Commit 9b897c9125ef ("rhel: provide our own SELinux custom policy package") added the SELinux policy to the fedora packaging as a subpackage. This patch makes the corresponding change to openvswitch.spec, so that users of that specfile can generate the selinux policy package without having to build all of the fedora packages.
Signed-off-by: Joe Stringer <j...@ovn.org> --- As per the reasoning in the link below, I've just duplicated the subpackage lines from the fedora specfile rather than refactoring these lines into a separate specfile. http://openvswitch.org/pipermail/dev/2016-January/065134.html --- rhel/openvswitch.spec.in | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in index ec555a74a901..fbca1efcd17f 100644 --- a/rhel/openvswitch.spec.in +++ b/rhel/openvswitch.spec.in @@ -24,6 +24,7 @@ Source: openvswitch-%{version}.tar.gz Buildroot: /tmp/openvswitch-rpm Requires: logrotate, python >= 2.7, python-six BuildRequires: openssl-devel +BuildRequires: checkpolicy, selinux-policy-devel %bcond_without check @@ -39,6 +40,15 @@ Group: Development/Libraries %description devel This package provides openvswitch headers and libopenvswitch for developers. +%package selinux-policy +Summary: Open vSwitch SELinux policy +License: ASL 2.0 +BuildArch: noarch +Requires: selinux-policy-targeted + +%description selinux-policy +Tailored Open vSwitch SELinux policy + %prep %setup -q @@ -46,6 +56,8 @@ This package provides openvswitch headers and libopenvswitch for developers. ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=%{_localstatedir} \ --libdir=%{_libdir} --enable-ssl --enable-shared make %{_smp_mflags} +cd selinux +make -f %{_datadir}/selinux/devel/Makefile %install rm -rf $RPM_BUILD_ROOT @@ -63,6 +75,9 @@ rhel_cp etc_sysconfig_network-scripts_ifup-ovs 0755 rhel_cp etc_sysconfig_network-scripts_ifdown-ovs 0755 rhel_cp usr_share_openvswitch_scripts_sysconfig.template 0644 +install -p -m 644 -D selinux/openvswitch-custom.pp \ + $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp + # Get rid of stuff we don't want to make RPM happy. rm \ $RPM_BUILD_ROOT/usr/bin/ovs-testcontroller \ @@ -132,6 +147,9 @@ fi /sbin/chkconfig --add openvswitch /sbin/chkconfig openvswitch on +%post selinux-policy +/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || : + %preun if [ "$1" = "0" ]; then # $1 = 0 for uninstall /sbin/service openvswitch stop @@ -145,6 +163,11 @@ if [ "$1" = "0" ]; then # $1 = 0 for uninstall rm -f /etc/openvswitch/vswitchd.cacert fi +%postun selinux-policy +if [ $1 -eq 0 ] ; then + /usr/sbin/semodule -r openvswitch-custom &> /dev/null || : +fi + exit 0 %files @@ -216,3 +239,7 @@ exit 0 %{_libdir}/lib*.a %{_libdir}/pkgconfig %{_includedir}/openvswitch/* + +%files selinux-policy +%defattr(-,root,root) +%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp -- 2.9.0 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev