From f0e0ee4f685c055397109b589d7e9a2772916904 Mon Sep 17 00:00:00 2001 From: Randy Barlow Date: Sep 15 2018 23:14:04 +0000 Subject: Refactor to use Fedora SELinux macros. The macros are documented at https://fedoraproject.org/wiki/SELinux/IndependentPolicy. Signed-off-by: Randy Barlow --- diff --git a/ejabberd.spec b/ejabberd.spec index 9dff6e0..6216a06 100644 --- a/ejabberd.spec +++ b/ejabberd.spec @@ -21,10 +21,16 @@ %global stun_ver 1.0.23 %global xmpp_ver 1.2.1 +# Define SELinux policy variables +%global selinuxtype targeted +%global selinux_policyver 3.14.2 +%global moduletype contrib +%global modulename ejabberd + Name: ejabberd Version: 18.06 -Release: 2%{?dist} +Release: 3%{?dist} BuildArch: noarch License: GPLv2+ @@ -150,11 +156,11 @@ BuildArch: noarch Summary: SELinux policy for ejabberd -Requires: selinux-policy -Requires: selinux-policy-targeted -Requires(post): /usr/sbin/selinuxenabled -Requires(post): /usr/sbin/semodule -Requires(posttrans): /usr/sbin/restorecon +Requires: selinux-policy >= %{selinux_policyver} +Requires(post): selinux-policy-base >= %{selinux_policyver} +Requires(post): libselinux-utils +Requires(post): policycoreutils +Requires(post): policycoreutils-python-utils %description selinux @@ -193,6 +199,7 @@ autoreconf -ivf # Build the SELinux policy make NAME=ejabberd -f /usr/share/selinux/devel/Makefile DISTRO=fedora%{fedora} +bzip2 ejabberd.pp %install @@ -252,11 +259,11 @@ install -D -p -m 0644 %{S:12} %{buildroot}%{_datadir}/polkit-1/actions/ejabberdc install -D -p -m 0644 %{S:13} %{buildroot}%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules # Install the SELinux policy -install -d %{buildroot}%{_datadir}/selinux/targeted -install -d %{buildroot}%{_datadir}/selinux/devel/include/apps +install -d %{buildroot}%{_datadir}/selinux/packages +install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} -install -p -m 0644 ejabberd.pp %{buildroot}%{_datadir}/selinux/targeted/ -install -p -m 0644 ejabberd.if %{buildroot}%{_datadir}/selinux/devel/include/apps/ +install -p -m 0644 ejabberd.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} +install -p -m 0644 ejabberd.pp.bz2 %{buildroot}%{_datadir}/selinux/packages %check @@ -300,6 +307,10 @@ if [ $1 -gt 1 ]; then fi +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + + %post %systemd_post %{name}.service @@ -326,30 +337,29 @@ fi) %post selinux -if /usr/sbin/selinuxenabled ; then -/usr/sbin/semodule -i %{_datadir}/selinux/targeted/ejabberd.pp -fi +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2 %posttrans selinux /usr/sbin/restorecon -i -R /var/lib/ejabberd/ /usr/sbin/restorecon -i -R /var/log/ejabberd/ +%selinux_relabel_post -s %{selinuxtype} %preun %systemd_preun %{name}.service -%preun selinux -if [ $1 -eq 0 ] && [ "$(/usr/sbin/semodule -l | grep ejabberd)" = "ejabberd" ]; then - /usr/sbin/semodule -s targeted -r ejabberd &> /dev/null -fi - - %postun %systemd_postun_with_restart %{name}.service +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{modulename} +fi + + %files %license COPYING %doc README README.md @@ -388,11 +398,15 @@ fi %files selinux -%{_datadir}/selinux/devel/include/apps/ejabberd.if -%{_datadir}/selinux/targeted/ejabberd.pp +%{_datadir}/selinux/devel/include/%{moduletype}/ejabberd.if +%{_datadir}/selinux/packages/ejabberd.pp.bz2 %changelog +* Thu Sep 06 2018 Randy Barlow - 18.06-3 +- Refactor to use Fedora SELinux macros documented at + https://fedoraproject.org/wiki/SELinux/IndependentPolicy. + * Fri Aug 31 2018 Randy Barlow - 18.06-2 - Use erl and epmd symlinks from bindir instead of trying to use the archful ones (#1573006).