rpms/memcached/EL-5 memcached.fc, NONE, 1.1 memcached.if, NONE, 1.1 memcached.te, NONE, 1.1 memcached.spec, 1.2, 1.3 memcached.sysv, 1.2, 1.3 sources, 1.2, 1.3 memcached-1.2.3-save_pid_fix.patch, 1.1, NONE
Paul Lindner (plindner)
fedora-extras-commits at redhat.com
Tue Dec 25 17:19:43 UTC 2007
- Previous message (by thread): rpms/memcached/FC-6 memcached.fc, NONE, 1.1 memcached.if, NONE, 1.1 memcached.te, NONE, 1.1 memcached.spec, 1.3, 1.4 memcached.sysv, 1.2, 1.3 sources, 1.2, 1.3 memcached-1.2.3-save_pid_fix.patch, 1.2, NONE
- Next message (by thread): rpms/xorg-x11-docs/devel xorg-x11-docs.spec,1.4,1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: plindner
Update of /cvs/pkgs/rpms/memcached/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32435
Modified Files:
memcached.spec memcached.sysv sources
Added Files:
memcached.fc memcached.if memcached.te
Removed Files:
memcached-1.2.3-save_pid_fix.patch
Log Message:
memcached-1.2.4 update for EL-5
--- NEW FILE memcached.fc ---
/usr/bin/memcached(.*)? -- gen_context(system_u:object_r:memcached_exec_t,s0)
/var/run/memcached(/.*)? gen_context(system_u:object_r:memcached_var_run_t,s0)
--- NEW FILE memcached.if ---
# This file is as of yet unused
--- NEW FILE memcached.te ---
policy_module(memcached, 1.0.1)
require {
attribute port_type;
};
#####################################
#
# Declarations
#
type memcached_t;
type memcached_exec_t;
type memcached_var_run_t;
type memcached_port_t, port_type;
########################################
#
# Local policy
#
init_daemon_domain(memcached_t, memcached_exec_t)
domain_use_interactive_fds(memcached_t)
init_use_fds(memcached_t)
files_pid_file(memcached_var_run_t)
allow memcached_t self:capability { setgid setuid };
dontaudit memcached_t self:capability sys_tty_config;
allow memcached_t self:process signal_perms;
allow memcached_t self:fifo_file rw_file_perms;
allow memcached_t self:unix_stream_socket create_stream_socket_perms;
allow memcached_t memcached_port_t:tcp_socket name_bind;
allow memcached_t memcached_port_t:udp_socket name_bind;
allow memcached_t self:tcp_socket create_stream_socket_perms;
allow memcached_t self:udp_socket create_stream_socket_perms;
corenet_non_ipsec_sendrecv(memcached_t)
corenet_tcp_sendrecv_all_if(memcached_t)
corenet_udp_sendrecv_all_if(memcached_t)
corenet_tcp_sendrecv_all_nodes(memcached_t)
corenet_udp_sendrecv_all_nodes(memcached_t)
corenet_tcp_bind_all_nodes(memcached_t)
corenet_udp_bind_all_nodes(memcached_t)
allow memcached_t memcached_var_run_t:file create_file_perms;
allow memcached_t memcached_var_run_t:dir rw_dir_perms;
files_pid_filetrans(memcached_t, memcached_var_run_t, file)
kernel_read_kernel_sysctls(memcached_t)
kernel_read_system_state(memcached_t)
libs_use_ld_so(memcached_t)
libs_use_shared_libs(memcached_t)
files_read_etc_files(memcached_t)
term_dontaudit_use_all_user_ptys(memcached_t)
term_dontaudit_use_all_user_ttys(memcached_t)
term_dontaudit_use_console(memcached_t)
Index: memcached.spec
===================================================================
RCS file: /cvs/pkgs/rpms/memcached/EL-5/memcached.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- memcached.spec 9 Aug 2007 22:23:20 -0000 1.2
+++ memcached.spec 25 Dec 2007 17:19:05 -0000 1.3
@@ -1,6 +1,13 @@
+%define selinux_variants mls strict targeted
+%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
+%define modulename memcached
+
+%define username memcached
+%define groupname memcached
+
Name: memcached
-Version: 1.2.3
-Release: 7%{?dist}
+Version: 1.2.4
+Release: 2%{?dist}
Summary: High Performance, Distributed Memory Object Cache
Group: System Environment/Daemons
@@ -11,14 +18,20 @@
# custom init script
Source1: memcached.sysv
+# SELinux files
+Source10: %{modulename}.te
+Source11: %{modulename}.fc
+Source12: %{modulename}.if
+
# Fixes
-Patch1: memcached-1.2.3-save_pid_fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libevent-devel
BuildRequires: perl(Test::More)
-Requires: initscripts
+
+Requires: initscripts
+Requires(pre): shadow-utils
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig, /sbin/service
Requires(postun): /sbin/service
@@ -28,10 +41,26 @@
system, generic in nature, but intended for use in speeding up dynamic
web applications by alleviating database load.
