rpms/pam_ssh/devel pam_ssh.te,NONE,1.1 pam_ssh.spec,1.13,1.14

Martin Ebourne (mebourne) fedora-extras-commits at redhat.com
Sat Nov 24 00:01:00 UTC 2007 

Author: mebourne

Update of /cvs/pkgs/rpms/pam_ssh/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18310

Modified Files:
	pam_ssh.spec 
Added Files:
	pam_ssh.te 
Log Message:
Added SELinux policy module


--- NEW FILE pam_ssh.te ---
policy_module(pam_ssh,VERSION)

require {
	type local_login_t;
	type local_login_tmp_t;
	type ssh_agent_exec_t;
	type sshd_t;
	type xdm_t;
        type user_home_ssh_t;
        type var_run_t;
        class dir { write add_name };
        class file { read getattr execute execute_no_trans };
        class sock_file create;
}

allow local_login_t ssh_agent_exec_t:file { read execute execute_no_trans };
allow local_login_t user_home_ssh_t:file { read getattr };
allow local_login_t var_run_t:dir { write add_name };
allow local_login_t var_run_t:file { create read getattr };
allow local_login_t local_login_tmp_t:sock_file create;

allow sshd_t ssh_agent_exec_t:file { read execute execute_no_trans };
allow sshd_t user_home_ssh_t:file { read getattr };
allow sshd_t var_run_t:dir { write add_name };
allow sshd_t var_run_t:file { create read getattr };
allow sshd_t local_login_tmp_t:sock_file create;

allow xdm_t ssh_agent_exec_t:file { read execute execute_no_trans };
allow xdm_t user_home_ssh_t:file { read getattr };
allow xdm_t var_run_t:dir { write add_name };
allow xdm_t var_run_t:file { create read getattr };
allow xdm_t local_login_tmp_t:sock_file create;


Index: pam_ssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ssh/devel/pam_ssh.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- pam_ssh.spec	23 Aug 2007 09:40:55 -0000	1.13
+++ pam_ssh.spec	24 Nov 2007 00:00:24 -0000	1.14
@@ -1,8 +1,9 @@
 Name: pam_ssh
 Version: 1.92
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: PAM module for use with SSH keys and ssh-agent
 Source: http://downloads.sourceforge.net/pam-ssh/pam_ssh-%{version}.tar.bz2
+Source1: %{name}.te
 URL: http://sourceforge.net/projects/pam-ssh/
 Patch0: pam_ssh-1.91-getpwnam.patch
 # put agent files in /var/run instead of the home directory to avoid
@@ -18,7 +19,9 @@
 License: BSD
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: openssh-clients
+Requires: policycoreutils
 BuildRequires: pam-devel, openssh-clients, openssl-devel
+BuildRequires: selinux-policy-devel, checkpolicy
 Group: System Environment/Base
 
 %description
@@ -43,11 +46,17 @@
 make clean
 make %{?_smp_mflags}
 
+mkdir selinux
+sed -e 's/VERSION/%{version}/' %{SOURCE1} > selinux/%{name}.te
+make -C selinux -f %{_datadir}/selinux/devel/Makefile
+
 %install
 rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
 
 install -d -m 755 $RPM_BUILD_ROOT/%{_localstatedir}/run/pam_ssh
+install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}
+install -m 644 selinux/%{name}.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/%{name}.pp
 
 find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
 
@@ -60,8 +69,21 @@
 /%{_lib}/security/pam_ssh.so
 %{_mandir}/man[^3]/pam_ssh*
 %dir %{_localstatedir}/run/pam_ssh
+%dir %{_datadir}/selinux/packages/%{name}
+%{_datadir}/selinux/packages/%{name}/%{name}.pp
+
+%post
+semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp || :
+
+%postun
+if [ "$1" -eq "0" ]; then
+  semodule -r %{module} || :
+fi
 
 %changelog
+* Thu Nov 15 2007 Martin Ebourne <martin at zepler.org> - 1.92-3
+- Added SELinux policy module
+
 * Thu Aug 23 2007 Patrice Dumas <pertusus at free.fr> 1.92-2
 - update to 1.92
 - Fix #253959, CVE-2007-0844

More information about the fedora-extras-commits mailing list