Re: Package Review SELinux help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/26/20 14:39, Robert-André Mauchin wrote:
> Hello,
>
>
> I know next to nothing about SELinux so I'd like some help about the Bitcoin 
> Package Review by negativo17: 
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1834731
>
> Notably: are the bitcoin.{te,fc,if} files are sane?
> Are they installed properly in the SPEC? Especially these parts:
>
> %post server
> %systemd_post %{name}.service
> for selinuxvariant in %{selinux_variants}
> do
>     /usr/sbin/semodule -s ${selinuxvariant} -i \
>         %{_datadir}/selinux/${selinuxvariant}/%{name}.pp \
>         &> /dev/null || :
> done
> # FIXME This is less than ideal, but until dwalsh gives me a better way...
> /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 8332 2> /dev/null
> /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 8333 2> /dev/null
> /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 18332 2> /dev/null
> /usr/sbin/semanage port -a -t %{name}_port_t -p tcp 18333 2> /dev/null
> /sbin/fixfiles -R %{name}-server restore &> /dev/null || :
> /sbin/restorecon -R %{_localstatedir}/lib/%{name} || :
>
> %postun server
> %systemd_postun_with_restart %{name}.service
> if [ $1 -eq 0 ] ; then
>     # FIXME This is less than ideal, but until dwalsh gives me a better way...

You can do these all in one command using

semanage import

This should speed installation.

>     /usr/sbin/semanage port -d -p tcp 8332
>     /usr/sbin/semanage port -d -p tcp 8333
>     /usr/sbin/semanage port -d -p tcp 18332
>     /usr/sbin/semanage port -d -p tcp 18333
>     for selinuxvariant in %{selinux_variants}
>     do
>         /usr/sbin/semodule -s ${selinuxvariant} -r %{name} \
>         &> /dev/null || :
>     done
>     /sbin/fixfiles -R %{name}-server restore &> /dev/null || :
>     [ -d %{_localstatedir}/lib/%{name} ] && \
>         /sbin/restorecon -R %{_localstatedir}/lib/%{name} \
>         &> /dev/null || :
> fi
>
> Please comment in the RR if you can help.
>
> I find the documentation at https://fedoraproject.org/wiki/SELinux rather old 
> and not really focused on the packaging side of it. Is there guidelines 
> anywhere else?
>
> Best regards,
>
> Robert-André
>
>
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux