From 030be2b4a8760a29c2d992052173c17526cc1455 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Andriot?= Date: Tue, 3 Dec 2019 22:14:08 +0100 Subject: [PATCH] RPM: update selinux support in tdebase --- redhat/docker/el6/packages | 1 + redhat/docker/el7/packages | 1 + redhat/docker/el8/packages | 1 + redhat/docker/f30/packages | 1 + redhat/docker/f31/packages | 1 + redhat/main/tdebase/tdebase.spec | 12 ++++++++++-- redhat/main/tdebase/tdm.el6.pp | Bin 915 -> 0 bytes redhat/main/tdebase/tdm.el6.te | 2 +- redhat/main/tdebase/tdm.el7.pp | Bin 931 -> 0 bytes redhat/main/tdebase/tdm.el7.te | 2 +- redhat/main/tdebase/tdm.el8.pp | 1 - redhat/main/tdebase/tdm.el8.te | 11 +++++++++++ redhat/main/tdebase/tdm.fc17.pp | Bin 936 -> 0 bytes redhat/main/tdebase/tdm.fc18.pp | Bin 936 -> 0 bytes redhat/main/tdebase/tdm.fc19.pp | Bin 936 -> 0 bytes redhat/main/tdebase/tdm.fc20.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc21.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc22.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc23.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc24.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc25.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc26.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc27.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc28.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc29.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc30.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc30.te | 11 +++++++++++ redhat/main/tdebase/tdm.fc31.pp | Bin 932 -> 0 bytes redhat/main/tdebase/tdm.fc31.te | 11 +++++++++++ 29 files changed, 50 insertions(+), 5 deletions(-) delete mode 100644 redhat/main/tdebase/tdm.el6.pp delete mode 100644 redhat/main/tdebase/tdm.el7.pp delete mode 120000 redhat/main/tdebase/tdm.el8.pp create mode 100644 redhat/main/tdebase/tdm.el8.te delete mode 100644 redhat/main/tdebase/tdm.fc17.pp delete mode 100644 redhat/main/tdebase/tdm.fc18.pp delete mode 100644 redhat/main/tdebase/tdm.fc19.pp delete mode 100644 redhat/main/tdebase/tdm.fc20.pp delete mode 100644 redhat/main/tdebase/tdm.fc21.pp delete mode 100644 redhat/main/tdebase/tdm.fc22.pp delete mode 100644 redhat/main/tdebase/tdm.fc23.pp delete mode 100644 redhat/main/tdebase/tdm.fc24.pp delete mode 100644 redhat/main/tdebase/tdm.fc25.pp delete mode 100644 redhat/main/tdebase/tdm.fc26.pp delete mode 100644 redhat/main/tdebase/tdm.fc27.pp delete mode 100644 redhat/main/tdebase/tdm.fc28.pp delete mode 100644 redhat/main/tdebase/tdm.fc29.pp delete mode 100644 redhat/main/tdebase/tdm.fc30.pp create mode 100644 redhat/main/tdebase/tdm.fc30.te delete mode 100644 redhat/main/tdebase/tdm.fc31.pp create mode 100644 redhat/main/tdebase/tdm.fc31.te diff --git a/redhat/docker/el6/packages b/redhat/docker/el6/packages index 1ee5febb0..62d186f6f 100644 --- a/redhat/docker/el6/packages +++ b/redhat/docker/el6/packages @@ -197,6 +197,7 @@ ruby-devel sane-backends-devel scons SDL-devel +selinux-policy-devel sip-devel speex-devel sqlite-devel diff --git a/redhat/docker/el7/packages b/redhat/docker/el7/packages index 4b6409613..969834482 100644 --- a/redhat/docker/el7/packages +++ b/redhat/docker/el7/packages @@ -184,6 +184,7 @@ ruby-devel sane-backends-devel