policycoreutils.spec 14.3 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# based on work by The Fedora Project (2017)
# Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
# 
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
# 
# The above copyright notice and this permission notice shall be included
# in all copies or substantial portions of the Software.
# 
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

23 24 25 26
%global libauditver     2.8
%global libsepolver     3.1
%global libsemanagever  3.1
%global libselinuxver   3.1
27

28
%global generatorsdir %{_prefix}/lib/systemd/system-generators
29

30 31
Summary: SELinux policy core utilities
Name:    policycoreutils
32
Version: 3.1
33
Release: 1
34
License: GPLv2
35
Source: %{name}-%{version}.tar.bz2
36 37 38 39 40 41 42 43 44
URL:     https://github.com/SELinuxProject
Source15: selinux-autorelabel
Source16: selinux-autorelabel.service
Source17: selinux-autorelabel-mark.service
Source18: selinux-autorelabel.target
Source19: selinux-autorelabel-generator.sh
Provides: /sbin/fixfiles
Provides: /sbin/restorecon

45 46 47 48 49 50 51 52 53
BuildRequires: pkgconfig(audit) >=  %{libauditver}
BuildRequires: pkgconfig(gio-2.0)
BuildRequires: pkgconfig(python3)
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(libcap-ng)
BuildRequires: pkgconfig(libselinux) >= %{libselinuxver}
BuildRequires: pkgconfig(systemd)
BuildRequires: pam-devel
54
BuildRequires: gettext
55
BuildRequires: flex
56
BuildRequires: libsemanage-static >= %{libsemanagever}
57
BuildRequires: libsepol-static >= %{libsepolver}
58 59 60 61 62 63 64

Requires: util-linux
Requires: grep
Requires: gawk
Requires: diffutils
Requires: rpm
Requires: sed
65 66 67
Requires: libsepol >= %{libsepolver}
Requires: coreutils
Requires: libselinux-utils >=  %{libselinuxver}
68

69 70
%systemd_requires

71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
%description
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles.

%prep
88
%autosetup -p1 -n %{name}-%{version}/upstream
89 90

%build
91 92 93 94 95 96 97 98 99 100 101
export PYTHON=%{__python3}
make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" \
     LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" \
     LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" \
     SEMODULE_PATH="%{_sbindir}" LIBSEPOLA="%{_libdir}/libsepol.a" all

for subdir in python dbus semodule-utils restorecond ; do
    %{__make} %{_make_output_sync} %{?_smp_mflags} \
         -C $subdir SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" \
         CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
done
102 103 104 105 106 107 108 109 110

%install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}%{_mandir}/man1
mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/

111 112 113 114 115 116 117 118 119 120 121 122 123 124 125
%{__make} install DESTDIR=%{?buildroot} INSTALL="%{__install} -p" \
     -C policycoreutils \
     LSPP_PRIV=y SBINDIR="%{_sbindir}" \
     LIBDIR="%{_libdir}" \
     SEMODULE_PATH="/usr/sbin" \
     LIBSEPOLA="%{_libdir}/libsepol.a"

for subdir in python dbus semodule-utils restorecond ; do
    %{__make} install DESTDIR=%{?buildroot} INSTALL="%{__install} -p" \
     -C $subdir \
     PYTHON=%{__python3} \
     SBINDIR="%{_sbindir}" \
     LIBDIR="%{_libdir}" \
     LIBSEPOLA="%{_libdir}/libsepol.a"
done
126 127 128 129 130

# Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond

rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
131
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8
132 133
rm -f %{buildroot}%{_sbindir}/open_init_pty
rm -f %{buildroot}%{_sbindir}/run_init
134
rm -f %{buildroot}/etc/pam.d/run_init*
135
rm -f %{buildroot}/usr/share/man/man8/sepolicy-gui.8*
136
rm -f %{buildroot}/usr/share/man/ru/man8/sepolicy-gui.8*
137
rm -f %{buildroot}/usr/share/man/man8/run_init.8*
138
rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
139 140
rm -f %{buildroot}/usr/lib/python3.*/site-packages/sepolicy/sepolicy.glade
rm -f %{buildroot}/usr/lib/python3.*/site-packages/sepolicy/gui.py
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167

