rpms/crossfire/devel crossfire.spec,1.5,1.6 crossfire.te,1.1,1.2
Michael Thomas (wart)
fedora-extras-commits at redhat.com
Wed Jul 18 04:13:30 UTC 2007
Author: wart
Update of /cvs/extras/rpms/crossfire/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5573
Modified Files:
crossfire.spec crossfire.te
Log Message:
Fix directory ownership (BZ #233828). Update selinux policy
Index: crossfire.spec
===================================================================
RCS file: /cvs/extras/rpms/crossfire/devel/crossfire.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- crossfire.spec 23 May 2007 18:39:12 -0000 1.5
+++ crossfire.spec 18 Jul 2007 04:12:57 -0000 1.6
@@ -7,7 +7,7 @@
Name: crossfire
Version: 1.10.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Server for hosting crossfire games
Group: Amusements/Games
License: GPL
@@ -74,7 +74,6 @@
%package client-images
Summary: Image cache for crossfire clients
Group: Amusements/Games
-# crossfire-client provides a directory needed by the images.
# No version dependency for the client since the images are pretty
# ignorant of the client version.
Requires: crossfire-client
@@ -90,7 +89,7 @@
Requires: selinux-policy >= %{selinux_policyver}
%endif
Requires(post): /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles
-Requires(preun): /sbin/service /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles /usr/sbin/setsebool
+Requires(preun): /sbin/service /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles
Requires(postun): /usr/sbin/semodule
%description selinux
selinux policy files for the Crossfire game server
@@ -149,10 +148,10 @@
make DESTDIR=$RPM_BUILD_ROOT install
# Install the client images
-mkdir -p $RPM_BUILD_ROOT/%{_datadir}/%{name}/%{name}-client
-tar xf %{name}-images.tar -C $RPM_BUILD_ROOT/%{_datadir}/%{name}/%{name}-client
+mkdir -p $RPM_BUILD_ROOT/%{_datadir}/%{name}-client
+tar xf %{name}-images.tar -C $RPM_BUILD_ROOT/%{_datadir}/%{name}-client
# Nuke the installation instructions for the image archive.
-rm $RPM_BUILD_ROOT/%{_datadir}/%{name}/%{name}-client/README
+rm $RPM_BUILD_ROOT/%{_datadir}/%{name}-client/README
install -pD -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_initrddir}/crossfire
@@ -234,7 +233,7 @@
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
done
-/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 13327 || :
+/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 13327 > /dev/null 2>&1 || :
/sbin/fixfiles -R %{name} restore || :
/sbin/service %{name} condrestart > /dev/null 2>&1 || :
@@ -247,10 +246,9 @@
%preun selinux
if [ "$1" -lt "1" ] ; then
# Disable the policy and restart the daemon
- /usr/sbin/setsebool %{name}_disable_trans 1
/sbin/service %{name} condrestart > /dev/null 2>&1 || :
# Unload the module
- /usr/sbin/semanage port -d -t %{name}_port_t -p tcp 13327 || :
+ /usr/sbin/semanage port -d -t %{name}_port_t -p tcp 13327 >/dev/null 2>&1 || :
for variant in %{selinux_variants} ; do
/usr/sbin/semodule -s ${variant} -r %{name} &> /dev/null || :
done
@@ -285,7 +283,6 @@
%{_bindir}/crossloop
%{_bindir}/cross_random_map
%{_datadir}/%{name}
-%exclude %{_datadir}/%{name}/%{name}-client
%dir %{_libdir}/%{name}
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/ban_file
@@ -320,7 +317,7 @@
%files client-images
%defattr(-,root,root,-)
-%{_datadir}/%{name}/%{name}-client
+%{_datadir}/%{name}-client
%files selinux
%defattr(-,root,root,-)
@@ -335,6 +332,10 @@
%changelog
+* Thu Jul 12 2007 Wart <wart at kobold.org> 1.10.0-2
+- Move client images outside of the server data directory.
+- Update selinux policy
+
* Tue May 22 2007 Wart <wart at kobold.org> 1.10.0-1
- Update to 1.10.0
- Drop patch that was accepted upstream
Index: crossfire.te
===================================================================
RCS file: /cvs/extras/rpms/crossfire/devel/crossfire.te,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- crossfire.te 31 Aug 2006 15:13:57 -0000 1.1
+++ crossfire.te 18 Jul 2007 04:12:57 -0000 1.2
@@ -7,6 +7,7 @@
gen_require(`
type port_t;
+ type games_data_t;
attribute port_type;
')
@@ -60,6 +61,7 @@
# log files
allow crossfire_t crossfire_var_log_t:file create_file_perms;
+allow crossfire_t crossfire_var_log_t:file append;
allow crossfire_t crossfire_var_log_t:sock_file create_file_perms;
allow crossfire_t crossfire_var_log_t:dir { rw_dir_perms setattr };
logging_log_filetrans(crossfire_t,crossfire_var_log_t,{ sock_file file dir })
@@ -68,7 +70,7 @@
sysnet_dns_name_resolve(crossfire_t)
corenet_tcp_sendrecv_all_if(crossfire_t)
corenet_tcp_sendrecv_all_nodes(crossfire_t)
-corenet_non_ipsec_sendrecv(crossfire_t)
+corenet_all_recvfrom_unlabeled(crossfire_t)
corenet_tcp_bind_all_nodes(crossfire_t)
allow crossfire_t self:tcp_socket { listen accept };
# The application expects crossfire_port_t to be port 13327.
@@ -88,8 +90,11 @@
# Game data files
-allow crossfire_t crossfire_variable_data_t:file { create_file_perms };
-allow crossfire_t crossfire_variable_data_t:dir { create_dir_perms };
+allow crossfire_t crossfire_variable_data_t:file { manage_file_perms };
+allow crossfire_t crossfire_variable_data_t:dir { manage_dir_perms };
+allow crossfire_t games_data_t:dir search;
+allow crossfire_t games_data_t:dir getattr;
+
# Misc rules that are needed. I don't understand the meaning of some
# of these, and for others I don't yet understand why the game needs
@@ -100,3 +105,4 @@
kernel_read_kernel_sysctls(crossfire_t)
term_dontaudit_use_generic_ptys(crossfire_t)
kernel_read_system_state(crossfire_t)
+allow crossfire_t tmp_t:dir getattr;
More information about the fedora-extras-commits
mailing list