2 %define direct_initrc y
4 %define polname1 targeted
5 %define type1 targeted
-mcs
6 %define polname2 strict
7 %define type2 strict
-mcs
8 Summary: SELinux policy configuration
13 Group: System Environment
/Base
14 Source: refpolicy
-%{version}.tar.bz2
15 Url
: http
://serefpolicy.sourceforge.net
16 BuildRoot: %{_tmppath}/refpolicy
-buildroot
18 # FIXME Need to ensure these have correct versions
19 BuildRequires
: checkpolicy m4 policycoreutils python
make gcc
20 PreReq
: kernel
>= 2.6.4-1.300 policycoreutils
>= %{POLICYCOREUTILSVER}
24 SELinux Reference Policy
- modular.
33 %{__rm} -fR $RPM_BUILD_ROOT
34 make NAME
=%{polname1} TYPE=%{type1} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} base.pp
35 make NAME
=%{polname1} TYPE=%{type1} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} modules
36 %{__mkdir} -p $RPM_BUILD_ROOT/%{_usr}/share/selinux/%{polname1}/%{type1}
37 %{__cp} *.pp $RPM_BUILD_ROOT/%{_usr}/share/selinux/%{polname1}/%{type1}
38 %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%{polname1}/policy
39 %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%{polname1}/contexts
/files
40 make NAME
=%{polname1} TYPE=%{type1} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC
=y DESTDIR
=$RPM_BUILD_ROOT
install-appconfig
41 make NAME
=%{polname1} TYPE=%{type1} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%{polname1}/users
/local.users
42 make NAME
=%{polname1} TYPE=%{type1} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%{polname1}/users
/system.users
43 make NAME
=%{polname2} TYPE=%{type2} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} base.pp
44 make NAME
=%{polname2} TYPE=%{type2} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} modules
45 %{__mkdir} -p $RPM_BUILD_ROOT/%{_usr}/share/selinux/%{polname2}/%{type2}
46 %{__cp} *.pp $RPM_BUILD_ROOT/%{_usr}/share/selinux/%{polname2}/%{type2}
47 %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%{polname2}/policy
48 %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%{polname2}/contexts
/files
49 make NAME
=%{polname2} TYPE=%{type2} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC
=y DESTDIR
=$RPM_BUILD_ROOT
install-appconfig
50 make NAME
=%{polname2} TYPE=%{type2} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%{polname2}/users
/local.users
51 make NAME
=%{polname2} TYPE=%{type2} DISTRO=%{distro} DIRECT_INITRC=%{direct_initrc} MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%{polname2}/users
/system.users
54 %{__rm} -fR $RPM_BUILD_ROOT
58 %dir %{_usr}/share
/selinux
59 %dir %{_sysconfdir}/selinux
60 %dir %{_usr}/share
/selinux
/*
61 %dir %{_usr}/share
/selinux
/*/*
62 %config %{_usr}/share
/selinux
/*/*/*.pp
63 #%ghost %config(noreplace) %{_sysconfdir}/selinux/config
64 %dir %{_sysconfdir}/selinux
/*
65 %ghost %config %{_sysconfdir}/selinux
/*/booleans
66 %dir %{_sysconfdir}/selinux
/*/policy
67 #%ghost %config %{_sysconfdir}/selinux/*/policy/policy.*
68 %dir %{_sysconfdir}/selinux
/*/contexts
69 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/customizable_types
70 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/dbus_contexts
71 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/default_contexts
72 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/default_type
73 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/failsafe_context
74 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/initrc_context
75 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/removable_context
76 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/userhelper_context
77 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/sepgsql_contexts
78 %config(noreplace
) %{_sysconfdir}/selinux
/*/contexts
/x_contexts
79 %dir %{_sysconfdir}/selinux
/*/contexts
/files
80 #%ghost %config %{_sysconfdir}/selinux/*/contexts/files/file_contexts
81 #%ghost %config %{_sysconfdir}/selinux/*/contexts/files/homedir_template
82 #%ghost %config %{_sysconfdir}/selinux/*/contexts/files/file_contexts.homedirs
