%global debug_package %{nil} # container-selinux %global git0 https://github.com/containers/container-selinux %global commit0 99b40c5013ec2720a04b1d3579ef888281714c35 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package %global selinuxtype targeted %global moduletype services %global modulenames container # Usage: _format var format # Expand 'modulenames' into various formats as needed # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; Name: container-selinux Epoch: 2 Version: 2.163 Release: 1 License: GPLv2 URL: %{git0} Summary: SELinux policies for container runtimes Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz #fix ERROR 'unknown class lockdown' at token ';' Patch0: fix.patch BuildArch: noarch BuildRequires: git-core BuildRequires: pkgconfig(systemd) BuildRequires: selinux-policy >= %_selinux_policy_version BuildRequires: selinux-policy-devel >= %_selinux_policy_version # RE: rhbz#1195804 - ensure min NVR for selinux-policy Requires: selinux-policy >= %_selinux_policy_version Requires(post): selinux-policy-base >= %_selinux_policy_version Requires(post): selinux-policy-targeted >= %_selinux_policy_version Requires(post): policycoreutils Requires(post): libselinux-utils Requires(post): sed Obsoletes: %{name} <= 2:1.12.5-14 Obsoletes: docker-selinux <= 2:1.12.4-28 Provides: docker-selinux = %{?epoch:%{epoch}:}%{version}-%{release} %description SELinux policy modules for use with container runtimes. %prep %autosetup -n %{name}-%{commit0} -p1 %build make %install # install policy modules %_format MODULES $x.pp.bz2 install -d %{buildroot}%{_datadir}/selinux/packages install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages install -d %{buildroot}/%{_datadir}/containers/selinux install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts %check %pre %selinux_relabel_pre -s %{selinuxtype} %post # Install all modules in a single transaction if [ $1 -eq 1 ]; then %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 %{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null %selinux_modules_install -s %{selinuxtype} $MODULES . %{_sysconfdir}/selinux/config sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun if [ $1 -eq 0 ]; then %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker fi %posttrans %selinux_relabel_post -s %{selinuxtype} #define license tag if not already defined %{!?_licensedir:%global license %doc} %files %doc README.md %{_datadir}/selinux/* %dir %{_datadir}/containers/selinux %{_datadir}/containers/selinux/contexts %triggerpostun -- container-selinux < 2:2.162.1-3 if %{_sbindir}/selinuxenabled ; then echo "Fixing Rootless SELinux labels in homedir" %{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null fi %changelog * Mon May 23 2022 duyiwei - 2.163-1 - Update container-selinux to v2.163.0 * Tue Oct 26 2021 caodongxia - 2.138-5 - DESC: systemd_dbus_chat_resolved has been deprecated, use systemd_chat_resolved instead * Wed Aug 11 2021 chenyanpanHW - 2.138-4 - DESC: delete -Sgit from %autosetup, and delete BuildRequires git * Mon Dec 14 2020 openEuler Buildteam - 2.138-2 - Update container-selinux spec * Wed Aug 19 2020 openEuler Buildteam - 2.138-1 - Update container-selinux to v2.138.1 * Sat Sep 14 2019 openEuler Buildteam - 2.73-3 - Package init