[Rpm-maint] [PATCH 0/6] Add SELinux support to RPM
Steve Lawrence
slawrence at tresys.com
Mon Aug 30 20:32:26 UTC 2010
This patchset replaces the existing %policy tag in the
%files section with a more flexible and configurable %sepolicy section.
This section is used to describe various aspects of SELinux policy
modules, such as names, types, and flags.
This also adds a new sepolicy plugin that uses the new collection plugin
architecture recently added [1]. This plugin contains all the actions
necessary to install and remove policy and ensure files are labeled
correctly. Additionally, the plugin architecture is updated to allow
plugins to carry state, which is needed by the SELinux plugin to store
the policy information at the beginning of a transaction and use it
later on.
Additionally, this replaces the use of the matchpathcon interfaces with
the newer selabel interfaces.
[1] http://lists.rpm.org/pipermail/rpm-maint/2010-June/002784.html
Steve Lawrence (6):
Update the plugin architecture to allow for remembering state
Remove the existing %policy directive
Add new %sepolicy section to the spec file format
Use selabel interfaces instead of matchpathcon
Add SELinux policy plugin
Add files for testing SELinux collection/plugin
Makefile.am | 2 +
build/Makefile.am | 1 +
build/build.c | 4 +
build/files.c | 14 +-
build/parsePolicies.c | 91 ++++
build/parseSpec.c | 5 +
build/policies.c | 320 ++++++++++++
build/rpmbuild_internal.h | 20 +-
build/rpmspec.h | 1 +
build/spec.c | 2 +
configure.ac | 62 +++-
lib/Makefile.am | 2 +-
lib/collections.h | 26 -
lib/fsm.c | 8 +-
lib/rpmfi.h | 1 -
lib/rpmplugins.c | 198 +++++++
lib/rpmplugins.h | 123 +++++
lib/rpmpol.h | 24 +
lib/rpmtag.h | 4 +
lib/rpmte.c | 136 ++----
lib/rpmte_internal.h | 7 +
lib/rpmts.c | 55 ++
lib/rpmts.h | 28 +
lib/rpmts_internal.h | 4 +
lib/rpmtypes.h | 2 +
lib/transaction.c | 14 +-
macros.in | 3 +
plugins/Makefile.am | 8 +-
plugins/collection.h | 12 -
plugins/exec.c | 29 +-
plugins/plugin.h | 15 +
plugins/sepolicy.c | 679 +++++++++++++++++++++++++
preinstall.am | 8 +
system.h | 7 +
tests/data/SOURCES/poltest-1.0.tar.bz2 | Bin 0 -> 409 bytes
tests/data/SOURCES/poltest-policy-1.0.tar.bz2 | Bin 0 -> 553 bytes
tests/data/SPECS/poltest.spec | 52 ++
tests/rpmgeneral.at | 4 +
38 files changed, 1798 insertions(+), 173 deletions(-)
create mode 100644 build/parsePolicies.c
create mode 100644 build/policies.c
delete mode 100644 lib/collections.h
create mode 100644 lib/rpmplugins.c
create mode 100644 lib/rpmplugins.h
create mode 100644 lib/rpmpol.h
delete mode 100644 plugins/collection.h
create mode 100644 plugins/plugin.h
create mode 100644 plugins/sepolicy.c
create mode 100644 tests/data/SOURCES/poltest-1.0.tar.bz2
create mode 100644 tests/data/SOURCES/poltest-policy-1.0.tar.bz2
create mode 100644 tests/data/SPECS/poltest.spec
More information about the Rpm-maint
mailing list