rpms/pam_ssh/devel pam_ssh.te,NONE,1.1 pam_ssh.spec,1.13,1.14
Martin Ebourne (mebourne)
fedora-extras-commits at redhat.com
Sat Nov 24 00:01:00 UTC 2007
- Previous message (by thread): rpms/pam_ssh/F-8 pam_ssh.te,NONE,1.1 pam_ssh.spec,1.13,1.14
- Next message (by thread): rpms/wxMaxima/F-7 .cvsignore, 1.6, 1.7 sources, 1.5, 1.6 wxMaxima.spec, 1.14, 1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mebourne
Update of /cvs/pkgs/rpms/pam_ssh/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18310
Modified Files:
pam_ssh.spec
Added Files:
pam_ssh.te
Log Message:
Added SELinux policy module
--- NEW FILE pam_ssh.te ---
policy_module(pam_ssh,VERSION)
require {
type local_login_t;
type local_login_tmp_t;
type ssh_agent_exec_t;
type sshd_t;
type xdm_t;
type user_home_ssh_t;
type var_run_t;
class dir { write add_name };
class file { read getattr execute execute_no_trans };
class sock_file create;
}
allow local_login_t ssh_agent_exec_t:file { read execute execute_no_trans };
allow local_login_t user_home_ssh_t:file { read getattr };
allow local_login_t var_run_t:dir { write add_name };
allow local_login_t var_run_t:file { create read getattr };
allow local_login_t local_login_tmp_t:sock_file create;
allow sshd_t ssh_agent_exec_t:file { read execute execute_no_trans };
allow sshd_t user_home_ssh_t:file { read getattr };
allow sshd_t var_run_t:dir { write add_name };
allow sshd_t var_run_t:file { create read getattr };
allow sshd_t local_login_tmp_t:sock_file create;
allow xdm_t ssh_agent_exec_t:file { read execute execute_no_trans };
allow xdm_t user_home_ssh_t:file { read getattr };
allow xdm_t var_run_t:dir { write add_name };
allow xdm_t var_run_t:file { create read getattr };
allow xdm_t local_login_tmp_t:sock_file create;
Index: pam_ssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_ssh/devel/pam_ssh.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- pam_ssh.spec 23 Aug 2007 09:40:55 -0000 1.13
+++ pam_ssh.spec 24 Nov 2007 00:00:24 -0000 1.14
@@ -1,8 +1,9 @@
Name: pam_ssh
Version: 1.92
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: PAM module for use with SSH keys and ssh-agent
Source: http://downloads.sourceforge.net/pam-ssh/pam_ssh-%{version}.tar.bz2
+Source1: %{name}.te
URL: http://sourceforge.net/projects/pam-ssh/
Patch0: pam_ssh-1.91-getpwnam.patch
# put agent files in /var/run instead of the home directory to avoid
@@ -18,7 +19,9 @@
License: BSD
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: openssh-clients
+Requires: policycoreutils
BuildRequires: pam-devel, openssh-clients, openssl-devel
+BuildRequires: selinux-policy-devel, checkpolicy
Group: System Environment/Base
%description
@@ -43,11 +46,17 @@
make clean
make %{?_smp_mflags}
+mkdir selinux
+sed -e 's/VERSION/%{version}/' %{SOURCE1} > selinux/%{name}.te
+make -C selinux -f %{_datadir}/selinux/devel/Makefile
+
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
install -d -m 755 $RPM_BUILD_ROOT/%{_localstatedir}/run/pam_ssh
+install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}
+install -m 644 selinux/%{name}.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/%{name}.pp
find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
@@ -60,8 +69,21 @@
/%{_lib}/security/pam_ssh.so
%{_mandir}/man[^3]/pam_ssh*
%dir %{_localstatedir}/run/pam_ssh
+%dir %{_datadir}/selinux/packages/%{name}
+%{_datadir}/selinux/packages/%{name}/%{name}.pp
+
+%post
+semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp || :
+
+%postun
+if [ "$1" -eq "0" ]; then
+ semodule -r %{module} || :
+fi
%changelog
+* Thu Nov 15 2007 Martin Ebourne <martin at zepler.org> - 1.92-3
+- Added SELinux policy module
+
* Thu Aug 23 2007 Patrice Dumas <pertusus at free.fr> 1.92-2
- update to 1.92
- Fix #253959, CVE-2007-0844
- Previous message (by thread): rpms/pam_ssh/F-8 pam_ssh.te,NONE,1.1 pam_ssh.spec,1.13,1.14
- Next message (by thread): rpms/wxMaxima/F-7 .cvsignore, 1.6, 1.7 sources, 1.5, 1.6 wxMaxima.spec, 1.14, 1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list