- split from policycoreutils

- added init patch (PLDify init script)

diff --git a/selinux-sandbox-init.patch b/selinux-sandbox-init.patch
new file mode 100644 (file)
index 0000000..4fb61cc
--- /dev/null
+++ b/selinux-sandbox-init.patch
@@ -0,0 +1,94 @@
+--- selinux-sandbox-2.7/sandbox.init.orig      2017-08-04 15:31:00.000000000 +0200
++++ selinux-sandbox-2.7/sandbox.init   2017-11-20 19:05:49.396431050 +0100
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ ## BEGIN INIT INFO
+ # Provides: sandbox
+ # Default-Start: 3 4 5
+@@ -19,50 +19,50 @@
+ #
+ 
+ # Source function library.
+-. /etc/init.d/functions
++. /etc/rc.d/init.d/functions
++
++[ -f /etc/sysconfig/sandbox-init ] && . /etc/sysconfig/sandbox-init
+ 
+ LOCKFILE=/var/lock/subsys/sandbox
+ 
+-base=${0##*/}
++RETVAL=0
+ 
+ start() {
+-      echo -n "Starting sandbox"
+-
+-      [ -f "$LOCKFILE" ] && return 0
+-
+-      touch $LOCKFILE
+-      mount --make-rshared / || return $? 
+-      return 0
++      if [ -f "$LOCKFILE" ]; then
++              msg_already_running "sandbox"
++              return
++      fi
++      msg_starting "sandbox"
++      mount --make-rshared /
++      RETVAL=$? 
++      [ $RETVAL -eq 0 ] && touch "$LOCKFILE"
+ }
+ 
+ stop() {
+-      echo -n "Stopping sandbox"
+-
+-      [ -f "$LOCKFILE" ] || return 1
++      if [ ! -f "$LOCKFILE" ]; then
++              msg_not_running "sandbox"
++              return
++      fi
++      msg_stopping "sandbox"
++      rm -f "$LOCKFILE"
+ }
+ 
+ status() {
+       if [ -f "$LOCKFILE" ]; then 
+-          echo "$base is running"
++          echo "sandbox is running"
+       else
+-          echo "$base is stopped"
++          echo "sandbox is stopped"
+       fi
+       exit 0
+ }
+ 
+ case "$1" in
+-    restart)
+-      start && success || failure
+-      ;;
+-
+-    start)
+-      start && success || failure
+-      echo
++    start|restart)
++      start
+       ;;
+ 
+     stop)
+-      stop && success || failure
+-      echo
++      stop
+       ;;
+ 
+     status)
+@@ -70,7 +70,9 @@
+       ;;
+ 
+     *)
+-      echo $"Usage: $0 {start|stop|status|restart}"
+-      exit 3
++      msg_usage "$0 {start|stop|status|restart}"
++      RETVAL=3
+       ;;
+ esac
++
++exit $RETVAL

diff --git a/selinux-sandbox.spec b/selinux-sandbox.spec
new file mode 100644 (file)
index 0000000..49c4e2e
--- /dev/null
+++ b/selinux-sandbox.spec
@@ -0,0 +1,84 @@
+# TODO: install and package init script?
+Summary:       SELinux sandbox utilities
+Summary(pl.UTF-8):     Narzędzia do obsługi piaskownic SELinuksa
+Name:          selinux-sandbox
+Version:       2.7
+Release:       1
+License:       GPL v2
+Group:         Applications/System
+#Source0Download: https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0:       https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/%{name}-%{version}.tar.gz
+# Source0-md5: 7360e9dc7b1757b7f82face655982bfa
+Patch0:                %{name}-init.patch
+URL:           https://github.com/SELinuxProject/selinux/wiki
+BuildRequires: libcap-ng-devel
+BuildRequires: libselinux-devel >= 2.7
+BuildRequires: rpm-pythonprov
+Requires:      libselinux >= 2.7
+# uses "policycoreutils" translations domain
+Requires:      policycoreutils >= 2.7
+Requires:      python-selinux >= 2.7
+Requires:      python-sepolicy >= 2.7
+BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+Security-enhanced Linux is a patch of the Linux kernel and a number of
+utilities with enhanced security functionality designed to add
+mandatory access controls to Linux. The Security-enhanced Linux kernel
+contains new architectural components originally developed to improve
+the security of the Flask operating system. These architectural
+components provide general support for the enforcement of many kinds
+of mandatory access control policies, including those based on the
+concepts of Type Enforcement, Role-based Access Control, and
+Multi-level Security.
+
+This package contains SELinux sandbox utilities.
+
+%description -l pl.UTF-8
+Security-enhanced Linux jest prototypem jądra Linuksa i wielu
+aplikacji użytkowych o funkcjach podwyższonego bezpieczeństwa.
+Zaprojektowany jest tak, aby w prosty sposób ukazać znaczenie
+obowiązkowej kontroli dostępu dla społeczności linuksowej. Ukazuje
+również jak taką kontrolę można dodać do istniejącego systemu typu
+Linux. Jądro SELinux zawiera nowe składniki architektury pierwotnie
+opracowane w celu ulepszenia bezpieczeństwa systemu operacyjnego
+Flask. Te elementy zapewniają ogólne wsparcie we wdrażaniu wielu typów
+polityk obowiązkowej kontroli dostępu, włączając te wzorowane na: Type
+Enforcement (TE), kontroli dostępu opartej na rolach (RBAC) i
+zabezpieczeniach wielopoziomowych.
+
+Ten pakiet zawiera narzędzia do obsługi piaskownic SELinuksa.
+
+%prep
+%setup -q
+%patch0 -p1
+
+%build
+CFLAGS="%{rpmcflags} %{rpmcppflags}" \
+%{__make} \
+       CC="%{__cc}" \
+       LDFLAGS="%{rpmldflags}"
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+%{__make} install \
+       DESTDIR=$RPM_BUILD_ROOT
+
+#install -Dp sandbox.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sandbox
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_bindir}/sandbox
+%attr(755,root,root) %{_sbindir}/seunshare
+#%attr(754,root,root) /etc/rc.d/init.d/sandbox
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sandbox
+%dir %{_datadir}/sandbox
+%attr(755,root,root) %{_datadir}/sandbox/*.sh
+%attr(755,root,root) %{_datadir}/sandbox/start
+%{_mandir}/man5/sandbox.5*
+%{_mandir}/man8/sandbox.8*
+%{_mandir}/man8/seunshare.8*