container-selinux/container-selinux.spec

%global debug_package   %{nil}

# container-selinux
%global git0 https://github.com/containers/container-selinux
%global commit0 99b40c5013ec2720a04b1d3579ef888281714c35
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})

# container-selinux stuff (prefix with ds_ for version/release etc.)
# Some bits borrowed from the openstack-selinux package
%global selinuxtype targeted
%global moduletype services
%global modulenames container

# Usage: _format var format
# Expand 'modulenames' into various formats as needed
# Format must contain '$x' somewhere to do anything useful
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;

Name: container-selinux
Epoch: 2
Version: 2.163
Release: 1
License: GPLv2
URL: %{git0}
Summary: SELinux policies for container runtimes
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
#fix ERROR 'unknown class lockdown' at token ';'
Patch0: fix.patch
BuildArch: noarch
BuildRequires: git-core
BuildRequires: pkgconfig(systemd)
BuildRequires: selinux-policy >= %_selinux_policy_version
BuildRequires: selinux-policy-devel >= %_selinux_policy_version
# RE: rhbz#1195804 - ensure min NVR for selinux-policy
Requires: selinux-policy >= %_selinux_policy_version
Requires(post): selinux-policy-base >= %_selinux_policy_version
Requires(post): selinux-policy-targeted >= %_selinux_policy_version
Requires(post): policycoreutils
Requires(post): libselinux-utils
Requires(post): sed
Obsoletes: %{name} <= 2:1.12.5-14
Obsoletes: docker-selinux <= 2:1.12.4-28
Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release}

%description
SELinux policy modules for use with container runtimes.

%prep
%autosetup -n %{name}-%{commit0} -p1

%build
make

%install
# install policy modules
%_format MODULES $x.pp.bz2
install -d %{buildroot}%{_datadir}/selinux/packages
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
install -d %{buildroot}/%{_datadir}/containers/selinux
install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts

%check

%pre
%selinux_relabel_pre -s %{selinuxtype}

%post
# Install all modules in a single transaction
if [ $1 -eq 1 ]; then
   %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1
fi
%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null
%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null
%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
%selinux_modules_install -s %{selinuxtype} $MODULES
. %{_sysconfdir}/selinux/config
sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :

%postun
if [ $1 -eq 0 ]; then
   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
fi

%posttrans
%selinux_relabel_post -s %{selinuxtype}

#define license tag if not already defined
%{!?_licensedir:%global license %doc}

%files
%doc README.md
%{_datadir}/selinux/*
%dir %{_datadir}/containers/selinux
%{_datadir}/containers/selinux/contexts


%triggerpostun -- container-selinux < 2:2.162.1-3
if %{_sbindir}/selinuxenabled ; then
    echo "Fixing Rootless SELinux labels in homedir"
    %{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay*  2> /dev/null
fi

%changelog
* Mon May 23 2022 duyiwei <duyiwei@kylinos.cn> - 2.163-1
- Update container-selinux to v2.163.0

* Tue Oct 26 2021 caodongxia <caodongxia@huawei.com> - 2.138-5
- DESC: systemd_dbus_chat_resolved has been deprecated, use systemd_chat_resolved instead

* Wed Aug 11 2021 chenyanpanHW <chenyanpan@huawei.com> - 2.138-4
- DESC: delete -Sgit from %autosetup, and delete BuildRequires git

* Mon Dec 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.138-2
- Update container-selinux spec

* Wed Aug 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.138-1
- Update container-selinux to v2.138.1

* Sat Sep 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.73-3
- Package init
update code 2019-11-06 19:04:45 +08:00			`%global debug_package %{nil}`

			`# container-selinux`
update version to 2.163 2022-05-23 09:41:23 +08:00			`%global git0 https://github.com/containers/container-selinux`
			`%global commit0 99b40c5013ec2720a04b1d3579ef888281714c35`
update code 2019-11-06 19:04:45 +08:00			`%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})`

			`# container-selinux stuff (prefix with ds_ for version/release etc.)`
			`# Some bits borrowed from the openstack-selinux package`
			`%global selinuxtype targeted`
			`%global moduletype services`
			`%global modulenames container`

			`# Usage: _format var format`
			`# Expand 'modulenames' into various formats as needed`
			`# Format must contain '$x' somewhere to do anything useful`
			`%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;`

			`Name: container-selinux`
			`Epoch: 2`
update version to 2.163 2022-05-23 09:41:23 +08:00			`Version: 2.163`
			`Release: 1`
update code 2019-11-06 19:04:45 +08:00			`License: GPLv2`
			`URL: %{git0}`
			`Summary: SELinux policies for container runtimes`
			`Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz`
update version to 2.163 2022-05-23 09:41:23 +08:00			`#fix ERROR 'unknown class lockdown' at token ';'`
			`Patch0: fix.patch`
update code 2019-11-06 19:04:45 +08:00			`BuildArch: noarch`
update version to 2.163 2022-05-23 09:41:23 +08:00			`BuildRequires: git-core`
update code 2019-11-06 19:04:45 +08:00			`BuildRequires: pkgconfig(systemd)`
update version to 2.163 2022-05-23 09:41:23 +08:00			`BuildRequires: selinux-policy >= %_selinux_policy_version`
			`BuildRequires: selinux-policy-devel >= %_selinux_policy_version`
update code 2019-11-06 19:04:45 +08:00			`# RE: rhbz#1195804 - ensure min NVR for selinux-policy`
update version to 2.163 2022-05-23 09:41:23 +08:00			`Requires: selinux-policy >= %_selinux_policy_version`
			`Requires(post): selinux-policy-base >= %_selinux_policy_version`
			`Requires(post): selinux-policy-targeted >= %_selinux_policy_version`
update code 2019-11-06 19:04:45 +08:00			`Requires(post): policycoreutils`
			`Requires(post): libselinux-utils`
			`Requires(post): sed`
update version to 2.163 2022-05-23 09:41:23 +08:00			`Obsoletes: %{name} <= 2:1.12.5-14`
update code 2019-11-06 19:04:45 +08:00			`Obsoletes: docker-selinux <= 2:1.12.4-28`
update version to 2.163 2022-05-23 09:41:23 +08:00			`Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release}`
update code 2019-11-06 19:04:45 +08:00
			`%description`
			`SELinux policy modules for use with container runtimes.`

