rpms/mod_selinux/devel import.log, NONE, 1.1 mod_selinux.conf, NONE, 1.1 mod_selinux.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
KaiGai Kohei
kaigai at fedoraproject.org
Tue May 26 23:27:58 UTC 2009
- Previous message (by thread): rpms/mod_selinux/F-11 import.log, NONE, 1.1 mod_selinux.conf, NONE, 1.1 mod_selinux.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/lxsession/devel lxsession.spec,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kaigai
Update of /cvs/pkgs/rpms/mod_selinux/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14587/devel
Modified Files:
.cvsignore sources
Added Files:
import.log mod_selinux.conf mod_selinux.spec
Log Message:
The initial mod_selinux package for the rawhide
--- NEW FILE import.log ---
mod_selinux-2_2_1930-1_fc11:HEAD:mod_selinux-2.2.1930-1.fc11.src.rpm:1243380425
--- NEW FILE mod_selinux.conf ---
#
# mod_selinux.conf
# ----------------
# Apache/SELinux plus configuration
LoadModule selinux_module modules/mod_selinux.so
selinuxServerDomain *:s0
#
# Example for the mapfile based configuration
# -------------------------------------------
#
# <Directory "/var/www/html">
# #
# # HTTP Basic Authentication
# #
# AuthType Basic
# AuthName "Secret Zone"
# AuthUserFile /var/www/htpasswd
# Require valid-user
#
# #
# # SELinux domain/range mapping
# #
# SetEnvIf Remote_Addr "192.168.1.[0-9]+$" SELINUX_DOMAIN=*:s0:c1
# SetEnvIf Remote_Addr "192.168.2.[0-9]+$" SELINUX_DOMAIN=*:s0:c2
# selinuxDomainMap /var/www/mod_selinux.map
# selinuxDomainEnv SELINUX_DOMAIN
# selinuxDomainVal anon_webapp_t:s0
#
# </Directory>
#
# Use Case: Virtual Host based separation
# ---------------------------------------
#
# NameVirtualHost *:80
#
# <VirtualHost *:80>
# DocumentRoot /var/www/html
# ServerName dog.example.com
# selinuxDomainVal *:s0:c1
# </VirtualHost>
#
# <VirtualHost *:80>
# DocumentRoot /var/www/html
# ServerName cat.example.com
# selinuxDomainVal *:s0:c2
# </VirtualHost>
#
# Use Case: Authentication integration with RDBMS
# -----------------------------------------------
#
# LoadModule dbd_module modules/mod_dbd.so
# LoadModule authn_dbd_module modules/mod_authn_dbd.so
#
# DBDriver pgsql
# DBDParams "dbname=web user=apache"
# # NOTE: Don't forget to install apr-util-pgsql package
# # to connect PostgreSQL via mod_dbd.
#
# <Directory "/var/www/html">
# # Digest authentication
# # ---------------------
# # AuthType Digest
# # AuthName "Secret Zone"
# # AuthDigestProvider dbd ... (4)
# # AuthDBDUserRealmQuery \ ... (5)
# # "SELECT md5(uname || ':' || $2 || ':' || upass), udomain, \
# # %s=%s as dummy FROM uaccount WHERE uname = $1"
#
# # SELinux context mapping
# # -----------------------
# selinuxDomainEnv AUTHENTICATE_UDOMAIN ... (6)
# selinuxDomainVal anon_webapp_t:s0
# </Directory>
#
# We assume the PostgreSQL works on local machine, and it allows
# the apache user to connect the web database without passwords.
# In addition, uaccount table should be defined as follows:
#
# CREATE TABLE uaccount (
# uname TEXT PRIMARY KEY,
# upass TEXT NOT NULL,
# udomain TEXT
# );
# INSERT INTO uaccount VALUES ('foo', 'xxx', 'user_webapp_t:s0:c0');
# INSERT INTO uaccount VALUES ('var', 'yyy', 'staff_webapp_t:s0:c1');
# INSERT INTO uaccount VALUES ('baz', 'zzz', 'anon_webapp_t:s0:c2');
#
--- NEW FILE mod_selinux.spec ---
%define selinux_policy_types targeted mls
Name: mod_selinux
Version: 2.2.1930
Release: 1%{?dist}
Summary: Apache/SELinux plus module
Group: System Environment/Daemons
License: ASL 2.0
URL: http://code.google.com/p/sepgsql/
Source0: http://sepgsql.googlecode.com/files/%{name}-%{version}.tgz
Source1: %{name}.conf
BuildRequires: httpd-devel >= 2.2.0 libselinux-devel checkpolicy >= 2.0.19 selinux-policy
Requires: kernel >= 2.6.28 httpd >= 2.2.0 policycoreutils selinux-policy
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%description
The Apache/SELinux plus is an extra module (mod_selinux.so) which enables
to launch contents-handler (it means both of references to static contents
and invocations of web applications) with individual and restrictive
privileges set, based on http authentication.