83 %config %{_sysconfdir}/selinux
/*/contexts
/files
/media
84 %dir %{_sysconfdir}/selinux
/*/users
85 %config %{_sysconfdir}/selinux
/*/users
/system.users
86 %config %{_sysconfdir}/selinux
/*/users
/local.users
87 #%ghost %dir %{_sysconfdir}/selinux/*/modules
93 %package base
-targeted
94 Summary: SELinux
%{polname1} base policy
95 Group: System Environment
/Base
96 Provides: selinux
-policy
-base
98 %description base
-targeted
99 SELinux Reference policy targeted base module.
102 %defattr(-,root
,root
)
103 %dir %{_usr}/share
/selinux
104 %dir %{_usr}/share/selinux/%{polname1}
105 %dir %{_usr}/share/selinux/%{polname1}/%{type1}
106 %config %{_usr}/share/selinux/%{polname1}/%{type1}/base.pp
107 %dir %{_sysconfdir}/selinux
108 #%ghost %config(noreplace) %{_sysconfdir}/selinux/config
109 %dir %{_sysconfdir}/selinux/%{polname1}
110 %ghost %config %{_sysconfdir}/selinux/%{polname1}/booleans
111 %dir %{_sysconfdir}/selinux/%{polname1}/policy
112 #%ghost %config %{_sysconfdir}/selinux/%{polname1}/policy/policy.*
113 %dir %{_sysconfdir}/selinux/%{polname1}/contexts
114 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/customizable_types
115 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/dbus_contexts
116 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/default_contexts
117 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/default_type
118 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/failsafe_context
119 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/initrc_context
120 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/removable_context
121 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/userhelper_context
122 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/sepgsql_contexts
123 %config(noreplace
) %{_sysconfdir}/selinux/%{polname1}/contexts
/x_contexts
124 %dir %{_sysconfdir}/selinux/%{polname1}/contexts
/files
125 #%ghost %config %{_sysconfdir}/selinux/%{polname1}/contexts/files/file_contexts
126 #%ghost %config %{_sysconfdir}/selinux/%{polname1}/contexts/files/homedir_template
127 #%ghost %config %{_sysconfdir}/selinux/%{polname1}/contexts/files/file_contexts.homedirs
128 %config %{_sysconfdir}/selinux/%{polname1}/contexts
/files
/media
129 %dir %{_sysconfdir}/selinux/%{polname1}/users
130 %config %{_sysconfdir}/selinux/%{polname1}/users
/system.users
131 %config %{_sysconfdir}/selinux/%{polname1}/users
/local.users
132 #%ghost %dir %{_sysconfdir}/selinux/%{polname1}/modules
135 semodule
-b
/usr
/share
/selinux
/%{polname1}/%{type1}/base.pp -s %{_sysconfdir}/selinux/%{polname1}
136 for file
in $
(ls
/usr
/share
/selinux
/%{polname1}/%{type1} | grep
-v base.pp
)
137 do semodule
-i
/usr
/share
/selinux
/%{polname1}/%{type1}/$file -s %{_sysconfdir}/selinux/%{polname1}
141 Summary: SELinux
%{polname2} base policy
142 Group: System Environment
/Base
143 Provides: selinux
-policy
-base
145 %description base
-strict
146 SELinux Reference policy strict base module.
149 %defattr(-,root
,root
)
150 %dir %{_usr}/share
/selinux
151 %dir %{_usr}/share/selinux/%{polname2}
152 %dir %{_usr}/share/selinux/%{polname2}/%{type2}
153 %config %{_usr}/share/selinux/%{polname2}/%{type2}/base.pp
154 %dir %{_sysconfdir}/selinux
155 #%ghost %config(noreplace) %{_sysconfdir}/selinux/config
156 %dir %{_sysconfdir}/selinux/%{polname2}
157 %ghost %config %{_sysconfdir}/selinux/%{polname2}/booleans
158 %dir %{_sysconfdir}/selinux/%{polname2}/policy
159 #%ghost %config %{_sysconfdir}/selinux/%{polname2}/policy/policy.*
160 %dir %{_sysconfdir}/selinux/%{polname2}/contexts
161 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/customizable_types
162 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/dbus_contexts
163 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/default_contexts
164 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/default_type
165 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/failsafe_context
166 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/initrc_context
167 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/removable_context
168 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/userhelper_context
169 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/sepgsql_contexts
170 %config(noreplace
) %{_sysconfdir}/selinux/%{polname2}/contexts
/x_contexts
171 %dir %{_sysconfdir}/selinux/%{polname2}/contexts
/files
172 #%ghost %config %{_sysconfdir}/selinux/%{polname2}/contexts/files/file_contexts
173 #%ghost %config %{_sysconfdir}/selinux/%{polname2}/contexts/files/homedir_template
174 #%ghost %config %{_sysconfdir}/selinux/%{polname2}/contexts/files/file_contexts.homedirs
175 %config %{_sysconfdir}/selinux/%{polname2}/contexts
/files
/media
176 %dir %{_sysconfdir}/selinux/%{polname2}/users
177 %config %{_sysconfdir}/selinux/%{polname2}/users
/system.users
178 %config %{_sysconfdir}/selinux/%{polname2}/users
/local.users
179 #%ghost %dir %{_sysconfdir}/selinux/%{polname2}/modules
182 semodule
-b
/usr
/share
/selinux
/%{polname2}/%{type2}/base.pp -s %{_sysconfdir}/selinux/%{polname2}
183 for file
in $
(ls
/usr
/share
/selinux
/%{polname2}/%{type2} | grep
-v base.pp
)
184 do semodule
-i
/usr
/share
/selinux
/%{polname2}/%{type2}/$file -s %{_sysconfdir}/selinux/%{polname2}
188 Summary: SELinux apache policy
189 Group: System Environment
/Base
190 Requires: selinux
-policy
-base
193 SELinux Reference policy apache module.
196 %defattr(-,root
,root
)
197 %dir %{_usr}/share
/selinux
198 %dir %{_usr}/share
/selinux
/*
199 %dir %{_usr}/share
/selinux
/*/*
200 %config %{_usr}/share
/selinux
/*/*/apache.pp
203 if [ -d
%{_sysconfdir}/selinux/%{polname1}/modules
] ; then
204 semodule
-n
-i
%{_usr}/share/selinux/%{polname1}/%{type1}/apache.pp -s %{_sysconfdir}/selinux/%{polname1}
206 if [ -d
%{_sysconfdir}/selinux/%{polname2}/modules
] ; then
207 semodule
-i
%{_usr}/share/selinux/%{polname2}/%{type2}/apache.pp -s %{_sysconfdir}/selinux/%{polname2}
211 if [ -d
%{_sysconfdir}/selinux/%{polname1}/modules
]
212 then semodule
-n
-r apache
-s
%{_sysconfdir}/selinux/%{polname1}
214 if [ -d
%{_sysconfdir}/selinux/%{polname2}/modules
]
215 then semodule
-n
-r apache
-s
%{_sysconfdir}/selinux/%{polname2}
219 Summary: SELinux
bind policy
220 Group: System Environment
/Base
223 SELinux Reference policy
bind module.
226 %defattr(-,root
,root
)
227 %dir %{_usr}/share
/selinux
228 %dir %{_usr}/share
/selinux
/*
229 %dir %{_usr}/share
/selinux
/*/*
230 %config %{_usr}/share
/selinux
/*/*/bind.pp
233 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/bind.pp
239 Summary: SELinux dhcp policy
240 Group: System Environment
/Base
243 SELinux Reference policy dhcp module.
246 %defattr(-,root
,root
)
