Merge branch 'packaging' into 'master'

[policycoreutils] RPM packaging and adjustments. JB#43160 See merge request !1

Merge branch 'packaging' into 'master'
[policycoreutils] RPM packaging and adjustments. JB#43160 See merge request !1
074a65b0 · Jussi Laakkonen · 7e0c31e0 · 12a03e73 · 074a65b0 · 074a65b0
Commit 074a65b0 authored Oct 17, 2018 by Jussi Laakkonen
10 changed files
--- a/.gitmodules
+++ b/.gitmodules
+[submodule "upstream"]
+	path = upstream
+	url = ssh://git@git.merproject.org:2222/mirror/selinux.git
--- a/rpm/disable_awk_sandbox_policycoreutils.patch
+++ b/rpm/disable_awk_sandbox_policycoreutils.patch
+diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
+index e9432768..449bd7f7 100644
+--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
+@@ -4,7 +4,7 @@ SBINDIR ?= /sbin
+ MANDIR = $(PREFIX)/share/man
+ AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
+ 
+-ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
+ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk '{ print $$3 }')
+ 
+ CFLAGS ?= -g -Werror -Wall -W
+ override LDLIBS += -lselinux -lsepol
--- a/rpm/fix_systemd_path.patch
+++ b/rpm/fix_systemd_path.patch
+diff --git a/restorecond/Makefile b/restorecond/Makefile
+index 25be18d4..65bd1775 100644
+--- a/restorecond/Makefile
+++ b/restorecond/Makefile
+@@ -51,8 +51,8 @@ install: all
+ 	install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ 	-mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ 	install -m 600 org.selinux.Restorecond.service  $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
+-	-mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+-	install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/
+	-mkdir -p $(DESTDIR)$(SYSTEMDDIR)/
+	install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/
+ relabel: install
+ 	/sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond 
+ 
--- a/rpm/policycoreutils.spec
+++ b/rpm/policycoreutils.spec
--- a/rpm/selinux-autorelabel
+++ b/rpm/selinux-autorelabel
+#!/bin/bash
+#
+# Do automatic relabelling
+#
+
+# . /etc/init.d/functions
+
+relabel_selinux() {
+    # if /sbin/init is not labeled correctly this process is running in the
+    # wrong context, so a reboot will be required after relabel
+    AUTORELABEL=
+    . /etc/selinux/config
+    echo "0" > /sys/fs/selinux/enforce
+
+    if [ "$AUTORELABEL" = "0" ]; then
+	echo
+	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
+	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
+	echo $"*** problems. Dropping you to a shell; the system will reboot"
+	echo $"*** when you leave the shell."
+	sulogin
+
+    else
+	echo
+	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
+	echo $"*** Relabeling could take a very long time, depending on file"
+	echo $"*** system size and speed of hard drives."
+
+	FORCE=`cat /.autorelabel`
+        [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
+	/sbin/fixfiles $FORCE restore
+    fi
+    rm -f  /.autorelabel
+    #/usr/lib/dracut/dracut-initramfs-restore
+    systemctl --force reboot
+}
+
+# Check to see if a full relabel is needed
+if [ "$READONLY" != "yes" ]; then
+    restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
+    relabel_selinux
+fi
--- a/rpm/selinux-autorelabel-generator.sh
+++ b/rpm/selinux-autorelabel-generator.sh
+#!/bin/sh
+
+# This systemd.generator(7) detects if SELinux is running and if the
+# user requested an autorelabel, and if so sets the default target to
+# selinux-autorelabel.target, which will cause the filesystem to be
+# relabelled and then the system will reboot again and boot into the
+# real default target.
+
+PATH=/usr/sbin:$PATH
+unitdir=/lib/systemd/system
+
+# If invoked with no arguments (for testing) write to /tmp.
+earlydir="/tmp"
+if [ -n "$2" ]; then
+    earlydir="$2"
+fi
+
+set_target ()
+{
+    ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
+}
+
+if selinuxenabled; then
+    if test -f /.autorelabel; then
+        set_target
+    elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
+        set_target
+    fi
+fi
--- a/rpm/selinux-autorelabel-mark.service
+++ b/rpm/selinux-autorelabel-mark.service
+[Unit]
+Description=Mark the need to relabel after reboot
+DefaultDependencies=no
+Requires=local-fs.target
+Conflicts=shutdown.target
+After=local-fs.target
+Before=sysinit.target shutdown.target
+ConditionSecurity=!selinux
+ConditionPathIsDirectory=/etc/selinux
+ConditionPathExists=!/.autorelabel
+
+[Service]
+ExecStart=-/bin/touch /.autorelabel
+Type=oneshot
+RemainAfterExit=yes
--- a/rpm/selinux-autorelabel.service
+++ b/rpm/selinux-autorelabel.service
+[Unit]
+Description=Relabel all filesystems
+DefaultDependencies=no
+Conflicts=shutdown.target
+After=sysinit.target
+Before=shutdown.target
+ConditionSecurity=selinux
+
+[Service]
+ExecStart=/usr/libexec/selinux/selinux-autorelabel
+Type=oneshot
+TimeoutSec=0
+RemainAfterExit=yes
+StandardInput=tty
--- a/rpm/selinux-autorelabel.target
+++ b/rpm/selinux-autorelabel.target
+[Unit]
+Description=Relabel all filesystems and reboot
+DefaultDependencies=no
+Requires=sysinit.target selinux-autorelabel.service
+Conflicts=shutdown.target
+After=sysinit.target selinux-autorelabel.service
+ConditionSecurity=selinux
--- a/upstream @ a9f8a101
+++ b/upstream @ a9f8a101
+Subproject commit a9f8a101fd2c475b3dcffbcc76b86355d956a095