+
+%package selinux
+Summary: SELinux policy module supporting memcached
+Group: System Environment/Base
+BuildRequires: checkpolicy, selinux-policy-devel, hardlink
+%if "%{selinux_policyver}" != ""
+Requires: selinux-policy >= %{selinux_policyver}
+%endif
+Requires: %{name} = %{version}-%{release}
+Requires(post): policycoreutils
+Requires(postun): policycoreutils
+
+%description selinux
+SELinux policy module supporting memcached.
+
+
%prep
%setup -q
-%patch1 -p1
-
+mkdir SELinux
+cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} SELinux/
%build
@@ -39,6 +68,14 @@
make %{?_smp_mflags}
+pushd SELinux
+for selinuxvariant in %{selinux_variants}; do
+ make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+ mv %{modulename}.pp %{modulename}.pp.${selinuxvariant}
+ make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+done
+popd
+
%check
# remove failing test that doesn't work in
@@ -62,7 +99,7 @@
mkdir -p %{buildroot}/%{_sysconfdir}/sysconfig
cat <<EOF >%{buildroot}/%{_sysconfdir}/sysconfig/%{name}
PORT="11211"
-USER="nobody"
+USER="%{username}"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""
@@ -71,13 +108,35 @@
# pid directory
mkdir -p %{buildroot}/%{_localstatedir}/run/memcached
+# Install SELinux policy modules
+pushd SELinux
+for selinuxvariant in %{selinux_variants}; do
+ install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+ install -p -m 644 %{modulename}.pp.${selinuxvariant} \
+ %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp
+done
+popd
+
+# Hardlink identical policy module packages together
+/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
+
+
%clean
rm -rf %{buildroot}
+%pre
+getent group %{groupname} >/dev/null || groupadd -r %{groupname}
+getent passwd %{username} >/dev/null || \
+useradd -r -g %{groupname} -d %{_localstatedir}/run/memcached \
+ -s /sbin/nologin -c "Memcached daemon" %{username}
+exit 0
+
+
%post
/sbin/chkconfig --add %{name}
+
%preun
if [ "$1" = 0 ] ; then
/sbin/service %{name} stop > /dev/null 2>&1
@@ -85,6 +144,7 @@
fi
exit 0
+
%postun
if [ "$1" -ge 1 ]; then
/sbin/service %{name} condrestart > /dev/null 2>&1
@@ -92,19 +152,56 @@
exit 0
+%post selinux
+# Install SELinux policy modules
+for selinuxvariant in %{selinux_variants}
+do
+ /usr/sbin/semodule -s ${selinuxvariant} -i \
+ %{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp &> /dev/null || :
+done
+/usr/sbin/semanage port -a -t memcached_port_t -p tcp 11211 &> /dev/null || :
+/sbin/fixfiles -R %{name} restore || :
+
+
+%postun selinux
+# Clean up after package removal
+if [ $1 -eq 0 ]; then
+ /usr/sbin/semanage port -d -t memcached_port_t -p tcp 11211 &> /dev/null || :
+ # Remove SELinux policy modules
+ for selinuxvariant in %{selinux_variants}
+ do
+ /usr/sbin/semodule -s ${selinuxvariant} -r %{modulename} &> /dev/null || :
+ done
+ /sbin/fixfiles -R %{name} restore || :