247 %dir %{_usr}/share
/selinux
248 %dir %{_usr}/share
/selinux
/*
249 %dir %{_usr}/share
/selinux
/*/*
250 %config %{_usr}/share
/selinux
/*/*/dhcp.pp
253 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/dhcp.pp
259 Summary: SELinux ldap policy
260 Group: System Environment
/Base
263 SELinux Reference policy ldap module.
266 %defattr(-,root
,root
)
267 %dir %{_usr}/share
/selinux
268 %dir %{_usr}/share
/selinux
/*
269 %dir %{_usr}/share
/selinux
/*/*
270 %config %{_usr}/share
/selinux
/*/*/ldap.pp
273 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/ldap.pp
279 Summary: SELinux mailman policy
280 Group: System Environment
/Base
283 SELinux Reference policy mailman module.
286 %defattr(-,root
,root
)
287 %dir %{_usr}/share
/selinux
288 %dir %{_usr}/share
/selinux
/*
289 %dir %{_usr}/share
/selinux
/*/*
290 %config %{_usr}/share
/selinux
/*/*/mailman.pp
293 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/mailman.pp
299 Summary: SELinux mysql policy
300 Group: System Environment
/Base
303 SELinux Reference policy mysql module.
306 %defattr(-,root
,root
)
307 %dir %{_usr}/share
/selinux
308 %dir %{_usr}/share
/selinux
/*
309 %dir %{_usr}/share
/selinux
/*/*
310 %config %{_usr}/share
/selinux
/*/*/mysql.pp
313 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcsmysql.pp
319 Summary: SELinux portmap policy
320 Group: System Environment
/Base
323 SELinux Reference policy portmap module.
326 %defattr(-,root
,root
)
327 %dir %{_usr}/share
/selinux
328 %dir %{_usr}/share
/selinux
/*
329 %dir %{_usr}/share
/selinux
/*/*
330 %config %{_usr}/share
/selinux
/*/*/portmap.pp
333 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/portmap.pp
339 Summary: SELinux postgresql policy
340 Group: System Environment
/Base
342 %description postgresql
343 SELinux Reference policy postgresql module.
346 %defattr(-,root
,root
)
347 %dir %{_usr}/share
/selinux
348 %dir %{_usr}/share
/selinux
/*
349 %dir %{_usr}/share
/selinux
/*/*
350 %config %{_usr}/share
/selinux
/*/*/postgresql.pp
353 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/postgresql.pp
356 semodule
-r postgresql
359 Summary: SELinux samba policy
360 Group: System Environment
/Base
363 SELinux Reference policy samba module.
366 %defattr(-,root
,root
)
367 %dir %{_usr}/share
/selinux
368 %dir %{_usr}/share
/selinux
/*
369 %dir %{_usr}/share
/selinux
/*/*
370 %config %{_usr}/share
/selinux
/*/*/samba.pp
373 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/samba.pp
379 Summary: SELinux snmp policy
380 Group: System Environment
/Base
383 SELinux Reference policy snmp module.
386 %defattr(-,root
,root
)
387 %dir %{_usr}/share
/selinux
388 %dir %{_usr}/share
/selinux
/*
389 %dir %{_usr}/share
/selinux
/*/*
390 %config %{_usr}/share
/selinux
/*/*/snmp.pp
393 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/snmp.pp
399 Summary: SELinux squid policy
400 Group: System Environment
/Base
403 SELinux Reference policy squid module.
406 %defattr(-,root
,root
)
407 %dir %{_usr}/share
/selinux
408 %dir %{_usr}/share
/selinux
/*
409 %dir %{_usr}/share
/selinux
/*/*
410 %config %{_usr}/share
/selinux
/*/*/squid.pp
413 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/squid.pp
419 Summary: SELinux webalizer policy
420 Group: System Environment
/Base
422 %description webalizer
423 SELinux Reference policy webalizer module.
426 %defattr(-,root
,root
)
427 %dir %{_usr}/share
/selinux
428 %dir %{_usr}/share
/selinux
/*
429 %dir %{_usr}/share
/selinux
/*/*
430 %config %{_usr}/share
/selinux
/*/*/webalizer.pp
433 semodule
-i
%{_usr}/share
/selinux
/targeted
/targeted
-mcs
/webalizer.pp
436 semodule
-r webalizer