diff --git a/tigervnc.changes b/tigervnc.changes index 5d579ff..83456f9 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jan 21 13:08:53 UTC 2025 - Joan Torres + +- Include SELinux module. + * Fixes bsc#1235671. + ------------------------------------------------------------------- Mon Nov 4 11:25:41 UTC 2024 - Joan Torres diff --git a/tigervnc.spec b/tigervnc.spec index 0414f64..641e4e9 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -1,7 +1,7 @@ # # spec file for package tigervnc # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,8 @@ # +%global selinuxtype targeted +%global modulename vncsession %define vncgroup vnc %define vncuser vnc %define tlskey %{_sysconfdir}/vnc/tls.key @@ -30,6 +32,11 @@ %if 0%{?suse_version} < 1550 %define _pam_vendordir %{_sysconfdir}/pam.d %endif +%if 0%{?suse_version} >= 1550 +%bcond_without selinux +%else +%bcond_with selinux +%endif Name: tigervnc Version: 1.14.1 Release: 0 @@ -141,6 +148,11 @@ BuildRequires: pkgconfig(zlib) Requires(post): update-alternatives Requires(postun): update-alternatives %endif +%if %{with selinux} +BuildRequires: selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +%{selinux_requires} +%endif %description TigerVNC is an implementation of VNC (Virtual Network Computing), a @@ -168,6 +180,9 @@ Requires: xkbcomp Requires: xkeyboard-config Requires: xorg-x11-fonts-core Requires: openssl(cli) +%if %{with selinux} +Requires: (%{name}-selinux if selinux-policy-base) +%endif # For the with-vnc-key.sh script Requires: /bin/hostname %{?systemd_requires} @@ -242,6 +257,17 @@ BuildArch: noarch This is a wrapper that looks like x11vnc, but starts x0vncserver instead. It maps common x11vnc arguments to x0vncserver arguments. +%if %{with selinux} +%package selinux +Summary: SELinux module for TigerVNC +BuildArch: noarch +%{selinux_requires} + +%description selinux +This package provides the SELinux policy module to ensure TigerVNC +runs properly under an environment with SELinux enabled. +%endif + %prep %autosetup -p1 @@ -292,6 +318,13 @@ cmake -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} . %make_build popd +# SELinux +%if %{with selinux} +pushd unix/vncserver/selinux +make +popd +%endif + %install %make_install @@ -310,6 +343,12 @@ mkdir -p %{buildroot}%{_datadir}/vnc/classes install -m755 VncViewer.jar %{buildroot}%{_datadir}/vnc/classes popd +%if %{with selinux} +pushd unix/vncserver/selinux +%make_install +popd +%endif + %ifnarch s390x install -D -m 644 %{SOURCE1} %{buildroot}%{_datadir}/X11/xorg.conf.d/10-libvnc.conf %endif @@ -432,6 +471,21 @@ fi %post -n libXvnc1 -p /sbin/ldconfig %postun -n libXvnc1 -p /sbin/ldconfig +%if %{with selinux} +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 +%selinux_relabel_post -s %{selinuxtype} + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{modulename} + %selinux_relabel_post -s %{selinuxtype} +fi +%endif + %files -f %{name}.lang %license LICENCE.TXT %doc README.rst @@ -566,4 +620,10 @@ fi %files x11vnc %{_bindir}/x11vnc +%if %{with selinux} +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 +%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} +%endif + %changelog