[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 --- Comment #11 from Fedora Update System upda...@fedoraproject.org 2009-05-28 04:16:06 EDT --- mod_selinux-2.2.1938-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 Fedora Update System upda...@fedoraproject.org changed: What|Removed |Added Status|ASSIGNED|CLOSED Fixed In Version||2.2.1938-1.fc11 Resolution||NEXTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 Jason Tibbitts ti...@math.uh.edu changed: What|Removed |Added Flag|fedora-cvs? |fedora-cvs+ --- Comment #7 from Jason Tibbitts ti...@math.uh.edu 2009-05-26 18:10:36 EDT --- CVS done, with the caveat that I did not add an InitialCC because we can only CC FAS accounts (or group accounts), not addresses. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 --- Comment #8 from Fedora Update System upda...@fedoraproject.org 2009-05-26 19:45:07 EDT --- mod_selinux-2.2.1930-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/mod_selinux-2.2.1930-1.fc11 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 --- Comment #9 from KaiGai Kohei kai...@kaigai.gr.jp 2009-05-26 20:06:05 EDT --- (In reply to comment #7) CVS done, with the caveat that I did not add an InitialCC because we can only CC FAS accounts (or group accounts), not addresses. Sorry, I misunderstood it. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 --- Comment #10 from Fedora Update System upda...@fedoraproject.org 2009-05-26 22:17:50 EDT --- mod_selinux-2.2.1938-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/mod_selinux-2.2.1938-1.fc11 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 Jochen Schmitt joc...@herr-schmitt.de changed: What|Removed |Added Flag|fedora-review? |fedora-review+ --- Comment #5 from Jochen Schmitt joc...@herr-schmitt.de 2009-05-24 15:42:33 EDT --- Good: + Could download package via spectool -g + Packaged sources matches with upstream (md5sum: aadee8b6e5c7d99a6ff0a66fca8032dd) + Scratch build on koni works fine. + No complaints from rpmlint for source rpm + No complaints from rpmlint for binary rpm + No complaints from rpmlint for debuginfo rpm + Debuginfo package contains sources I will APPROVE this package, but keep in mind to request only branches for devel and F-11. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 KaiGai Kohei kai...@kaigai.gr.jp changed: What|Removed |Added Flag||fedora-cvs? --- Comment #6 from KaiGai Kohei kai...@kaigai.gr.jp 2009-05-24 23:54:11 EDT --- Thanks for your reviewing. New Package CVS Request === Package Name: mod_selinux Short Description: Apache/SELinux plus module Owners: kaigai Branches: F-11 InitialCC: kai...@ak.jp.nec.com -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 --- Comment #4 from KaiGai Kohei kai...@kaigai.gr.jp 2009-05-22 00:49:20 EDT --- (In reply to comment #1) The rpmlint says as follows: [kai...@masu ~]$ rpmlint /usr/src/redhat/RPMS/i586/mod_selinux-2.2.1903-1.fc11.i586.rpm mod_selinux.i586: E: explicit-lib-dependency libselinux 1 packages and 0 specfiles checked; 1 errors, 0 warnings. The mod_selinux requires libselinux but I didn't note an explicit earliest version number because it is now unclear when getcon_raw()/setcon_raw() is included into libselinux package. (At least, it was already merged in the period of Fedora *Core*.) Is it allowed to restrict it on somewhere enough new version (e.g libselinux = 2.0.0)? http://fedoraproject.org/wiki/Packaging/Guidelines#Explicit_Requires Hmm, it says as follows: | Packages must not contain explicit Requires on libraries except | when absolutely necessary. When explicit library Requires are necessary, | there should be a spec file comment justifying it. I fixed the mod_selinux.spec to remove explicit dependency to libselinux (without specific version number), as follows: Spec: http://sepgsql.googlecode.com/files/mod_selinux.spec_v2.2.1930 SRPM: http://sepgsql.googlecode.com/files/mod_selinux-2.2.1930-1.fc11.src.rpm Thanks, -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 --- Comment #1 from KaiGai Kohei kai...