On 6/26/20 14:39, Robert-André Mauchin wrote: > Hello, > > > I know next to nothing about SELinux so I'd like some help about the Bitcoin > Package Review by negativo17: > > https://bugzilla.redhat.com/show_bug.cgi?id=1834731 > > Notably: are the bitcoin.{te,fc,if} files are sane? > Are they installed properly in the SPEC? Especially these parts: > > %post server > %systemd_post %{name}.service > for selinuxvariant in %{selinux_variants} > do > /usr/sbin/semodule -s ${selinuxvariant} -i \ > %{_datadir}/selinux/${selinuxvariant}/%{name}.pp \ > &> /dev/null || : > done > # FIXME This is less than ideal, but until dwalsh gives me a better way... > /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 8332 2> /dev/null > /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 8333 2> /dev/null > /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 18332 2> /dev/null > /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 18333 2> /dev/null > /sbin/fixfiles -R %{name}-server restore &> /dev/null || : > /sbin/restorecon -R %{_localstatedir}/lib/%{name} || : > > %postun server > %systemd_postun_with_restart %{name}.service > if [ $1 -eq 0 ] ; then > # FIXME This is less than ideal, but until dwalsh gives me a better way... You can do these all in one command using semanage import This should speed installation. > /usr/sbin/semanage port -d -p tcp 8332 > /usr/sbin/semanage port -d -p tcp 8333 > /usr/sbin/semanage port -d -p tcp 18332 > /usr/sbin/semanage port -d -p tcp 18333 > for selinuxvariant in %{selinux_variants} > do > /usr/sbin/semodule -s ${selinuxvariant} -r %{name} \ > &> /dev/null || : > done > /sbin/fixfiles -R %{name}-server restore &> /dev/null || : > [ -d %{_localstatedir}/lib/%{name} ] && \ > /sbin/restorecon -R %{_localstatedir}/lib/%{name} \ > &> /dev/null || : > fi > > Please comment in the RR if you can help. > > I find the documentation at https://fedoraproject.org/wiki/SELinux rather old > and not really focused on the packaging side of it. Is there guidelines > anywhere else? > > Best regards, > > Robert-André > > > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