scons SDL-devel +selinux-policy-devel sip-devel speex-devel sqlite-devel diff --git a/redhat/docker/el8/packages b/redhat/docker/el8/packages index 739d439c4..29d65e748 100644 --- a/redhat/docker/el8/packages +++ b/redhat/docker/el8/packages @@ -177,6 +177,7 @@ ruby ruby-devel sane-backends-devel SDL-devel +selinux-policy-devel speex-devel sqlite-devel subversion-devel diff --git a/redhat/docker/f30/packages b/redhat/docker/f30/packages index 7b22aeacf..7a77a3476 100644 --- a/redhat/docker/f30/packages +++ b/redhat/docker/f30/packages @@ -197,6 +197,7 @@ ruby-devel sane-backends-devel scons SDL-devel +selinux-policy-devel sip-devel speex-devel sqlite-devel diff --git a/redhat/docker/f31/packages b/redhat/docker/f31/packages index 4264c7af8..4039b615b 100644 --- a/redhat/docker/f31/packages +++ b/redhat/docker/f31/packages @@ -201,6 +201,7 @@ ruby-devel sane-backends-devel scons SDL-devel +selinux-policy-devel sip-devel speex-devel sqlite-devel diff --git a/redhat/main/tdebase/tdebase.spec b/redhat/main/tdebase/tdebase.spec index be68c4eeb..15d204b21 100644 --- a/redhat/main/tdebase/tdebase.spec +++ b/redhat/main/tdebase/tdebase.spec @@ -92,7 +92,7 @@ Source7: xdm%{?dist} %if 0%{?fedora} >= 17 || 0%{?rhel} >= 6 %define with_selinux_policy 1 -Source8: tdm%{?dist}.pp +Source8: tdm%{?dist}.te %endif %if 0%{?mgaversion} >= 3 @@ -769,6 +769,12 @@ BuildRequires: libnsl-devel # ATTR support BuildRequires: libattr-devel +# SELINUX support +%if 0%{?rhel} >= 6 || 0%{?fedora} +BuildRequires: checkpolicy +BuildRequires: selinux-policy-devel +%endif + # tdebase is a metapackage that installs all sub-packages Requires: %{name}-runtime-data-common = %{version}-%{release} Requires: %{name}-data = %{version}-%{release} @@ -3563,7 +3569,9 @@ fi # SELINUX policy for RHEL / Fedora %if 0%{?with_selinux_policy} -%__install -D -m 644 "%{SOURCE8}" "%{?buildroot}%{tde_confdir}/%{tdm}/tdm.pp" +%__cp -f "%{SOURCE8}" "tdm.te" +%__make -f "%{_datadir}/selinux/devel/Makefile" +%__install -D -m 644 -D "tdm.pp" "%{?buildroot}%{tde_confdir}/%{tdm}/tdm.pp" %endif # Mageia icon for TDE menu diff --git a/redhat/main/tdebase/tdm.el6.pp b/redhat/main/tdebase/tdm.el6.pp deleted file mode 100644 index 1ecd9bcb9e082da17313b61534cac279ef55cf3d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 915 zcmb`FK~BR^3`9dgg0g`l^aK@by7q=0tT;fV_6HQyrd9GIvET}b^RjCFN(KxF2?<7; z@3B2`eiXlKpI#4&qJZblXV1?(-d;_v>!yF4+^kc-tVUisbz(blf@5b+t7)~I9lE@n zUYLik(D0+7p_~ZPyziJu-c?O1SKYlls^eSFAF4$zTO%1@5+0+b%#9&4h??p0lecc_ z+%C#I4j$djFb}xfv~`nHnN|2H>O~rYPc^g+R9}&Lgn0th=Ocja&yPd1hVv3?a#O4H=5`1LCsR6CYXfB|I%UPpCtEXVOdUeBnzcw9EBd5o)#)T!*abZ JP;7Yp8+MEsGNAwf diff --git a/redhat/main/tdebase/tdm.el6.te b/redhat/main/tdebase/tdm.el6.te index befe10218..60508ae0d 100644 --- a/redhat/main/tdebase/tdm.el6.te +++ b/redhat/main/tdebase/tdm.el6.te @@ -1,5 +1,5 @@ -module tdm.el6 1.0; +module tdm 1.0; require { type fprintd_t; diff --git a/redhat/main/tdebase/tdm.el7.pp b/redhat/main/tdebase/tdm.el7.pp deleted file mode 100644 index 855c3860d24a47da015ee47635ca9facd1311d86..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 931 zcmb`FO-{p541_~K{H%Z*^aK@MvGu0Avf==d$_pr{O{?Zb>VhjE&dUn?B^ml!SRlbj zV~@vvZmat3IQRZ%4I~hB7f-`3f%W=85J$5-6 z-Y>Z-nNqA1R?9}5Iz|$e?GrZh; zTh&!8;)T1KAOq`SA0F46s*a(EiT9&CT*8n%v<=jUDC4IvFQEFlYhYd61?