[Rpm-maint] [PATCH 0/6] Add SELinux support to RPM

Steve Lawrence slawrence at tresys.com
Wed Jul 14 20:40:42 UTC 2010


This patchset replaces the existing %policy tag in the
%files section with a more flexible and configurable %sepolicy section.
This section is used to describe various aspects of SELinux policy
modules, such as names, types, and flags.

This also adds a new sepolicy plugin that uses the new collection plugin
architecture recently added [1]. This plugin contains all the actions
necessary to install and remove policy and ensure files are labeled
correctly.

Additionally, this replaces the use of the matchpathcon interfaces with
the newer selabel interfaces.

[1] http://lists.rpm.org/pipermail/rpm-maint/2010-June/002784.html

Steve Lawrence (6):
  Remove the existing %policy directive
  Add new %sepolicy section to the spec file format
  Use selabel interfaces instead of matchpathcon
  Create a new publicly accessible function, rpmteHeaderOpen
  Add SELinux policy plugin
  Add files for testing SELinux collection/plugin

 Makefile.am                                   |    1 +
 build/Makefile.am                             |    3 +-
 build/build.c                                 |    4 +
 build/files.c                                 |   14 +-
 build/parsePolicies.c                         |   90 ++++
 build/parseSpec.c                             |    5 +
 build/policies.c                              |  521 +++++++++++++++++++
 build/rpmbuild.h                              |   18 +-
 build/rpmspec.h                               |    1 +
 build/spec.c                                  |    2 +
 configure.ac                                  |   62 +++-
 lib/fsm.c                                     |    8 +-
 lib/rpmfi.h                                   |    1 -
 lib/rpmpol.h                                  |   24 +
 lib/rpmtag.h                                  |    4 +
 lib/rpmte.c                                   |   17 +
 lib/rpmte.h                                   |    8 +
 lib/rpmts.c                                   |   44 ++
 lib/rpmts.h                                   |   21 +
 lib/rpmts_internal.h                          |    2 +
 lib/transaction.c                             |    8 +-
 macros.in                                     |    3 +
 plugins/Makefile.am                           |    5 +-
 plugins/sepolicy.c                            |  668 +++++++++++++++++++++++++
 preinstall.am                                 |    4 +
 system.h                                      |    4 +
 tests/data/SOURCES/poltest-1.0.tar.bz2        |  Bin 0 -> 409 bytes
 tests/data/SOURCES/poltest-policy-1.0.tar.bz2 |  Bin 0 -> 553 bytes
 tests/data/SPECS/poltest.spec                 |   56 ++
 tests/rpmgeneral.at                           |    4 +
 30 files changed, 1573 insertions(+), 29 deletions(-)
 create mode 100644 build/parsePolicies.c
 create mode 100644 build/policies.c
 create mode 100644 lib/rpmpol.h
 create mode 100644 plugins/sepolicy.c
 create mode 100644 tests/data/SOURCES/poltest-1.0.tar.bz2
 create mode 100644 tests/data/SOURCES/poltest-policy-1.0.tar.bz2
 create mode 100644 tests/data/SPECS/poltest.spec



More information about the Rpm-maint mailing list