|
 |
cb8260 |
Summary: SELinux Translation Daemon
|
|
|
cb8260 |
Name: mcstrans
|
|
|
cb8260 |
Version: 0.3.4
|
|
|
6d9865 |
Release: 5%{?dist}
|
|
|
cb8260 |
License: GPL+
|
|
|
cb8260 |
Group: System Environment/Daemons
|
|
|
cb8260 |
Source: http://fedora.redhat.com/projects/%{name}-%{version}.tgz
|
|
|
cb8260 |
Source1: mcstransd.service
|
|
|
cb8260 |
Source2: secolor.conf.5
|
|
|
cb8260 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
cb8260 |
BuildRequires: libselinux-devel >= 1.30.3-1
|
|
|
cb8260 |
BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
|
|
|
cb8260 |
BuildRequires: systemd-units
|
|
|
cb8260 |
Requires: pcre
|
|
|
cb8260 |
Requires(pre): systemd-units
|
|
|
cb8260 |
Requires(post):systemd-units
|
|
|
cb8260 |
Provides: setransd
|
|
|
cb8260 |
Provides: libsetrans
|
|
|
cb8260 |
Obsoletes: libsetrans
|
|
|
cb8260 |
|
|
|
cb8260 |
%description
|
|
|
cb8260 |
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
|
|
cb8260 |
of utilities with enhanced security functionality designed to add
|
|
|
cb8260 |
mandatory access controls to Linux. The Security-enhanced Linux
|
|
|
cb8260 |
kernel contains new architectural components originally developed to
|
|
|
cb8260 |
improve the security of the Flask operating system. These
|
|
|
cb8260 |
architectural components provide general support for the enforcement
|
|
|
cb8260 |
of many kinds of mandatory access control policies, including those
|
|
|
cb8260 |
based on the concepts of Type Enforcement®, Role-based Access
|
|
|
cb8260 |
Control, and Multi-level Security.
|
|
|
cb8260 |
|
|
|
cb8260 |
mcstrans provides an translation daemon to translate SELinux categories
|
|
|
cb8260 |
from internal representations to user defined representation.
|
|
|
cb8260 |
|
|
|
cb8260 |
%prep
|
|
|
cb8260 |
%setup -q
|
|
|
cb8260 |
|
|
|
cb8260 |
%build
|
|
|
cb8260 |
make clean
|
|
|
cb8260 |
make LIBDIR="%{_libdir}" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" CFLAGS="%{optflags} -fPIE" %{?_smp_mflags}
|
|
|
cb8260 |
|
|
|
cb8260 |
%install
|
|
|
cb8260 |
rm -rf %{buildroot}
|
|
|
cb8260 |
mkdir -p %{buildroot}/%{_lib}
|
|
|
cb8260 |
mkdir -p %{buildroot}/%{_libdir}
|
|
|
cb8260 |
mkdir -p %{buildroot}%{_usr}/share/mcstrans
|
|
|
cb8260 |
mkdir -p %{buildroot}%{_sysconfdir}/selinux/mls/setrans.d
|
|
|
cb8260 |
|
|
|
cb8260 |
make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" SBINDIR="%{buildroot}%{_sbindir}" install
|
|
|
cb8260 |
rm -f %{buildroot}%{_libdir}/*.a
|
|
|
cb8260 |
cp -r share/* %{buildroot}%{_usr}/share/mcstrans/
|
|
|
cb8260 |
# Systemd
|
|
|
cb8260 |
mkdir -p %{buildroot}%{_unitdir}
|
|
|
cb8260 |
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
|
|
|
cb8260 |
install -d %{buildroot}/usr/share/man/man5/
|
|
|
cb8260 |
install -m644 %{SOURCE2} %{buildroot}/usr/share/man/man5/
|
|
|
cb8260 |
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
|
|
|
cb8260 |
|
|
|
cb8260 |
%clean
|
|
|
cb8260 |
rm -rf %{buildroot}
|
|
|
cb8260 |
|
|
|
cb8260 |
%post
|
|
|
cb8260 |
if [ $1 -eq 1 ] ; then
|
|
|
cb8260 |
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
cb8260 |
fi
|
|
|
cb8260 |
|
|
|
cb8260 |
%preun
|
|
|
cb8260 |
if [ $1 -eq 0 ]; then
|
|
|
cb8260 |
/usr/bin/systemctl --no-reload mcstransd.service >/dev/null 2>&1 || :
|
|
|
cb8260 |
/usr/bin/systemctl stop mcstransd.service > /dev/null 2>&1 || :
|
|
|
cb8260 |
fi
|
|
|
cb8260 |
|
|
|
cb8260 |
%postun
|
|
|
cb8260 |
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
cb8260 |
if [ $1 -ge 1 ]; then
|
|
|
cb8260 |
/usr/bin/systemctl try-restart mcstransd.service >/dev/null 2>&1 || :
|
|
|
cb8260 |
fi
|
|
|
cb8260 |
|
|
|
cb8260 |
%files
|
|
|
cb8260 |
%defattr(-,root,root,0755)
|
|
|
cb8260 |
%{_mandir}/man5/secolor.conf.5.gz
|
|
|
cb8260 |
%{_mandir}/man8/mcs.8.gz
|
|
|
cb8260 |
%{_mandir}/man8/mcstransd.8.gz
|
|
|
cb8260 |
