mirror of
synced 2025-02-25 18:55:28 -06:00
Now that we have our own database we can properly enforce stricter constraints on how the db can be changed. Stop shipping our own kpasswd daemon and instead use the regular kadmin daemon.
86 lines
2.0 KiB
86 lines
2.0 KiB
%define POLICYCOREUTILSVER 1.33.12-1
Name: ipa-server-selinux
Version: __VERSION__
Release: __RELEASE__%{?dist}
Summary: IPA server SELinux policies
Group: System Environment/Base
License: GPLv2
URL: http://www.freeipa.org
Source0: ipa-server-%{version}.tgz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: selinux-policy-devel m4 make policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage
SELinux policy for ipa-server
%setup -n ipa-server-%{version} -q
cd selinux
%{__rm} -fR %{buildroot}
%{__rm} -fR %{buildroot}
cd selinux
install -d %{buildroot}/%{_usr}/share/selinux/targeted/
make DESTDIR=%{buildroot} install
%define saveFileContext() \
if [ -s /etc/selinux/config ]; then \
. %{_sysconfdir}/selinux/config; \
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \
cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \
fi \
%define relabel() \
. %{_sysconfdir}/selinux/config; \
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
selinuxenabled; \
if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \
fixfiles -C ${FILE_CONTEXT}.%{name} restore; \
rm -f ${FILE_CONTEXT}.%name; \
%saveFileContext targeted
semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp
%relabel targeted
if [ $1 = 0 ]; then
%saveFileContext targeted
if [ $1 = 0 ]; then
semodule -s targeted -r ipa_webgui
%relabel targeted
* Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
- Version bump for release
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1
- Version bump for release
* Thu Jan 17 2008 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
- Initial version