Skip to content

Commit

Permalink
Merge pull request #643 from Kegeruneku/bug_2882/int/2882_install_sel…
Browse files Browse the repository at this point in the history 
…inux_policy

Fixes #2882: Package a SELinux policy for rudder-webapp
  • Loading branch information
@peckpeck
peckpeck committed Apr 28, 2015
2 parents 9f407b9 + e09bdfa commit 55569f4
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 0 deletions.
14 changes: 14 additions & 0 deletions rudder-webapp/SOURCES/rudder-webapp.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
module rudder-webapp 1.0;

require {
type httpd_t;
type var_t;
type http_cache_port_t;
class tcp_socket name_connect;
class file getattr;
}

#============= httpd_t ==============

# Allow httpd daemon to access 8080:tcp via connect method
allow httpd_t http_cache_port_t:tcp_socket name_connect;
13 changes: 13 additions & 0 deletions rudder-webapp/SPECS/rudder-webapp.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ Source16: post.write_technique.rudderify.sh
Source17: rudder-metrics-reporting
Source18: ca-bundle.crt
Source19: rudder-reload-cf-serverd
Source20: rudder-jetty.pp

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Expand Down Expand Up @@ -189,6 +190,7 @@ mkdir -p %{buildroot}%{rudderdir}/share/tools
mkdir -p %{buildroot}%{rudderdir}/share/plugins/
mkdir -p %{buildroot}%{rudderdir}/share/upgrade-tools/
mkdir -p %{buildroot}%{rudderdir}/share/certificates/
mkdir -p %{buildroot}%{rudderdir}/share/selinux/
mkdir -p %{buildroot}%{ruddervardir}/inventories/incoming
mkdir -p %{buildroot}%{ruddervardir}/inventories/accepted-nodes-updates
mkdir -p %{buildroot}%{ruddervardir}/inventories/received
Expand Down Expand Up @@ -280,6 +282,9 @@ cp %{SOURCE18} %{buildroot}%{rudderdir}/share/certificates/
cp -rf %{_builddir}/rudder-doc/pdf %{buildroot}/usr/share/doc/rudder
cp -rf %{_builddir}/rudder-doc/html %{buildroot}/usr/share/doc/rudder

# Install SELinux policy
install -m 644 %{SOURCE20} %{buildroot}%{rudderdir}/share/selinux/

%pre -n rudder-webapp
#=================================================
# Pre Installation
Expand Down Expand Up @@ -407,9 +412,17 @@ fi
if type sestatus >/dev/null 2>&1
if [ $(LANG=C sestatus | grep -cE "SELinux status:.*enabled") -ne 0 ]
then

# Adjust the inventory directories SELinux context
chcon -R --type=httpd_sys_content_t /var/rudder/inventories/incoming
chcon -R --type=httpd_sys_content_t /var/rudder/inventories/accepted-nodes-updates

# If necessary, add the rudder-webapp SELinux policy
if [ $(semodule -l | grep -c rudder-webapp) -eq 0 ]
then
semodule -i /opt/rudder/share/selinux/rudder-jetty.pp
fi

fi
fi

Expand Down
2 changes: 2 additions & 0 deletions rudder-webapp/debian/dirs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
opt/rudder/bin
opt/rudder/share/webapps
opt/rudder/share/rudder-plugins
opt/rudder/share/certificates
opt/rudder/share/selinux
opt/rudder/etc
opt/rudder/etc/ssl
opt/rudder/etc/plugins
Expand Down
8 changes: 8 additions & 0 deletions rudder-webapp/debian/postinst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,9 +96,17 @@ case "$1" in
if type sestatus >/dev/null 2>&1
if [ $(LANG=C sestatus | grep -cE "SELinux status:.*enabled") -ne 0 ]
then

# Adjust the inventory directories SELinux context
chcon -R --type=httpd_sys_content_t /var/rudder/inventories/incoming
chcon -R --type=httpd_sys_content_t /var/rudder/inventories/accepted-nodes-updates

# If necessary, add the rudder-webapp SELinux policy
if [ $(semodule -l | grep -c rudder-webapp) -eq 0 ]
then
semodule -i /opt/rudder/share/selinux/rudder-jetty.pp
fi

fi
fi

Expand Down
3 changes: 3 additions & 0 deletions rudder-webapp/debian/rules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,9 @@ binary-arch: install
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-doc pdf /usr/share/doc/rudder
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-doc html /usr/share/doc/rudder

# Install SELinux policies
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-webapp.pp /opt/rudder/share/selinux/

# dh_installmenu
# dh_installdebconf
# dh_installlogrotate
Expand Down

0 comments on commit 55569f4

Please sign in to comment.