SUBDIRS += .
+if USE_SELINUX
+SUBDIRS += selinux
+endif
+
if ENABLE_GTK_DOC
SUBDIRS += doc
endif
Makefile
embedded-dependencies/Makefile
doc/Makefile
+selinux/Makefile
src/libostree/ostree-1.pc
])
AC_OUTPUT
%description devel
The %{name}-devel package includes the header files for the %{name} library.
+%package selinux
+Summary: SELinux policy module for %{name}
+Group: System Environment/Base
+Requires: %{name} = %{version}-%{release}
+Requires: policycoreutils, libselinux-utils
+Requires(post): selinux-policy-base, policycoreutils
+Requires(postun): policycoreutils
+BuildRequires: selinux-policy-devel
+BuildArch: noarch
+
+%description selinux
+This package installs and sets up the SELinux policy security module for %{name}.
+
%prep
%setup -q -n ostree-%{version}
%preun
%systemd_preun ostree-remount.service
+%post selinux
+semodule -n -i %{_datadir}/selinux/packages/%{name}.pp
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+ semodule -n -r %{name}
+fi
+
%files
%doc COPYING README.md
%{_bindir}/ostree
%dir %{_datadir}/gtk-doc/html/ostree
%{_datadir}/gtk-doc/html/ostree
%{_datadir}/gir-1.0/OSTree-1.0.gir
+
+%files selinux
+%attr(0600,root,root) %{_datadir}/selinux/packages/%{name}.pp
--- /dev/null
+ostree.pp
+tmp
--- /dev/null
+# Copyright (C) 2014 Colin Walters <walters@verbum.org>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+ostree.pp: ostree.fc ostree.if ostree.te
+ make -f /usr/share/selinux/devel/Makefile
+
+selinuxpkgdir = $(datadir)/selinux/packages
+selinuxpkg_DATA = ostree.pp
--- /dev/null
+# Core definitions
+
+/sysroot -d gen_context(system_u:object_r:usr_t,s0)
+/ostree -d gen_context(system_u:object_r:usr_t,s0)
+/ostree -l gen_context(system_u:object_r:usr_t,s0)
+/media -l gen_context(system_u:object_r:mnt_t,s0)
+/mnt -l gen_context(system_u:object_r:mnt_t,s0)
+/var/roothome -d gen_context(system_u:object_r:admin_home_t,s0)
+/var/home -d gen_context(system_u:object_r:home_root_t,s0)
--- /dev/null
+policy_module(ostree, 1.3.0)
+
+require {
+ type init_t;
+ type root_t;
+ type var_log_t;
+ type games_data_t;
+ type var_yp_t;
+ type systemd_tmpfiles_t;
+ type local_login_t;
+ type admin_home_t;
+ type ldconfig_cache_t;
+ type var_t;
+ type var_run_t;
+ class lnk_file { relabelfrom relabelto read getattr };
+ class dir { relabelfrom relabelto create setattr write };
+}
+
+# init_t
+allow init_t admin_home_t:lnk_file { read getattr };
+allow init_t root_t:dir { write };
+
+#============= systemd_tmpfiles_t ==============
+allow systemd_tmpfiles_t games_data_t:dir relabelto;
+allow systemd_tmpfiles_t var_log_t:dir create;
+allow systemd_tmpfiles_t var_run_t:lnk_file { relabelfrom relabelto };
+allow systemd_tmpfiles_t var_t:dir { create relabelfrom relabelto setattr };
+allow systemd_tmpfiles_t var_yp_t:dir relabelto;
+allow systemd_tmpfiles_t ldconfig_cache_t:dir { relabelfrom relabelto setattr };
+allow systemd_tmpfiles_t var_t:dir { relabelfrom relabelto setattr };
+
+#============= local_login_t ==============
+allow local_login_t admin_home_t:lnk_file read;
projects / ostree.git / commitdiff