			`%prep`
delete -Sgit from %autosetup, and delete BuildRequires git 2021-08-11 19:24:11 +08:00			`%autosetup -n %{name}-%{commit0} -p1`
update code 2019-11-06 19:04:45 +08:00
			`%build`
			`make`

			`%install`
			`# install policy modules`
			`%_format MODULES $x.pp.bz2`
			`install -d %{buildroot}%{_datadir}/selinux/packages`
			`install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services`
			`install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services`
			`install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages`
update version to 2.163 2022-05-23 09:41:23 +08:00			`install -d %{buildroot}/%{_datadir}/containers/selinux`
			`install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts`
update code 2019-11-06 19:04:45 +08:00
			`%check`

update version to 2.163 2022-05-23 09:41:23 +08:00			`%pre`
			`%selinux_relabel_pre -s %{selinuxtype}`

update code 2019-11-06 19:04:45 +08:00			`%post`
			`# Install all modules in a single transaction`
			`if [ $1 -eq 1 ]; then`
update version to 2.163 2022-05-23 09:41:23 +08:00			`%{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1`
update code 2019-11-06 19:04:45 +08:00			`fi`
			`%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2`
			`%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null`
			`%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null`
			`%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null`
update version to 2.163 2022-05-23 09:41:23 +08:00			`%selinux_modules_install -s %{selinuxtype} $MODULES`
update code 2019-11-06 19:04:45 +08:00			`. %{_sysconfdir}/selinux/config`
			`sed -e "\\|container_file_t\|h; \${x;s\|container_file_t\|\|;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types`
			`matchpathcon -qV %{_sharedstatedir}/containers \|\| restorecon -R %{_sharedstatedir}/containers &> /dev/null \|\| :`

			`%postun`
			`if [ $1 -eq 0 ]; then`
update version to 2.163 2022-05-23 09:41:23 +08:00			`%selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker`
update code 2019-11-06 19:04:45 +08:00			`fi`

update version to 2.163 2022-05-23 09:41:23 +08:00			`%posttrans`
			`%selinux_relabel_post -s %{selinuxtype}`

update code 2019-11-06 19:04:45 +08:00			`#define license tag if not already defined`
			`%{!?_licensedir:%global license %doc}`

			`%files`
			`%doc README.md`
			`%{_datadir}/selinux/*`
update version to 2.163 2022-05-23 09:41:23 +08:00			`%dir %{_datadir}/containers/selinux`
			`%{_datadir}/containers/selinux/contexts`


			`%triggerpostun -- container-selinux < 2:2.162.1-3`
			`if %{_sbindir}/selinuxenabled ; then`
			`echo "Fixing Rootless SELinux labels in homedir"`
			`%{_sbindir}/restorecon -R /home//.local/share/containers/storage/overlay 2> /dev/null`
			`fi`
update code 2019-11-06 19:04:45 +08:00
			`%changelog`
update version to 2.163 2022-05-23 09:41:23 +08:00			`* Mon May 23 2022 duyiwei <duyiwei@kylinos.cn> - 2.163-1`
			`- Update container-selinux to v2.163.0`

systemd_dbus_chat_resolved has been deprecated, use systemd_chat_resolved instead 2021-10-26 14:05:01 +08:00			`* Tue Oct 26 2021 caodongxia <caodongxia@huawei.com> - 2.138-5`
			`- DESC: systemd_dbus_chat_resolved has been deprecated, use systemd_chat_resolved instead`

delete -Sgit from %autosetup, and delete BuildRequires git 2021-08-11 19:24:11 +08:00			`* Wed Aug 11 2021 chenyanpanHW <chenyanpan@huawei.com> - 2.138-4`
			`- DESC: delete -Sgit from %autosetup, and delete BuildRequires git`

update container-selinux spec Signed-off-by: zvier <liuzekun@huawei.com> 2020-12-14 11:02:32 +08:00			`* Mon Dec 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.138-2`
			`- Update container-selinux spec`

Update container-selinux to v2.138.0 Signed-off-by: liuzekun <liuzekun@huawei.com> 2020-08-19 17:00:39 +08:00			`* Wed Aug 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.138-1`
update container-selinux spec Signed-off-by: zvier <liuzekun@huawei.com> 2020-12-14 11:02:32 +08:00			`- Update container-selinux to v2.138.1`
Update container-selinux to v2.138.0 Signed-off-by: liuzekun <liuzekun@huawei.com> 2020-08-19 17:00:39 +08:00
			`* Sat Sep 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.73-3`
update code 2019-11-06 19:04:45 +08:00			`- Package init`