Changeset: eb128d12dcc1 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/eb128d12dcc1
Modified Files:
MonetDB.spec
misc/selinux/monetdb.fc.in
misc/selinux/monetdb.te
misc/selinux/post_install_script_file.in
Branch: Dec2023
Log Message:
Fedora 40 uses /run in SELinux where older versions use /var/run.
diffs (64 lines):
diff --git a/MonetDB.spec b/MonetDB.spec
--- a/MonetDB.spec
+++ b/MonetDB.spec
@@ -808,9 +808,7 @@ do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/monetdb.pp &> /dev/null || :
done
-# use /var/run/monetdb since that's what it says in the monetdb.fc file
-# it says that because /run/monetdb for some reason doesn't work
-/sbin/restorecon -R %{_localstatedir}/monetdb5 %{_localstatedir}/log/monetdb
/var/run/monetdb %{_bindir}/monetdbd %{_bindir}/mserver5
%{_unitdir}/monetdbd.service &> /dev/null || :
+/sbin/restorecon -R %{_localstatedir}/monetdb5 %{_localstatedir}/log/monetdb
%{_rundir}/monetdb %{_bindir}/monetdbd %{_bindir}/mserver5
%{_unitdir}/monetdbd.service &> /dev/null || :
/usr/bin/systemctl try-restart monetdbd.service
%postun selinux
@@ -839,6 +837,13 @@ fi
%setup -q
%build
+# from Fedora 40, selinux uses /run where before it used /var/run
+# the code is now for Fedora 40 but needs a patch for older versions
+%if (0%{?fedora} < 40)
+sed -i
's;@CMAKE_INSTALL_FULL_RUNSTATEDIR@/monetdb;@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/run/monetdb;'
misc/selinux/monetdb.fc.in
+sed -i 's/1\.2/1.1/' misc/selinux/monetdb.te
+%endif
+
%cmake3 \
-DCMAKE_INSTALL_RUNSTATEDIR=/run \
-DRELEASE_VERSION=ON \
diff --git a/misc/selinux/monetdb.fc.in b/misc/selinux/monetdb.fc.in
--- a/misc/selinux/monetdb.fc.in
+++ b/misc/selinux/monetdb.fc.in
@@ -12,8 +12,7 @@
@CMAKE_INSTALL_FULL_BINDIR@/mserver5 --
gen_context(system_u:object_r:mserver5_exec_t,s0)
@CMAKE_INSTALL_FULL_LIBDIR@/systemd/system/monetdbd.*
gen_context(system_u:object_r:monetdbd_unit_file_t,s0)
@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/monetdb(/.*)?
gen_context(system_u:object_r:monetdbd_log_t,s0)
-# for some reason we cannot use /run/monetdb here, even though that is the
real name
-@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/run/monetdb(/.*)?
gen_context(system_u:object_r:monetdbd_var_run_t,s0)
+@CMAKE_INSTALL_FULL_RUNSTATEDIR@/monetdb(/.*)?
gen_context(system_u:object_r:monetdbd_var_run_t,s0)
# database "farm"
@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm(/.*)?
gen_context(system_u:object_r:mserver5_db_t,s0)
@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm/\.merovingian_properties
-- gen_context(system_u:object_r:monetdbd_etc_t,s0)
diff --git a/misc/selinux/monetdb.te b/misc/selinux/monetdb.te
--- a/misc/selinux/monetdb.te
+++ b/misc/selinux/monetdb.te
@@ -8,7 +8,7 @@
# Copyright August 2008 - 2023 MonetDB B.V.;
# Copyright 1997 - July 2008 CWI.
-policy_module(monetdb, 1.1)
+policy_module(monetdb, 1.2)
# The above line declares that this file is a SELinux policy file. Its
# name is monetdb, so the file should be saved as monetdb.te
diff --git a/misc/selinux/post_install_script_file.in
b/misc/selinux/post_install_script_file.in
--- a/misc/selinux/post_install_script_file.in
+++ b/misc/selinux/post_install_script_file.in
@@ -3,7 +3,5 @@ do
/usr/sbin/semodule -s ${selinuxvariant} -i \
@CMAKE_INSTALL_DATADIR@/selinux/${selinuxvariant}/monetdb.pp &> /dev/null
|| :
done
-# use /var/run/monetdb since that's what it says in the monetdb.fc file
-# it says that because /run/monetdb for some reason doesn't work
/sbin/restorecon -R @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5
@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/monetdb
@CMAKE_INSTALL_FULL_RUNSTATEDIR@/monetdb @CMAKE_INSTALL_FULL_BINDIR@/monetdbd
@CMAKE_INSTALL_FULL_BINDIR@/mserver5 %{_unitdir}/monetdbd.service &> /dev/null
|| :
/usr/bin/systemctl try-restart monetdbd.service
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