+fi
+
+
%files
%defattr(-,root,root,-)
%doc AUTHORS ChangeLog COPYING NEWS README TODO doc/CONTRIBUTORS doc/*.txt
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
-%dir %attr(750,nobody,nobody) %{_localstatedir}/run/memcached
+%dir %attr(755,%{username},%{groupname}) %{_localstatedir}/run/memcached
%{_bindir}/memcached-tool
%{_bindir}/memcached
%{_mandir}/man1/memcached.1*
%{_initrddir}/memcached
+%files selinux
+%defattr(-,root,root,0755)
+%doc SELinux/*.te SELinux/*.fc SELinux/*.if
+%{_datadir}/selinux/*/%{modulename}.pp
+
+
%changelog
+* Sat Dec 22 2007 Paul Lindner <lindner at mirth.inuus.com> - 1.2.4-2
+- Upgrade to memcached-1.2.4
+
+* Fri Sep 07 2007 Konstantin Ryabitsev <icon at fedoraproject.org> - 1.2.3-8
+- Add selinux policies
+- Create our own system user
+
* Mon Aug 6 2007 Paul Lindner <lindner at inuus.com> - 1.2.3-7
- Fix problem with -P and -d flag combo on x86_64
- Fix init script for FC-6
Index: memcached.sysv
===================================================================
RCS file: /cvs/pkgs/rpms/memcached/EL-5/memcached.sysv,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- memcached.sysv 9 Aug 2007 22:23:20 -0000 1.2
+++ memcached.sysv 25 Dec 2007 17:19:05 -0000 1.3
@@ -4,6 +4,7 @@
# description: The memcached daemon is a network memory cache service.
# processname: memcached
# config: /etc/sysconfig/memcached
+# pidfile: /var/run/memcached/memcached.pid
# Standard LSB functions
#. /lib/lsb/init-functions
@@ -12,7 +13,7 @@
. /etc/init.d/functions
PORT=11211
-USER=nobody
+USER=memcached
MAXCONN=1024
CACHESIZE=64
OPTIONS=""
@@ -22,6 +23,8 @@
fi
# Check that networking is up.
+. /etc/sysconfig/network
+
if [ "$NETWORKING" = "no" ]
then
exit 0
@@ -33,7 +36,9 @@
start () {
echo -n $"Starting $prog: "
# insure that /var/run/memcached has proper permissions
+ if [ "`stat -c %U /var/run/memcached`" != "$USER" ]; then
chown $USER /var/run/memcached
+ fi
daemon --pidfile /var/run/memcached/memcached.pid memcached -d -p $PORT -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/memcached/memcached.pid $OPTIONS
RETVAL=$?
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/memcached/EL-5/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sources 25 Jul 2007 14:20:44 -0000 1.2
+++ sources 25 Dec 2007 17:19:05 -0000 1.3
@@ -1 +1,2 @@
efbc9ef1cf7dbc93a3ddceea541968c9 memcached-1.2.3.tar.gz
+b80db034f951b296b2672b243022c061 memcached-1.2.4.tar.gz
--- memcached-1.2.3-save_pid_fix.patch DELETED ---
- Previous message (by thread): rpms/memcached/FC-6 memcached.fc, NONE, 1.1 memcached.if, NONE, 1.1 memcached.te, NONE, 1.1 memcached.spec, 1.3, 1.4 memcached.sysv, 1.2, 1.3 sources, 1.2, 1.3 memcached-1.2.3-save_pid_fix.patch, 1.2, NONE
- Next message (by thread): rpms/xorg-x11-docs/devel xorg-x11-docs.spec,1.4,1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list