From d77f56b9f2ce3787ade4a884cce7e0feffe202d3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Nov 22 2005 18:59:41 +0000 Subject: - Start building MLS Policy --- diff --git a/.cvsignore b/.cvsignore index 2ce3316..3a7b3dc 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,4 @@ serefpolicy-2.0.0.tgz serefpolicy-2.0.1.tgz serefpolicy-2.0.2.tgz +serefpolicy-2.0.3.tgz diff --git a/modules-mls.conf b/modules-mls.conf index a86d10b..2701295 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -139,7 +139,7 @@ netutils = base # # Virtual Private Networking client # -vpn = off +vpn = base # Layer: admin # Module: su @@ -174,14 +174,14 @@ amanda = base # # Rotate and archive system logs # -logrotate = off +logrotate = base # Layer: admin # Module: quota # # File system quota management # -quota = off +quota = base # Layer: admin # Module: consoletype @@ -195,7 +195,7 @@ consoletype = base # # Execute a command with a substitute user # -sudo = off +sudo = base # Layer: admin # Module: firstboot @@ -203,14 +203,14 @@ sudo = off # Final system configuration run during the first boot # after installation of Red Hat/Fedora systems. # -firstboot = off +firstboot = base # Layer: admin # Module: tmpreaper # # Manage temporary directory sizes and file ages # -tmpreaper = off +tmpreaper = base # Layer: admin # Module: dmidecode @@ -224,7 +224,7 @@ dmidecode = base # # Policy for GNU Privacy Guard and related programs. # -gpg = off +gpg = base # Layer: apps # Module: loadkeys @@ -534,7 +534,7 @@ ftp = base # # General Purpose Mouse driver # -gpm = off +gpm = base # Layer: services # Module: mta @@ -562,7 +562,7 @@ ntp = base # # Bluetooth tools and system services. # -bluetooth = off +bluetooth = base # Layer: services # Module: hal @@ -681,7 +681,7 @@ apm = base # # Policy for TCP daemon. # -tcpd = off +tcpd = base # Layer: services # Module: stunnel @@ -744,7 +744,7 @@ getty = base # # Policy for logical volume management programs. # -lvm = off +lvm = base # Layer: system # Module: sysnetwork @@ -800,7 +800,7 @@ libraries = base # # RAID array management tools # -raid = off +raid = base # Layer: system # Module: userdomain @@ -843,7 +843,7 @@ locallogin = base # # Policy for iptables. # -iptables = off +iptables = base # Layer: system # Module: mount @@ -871,5 +871,5 @@ miscfiles = base # # TCP/IP encryption # -ipsec = off +ipsec = base diff --git a/selinux-policy.spec b/selinux-policy.spec index c4716a2..d004eeb 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -2,22 +2,27 @@ %define direct_initrc y %define monolithic n %define polname1 targeted -%define type1 targeted-mcs -%define polname2 strict -%define type2 strict-mcs -%define polname3 mls -%define type3 mls +%define polname2 mls +%define polname3 strict %define POLICYVER 20 %define POLICYCOREUTILSVER 1.27.27-3 %define CHECKPOLICYVER 1.27.17-5 Summary: SELinux policy configuration Name: selinux-policy -Version: 2.0.2 -Release: 2 +Version: 2.0.3 +Release: 1 License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz patch: policy-20051114.patch +Source1: modules-%{polname1}.conf +Source2: booleans-%{polname1}.conf +Source3: seusers-%{polname1} +Source4: setrans-%{polname1}.conf +Source5: modules-%{polname2}.conf +Source6: booleans-%{polname2}.conf +Source7: seusers-%{polname2} +Source8: setrans-%{polname2}.conf Url: http://serefpolicy.sourceforge.net BuildRoot: %{_tmppath}/serefpolicy-buildroot @@ -45,7 +50,7 @@ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/policy \ %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/modules/active \ %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/selinux/%1/contexts/files \ -make NAME=%1 TYPE=%{type1} DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=y DESTDIR=$RPM_BUILD_ROOT install-appconfig \ +make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=y DESTDIR=$RPM_BUILD_ROOT install-appconfig \ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \ @@ -121,19 +126,19 @@ SELinux Reference Policy - modular. # Build targeted policy make conf %{__rm} -fR $RPM_BUILD_ROOT -%installCmds %{polname1} %{type1} %{direct_initrc} - -# Build strict policy -# Commented out because only targeted ref policy currently builds -# make clean -# make conf -#%#installCmds %{polname2} %{type2} %{direct_initrc} +%installCmds %{polname1} targeted-mcs %{direct_initrc} # Build mls policy make clean make conf -%installCmds %{polname3} %{type3} n +%installCmds %{polname2} strict-mls n + +# Build strict policy +# Commented out because only targeted ref policy currently builds +# make clean +# make conf +#%#installCmds %{polname3} strict-mcs %{direct_initrc} %clean %{__rm} -fR $RPM_BUILD_ROOT @@ -183,7 +188,6 @@ fi %triggerpostun %{polname1} -- selinux-policy-%{polname1} <= 2.0.0 %rebuildpolicy %{polname1} -%if 0 %package %{polname2} Summary: SELinux %{polname2} base policy Group: System Environment/Base @@ -198,15 +202,15 @@ SELinux Reference policy %{polname2} base module. %post %{polname2} %rebuildpolicy %{polname2} -%relabel %{polname1} +%relabel %{polname2} %triggerpostun %{polname2} -- %{polname2} <= 2.0.0 %{rebuildpolicy} %{polname2} %files %{polname2} -#%#fileList %{polname2} -%endif +%fileList %{polname2} +%if 0 %package %{polname3} Summary: SELinux %{polname3} base policy Group: System Environment/Base @@ -221,13 +225,14 @@ SELinux Reference policy %{polname3} base module. %post %{polname3} %rebuildpolicy %{polname3} -%relabel %{polname1} +%relabel %{polname3} %triggerpostun %{polname3} -- %{polname3} <= 2.0.0 %{rebuildpolicy} %{polname3} %files %{polname3} -%fileList %{polname3} +#%#fileList %{polname3} +%endif %changelog diff --git a/sources b/sources index ea43a69..128e1b4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -da78f8ca6c94cefa0ed70900755e0a53 serefpolicy-2.0.2.tgz +241de88813906d089788e9d2fe0a4991 serefpolicy-2.0.3.tgz