From eea261c91beff4f505601076eebba1895f2e5ba1 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 4 Oct 2023 11:31:00 +0000 Subject: [PATCH] build: selinux rpm package Adds build of host-metering-selinux package containing the SELinux policy. Signed-off-by: Petr Vobornik --- .gitignore | 2 ++ Makefile | 9 ++++++ contrib/rpm/host-metering.spec.in | 46 +++++++++++++++++++++++++++++-- 3 files changed, 55 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 39aa492..9c0b076 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,8 @@ dist/ vendor/ contrib/rpm/host-metering.spec +contrib/selinux/tmp/ +contrib/selinux/host-metering.pp # Coverage coverage.* diff --git a/Makefile b/Makefile index 68457ba..acadb59 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,13 @@ test: @cat coverage.txt +# Build +.PHONY: build-selinux +build-selinux: + @echo "Building SELinux policy..." + cd contrib/selinux && \ + make -f /usr/share/selinux/devel/Makefile $(PROJECT).pp || exit + # Release .PHONY: version version: @@ -111,3 +118,5 @@ clean: rm -rf $(CURDIR)/coverage.html rm -rf $(CURDIR)/coverage.txt rm -rf $(CURDIR)/$(PROJECT) + rm -rf $(CURDIR)/contrib/selinux/tmp + rm -rf $(CURDIR)/contrib/selinux/*.pp diff --git a/contrib/rpm/host-metering.spec.in b/contrib/rpm/host-metering.spec.in index 198d0ac..fc65c6a 100644 --- a/contrib/rpm/host-metering.spec.in +++ b/contrib/rpm/host-metering.spec.in @@ -12,10 +12,13 @@ %global forgeurl https://github.com/RedHatInsights/host-metering/ %global autorelease #AUTORELEASE# %global gomodulesmode GO111MODULE=on - - %global godocs README.md +# macros needed by SELinux +%global selinuxtype targeted +%global moduletype contrib +%global modulename host-metering + Name: host-metering Version: #VERSION# Release: %{autorelease}%{?dist} @@ -34,12 +37,24 @@ BuildRequires: golang >= 1.19 BuildRequires: systemd-rpm-macros %endif BuildRequires: git +BuildRequires: policycoreutils +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +Requires: %{name}-selinux = %{version}-%{release} %description Host metering service %gopkg +%package selinux +Summary: SELinux policy module for host-metering +BuildArch: noarch +%{?selinux_requires} + +%description selinux +This package installs and sets up the SELinux policy security module for host-metering. + %prep %setup -q -b 0 @@ -49,6 +64,10 @@ Host metering service %build pwd %gobuild -o $(pwd)/bin/host-metering %{goipath} +make build-selinux + +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} %install install -m 0755 -vd %{buildroot}%{_bindir} @@ -56,15 +75,38 @@ install -m 0755 -vp $(pwd)/bin/* %{buildroot}%{_bindir}/ install -m 0755 -vd %{buildroot}%{_unitdir} install -m 644 contrib/systemd/host-metering.service %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 contrib/selinux/%{modulename}.pp %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp +install -D -p -m 644 contrib/selinux/%{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{modulename}.if + %if %{with check} %check %endif +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp +%selinux_relabel_post -s %{selinuxtype} + +if [ "$1" -le "1" ]; then # First install + # the daemon needs to be restarted for the custom label to be applied + %systemd_postun_with_restart %{modulename}.service +fi + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{modulename} + %selinux_relabel_post -s %{selinuxtype} +fi + %files %doc README.md %{_bindir}/* %attr(644,root,root) %{_unitdir}/%{name}.service +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp +%{_datadir}/selinux/devel/include/distributed/%{modulename}.if +%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} + %changelog * Mon Oct 2 2023 Vobornik Petr - #VERSION#-#AUTORELEASE#