The mod_selinux.so generates a one-time worker thread for each request,
and it assigns the worker restrictive domain based on the authentication
prior to launching contents handlers.
It means we can apply valid access controls on web-applications, and
makes assurance operating system can prevent violated accesses, even if
web application contains security bugs or vulnerabilities.
%prep
%setup -q
%build
# mod_selinux.so
%{__make} %{?_smp_mflags}
# mod_selinux.pp
for policy in %{selinux_policy_types}
do
%{__make} NAME=${policy} -f %{?policy_devel_root}%{_datadir}/selinux/devel/Makefile
mv %{name}.pp %{name}.pp.${policy}
done
%install
rm -rf %{buildroot}
%{__install} -d %{buildroot}%{_libdir}/httpd/modules
%{__install} -d %{buildroot}%{_datadir}/selinux
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/conf.d
%{__make} install DESTDIR=%{buildroot}
%{__install} -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/httpd/conf.d
for policy in %{selinux_policy_types}
do
%{__install} -d %{buildroot}%{_datadir}/selinux/${policy}
%{__install} -p -m 644 %{name}.pp.${policy} \
%{buildroot}%{_datadir}/selinux/${policy}/%{name}.pp
done
%clean
rm -rf %{buildroot}
%post
/sbin/fixfiles -R %{name} restore || :
for policy in %{selinux_policy_types}
do
%{_sbindir}/semodule -s ${policy} \
-i %{_datadir}/selinux/${policy}/%{name}.pp 2>/dev/null || :
done
%postun
# unload policy, if rpm -e
if [ $1 -eq 0 ]; then
for policy in %{selinux_policy_types}
do
%{_sbindir}/semodule -s ${policy} -r %{name} 2>/dev/null || :
done
fi
%files
%defattr(-,root,root,-)
%doc LICENSE README
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
%{_libdir}/httpd/modules/%{name}.so
%{_datadir}/selinux/*/%{name}.pp
%changelog
* Fri May 22 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1930-1
- rework: libselinux was dropped from explicit dependencies due to
http://fedoraproject.org/wiki/Packaging/Guidelines#Explicit_Requires
* Tue May 19 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1904-1
- bugfix: update Makefile to allow to build for 64bit architecture
* Mon May 18 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1903-1
- rework: add selinux_merge_conf()
- rework: remove mod_authn_sepgsql, instead of documentation
to use mod_authn_dbd with pgsql driver.
* Fri May 15 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1898-1
- rework: mod_authn_sepgsql cleanups
- update: README updates.
* Wed May 13 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1884-1
- rework: add mod_authn_sepgsql module
- rework: directives were reorganized
- rework: simultaneous usage with keep-alive
* Fri Apr 17 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1817-1
- bugfix: add kernel >= 2.6.28 because of typebounds feature
* Thu Apr 16 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1803-1
- rework: reverted to multi-threading design
- bugfix: security policy didn't allow prosess:{setcurrent}
* Wed Apr 15 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1800-1
- rework: worker was redesigned to use a process, instead of thread,
on process_connection hook.
- rework: "selinuxAllowCaches" and "selinuxAllowKeepAlive" were added.
- rework: README was revised
* Tue Apr 14 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1795-1
- bugfix: install script didn't work correctly.
- update: add some of inline source comments.
- update: specfile improvement.
* Sun Apr 12 2009 KaiGai Kohei <kaigai at ak.jp.nec.com> - 2.2.1792-1
- Initial build
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/mod_selinux/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- .cvsignore 26 May 2009 22:10:05 -0000 1.1
+++ .cvsignore 26 May 2009 23:27:27 -0000 1.2
@@ -0,0 +1 @@
+mod_selinux-2.2.1930.tgz
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/mod_selinux/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- sources 26 May 2009 22:10:05 -0000 1.1
+++ sources 26 May 2009 23:27:28 -0000 1.2
@@ -0,0 +1 @@
+aadee8b6e5c7d99a6ff0a66fca8032dd mod_selinux-2.2.1930.tgz
- Previous message (by thread): rpms/mod_selinux/F-11 import.log, NONE, 1.1 mod_selinux.conf, NONE, 1.1 mod_selinux.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/lxsession/devel lxsession.spec,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list