SUBDIRS += .
-if BUILD_SELINUX_CUSTOM_POLICY
-SUBDIRS += selinux
-endif
-
if ENABLE_GTK_DOC
SUBDIRS += doc
endif
if test x$with_selinux != xno; then OSTREE_FEATURES="$OSTREE_FEATURES +selinux"; fi
AM_CONDITIONAL(USE_SELINUX, test $with_selinux != no)
-dnl FIXME remove this
-AC_ARG_ENABLE(selinux-custom-policy,
- AS_HELP_STRING([--enable-selinux-custom-policy], [Custom policy overrides]),,
- enable_selinux_custom_policy=no)
-AM_CONDITIONAL(BUILD_SELINUX_CUSTOM_POLICY, test x$enable_selinux_custom_policy = xyes)
-
AC_ARG_WITH(dracut,
AS_HELP_STRING([--with-dracut],
[Install dracut module (default: no)]),,
Makefile
embedded-dependencies/Makefile
doc/Makefile
-selinux/Makefile
src/libostree/ostree-1.pc
])
AC_OUTPUT
%description devel
The %{name}-devel package includes the header files for the %{name} library.
-%package selinux
-Summary: SELinux policy module for %{name}
-Group: System Environment/Base
-Requires: %{name} = %{version}-%{release}
-Requires: policycoreutils, libselinux-utils
-Requires(post): selinux-policy-base, policycoreutils
-Requires(postun): policycoreutils
-BuildRequires: selinux-policy-devel
-BuildArch: noarch
-
-%description selinux
-This package installs and sets up the SELinux policy security module for %{name}.
-
%prep
%setup -q -n ostree-%{version}
%configure --disable-silent-rules \
--enable-gtk-doc \
--with-selinux \
- --enable-selinux-custom-policy \
--with-dracut
make %{?_smp_mflags}
%preun
%systemd_preun ostree-remount.service
-%post selinux
-semodule -n -i %{_datadir}/selinux/packages/%{name}.pp
-
-%postun selinux
-if [ $1 -eq 0 ]; then
- semodule -n -r %{name}
-fi
-
%files
%doc COPYING README.md
%{_bindir}/ostree
%dir %{_datadir}/gtk-doc/html/ostree
%{_datadir}/gtk-doc/html/ostree
%{_datadir}/gir-1.0/OSTree-1.0.gir
-
-%files selinux
-%attr(0600,root,root) %{_datadir}/selinux/packages/%{name}.pp
+++ /dev/null
-ostree.pp
-tmp
+++ /dev/null
-# Copyright (C) 2014 Colin Walters <walters@verbum.org>
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the
-# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
-ostree.pp: ostree.fc ostree.if ostree.te
- make -f /usr/share/selinux/devel/Makefile
-
-selinuxpkgdir = $(datadir)/selinux/packages
-selinuxpkg_DATA = ostree.pp
-
-EXTRA_DIST = ostree.fc ostree.if ostree.te
+++ /dev/null
-# Core definitions
-
-/sysroot -d gen_context(system_u:object_r:usr_t,s0)
-/ostree -d gen_context(system_u:object_r:usr_t,s0)
-/ostree -l gen_context(system_u:object_r:usr_t,s0)
-/media -l gen_context(system_u:object_r:mnt_t,s0)
-/mnt -l gen_context(system_u:object_r:mnt_t,s0)
-/var/roothome -d gen_context(system_u:object_r:admin_home_t,s0)
-/var/home -d gen_context(system_u:object_r:home_root_t,s0)
+++ /dev/null
-policy_module(ostree, 1.3.0)
-
-require {
- type init_t;
- type root_t;
- type var_log_t;
- type games_data_t;
- type var_yp_t;
- type systemd_tmpfiles_t;
- type local_login_t;
- type admin_home_t;
- type ldconfig_cache_t;
- type var_t;
- type var_run_t;
- class lnk_file { relabelfrom relabelto read getattr };
- class dir { relabelfrom relabelto create setattr write };
-}
-
-# init_t
-allow init_t admin_home_t:lnk_file { read getattr };
-allow init_t root_t:dir { write };
-
-#============= systemd_tmpfiles_t ==============
-allow systemd_tmpfiles_t games_data_t:dir relabelto;
-allow systemd_tmpfiles_t var_log_t:dir create;
-allow systemd_tmpfiles_t var_run_t:lnk_file { relabelfrom relabelto };
-allow systemd_tmpfiles_t var_t:dir { create relabelfrom relabelto setattr };
-allow systemd_tmpfiles_t var_yp_t:dir relabelto;
-allow systemd_tmpfiles_t ldconfig_cache_t:dir { relabelfrom relabelto setattr };
-allow systemd_tmpfiles_t var_t:dir { relabelfrom relabelto setattr };
-
-#============= local_login_t ==============
-allow local_login_t admin_home_t:lnk_file read;
projects / ostree.git / commitdiff