rpms/mailgraph/devel mailgraph.fc, NONE, 1.1 mailgraph.if, NONE, 1.1 mailgraph.te, NONE, 1.1 mailgraph.spec, 1.3, 1.4
Bernard Johnson (bjohnson)
fedora-extras-commits at redhat.com
Mon Jun 25 17:56:56 UTC 2007
- Previous message (by thread): rpms/mailgraph/FC-6 mailgraph.fc, NONE, 1.1 mailgraph.if, NONE, 1.1 mailgraph.te, NONE, 1.1 mailgraph.spec, 1.3, 1.4
- Next message (by thread): devel/rpm rpm.spec,1.233,1.234
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: bjohnson
Update of /cvs/pkgs/rpms/mailgraph/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11032/devel
Modified Files:
mailgraph.spec
Added Files:
mailgraph.fc mailgraph.if mailgraph.te
Log Message:
patch to detect spamproxyd spam reports in fedora
update to 1.13
selinux fu added
--- NEW FILE mailgraph.fc ---
/usr/share/mailgraph/mailgraph.cgi -- gen_context(system_u:object_r:httpd_mailgraph_script_exec_t,s0)
/var/cache/mailgraph(/.*)? gen_context(system_u:object_r:httpd_mailgraph_script_rw_t,s0)
/var/lib/mailgraph(/.*)? gen_context(system_u:object_r:httpd_mailgraph_script_var_lib_t,s0)
--- NEW FILE mailgraph.if ---
## <summary>policy for httpd_mailgraph_script</summary>
########################################
## <summary>
## Execute a domain transition to run httpd_mailgraph_script.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`httpd_mailgraph_script_domtrans',`
gen_require(`
type httpd_mailgraph_script_t, httpd_mailgraph_script_exec_t;
')
domain_auto_trans($1,httpd_mailgraph_script_exec_t,httpd_mailgraph_script_t)
allow httpd_mailgraph_script_t $1:fd use;
allow httpd_mailgraph_script_t $1:fifo_file rw_file_perms;
allow httpd_mailgraph_script_t $1:process sigchld;
')
########################################
## <summary>
## Search httpd_mailgraph_script rw directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`httpd_mailgraph_script_search_rw_dir',`
gen_require(`
type httpd_mailgraph_script_rw_t;
')
allow $1 httpd_mailgraph_script_rw_t:dir search_dir_perms;
files_search_rw($1)
')
########################################
## <summary>
## Read httpd_mailgraph_script rw files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`httpd_mailgraph_script_read_rw_files',`
gen_require(`
type httpd_mailgraph_script_rw_t;
')
allow $1 httpd_mailgraph_script_rw_t:file r_file_perms;
allow $1 httpd_mailgraph_script_rw_t:dir list_dir_perms;
files_search_rw($1)
')
########################################
## <summary>
## Create, read, write, and delete
## httpd_mailgraph_script rw files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`httpd_mailgraph_script_manage_rw_files',`
gen_require(`
type httpd_mailgraph_script_rw_t;
')
allow $1 httpd_mailgraph_script_rw_t:file manage_file_perms;
allow $1 httpd_mailgraph_script_rw_t:dir rw_dir_perms;
')
########################################
## <summary>
## Search httpd_mailgraph_script lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`httpd_mailgraph_script_search_lib',`
gen_require(`
type httpd_mailgraph_script_var_lib_t;
')
allow $1 httpd_mailgraph_script_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Read httpd_mailgraph_script lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`httpd_mailgraph_script_read_lib_files',`
gen_require(`
type httpd_mailgraph_script_var_lib_t;
')
allow $1 httpd_mailgraph_script_var_lib_t:file r_file_perms;
allow $1 httpd_mailgraph_script_var_lib_t:dir list_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Create, read, write, and delete
## httpd_mailgraph_script lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`httpd_mailgraph_script_manage_lib_files',`
gen_require(`
type httpd_mailgraph_script_var_lib_t;
')
allow $1 httpd_mailgraph_script_var_lib_t:file manage_file_perms;
allow $1 httpd_mailgraph_script_var_lib_t:dir rw_dir_perms;
files_search_var_lib($1)
')
--- NEW FILE mailgraph.te ---
policy_module(mailgraph,1.0.0)
########################################
#
# Declarations
#
apache_content_template(mailgraph)
type httpd_mailgraph_script_var_lib_t;
files_type(httpd_mailgraph_script_var_lib_t)
allow httpd_mailgraph_script_t httpd_mailgraph_script_rw_t:file manage_file_perms;
allow httpd_mailgraph_script_t httpd_mailgraph_script_rw_t:dir create_dir_perms;
files_pid_filetrans(httpd_mailgraph_script_t,httpd_mailgraph_script_rw_t, { file dir })
allow httpd_mailgraph_script_t httpd_mailgraph_script_var_lib_t:file manage_file_perms;
allow httpd_mailgraph_script_t httpd_mailgraph_script_var_lib_t:dir manage_dir_perms;
files_var_lib_filetrans(httpd_mailgraph_script_t,httpd_mailgraph_script_var_lib_t, { file dir })
Index: mailgraph.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mailgraph/devel/mailgraph.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mailgraph.spec 21 Jun 2007 20:01:42 -0000 1.3
+++ mailgraph.spec 25 Jun 2007 17:56:19 -0000 1.4
@@ -1,3 +1,5 @@
+%define selinux_variants mls strict targeted
+
Name: mailgraph
Version: 1.13
Release: 1%{?dist}%{?repotag:.%{repotag}}
@@ -11,10 +13,15 @@
Source1: mailgraph.init
Source2: mailgraph.conf
Source3: mailgraph.sysconfig
+Source4: mailgraph.te
+Source5: mailgraph.fc
+Source6: mailgraph.if
Patch0: paths.patch
Patch1: mailgraph-spampd.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: checkpolicy, selinux-policy-devel, hardlink
+
Requires: perl(File::Tail), rrdtool, httpd
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: initscripts
@@ -26,13 +33,39 @@
Sendmail that produces daily, weekly, monthly and yearly graphs of
received/sent and bounced/rejected mail.