# https://bugzilla.redhat.com/show_bug.cgi?id=1328825
mkdir   -m 755 -p %{buildroot}/%{_unitdir}/basic.target.wants/
mkdir   -m 755 -p %{buildroot}/%{generatorsdir}
install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
ln -s ../selinux-autorelabel-mark.service %{buildroot}/%{_unitdir}/basic.target.wants/

# change /usr/bin/python to %%{__python3} in policycoreutils-python3
find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} -type f | xargs \
    sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%'

# change /usr/bin/python to %%{__python3} in python-utils
sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%' \
    %{buildroot}%{_sbindir}/semanage \
    %{buildroot}%{_bindir}/chcat \
    %{buildroot}%{_bindir}/audit2allow \
    %{buildroot}%{_bindir}/audit2why \
    %{buildroot}%{_bindir}/sepolicy \
    %{buildroot}%{_bindir}/sepolgen{,-ifgen} \
    %nil

%find_lang %{name}

168
%package python3-utils
169 170
Summary:    SELinux policy core python utilities
Requires:   policycoreutils-python3 = %{version}-%{release}
171
BuildArch:  noarch
172

173
%description python3-utils
174 175 176
The policycoreutils-python-utils package contains the management tools use to manage
an SELinux environment.

177
%files python3-utils
178 179 180 181
%{_sbindir}/semanage
%{_bindir}/chcat
%{_bindir}/audit2allow
%{_bindir}/audit2why
182 183 184 185
%{_mandir}/man1/audit2allow.1*
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
%{_mandir}/ru/man1/audit2why.1*
186
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
187 188 189 190
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/semanage*.8*
%{_mandir}/ru/man8/semanage*.8*
191 192 193 194 195 196
%{_datadir}/bash-completion/completions/semanage

%package dbus
Summary:    SELinux policy core DBUS api
Requires:   policycoreutils-python3 = %{version}-%{release}
Requires:   python3-slip-dbus
197 198
Requires:   python3-gobject
BuildArch:  noarch
199 200 201 202 203 204 205 206 207 208 209 210

%description dbus
The policycoreutils-dbus package contains the management DBUS API use to manage
an SELinux environment.

%files dbus
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%{_datadir}/dbus-1/system-services/org.selinux.service
%{_datadir}/polkit-1/actions/org.selinux.policy
%{_datadir}/system-config-selinux/selinux_server.py*

%package python3
211
%{?python_provide:%python_provide python3-policycoreutils}
212 213 214
Summary: SELinux policy core python3 interfaces
Requires:policycoreutils = %{version}-%{release}
Requires:libsemanage-python3 >= %{libsemanagever} libselinux-python3 libcgroup
215
# no python3-audit-libs yet
216 217 218
Requires:audit-libs-python3 >=  %{libauditver}
Requires: checkpolicy
Requires: setools-python3 >= 4.1.1
219
BuildArch: noarch
220 221 222 223 224 225

%description python3
The policycoreutils-python3 package contains the interfaces that can be used
by python 3 in an SELinux environment.

%files python3
226 227 228
%{python3_sitelib}/seobject.py*
%{python3_sitelib}/__pycache__
%{python3_sitelib}/sepolgen
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247
%dir %{python3_sitelib}/sepolicy
%{python3_sitelib}/sepolicy/templates
%dir %{python3_sitelib}/sepolicy/help
%{python3_sitelib}/sepolicy/help/*
%{python3_sitelib}/sepolicy/__init__.py*
%{python3_sitelib}/sepolicy/booleans.py*
%{python3_sitelib}/sepolicy/communicate.py*
%{python3_sitelib}/sepolicy/generate.py*
%{python3_sitelib}/sepolicy/interface.py*
%{python3_sitelib}/sepolicy/manpage.py*
%{python3_sitelib}/sepolicy/network.py*
%{python3_sitelib}/sepolicy/transition.py*
%{python3_sitelib}/sepolicy/sedbus.py*
%{python3_sitelib}/sepolicy*.egg-info
%{python3_sitelib}/sepolicy/__pycache__

