pool/selinux-policy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 652476 from home:jsegitz:branches:security:SELinux

Browse Source 
- Change default state to disabled and disable SELinux after 
  uninstallation of policy to prevent unbootable system 
  (bsc#1108949, bsc#1109590)

OBS-URL: https://build.opensuse.org/request/show/652476
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=70
This commit is contained in:
Johannes Segitz 2018-11-28 16:54:07 +00:00 committed by Git OBS Bridge
parent 5791105ca8
commit e960092653
3 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
selinux-policy.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Nov 28 15:18:28 UTC 2018 - jsegitz@suse.com
- Change default state to disabled and disable SELinux after
uninstallation of policy to prevent unbootable system
(bsc#1108949, bsc#1109590)
-------------------------------------------------------------------
Tue Nov 27 15:20:03 UTC 2018 - jsegitz@suse.com

27
selinux-policy.spec
View File

@ -468,15 +468,19 @@ else
fi
exit 0
%postun
if [ $1 = 0 ]; then
setenforce 0 2> /dev/null
if [ -s %{_sysconfdir}/selinux/config ]; then
sed -i --follow-symlinks 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config
fi
fi
%global post_un() \
# disable selinux if we uninstall a policy \
if [ $1 -eq 0 ]; then \
setenforce 0 2> /dev/null \
if [ -s %{_sysconfdir}/selinux/config ]; then \
sed -i --follow-symlinks 's/^SELINUX=.*/SELINUX=disabled/g' %{_sysconfdir}/selinux/config \
fi \
fi \
exit 0
%postun
%post_un $1
%package devel
Summary: SELinux policy devel
Group: System/Management
@ -536,6 +540,9 @@ exit 0
%defattr(-,root,root,-)
%fileList targeted
%{_usr}/share/selinux/targeted/modules-base.lst
%postun targeted
%post_un $1
%endif
%if %{BUILD_MINIMUM}
@ -581,6 +588,9 @@ exit 0
%fileList minimum
%{_usr}/share/selinux/minimum/modules-base.lst
/usr/share/selinux/minimum/modules-minimum-disable.lst
%postun minimum
%post_un $1
%endif
%if %{BUILD_MLS}
@ -610,6 +620,9 @@ SELinux Reference policy mls base module.
%defattr(-,root,root,-)
%fileList mls
%{_usr}/share/selinux/mls/modules-base.lst
%postun mls
%post_un $1
%endif
%changelog

2
selinux-policy.sysconfig
View File

@ -3,7 +3,7 @@
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.