet zawiera narzędzia do obsługi piaskownic SELinuksa.
+
+%prep
+%setup -q
+%patch0 -p1
+
+%build
+CFLAGS="%{rpmcflags} %{rpmcppflags}" \
+%{__make} \
+ CC="%{__cc}" \
+ LDFLAGS="%{rpmldflags}"
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+
+#install -Dp sandbox.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sandbox
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_bindir}/sandbox
+%attr(755,root,root) %{_sbindir}/seunshare
+#%attr(754,root,root) /etc/rc.d/init.d/sandbox
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sandbox
+%dir %{_datadir}/sandbox
+%attr(755,root,root) %{_datadir}/sandbox/*.sh
+%attr(755,root,root) %{_datadir}/sandbox/start
+%{_mandir}/man5/sandbox.5*
+%{_mandir}/man8/sandbox.8*
+%{_mandir}/man8/seunshare.8*
diff --git a/selinux-sandbox-init.patch b/selinux-sandbox-init.patch
new file mode 100644
index 0000000..4fb61cc
--- /dev/null
+++ b/selinux-sandbox-init.patch
@@ -0,0 +1,94 @@
+--- selinux-sandbox-2.7/sandbox.init.orig 2017-08-04 15:31:00.000000000 +0200
++++ selinux-sandbox-2.7/sandbox.init 2017-11-20 19:05:49.396431050 +0100
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ ## BEGIN INIT INFO
+ # Provides: sandbox
+ # Default-Start: 3 4 5
+@@ -19,50 +19,50 @@
+ #
+
+ # Source function library.
+-. /etc/init.d/functions
++. /etc/rc.d/init.d/functions
++
++[ -f /etc/sysconfig/sandbox-init ] && . /etc/sysconfig/sandbox-init
+
+ LOCKFILE=/var/lock/subsys/sandbox
+
+-base=${0##*/}
++RETVAL=0
+
+ start() {
+- echo -n "Starting sandbox"
+-
+- [ -f "$LOCKFILE" ] && return 0
+-
+- touch $LOCKFILE
+- mount --make-rshared / || return $?
+- return 0
++ if [ -f "$LOCKFILE" ]; then
++ msg_already_running "sandbox"
++ return
++ fi
++ msg_starting "sandbox"
++ mount --make-rshared /
++ RETVAL=$?
++ [ $RETVAL -eq 0 ] && touch "$LOCKFILE"
+ }
+
+ stop() {
+- echo -n "Stopping sandbox"
+-
+- [ -f "$LOCKFILE" ] || return 1
++ if [ ! -f "$LOCKFILE" ]; then
++ msg_not_running "sandbox"
++ return
++ fi
++ msg_stopping "sandbox"
++ rm -f "$LOCKFILE"
+ }
+
+ status() {
+ if [ -f "$LOCKFILE" ]; then
+- echo "$base is running"
++ echo "sandbox is running"
+ else
+- echo "$base is stopped"
++ echo "sandbox is stopped"
+ fi
+ exit 0
+ }
+
+ case "$1" in
+- restart)
+- start && success || failure
+- ;;
+-
+- start)
+- start && success || failure
+- echo
++ start|restart)
++ start
+ ;;
+
+ stop)
+- stop && success || failure
+- echo
++ stop
+ ;;
+
+ status)
+@@ -70,7 +70,9 @@
+ ;;
+
+ *)
+- echo $"Usage: $0 {start|stop|status|restart}"
+- exit 3
++ msg_usage "$0 {start|stop|status|restart}"
++ RETVAL=3
+ ;;
+ esac
++
++exit $RETVAL
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/selinux-sandbox.git/commitdiff/caf1e72f9263b379c8a02e8ec826ab0ae61c0048
More information about the pld-cvs-commit
mailing list