|?{uCqVO zJE%EjJi%N*_4t>8b+He>(Y$94YL_yeU=p7HOD8M;B>BFaFz1R+$(iar^Q4F7-1?JB OUvOSuCzLka|AtR?YcV?j diff --git a/redhat/main/tdebase/tdm.el7.te b/redhat/main/tdebase/tdm.el7.te index 1c721d90b..519ca0506 100644 --- a/redhat/main/tdebase/tdm.el7.te +++ b/redhat/main/tdebase/tdm.el7.te @@ -1,5 +1,5 @@ -module tdm.el7 1.0; +module tdm 1.0; require { type fprintd_t; diff --git a/redhat/main/tdebase/tdm.el8.pp b/redhat/main/tdebase/tdm.el8.pp deleted file mode 120000 index 3d25dc4f0..000000000 --- a/redhat/main/tdebase/tdm.el8.pp +++ /dev/null @@ -1 +0,0 @@ -tdm.el7.pp \ No newline at end of file diff --git a/redhat/main/tdebase/tdm.el8.te b/redhat/main/tdebase/tdm.el8.te new file mode 100644 index 000000000..519ca0506 --- /dev/null +++ b/redhat/main/tdebase/tdm.el8.te @@ -0,0 +1,11 @@ + +module tdm 1.0; + +require { + type fprintd_t; + type init_t; + class dbus send_msg; +} + +#============= fprintd_t ============== +allow fprintd_t init_t:dbus send_msg; diff --git a/redhat/main/tdebase/tdm.fc17.pp b/redhat/main/tdebase/tdm.fc17.pp deleted file mode 100644 index dec162d228c5277db2395d6402b82b0986e2cda6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 936 zcmb`FK~BR^3`9d=0V_B{Pf*bnTW{FW6$gma{1gSz6eT}W7hC~xURK~&GSmejA;C!g zGamapiQ<>Hr`MyRD2NM>XV1@_Z?C5}O*?F-i%l9H>WN#}w4HhYIH&b&Rn4!CUC(Ei z=JXYselix6!yqk(o>Am|-KKKg->FAFeVgTdUFEVfk`X519JTD|@d*SoVLij;!QG~9 za#xl4EcEDIjph-n$F6B}Dzl8ASP#+=`sAT)4AsT>5#|Y@Iv)XSckU0(R^PsI*vmaa zePTSpTo9`9pMmYpkK;F*`}7f-CB_p>!uh{+82Km3`?AC=EII~Dr3IaY8k(AxD&Aqi LK9?vK-2aAm^wl#F diff --git a/redhat/main/tdebase/tdm.fc18.pp b/redhat/main/tdebase/tdm.fc18.pp deleted file mode 100644 index 2e79e9554298d85f27a803c1044bacbe3609de92..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 936 zcmb`FK~BR^3`9d=0V_B{Pf*bvOK;fG6$gma{1gSz6eT}W7hC~xURK~&GSmejA;C!g zGamapiQ<>Hr`MyRD2NM>XV1@_Z?C5}O*?F-i%l9H>WN#}w4HhYIH&b&Rn4!CUC(Ei z=JXYselix6!yqk(o>Am|-KKKg->FAFeVgTdUFEVfk`X519JTD|@d*SoVLij;!QG~9 za#xl4EcEDIjph-n$F6B}Dzl8ASP#+=`sAT)4AsT>5#|Y@Iv)XSckU0(R^PsI*vmaa zePTSpTo9`9pMmYpkK;F*`}7f-CB_p>!uh{+82Km3`?AC=EII~Dr3IaY8k(AxD&Aqi LK9?vK-2aAm_%|~W diff --git a/redhat/main/tdebase/tdm.fc19.pp b/redhat/main/tdebase/tdm.fc19.pp deleted file mode 100644 index dec162d228c5277db2395d6402b82b0986e2cda6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 936 zcmb`FK~BR^3`9d=0V_B{Pf*bnTW{FW6$gma{1gSz6eT}W7hC~xURK~&GSmejA;C!g zGamapiQ<>Hr`MyRD2NM>XV1@_Z?C5}O*?F-i%l9H>WN#}w4HhYIH&b&Rn4!CUC(Ei z=JXYselix6!yqk(o>Am|-KKKg->FAFeVgTdUFEVfk`X519JTD|@d*SoVLij;!QG~9 za#xl4EcEDIjph-n$F6B}Dzl8ASP#+=`sAT)4AsT>5#|Y@Iv)XSckU0(R^PsI*vmaa zePTSpTo9`9pMmYpkK;F*`}7f-CB_p>!uh{+82Km3`?AC=EII~Dr3IaY8k(AxD&Aqi LK9?vK-2aAm^wl#F diff --git a/redhat/main/tdebase/tdm.fc20.pp b/redhat/main/tdebase/tdm.fc20.pp deleted file mode 100644 index d0c0d4be8e312f2875f8a8c50c2e527743daa1cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 932 zcmb`FK~BP85QS?sMpxnuH~~RVFdKKe;s8zHFQ!I{p??z>Ucq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nBUcq=?RybeVCqL-IL??Ok z-n^NAfG{7sx9v%mWnkoZ_xj3tb~nDS>h^W~unz5WnY(rEVC=#{z%i^Q%f;>V)b-6| zYEH+Y?Po(nHB5wg+pvndDeF+Inn%sZXKp=zDi^WX7{w4K;hbvOsmD(M=L73AygYbY z)m1FwrMsGd3F~s7mM@#Cj-iN&_oF;s!jL?)4bX>(@zXFbfcm*>!n(Xq+O4^L=Wv#H zKyzX|g}DIg@h=nB