diff options
| author | Pierre Ossman <ossman@cendio.se> | 2018-07-19 16:04:23 +0200 |
|---|---|---|
| committer | Pierre Ossman <ossman@cendio.se> | 2020-03-12 12:03:32 +0100 |
| commit | 7694f9b4aae475a7b5985e0e960e21c5869f64cf (patch) | |
| tree | 41329d30ccdd3bee4ac5fa579feb93607762dcaf /contrib/packages | |
| parent | 1af1cfdf8709dd1a5574efa19fb4f0e68a98021e (diff) | |
| download | tigervnc-7694f9b4aae475a7b5985e0e960e21c5869f64cf.tar.gz tigervnc-7694f9b4aae475a7b5985e0e960e21c5869f64cf.zip | |
Add SELinux policy file for vncsession
Running as a service on a SELinux system requires rules so we can
transition to our own context. We also need the proper permissions
to start new user sessions.
Diffstat (limited to 'contrib/packages')
| -rw-r--r-- | contrib/packages/rpm/el7/SPECS/tigervnc.spec | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/contrib/packages/rpm/el7/SPECS/tigervnc.spec b/contrib/packages/rpm/el7/SPECS/tigervnc.spec index 5ae3b2f7..c6c34d49 100644 --- a/contrib/packages/rpm/el7/SPECS/tigervnc.spec +++ b/contrib/packages/rpm/el7/SPECS/tigervnc.spec @@ -21,7 +21,7 @@ BuildRequires: mesa-libGL-devel, libXinerama-devel, ImageMagick BuildRequires: freetype-devel, libXdmcp-devel, libXfont2-devel BuildRequires: libXrandr-devel, fltk-devel >= 1.3.3 BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel -BuildRequires: systemd, cmake +BuildRequires: systemd, cmake, selinux-policy-devel Requires(post): coreutils Requires(postun): coreutils @@ -52,6 +52,7 @@ Provides: tightvnc-server = 1.5.0-0.15.20090204svn3586 Obsoletes: tightvnc-server < 1.5.0-0.15.20090204svn3586 Requires: perl Requires: tigervnc-server-minimal = %{version}-%{release} +Requires: tigervnc-selinux = %{version}-%{release} Requires: xorg-x11-xauth Requires: xorg-x11-xinit Requires(post): systemd @@ -115,6 +116,18 @@ BuildArch: noarch %description icons This package contains icons for TigerVNC viewer +%package selinux +Summary: SELinux module for TigerVNC +BuildArch: noarch +Requires(pre): libselinux-utils +Requires(post): selinux-policy-base >= %{_selinux_policy_version} +Requires(post): policycoreutils policycoreutils-python +Requires(post): libselinux-utils + +%description selinux +This package provides the SELinux policy module to ensure TigerVNC +runs properly under an environment with SELinux enabled. + %prep rm -rf $RPM_BUILD_ROOT %setup -q -n %{name}-%{version}%{?snap:-%{snap}} @@ -174,6 +187,11 @@ pushd media make popd +# SELinux +pushd unix/vncserver/selinux +make +popd + %install make install DESTDIR=$RPM_BUILD_ROOT @@ -181,6 +199,10 @@ pushd unix/xserver/hw/vnc make install DESTDIR=$RPM_BUILD_ROOT popd +pushd unix/vncserver/selinux +make install DESTDIR=$RPM_BUILD_ROOT +popd + %find_lang %{name} %{name}.lang # remove unwanted files @@ -208,6 +230,22 @@ if [ -x %{_bindir}/gtk-update-icon-cache ]; then %{_bindir}/gtk-update-icon-cache -q %{_datadir}/icons/hicolor || : fi +%pre selinux +%selinux_relabel_pre + +%post selinux +%selinux_modules_install %{_datadir}/selinux/packages/vncsession.pp +%selinux_relabel_post + +%posttrans selinux +%selinux_relabel_post + +%postun selinux +%selinux_modules_uninstall vncsession +if [ $1 -eq 0 ]; then + %selinux_relabel_post +fi + %files -f %{name}.lang %defattr(-,root,root,-) %doc %{_docdir}/%{name}-%{version}/README.rst @@ -253,6 +291,9 @@ fi %defattr(-,root,root,-) %{_datadir}/icons/hicolor/*/apps/* +%files selinux +%{_datadir}/selinux/packages/vncsession.pp + %changelog * Mon Jan 14 2019 Pierre Ossman <ossman@cendio.se> 1.9.80-4 - Use system FLTK for build |