rpms/crossfire/devel crossfire.spec,1.5,1.6 crossfire.te,1.1,1.2

Michael Thomas (wart) fedora-extras-commits at redhat.com
Wed Jul 18 04:13:30 UTC 2007 

Author: wart

Update of /cvs/extras/rpms/crossfire/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5573

Modified Files:
	crossfire.spec crossfire.te 
Log Message:
Fix directory ownership (BZ #233828).  Update selinux policy




Index: crossfire.spec
===================================================================
RCS file: /cvs/extras/rpms/crossfire/devel/crossfire.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- crossfire.spec	23 May 2007 18:39:12 -0000	1.5
+++ crossfire.spec	18 Jul 2007 04:12:57 -0000	1.6
@@ -7,7 +7,7 @@
 
 Name: crossfire
 Version: 1.10.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Server for hosting crossfire games
 Group: Amusements/Games
 License: GPL
@@ -74,7 +74,6 @@
 %package client-images
 Summary: Image cache for crossfire clients
 Group: Amusements/Games
-# crossfire-client provides a directory needed by the images.
 # No version dependency for the client since the images are pretty
 # ignorant of the client version.
 Requires: crossfire-client
@@ -90,7 +89,7 @@
 Requires:       selinux-policy >= %{selinux_policyver}
 %endif
 Requires(post):         /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles
-Requires(preun):        /sbin/service /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles /usr/sbin/setsebool
+Requires(preun):        /sbin/service /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles
 Requires(postun):       /usr/sbin/semodule
 %description selinux
 selinux policy files for the Crossfire game server
@@ -149,10 +148,10 @@
 make DESTDIR=$RPM_BUILD_ROOT install
 
 # Install the client images
-mkdir -p $RPM_BUILD_ROOT/%{_datadir}/%{name}/%{name}-client
-tar xf %{name}-images.tar -C $RPM_BUILD_ROOT/%{_datadir}/%{name}/%{name}-client
+mkdir -p $RPM_BUILD_ROOT/%{_datadir}/%{name}-client
+tar xf %{name}-images.tar -C $RPM_BUILD_ROOT/%{_datadir}/%{name}-client
 # Nuke the installation instructions for the image archive.
-rm $RPM_BUILD_ROOT/%{_datadir}/%{name}/%{name}-client/README
+rm $RPM_BUILD_ROOT/%{_datadir}/%{name}-client/README
 
 install -pD -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_initrddir}/crossfire
 
@@ -234,7 +233,7 @@
   /usr/sbin/semodule -s ${selinuxvariant} -i \
     %{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
 done
-/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 13327 || :
+/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 13327 > /dev/null 2>&1 || :
 /sbin/fixfiles -R %{name} restore || :
 /sbin/service %{name} condrestart > /dev/null 2>&1 || :
 
@@ -247,10 +246,9 @@
 %preun selinux
 if [ "$1" -lt "1" ] ; then
     # Disable the policy and restart the daemon
-    /usr/sbin/setsebool %{name}_disable_trans 1
     /sbin/service %{name} condrestart > /dev/null 2>&1 || :
     # Unload the module
-    /usr/sbin/semanage port -d -t %{name}_port_t -p tcp 13327 || :
+    /usr/sbin/semanage port -d -t %{name}_port_t -p tcp 13327 >/dev/null 2>&1 || :
     for variant in %{selinux_variants} ; do
         /usr/sbin/semodule -s ${variant} -r %{name} &> /dev/null || :
     done
@@ -285,7 +283,6 @@
 %{_bindir}/crossloop
 %{_bindir}/cross_random_map
 %{_datadir}/%{name}
-%exclude %{_datadir}/%{name}/%{name}-client
 %dir %{_libdir}/%{name}
 %dir %{_sysconfdir}/%{name}
 %config(noreplace) %{_sysconfdir}/%{name}/ban_file
@@ -320,7 +317,7 @@
 
 %files client-images
 %defattr(-,root,root,-)
-%{_datadir}/%{name}/%{name}-client
+%{_datadir}/%{name}-client
 
 %files selinux
 %defattr(-,root,root,-)
@@ -335,6 +332,10 @@
 
 
 %changelog
+* Thu Jul 12 2007 Wart <wart at kobold.org> 1.10.0-2
+- Move client images outside of the server data directory.
+- Update selinux policy
+
 * Tue May 22 2007 Wart <wart at kobold.org> 1.10.0-1
 - Update to 1.10.0
 - Drop patch that was accepted upstream


Index: crossfire.te
===================================================================
RCS file: /cvs/extras/rpms/crossfire/devel/crossfire.te,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- crossfire.te	31 Aug 2006 15:13:57 -0000	1.1
+++ crossfire.te	18 Jul 2007 04:12:57 -0000	1.2
@@ -7,6 +7,7 @@
 
 gen_require(`
     type port_t;
+    type games_data_t;
     attribute port_type;
 ')
 
@@ -60,6 +61,7 @@
 
 # log files
 allow crossfire_t crossfire_var_log_t:file create_file_perms;
+allow crossfire_t crossfire_var_log_t:file append;
 allow crossfire_t crossfire_var_log_t:sock_file create_file_perms;
 allow crossfire_t crossfire_var_log_t:dir { rw_dir_perms setattr };
 logging_log_filetrans(crossfire_t,crossfire_var_log_t,{ sock_file file dir })
@@ -68,7 +70,7 @@
 sysnet_dns_name_resolve(crossfire_t)
 corenet_tcp_sendrecv_all_if(crossfire_t)
 corenet_tcp_sendrecv_all_nodes(crossfire_t)
-corenet_non_ipsec_sendrecv(crossfire_t)
+corenet_all_recvfrom_unlabeled(crossfire_t)
 corenet_tcp_bind_all_nodes(crossfire_t)
 allow crossfire_t self:tcp_socket { listen accept };
 # The application expects crossfire_port_t to be port 13327.
@@ -88,8 +90,11 @@
 
 
 # Game data files
-allow crossfire_t crossfire_variable_data_t:file { create_file_perms };
-allow crossfire_t crossfire_variable_data_t:dir { create_dir_perms };
+allow crossfire_t crossfire_variable_data_t:file { manage_file_perms };
+allow crossfire_t crossfire_variable_data_t:dir { manage_dir_perms };
+allow crossfire_t games_data_t:dir search;
+allow crossfire_t games_data_t:dir getattr;
+
 
 # Misc rules that are needed.  I don't understand the meaning of some
 # of these, and for others I don't yet understand why the game needs
@@ -100,3 +105,4 @@
 kernel_read_kernel_sysctls(crossfire_t)
 term_dontaudit_use_generic_ptys(crossfire_t)
 kernel_read_system_state(crossfire_t)
+allow crossfire_t tmp_t:dir getattr;

More information about the fedora-extras-commits mailing list