%{_mandir}/man8/setrans.conf.8.gz
|
|
|
cb8260 |
%{_mandir}/man8/secolor.conf.8.gz
|
|
|
cb8260 |
/usr/sbin/mcstransd
|
|
|
cb8260 |
%{_unitdir}/mcstransd.service
|
|
|
cb8260 |
%dir %{_sysconfdir}/selinux/mls/setrans.d
|
|
|
cb8260 |
|
|
|
cb8260 |
%dir %{_usr}/share/mcstrans
|
|
|
cb8260 |
|
|
|
cb8260 |
%defattr(0644,root,root,0755)
|
|
|
cb8260 |
%dir %{_usr}/share/mcstrans/util
|
|
|
cb8260 |
%dir %{_usr}/share/mcstrans/examples
|
|
|
cb8260 |
%{_usr}/share/mcstrans/examples/*
|
|
|
cb8260 |
|
|
|
cb8260 |
%defattr(0755,root,root,0755)
|
|
|
cb8260 |
%{_usr}/share/mcstrans/util/*
|
|
|
cb8260 |
|
|
|
cb8260 |
%changelog
|
|
|
6d9865 |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.3.4-5
|
|
|
6d9865 |
- Mass rebuild 2014-01-24
|
|
|
6d9865 |
|
|
|
6d9865 |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.3.4-4
|
|
|
6d9865 |
- Mass rebuild 2013-12-27
|
|
|
6d9865 |
|
|
|
cb8260 |
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-3
|
|
|
cb8260 |
- Add secolor.conf.5 man page
|
|
|
cb8260 |
- Make mcstrans PIE and fully relro
|
|
|
cb8260 |
Resolves: #983268
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue Oct 15 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-2
|
|
|
cb8260 |
- Add RELRO support for long running services
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Sep 12 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-1
|
|
|
cb8260 |
- Update to latest version/applying patches
|
|
|
cb8260 |
- Move binary to /usr/sbin rather then /sbin
|
|
|
cb8260 |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-8
|
|
|
cb8260 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.3-7
|
|
|
cb8260 |
- Add secolor.conf.5 man page
|
|
|
cb8260 |
- Make mcstransd watch for content being written to /run/setrans for files names containing translations.
|
|
|
cb8260 |
-- This will allow apps like libvirt to write content nameing randomly selected MCS labels
|
|
|
cb8260 |
- Fix memory leak in mcstransd
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-6
|
|
|
cb8260 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-5
|
|
|
cb8260 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
cb8260 |
|
|
|
cb8260 |
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.3.3-4
|
|
|
cb8260 |
- Rebuild against PCRE 8.30
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Feb 2 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-3
|
|
|
cb8260 |
- Fix the systemd service file
|
|
|
cb8260 |
|
|
|
cb8260 |
* Wed Feb 1 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-2
|
|
|
cb8260 |
- Update to upstream
|
|
|
cb8260 |
- Write pid file
|
|
|
cb8260 |
|
|
|
cb8260 |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-2
|
|
|
cb8260 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-1
|
|
|
cb8260 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
cb8260 |
|
|
|
cb8260 |
* Wed Jan 5 2011 Ted X Toth <txtoth@gmail.com> - 0.3.2-0
|
|
|
cb8260 |
- Add constraints
|
|
|
cb8260 |
- Add setrans.conf man page
|
|
|
cb8260 |
- Fix mixed raw and translated range bug
|
|
|
cb8260 |
- Moved todo comments to TODO file
|
|
|
cb8260 |
|
|
|
cb8260 |
* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 0.3.1-4
|
|
|
cb8260 |
- Add mcstransd man page
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Sep 17 2009 Miroslav Grepl <mgrepl@redhat.com> 0.3.1-3
|
|
|
cb8260 |
- Fix init script
|
|
|
cb8260 |
|
|
|
cb8260 |
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-2
|
|
|
cb8260 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Feb 5 2009 Joe Nall <joe@nall.com> 0.3.1-1
|
|
|
cb8260 |
- Rewrite translations to allow individual word/category mapping
|
|
|
cb8260 |
- Eamon Walsh's color mapping changes
|
|
|
cb8260 |
|
|
|
cb8260 |
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.2.11-2
|
|
|
cb8260 |
- fix license tag
|
|
|