@kaigai.gr.jp 2009-05-18 04:03:22 EDT --- The rpmlint says as follows: [kai...@masu ~]$ rpmlint /usr/src/redhat/RPMS/i586/mod_selinux-2.2.1903-1.fc11.i586.rpm mod_selinux.i586: E: explicit-lib-dependency libselinux 1 packages and 0 specfiles checked; 1 errors, 0 warnings. The mod_selinux requires libselinux but I didn't note an explicit earliest version number because it is now unclear when getcon_raw()/setcon_raw() is included into libselinux package. (At least, it was already merged in the period of Fedora *Core*.) Is it allowed to restrict it on somewhere enough new version (e.g libselinux = 2.0.0)? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 Jochen Schmitt joc...@herr-schmitt.de changed: What|Removed |Added Status|NEW |ASSIGNED CC||joc...@herr-schmitt.de AssignedTo|nob...@fedoraproject.org|joc...@herr-schmitt.de Flag||fedora-review? --- Comment #2 from Jochen Schmitt joc...@herr-schmitt.de 2009-05-18 12:44:36 EDT --- Good: + Basename of the SPEC file matches with package name. + Package name fullfill naming guidelines + URL tag show on proper project home page. + Could download upstream tar ball via spectool -g + Package contains valid License tag + License tag state ASL 2.0 as a valid OSS license + Package contains verbatin copy of the license tag + License in the source file header matches with license tag + Package tar ball matches with upstream (md5sum: 855b8b05fd71b39277f2ffbe4c7ae376) + Rpmlint is quiete on source rpm + Package contains smp-enabled build step + Package contains no subpackages + Package has proper defintion of Buildroot + Buildroot will be cleaned on the start of %clean and %install + %doc stanza is small, so we need no extra doc subpackage + %files stanza have proper %defattr statemend + %files standza haven't duplicated file entries + All package files are owned by the package + No package files belong to another package + Package has proper %Changelog Bad: - Package fails on koji (pleas see: http://koji.fedoraproject.org/koji/taskinfo?taskID=1361107) This happens only for 64-bit architectures - Package could no build localy on F-10 because of dependencies -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=501228 --- Comment #3 from KaiGai Kohei kai...@kaigai.gr.jp 2009-05-18 22:17:56 EDT --- Jochen, Thanks for your detailed reviewing. I uploaded the revised Spec and SRPM at: Spec URL: http://sepgsql.googlecode.com/files/mod_selinux.spec_v2.2.1904 SRPM URL: http://sepgsql.googlecode.com/files/mod_selinux-2.2.1904-1.fc11.src.rpm (In reply to comment #2) - Package fails on koji (pleas see: http://koji.fedoraproject.org/koji/taskinfo?taskID=1361107) This happens only for 64-bit architectures Its Makefile assumed an external file provided by httpd-devel is deployed at /usr/lib/httpd/build/special.mk, but it was /usr/lib64/httpd/build/special.mk in x86_64 and ppc64. So, I updated it as follows: - top_srcdir=/etc/httpd - top_builddir=/usr/lib/httpd - include /usr/lib/httpd/build/special.mk + top_srcdir=/etc/httpd + top_builddir=$(shell $(APXS) -q libdir)/httpd + include $(top_builddir)/build/special.mk The /usr/sbin/apxs (provided by httpd-devel) can return a correct path for the target environment, so the Makefile new gets being portable. at x86_64: [kai...@masu ~]$ /usr/sbin/apxs -q libdir /usr/lib64 at i386: [kai...@saba ~]$ /usr/sbin/apxs -q libdir /usr/lib - Package could no build localy on F-10 because of dependencies Yes, this package uses a new feature in linux-2.6.28 will be available in F-11. The mod_selinux switches the security context on the worker thread to handle a http request prior to invocations of contents handler. But it was not available at linux-2.6.27 or older. Fortunately, it was sumarized at SELinux-ML yesterday: http://marc.info/?l=selinuxm=124265539924989w=2 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review