%package devel
Summary: SELinux policy core policy devel utilities
Requires: policycoreutils-python-utils = %{version}-%{release}
248
Requires: /usr/bin/make
249 250 251 252 253 254 255 256 257 258 259 260 261
Requires: selinux-policy-devel

%description devel
The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.

%files devel
%{_bindir}/sepolgen
%{_bindir}/sepolgen-ifgen
%{_bindir}/sepolgen-ifgen-attr-helper
%dir  /var/lib/sepolgen
/var/lib/sepolgen/perm_map
%{_bindir}/sepolicy
%{_mandir}/man8/sepolgen.8*
262
%{_mandir}/ru/man8/sepolgen.8*
263 264 265 266 267 268 269 270
%{_mandir}/man8/sepolicy-booleans.8*
%{_mandir}/man8/sepolicy-generate.8*
%{_mandir}/man8/sepolicy-interface.8*
%{_mandir}/man8/sepolicy-network.8*
%{_mandir}/man8/sepolicy.8*
%{_mandir}/man8/sepolicy-communicate.8*
%{_mandir}/man8/sepolicy-manpage.8*
%{_mandir}/man8/sepolicy-transition.8*
271
%{_mandir}/ru/man8/sepolicy*.8*
272 273 274 275 276 277 278 279 280 281 282 283
%{_usr}/share/bash-completion/completions/sepolicy

%package newrole
Summary: The newrole application for RBAC/MLS
Requires: policycoreutils = %{version}-%{release}

%description newrole
RBAC/MLS policy machines require newrole as a way of changing the role
or level of a logged in user.

%files newrole
%attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
284 285
%{_mandir}/man1/newrole.1.gz
%{_mandir}/ru/man1/newrole.1.gz
lbt's avatar
lbt committed
286
%config %{_sysconfdir}/pam.d/newrole
287 288 289 290 291 292 293 294 295 296 297 298

%files -f %{name}.lang
%{_sbindir}/restorecon
%{_sbindir}/restorecon_xattr
%{_sbindir}/fixfiles
%{_sbindir}/setfiles
%{_sbindir}/load_policy
%{_sbindir}/genhomedircon
%{_sbindir}/setsebool
%{_sbindir}/semodule
%{_sbindir}/sestatus
%{_bindir}/secon
299 300 301 302
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%{_bindir}/semodule_unpackage
303 304 305 306 307 308 309
%{_libexecdir}/selinux/hll
%{_libexecdir}/selinux/selinux-autorelabel
%{_unitdir}/selinux-autorelabel-mark.service
%{_unitdir}/basic.target.wants/selinux-autorelabel-mark.service
%{_unitdir}/selinux-autorelabel.service
%{_unitdir}/selinux-autorelabel.target
%{generatorsdir}/selinux-autorelabel-generator.sh
lbt's avatar
lbt committed
310
%config %{_sysconfdir}/sestatus.conf
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345
%{_mandir}/man5/selinux_config.5.gz
%{_mandir}/ru/man5/selinux_config.5.gz
%{_mandir}/man5/sestatus.conf.5.gz
%{_mandir}/ru/man5/sestatus.conf.5.gz
%{_mandir}/man8/fixfiles.8*
%{_mandir}/ru/man8/fixfiles.8*
%{_mandir}/man8/load_policy.8*
%{_mandir}/ru/man8/load_policy.8*
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/restorecon_xattr.8*
%{_mandir}/ru/man8/restorecon_xattr.8*
%{_mandir}/man8/semodule.8*
%{_mandir}/ru/man8/semodule.8*
%{_mandir}/man8/sestatus.8*
%{_mandir}/ru/man8/sestatus.8*
%{_mandir}/man8/setfiles.8*
%{_mandir}/ru/man8/setfiles.8*
%{_mandir}/man8/setsebool.8*
%{_mandir}/ru/man8/setsebool.8*
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/genhomedircon.8*
%{_mandir}/ru/man8/genhomedircon.8*
%{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8*
%{_mandir}/ru/man8/semodule_link.8*
%{_mandir}/man8/semodule_unpackage.8*
%{_mandir}/ru/man8/semodule_unpackage.8*
%{_mandir}/man8/semodule_package.8*
%{_mandir}/ru/man8/semodule_package.8*
%dir %{_datadir}/bash-completion
%{_datadir}/bash-completion/completions/setsebool
%{!?_licensedir:%global license %%doc}
346
%license policycoreutils/COPYING
347 348 349 350 351 352 353 354 355 356 357
%doc %{_usr}/share/doc/%{name}

%package restorecond
Summary: SELinux restorecond utilities

%description restorecond
The policycoreutils-restorecond package contains the restorecond service.

%files restorecond
%{_sbindir}/restorecond
%{_unitdir}/restorecond.service
358
%{_userunitdir}/restorecond_user.service
lbt's avatar
lbt committed
359 360
%config %{_sysconfdir}/selinux/restorecond.conf
%config %{_sysconfdir}/selinux/restorecond_user.conf
361 362
%{_sysconfdir}/xdg/autostart/restorecond.desktop
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
/usr/share/man/ru/man1/audit2why.1.gz
/usr/share/man/ru/man1/newrole.1.gz
/usr/share/man/ru/man5/selinux_config.5.gz
/usr/share/man/ru/man5/sestatus.conf.5.gz
/usr/share/man/ru/man8/genhomedircon.8.gz
/usr/share/man/ru/man8/restorecon_xattr.8.gz
/usr/share/man/ru/man8/semanage-boolean.8.gz
/usr/share/man/ru/man8/semanage-dontaudit.8.gz
/usr/share/man/ru/man8/semanage-export.8.gz
/usr/share/man/ru/man8/semanage-fcontext.8.gz
/usr/share/man/ru/man8/semanage-ibendport.8.gz
/usr/share/man/ru/man8/semanage-ibpkey.8.gz
/usr/share/man/ru/man8/semanage-import.8.gz
/usr/share/man/ru/man8/semanage-interface.8.gz
/usr/share/man/ru/man8/semanage-login.8.gz
/usr/share/man/ru/man8/semanage-module.8.gz
/usr/share/man/ru/man8/semanage-node.8.gz
/usr/share/man/ru/man8/semanage-permissive.8.gz
/usr/share/man/ru/man8/semanage-port.8.gz
/usr/share/man/ru/man8/semanage-user.8.gz
/usr/share/man/ru/man8/semodule_unpackage.8.gz
/usr/share/man/ru/man8/sepolgen.8.gz
/usr/share/man/ru/man8/sepolicy-booleans.8.gz
/usr/share/man/ru/man8/sepolicy-communicate.8.gz
/usr/share/man/ru/man8/sepolicy-generate.8.gz
/usr/share/man/ru/man8/sepolicy-interface.8.gz
/usr/share/man/ru/man8/sepolicy-manpage.8.gz
/usr/share/man/ru/man8/sepolicy-network.8.gz
/usr/share/man/ru/man8/sepolicy-transition.8.gz
/usr/share/man/ru/man8/sepolicy.8.gz

%{!?_licensedir:%global license %%doc}
397
%license policycoreutils/COPYING
398

399 400 401 402 403 404
%post
%systemd_post selinux-autorelabel-mark.service

%preun
%systemd_preun selinux-autorelabel-mark.service

405 406 407 408 409 410 411 412
%post restorecond
%systemd_post restorecond.service

%preun restorecond
%systemd_preun restorecond.service

%postun restorecond
%systemd_postun_with_restart restorecond.service