From c98b95cc819e73e232a9e40cffd04626e641001d64f652d2b60d56237b2edfe2 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Fri, 18 Dec 2020 18:59:21 +0000
Subject: [PATCH] Accepting request 856711 from devel:kubic

Add selinux-targeted-setup package

OBS-URL: https://build.opensuse.org/request/show/856711
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/selinux-targeted-setup?expand=0&rev=1
---
 .gitattributes                 | 23 +++++++++
 .gitignore                     |  1 +
 selinux-targeted-setup.changes |  5 ++
 selinux-targeted-setup.spec    | 89 ++++++++++++++++++++++++++++++++++
 4 files changed, 118 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 selinux-targeted-setup.changes
 create mode 100644 selinux-targeted-setup.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/selinux-targeted-setup.changes b/selinux-targeted-setup.changes
new file mode 100644
index 0000000..748c530
--- /dev/null
+++ b/selinux-targeted-setup.changes
@@ -0,0 +1,5 @@
+-------------------------------------------------------------------
+Tue Dec 15 16:29:04 UTC 2020 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
+
+- Initial release
+
diff --git a/selinux-targeted-setup.spec b/selinux-targeted-setup.spec
new file mode 100644
index 0000000..bf31fb4
--- /dev/null
+++ b/selinux-targeted-setup.spec
@@ -0,0 +1,89 @@
+#
+# spec file for package selinux-targeted-setup
+#
+# Copyright (c) 2020 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+Name:           selinux-targeted-setup
+Version:        20201215
+Release:        0
+Summary:        Install, configure and enable targeted SELinux policy
+License:        GPL-2.0-or-later
+Group:          System/Management
+BuildArch:      noarch
+BuildRequires:  update-bootloader-rpm-macros
+Requires:       selinux-policy-targeted
+Requires(post): selinux-policy-targeted
+Recommends:     container-selinux
+%{update_bootloader_requires}
+
+%description
+Install, configure and enable targeted SELinux policy
+
+%prep
+
+%build
+
+%install
+
+%post
+GRUB_CFG=/etc/default/grub
+SELINUX_CFG=/etc/selinux/config
+LABEL_CFG1=/.autorelabel
+LABEL_CFG2=/etc/selinux/.autorelabel
+
+if [[ -f $GRUB_CFG ]]; then
+  if [[ ! $(grep "^GRUB_CMDLINE_LINUX_DEFAULT=" $GRUB_CFG | grep security=selinux) ]]; then
+    sed -i -e 's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 security=selinux selinux=1"|g' $GRUB_CFG
+  fi
+fi
+
+if [[ -f $SELINUX_CFG ]]; then
+  sed -i -e 's|^SELINUX=.*|SELINUX=enforcing|g' \
+      -e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \
+      $SELINUX_CFG
+fi
+
+if [[ -f $LABEL_CFG1 ]]; then
+  mv $LABEL_CFG1 $LABEL_CFG2
+fi
+
+%{?regenerate_initrd_post}
+%update_bootloader_refresh_post
+
+%posttrans
+%{?regenerate_initrd_posttrans}
+%update_bootloader_posttrans
+
+%postun
+GRUB_CFG=/etc/default/grub
+SELINUX_CFG=/etc/selinux/config
+
+if [[ -f $GRUB_CFG ]]; then
+  LINE=$(grep "^GRUB_CMDLINE_LINUX_DEFAULT=" $GRUB_CFG)
+  LINE=$(sed 's\selinux=1\selinux=0\' <<< $LINE)
+  LINE=$(sed 's\security=selinux\\' <<< $LINE)
+  LINE=$(sed 's\enforcing=0\\' <<< $LINE)
+  sed -i -e 's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\'"${LINE}"'|g' $GRUB_CFG
+fi
+
+if [[ -f $SELINUX_CFG ]]; then
+  sed -i -e 's|^SELINUX=.*|SELINUX=permissive|g' \
+      -e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \
+      $SELINUX_CFG
+fi
+
+%files
+
+%changelog