+%package selinux
+Summary: A RRDtool frontend for Mail statistics
+
+Group: System Environment/Daemons
+%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
+%if "%{selinux_policyver}" != ""
+Requires: selinux-policy >= %{selinux_policyver}
+%endif
+Requires: %{name} = %{version}-%{release}
+
+Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, %{name}
+Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, %{name}
+
+%description selinux
+This is the selinux policy for mailgraph.
+
%prep
%setup -q
%patch0 -p1 -b .paths
%patch1 -p2 -b .spampd
+mkdir selinux
+cp -p %{SOURCE4} %{SOURCE5} %{SOURCE6} ./selinux/
+
%build
+cd selinux
+for selinuxvariant in %{selinux_variants}; do
+ make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile
+ mv %{name}.pp %{name}.pp.${selinuxvariant}
+ make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile clean
+done
+cd -
%install
rm -rf $RPM_BUILD_ROOT
@@ -50,6 +83,17 @@
%{__install} -p -m 0644 %SOURCE2 $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/
%{__install} -p -m 0644 %SOURCE3 $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/mailgraph
+cd selinux
+for selinuxvariant in %{selinux_variants}; do
+ install -d $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant}
+ install -p -m 644 %{name}.pp.${selinuxvariant} \
+ $RPM_BUILD_ROOT/%{_datadir}/selinux/${selinuxvariant}/%{name}.pp
+done
+cd -
+
+# Hardlink identical policy module packages together
+/usr/sbin/hardlink -cv $RPM_BUILD_ROOT/%{_datadir}/selinux
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -68,6 +112,35 @@
/sbin/service %{name} condrestart 2>&1 > /dev/null || :
fi
+%post selinux
+# Explicitly allow transitions into the new domain
+/usr/sbin/setsebool %{name}_disable_trans 0 &> /dev/null || :
+
+for selinuxvariant in %{selinux_variants}; do
+ /usr/sbin/semodule -s ${selinuxvariant} -i \
+ %{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
+done
+
+# Fix up non-standard file contexts
+/sbin/fixfiles -R %{name} restore || :
+/sbin/restorecon -R %{_localstatedir}/cache/%{name} || :
+
+%postun selinux
+# Clean up after package removal
+if [ $1 -eq 0 ]; then
+ /usr/sbin/sesetbool %{name}_disable_trans 1
+ /sbin/service %{name} condrestart &> /dev/null || :
+
+ # Remove SELinux policy modules
+ for selinuxvariant in %{selinux_variants}
+ do
+ /usr/sbin/semodule -s ${selinuxvariant} -r %{name} &> /dev/null || :
+ done
+ /sbin/fixfiles -R %{name} restore || :
+ # Clean up any remaining file contexts (shouldn't be any really)
+ [ -d %{_localstatedir}/cache/%{name} ] && \
+ /sbin/restorecon -R %{_localstatedir}/cache/%{name} &> /dev/null || :
+fi
%files
%defattr(-,root,root,-)
@@ -80,11 +153,16 @@
%config(noreplace) %{_sysconfdir}/httpd/conf.d/mailgraph.conf
%doc CHANGES COPYING README
+%files selinux
+%defattr(-,root,root,-)
+%{_datadir}/selinux/*/%{name}.pp
+%doc selinux/*
%changelog
-* Thu Jun 21 2007 Bernard Johnson <bjohnson at symetrix.com> - 1.13-1
+* Mon Jun 25 2007 Bernard Johnson <bjohnson at symetrix.com> - 1.13-1
- v 1.13
- patch from Thomas Vander Stichele to catch logging of spampd on fedora
+- selinux policy fu
* Sun Mar 25 2007 Bernard Johnson <bjohnson at symetrix.com> - 1.12-5
- require initscripts because initfile uses daemon function
- Previous message (by thread): rpms/mailgraph/FC-6 mailgraph.fc, NONE, 1.1 mailgraph.if, NONE, 1.1 mailgraph.te, NONE, 1.1 mailgraph.spec, 1.3, 1.4
- Next message (by thread): devel/rpm rpm.spec,1.233,1.234
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list