devel/mod_selinux/mod_selinux.spec

%define selinux_policy_types targeted mls

Name: mod_selinux
Version: 2.2.2015
Release: 2%{?dist}
Summary: Apache/SELinux plus module
Group: System Environment/Daemons
License: ASL 2.0
URL: http://code.google.com/p/sepgsql/
Source0: http://sepgsql.googlecode.com/files/%{name}-%{version}.tgz
Source1: %{name}.conf
BuildRequires: httpd-devel >= 2.2.0 libselinux-devel checkpolicy >= 2.0.19 selinux-policy
Requires: kernel >= 2.6.28 httpd >= 2.2.0 policycoreutils selinux-policy
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

%description
The Apache/SELinux plus is an extra module (mod_selinux.so) which enables
to launch contents-handler (it means both of references to static contents
and invocations of web applications) with individual and restrictive
privileges set, based on http authentication.
The mod_selinux.so generates a one-time worker thread for each request,
and it assigns the worker restrictive domain based on the authentication
prior to launching contents handlers.
It means we can apply valid access controls on web-applications, and
makes assurance operating system can prevent violated accesses, even if
web application contains security bugs or vulnerabilities.

%prep
%setup -q

%build
# mod_selinux.so
%{__make} %{?_smp_mflags}

# mod_selinux.pp
for policy in %{selinux_policy_types}
do
    %{__make} NAME=${policy} -f %{?policy_devel_root}%{_datadir}/selinux/devel/Makefile
    mv %{name}.pp %{name}.pp.${policy}
done

%install
rm -rf %{buildroot}
%{__install} -d %{buildroot}%{_libdir}/httpd/modules
%{__install} -d %{buildroot}%{_datadir}/selinux
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/conf.d

%{__make} install DESTDIR=%{buildroot}

%{__install} -p -m 644 %{SOURCE1}       %{buildroot}%{_sysconfdir}/httpd/conf.d
for policy in %{selinux_policy_types}
do
    %{__install} -d %{buildroot}%{_datadir}/selinux/${policy}
    %{__install} -p -m 644 %{name}.pp.${policy} \
               %{buildroot}%{_datadir}/selinux/${policy}/%{name}.pp
done

%clean
rm -rf %{buildroot}

%post
/sbin/fixfiles -R %{name} restore || :

for policy in %{selinux_policy_types}
do
    %{_sbindir}/semodule -s ${policy} \
        -i %{_datadir}/selinux/${policy}/%{name}.pp 2>/dev/null || :
done

%postun
# unload policy, if rpm -e
if [ $1 -eq 0 ]; then
    for policy in %{selinux_policy_types}
    do
        %{_sbindir}/semodule -s ${policy} -r %{name} 2>/dev/null || :
    done
fi

%files
%defattr(-,root,root,-)
%doc LICENSE README
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
%{_libdir}/httpd/modules/%{name}.so
%{_datadir}/selinux/*/%{name}.pp

%changelog
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2015-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Thu Jun 11 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.2015-1
- update: add support to use translated format in MLS-range

* Wed May 27 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1938-1
- bugfix: it may returns OK, instead of HTTP_INTERNAL_SERVER_ERROR,
    when the contents handler crashed.

* Fri May 22 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1930-1
- rework: libselinux was dropped from explicit dependencies due to
    http://fedoraproject.org/wiki/Packaging/Guidelines#Explicit_Requires

* Tue May 19 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1904-1
- bugfix: update Makefile to allow to build for 64bit architecture

* Mon May 18 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1903-1
- rework: add selinux_merge_conf()
- rework: remove mod_authn_sepgsql, instead of documentation
          to use mod_authn_dbd with pgsql driver.

* Fri May 15 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1898-1
- rework: mod_authn_sepgsql cleanups
- update: README updates.

* Wed May 13 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1884-1
- rework: add mod_authn_sepgsql module
- rework: directives were reorganized
- rework: simultaneous usage with keep-alive

* Fri Apr 17 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1817-1
- bugfix: add kernel >= 2.6.28 because of typebounds feature

* Thu Apr 16 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1803-1
- rework: reverted to multi-threading design
- bugfix: security policy didn't allow prosess:{setcurrent}

* Wed Apr 15 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1800-1
- rework: worker was redesigned to use a process, instead of thread,
          on process_connection hook.
- rework: "selinuxAllowCaches" and "selinuxAllowKeepAlive" were added.
- rework: README was revised

* Tue Apr 14 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1795-1
- bugfix: install script didn't work correctly.
- update: add some of inline source comments.
- update: specfile improvement.

