Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
build: adjustments for mer packaging
- don't build gui, Xorg sandbox and python2 tools
- systemd unit dir adjustments
  • Loading branch information
Oliver Schmidt authored and LaakkonenJussi committed Oct 16, 2018
1 parent 67d0328 commit 9db44b1
Show file tree
Hide file tree
Showing 7 changed files with 153 additions and 213 deletions.
245 changes: 32 additions & 213 deletions rpm/policycoreutils.spec

Large diffs are not rendered by default.

43 changes: 43 additions & 0 deletions rpm/selinux-autorelabel
@@ -0,0 +1,43 @@
#!/bin/bash
#
# Do automatic relabelling
#

# . /etc/init.d/functions

relabel_selinux() {
# if /sbin/init is not labeled correctly this process is running in the
# wrong context, so a reboot will be required after relabel
AUTORELABEL=
. /etc/selinux/config
echo "0" > /sys/fs/selinux/enforce
[ -x /bin/plymouth ] && plymouth --hide-splash

if [ "$AUTORELABEL" = "0" ]; then
echo
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
echo $"*** problems. Dropping you to a shell; the system will reboot"
echo $"*** when you leave the shell."
sulogin

else
echo
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
echo $"*** Relabeling could take a very long time, depending on file"
echo $"*** system size and speed of hard drives."

FORCE=`cat /.autorelabel`
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
/sbin/fixfiles $FORCE restore
fi
rm -f /.autorelabel
/usr/lib/dracut/dracut-initramfs-restore
systemctl --force reboot
}

# Check to see if a full relabel is needed
if [ "$READONLY" != "yes" ]; then
restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
relabel_selinux
fi
29 changes: 29 additions & 0 deletions rpm/selinux-autorelabel-generator.sh
@@ -0,0 +1,29 @@
#!/bin/sh

# This systemd.generator(7) detects if SELinux is running and if the
# user requested an autorelabel, and if so sets the default target to
# selinux-autorelabel.target, which will cause the filesystem to be
# relabelled and then the system will reboot again and boot into the
# real default target.

PATH=/usr/sbin:$PATH
unitdir=/usr/lib/systemd/system

# If invoked with no arguments (for testing) write to /tmp.
earlydir="/tmp"
if [ -n "$2" ]; then
earlydir="$2"
fi

set_target ()
{
ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
}

if selinuxenabled; then
if test -f /.autorelabel; then
set_target
elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
set_target
fi
fi
15 changes: 15 additions & 0 deletions rpm/selinux-autorelabel-mark.service
@@ -0,0 +1,15 @@
[Unit]
Description=Mark the need to relabel after reboot
DefaultDependencies=no
Requires=local-fs.target
Conflicts=shutdown.target
After=local-fs.target
Before=sysinit.target shutdown.target
ConditionSecurity=!selinux
ConditionPathIsDirectory=/etc/selinux
ConditionPathExists=!/.autorelabel

[Service]
ExecStart=-/bin/touch /.autorelabel
Type=oneshot
RemainAfterExit=yes
14 changes: 14 additions & 0 deletions rpm/selinux-autorelabel.service
@@ -0,0 +1,14 @@
[Unit]
Description=Relabel all filesystems
DefaultDependencies=no
Conflicts=shutdown.target
After=sysinit.target
Before=shutdown.target
ConditionSecurity=selinux

[Service]
ExecStart=/usr/libexec/selinux/selinux-autorelabel
Type=oneshot
TimeoutSec=0
RemainAfterExit=yes
StandardInput=tty
7 changes: 7 additions & 0 deletions rpm/selinux-autorelabel.target
@@ -0,0 +1,7 @@
[Unit]
Description=Relabel all filesystems and reboot
DefaultDependencies=no
Requires=sysinit.target selinux-autorelabel.service
Conflicts=shutdown.target
After=sysinit.target selinux-autorelabel.service
ConditionSecurity=selinux
13 changes: 13 additions & 0 deletions rpm/systemd_unitdir.patch
@@ -0,0 +1,13 @@
diff --git a/restorecond/Makefile b/restorecond/Makefile
index ada94ae..0de21fd 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -7,7 +7,7 @@ LIBDIR ?= $(PREFIX)/lib
MANDIR = $(PREFIX)/share/man
AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+SYSTEMDDIR ?= $(DESTDIR)/lib/systemd

autostart_DATA = sealertauto.desktop
INITDIR ?= $(DESTDIR)/etc/rc.d/init.d

0 comments on commit 9db44b1

Please sign in to comment.