cb8260 |
|
|
|
cb8260 |
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 0.2.11-1
|
|
|
cb8260 |
- More fixes from Jim Meyering
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.10-1
|
|
|
cb8260 |
- More error checking on failed strdup
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.9-1
|
|
|
cb8260 |
- Start mcstrans before netlabel
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon Apr 14 2008 Dan Walsh <dwalsh@redhat.com> 0.2.8-1
|
|
|
cb8260 |
- Fix error handling
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue Feb 12 2008 Dan Walsh <dwalsh@redhat.com> 0.2.7-2
|
|
|
cb8260 |
- Rebuild for gcc 4.3
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue Oct 30 2007 Steve Conklin <sconklin@redhat.com> - 0.2.7-1
|
|
|
cb8260 |
- Folded current patches into tarball
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-3
|
|
|
cb8260 |
- Fixed a compile problem with max_categories
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-2
|
|
|
cb8260 |
- Fixed some init script errors
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 0.2.6-1
|
|
|
cb8260 |
- Check for max_categories and error out
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 0.2.5-1
|
|
|
cb8260 |
- Fix case where s0=""
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon Feb 26 2007 Dan Walsh <dwalsh@redhat.com> 0.2.4-1
|
|
|
cb8260 |
- Translate range if fully specified correctly
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon Feb 12 2007 Dan Walsh <dwalsh@redhat.com> 0.2.3-1
|
|
|
cb8260 |
- Additional fix to handle ssh root/sysadm_r/s0:c1,c2
|
|
|
cb8260 |
Resolves: #224637
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon Feb 5 2007 Dan Walsh <dwalsh@redhat.com> 0.2.1-1
|
|
|
cb8260 |
- Rewrite to handle MLS properly
|
|
|
cb8260 |
Resolves: #225355
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon Jan 29 2007 Dan Walsh <dwalsh@redhat.com> 0.1.10-2
|
|
|
cb8260 |
- Cleanup memory when complete
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon Dec 4 2006 Dan Walsh <dwalsh@redhat.com> 0.1.10-1
|
|
|
cb8260 |
- Fix Memory Leak
|
|
|
cb8260 |
Resolves: #218173
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 0.1.9-1
|
|
|
cb8260 |
- Add -pie
|
|
|
cb8260 |
- Fix compiler warnings
|
|
|
cb8260 |
- Fix Memory Leak
|
|
|
cb8260 |
Resolves: #218173
|
|
|
cb8260 |
|
|
|
cb8260 |
* Wed Sep 13 2006 Peter Jones <pjones@redhat.com> - 0.1.8-3
|
|
|
cb8260 |
- Fix subsys locking in init script
|
|
|
cb8260 |
|
|
|
cb8260 |
* Wed Aug 23 2006 Dan Walsh <dwalsh@redhat.com> 0.1.8-1
|
|
|
cb8260 |
- Only allow one version to run
|
|
|
cb8260 |
|
|
|
cb8260 |
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - sh: line 0: fg: no job control
|
|
|
cb8260 |
- rebuild
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon Jun 19 2006 Dan Walsh <dwalsh@redhat.com> 0.1.7-1
|
|
|
cb8260 |
- Apply sgrubb patch to only call getpeercon on translations
|
|
|
cb8260 |
|
|
|
cb8260 |
* Tue Jun 6 2006 Dan Walsh <dwalsh@redhat.com> 0.1.6-1
|
|
|
cb8260 |
- Exit gracefully when selinux is not enabled
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.5-1
|
|
|
cb8260 |
- Fix sighup handling
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.4-1
|
|
|
cb8260 |
- Add patch from sgrubb
|
|
|
cb8260 |
- Fix 64 bit size problems
|
|
|
cb8260 |
- Increase the open file limit
|
|
|
cb8260 |
- Make sure maximum size is not exceeded
|
|
|
cb8260 |
|
|
|
cb8260 |
* Fri May 12 2006 Dan Walsh <dwalsh@redhat.com> 0.1.3-1
|
|
|
cb8260 |
- Move initscripts to /etc/rc.d/init.d
|
|
|
cb8260 |
|
|
|
cb8260 |
* Thu May 11 2006 Dan Walsh <dwalsh@redhat.com> 0.1.2-1
|
|
|
cb8260 |
- Drop Privs
|
|
|
cb8260 |
|
|
|
cb8260 |
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 0.1.1-1
|
|
|
cb8260 |
- Initial Version
|
|
|
cb8260 |
- This daemon reuses the code from libsetrans
|