* Sun Apr 12 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1792-1
- Initial build
1	%define selinux_policy_types targeted mls
2
3	Name: mod_selinux
4	Version: 2.2.2015
5	Release: 2%{?dist}
6	Summary: Apache/SELinux plus module
7	Group: System Environment/Daemons
8	License: ASL 2.0
9	URL: http://code.google.com/p/sepgsql/
10	Source0: http://sepgsql.googlecode.com/files/%{name}-%{version}.tgz
11	Source1: %{name}.conf
12	BuildRequires: httpd-devel >= 2.2.0 libselinux-devel checkpolicy >= 2.0.19 selinux-policy
13	Requires: kernel >= 2.6.28 httpd >= 2.2.0 policycoreutils selinux-policy
14	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
15
16	%description
17	The Apache/SELinux plus is an extra module (mod_selinux.so) which enables
18	to launch contents-handler (it means both of references to static contents
19	and invocations of web applications) with individual and restrictive
20	privileges set, based on http authentication.
21	The mod_selinux.so generates a one-time worker thread for each request,
22	and it assigns the worker restrictive domain based on the authentication
23	prior to launching contents handlers.
24	It means we can apply valid access controls on web-applications, and
25	makes assurance operating system can prevent violated accesses, even if
26	web application contains security bugs or vulnerabilities.
27
28	%prep
29	%setup -q
30
31	%build
32	# mod_selinux.so
33	%{__make} %{?_smp_mflags}
34
35	# mod_selinux.pp
36	for policy in %{selinux_policy_types}
37	do
38	%{__make} NAME=${policy} -f %{?policy_devel_root}%{_datadir}/selinux/devel/Makefile
39	mv %{name}.pp %{name}.pp.${policy}
40	done
41
42	%install
43	rm -rf %{buildroot}
44	%{__install} -d %{buildroot}%{_libdir}/httpd/modules
45	%{__install} -d %{buildroot}%{_datadir}/selinux
46	%{__install} -d %{buildroot}%{_sysconfdir}/httpd/conf.d
47
48	%{__make} install DESTDIR=%{buildroot}
49
50	%{__install} -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/httpd/conf.d
51	for policy in %{selinux_policy_types}
52	do
53	%{__install} -d %{buildroot}%{_datadir}/selinux/${policy}
54	%{__install} -p -m 644 %{name}.pp.${policy} \
55	%{buildroot}%{_datadir}/selinux/${policy}/%{name}.pp
56	done
57
58	%clean
59	rm -rf %{buildroot}
60
61	%post
62	/sbin/fixfiles -R %{name} restore \|\| :
63
64	for policy in %{selinux_policy_types}
65	do
66	%{_sbindir}/semodule -s ${policy} \
67	-i %{_datadir}/selinux/${policy}/%{name}.pp 2>/dev/null \|\| :
68	done
69
70	%postun
71	# unload policy, if rpm -e
72	if [ $1 -eq 0 ]; then
73	for policy in %{selinux_policy_types}
74	do
75	%{_sbindir}/semodule -s ${policy} -r %{name} 2>/dev/null \|\| :
76	done
77	fi
78
79	%files
80	%defattr(-,root,root,-)
81	%doc LICENSE README
82	%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
83	%{_libdir}/httpd/modules/%{name}.so
84	%{_datadir}/selinux/*/%{name}.pp
85
86	%changelog
87	* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.2015-2
88	- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
89
90	* Thu Jun 11 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.2015-1
91	- update: add support to use translated format in MLS-range
92
93	* Wed May 27 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1938-1
94	- bugfix: it may returns OK, instead of HTTP_INTERNAL_SERVER_ERROR,
95	when the contents handler crashed.
96
97	* Fri May 22 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1930-1
98	- rework: libselinux was dropped from explicit dependencies due to
99	http://fedoraproject.org/wiki/Packaging/Guidelines#Explicit_Requires
100
101	* Tue May 19 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1904-1
102	- bugfix: update Makefile to allow to build for 64bit architecture
103
104	* Mon May 18 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1903-1
105	- rework: add selinux_merge_conf()
106	- rework: remove mod_authn_sepgsql, instead of documentation
107	to use mod_authn_dbd with pgsql driver.
108
109	* Fri May 15 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1898-1
110	- rework: mod_authn_sepgsql cleanups
111	- update: README updates.
112
113	* Wed May 13 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1884-1
114	- rework: add mod_authn_sepgsql module
115	- rework: directives were reorganized
116	- rework: simultaneous usage with keep-alive
117
118	* Fri Apr 17 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1817-1
119	- bugfix: add kernel >= 2.6.28 because of typebounds feature
120
121	* Thu Apr 16 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1803-1
122	- rework: reverted to multi-threading design
123	- bugfix: security policy didn't allow prosess:{setcurrent}
124
125	* Wed Apr 15 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1800-1
126	- rework: worker was redesigned to use a process, instead of thread,
127	on process_connection hook.
128	- rework: "selinuxAllowCaches" and "selinuxAllowKeepAlive" were added.
129	- rework: README was revised
130
131	* Tue Apr 14 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1795-1
132	- bugfix: install script didn't work correctly.
133	- update: add some of inline source comments.
134	- update: specfile improvement.
135
136	* Sun Apr 12 2009 KaiGai Kohei <kaigai@ak.jp.nec.com> - 2.2.1792-1
137	- Initial build
admin@fedoraproject.org	ViewVC Help
Powered by ViewVC 1.1.2