diff --git a/selinux-policy.spec b/selinux-policy.spec index 534d0a4..2a5244f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -61,7 +61,7 @@ cp -f ${RPM_SOURCE_DIR}/modules-%1.conf ./policy/modules.conf \ cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \ %define installCmds() \ -make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \ +make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} USER_EXTRAS="-u ${RPM_SOURCE_DIR}/users_extra-%1" base.pp \ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} modules \ %{__mkdir} -p $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \ %{__cp} *.pp $RPM_BUILD_ROOT/%{_usr}/share/selinux/%1/ \ @@ -75,13 +75,11 @@ install -m0644 base.pp ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/enableaudit.pp rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \ -touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/users_extra \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/homedir_template \ touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ install -m0644 ${RPM_SOURCE_DIR}/seusers-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/seusers \ -install -m0644 ${RPM_SOURCE_DIR}/users_extra-%1 ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/modules/active/users_extra \ install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/%1/setrans.conf \ %nil @@ -95,11 +93,9 @@ install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf ${RPM_BUILD_ROOT}%{_sysconfdir} %dir %{_sysconfdir}/selinux/%1 \ %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \ %ghost %{_sysconfdir}/selinux/%1/seusers \ -%ghost %{_sysconfdir}/selinux/%1/users_extra \ %dir %{_sysconfdir}/selinux/%1/modules \ %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \ %verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \ -%verify(not md5 size mtime) %attr(600,root,root) %{_sysconfdir}/selinux/%1/modules/active/users_extra \ %dir %{_sysconfdir}/selinux/%1/policy/ \ %ghost %{_sysconfdir}/selinux/%1/policy/policy.* \ %dir %{_sysconfdir}/selinux/%1/contexts \ diff --git a/users_extra-mls b/users_extra-mls new file mode 100644 index 0000000..7d9956f --- /dev/null +++ b/users_extra-mls @@ -0,0 +1,5 @@ +user root prefix staff; +user staff_u prefix staff; +user user_u prefix user; +user sysadm_u prefix sysadm; +user secadm_u prefix secadm; diff --git a/users_extra-strict b/users_extra-strict new file mode 100644 index 0000000..28799f4 --- /dev/null +++ b/users_extra-strict @@ -0,0 +1,4 @@ +user root prefix staff; +user staff_u prefix staff; +user user_u prefix user; +user sysadm_u prefix sysadm; diff --git a/users_extra-targeted b/users_extra-targeted new file mode 100644 index 0000000..cb81460 --- /dev/null +++ b/users_extra-targeted @@ -0,0 +1,2 @@ +user root prefix user; +user user_u prefix user;