From 6ac03ab27e2b6c9d8b1d821a2955ac6f4dd2bd4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 00:13:19 +0100 Subject: [PATCH 01/26] Add basic spec file and selinux module source --- ly.spec | 42 +++++++++++++++++++++++++ selinux/ly.fc | 1 + selinux/ly.if | 40 +++++++++++++++++++++++ selinux/ly.sh | 52 ++++++++++++++++++++++++++++++ selinux/ly.te | 32 +++++++++++++++++++ selinux/ly_selinux.spec | 70 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 237 insertions(+) create mode 100644 ly.spec create mode 100755 selinux/ly.fc create mode 100755 selinux/ly.if create mode 100755 selinux/ly.sh create mode 100755 selinux/ly.te create mode 100755 selinux/ly_selinux.spec diff --git a/ly.spec b/ly.spec new file mode 100644 index 00000000..78979358 --- /dev/null +++ b/ly.spec @@ -0,0 +1,42 @@ +Name: ly +Version: 0.5 +Release: 2 +Summary: A TUI display manager +License: WTFPL +BuildRequires: libxcb-devel +BuildRequires: pam-devel +Requires: libxcb +Requires: pam + +%description +Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD. + +%prep +make github + +%build +make + +%install +cd src +mkdir -p %{buildroot}/etc/ +mkdir -p %{buildroot}/usr/bin/ +mkdir -p %{buildroot}/usr/lib/systemd/system/ +mkdir -p %{buildroot}/etc/pam.d/ +DESTDIR="%{buildroot}" make install + +%files +/usr/bin/ly +/usr/lib/systemd/system/ly.service +/etc/ly/lang/es.ini +/etc/ly/lang/pt.ini +/etc/ly/lang/ru.ini +/etc/ly/lang/en.ini +/etc/ly/lang/fr.ini +/etc/ly/lang/ro.ini +/etc/ly/xsetup.sh +/etc/ly/wsetup.sh +/etc/ly/config.ini +/etc/pam.d/ly + +%changelog diff --git a/selinux/ly.fc b/selinux/ly.fc new file mode 100755 index 00000000..4a96a7b2 --- /dev/null +++ b/selinux/ly.fc @@ -0,0 +1 @@ +/usr/bin/ly -- gen_context(system_u:object_r:ly_exec_t,s0) diff --git a/selinux/ly.if b/selinux/ly.if new file mode 100755 index 00000000..f546adce --- /dev/null +++ b/selinux/ly.if @@ -0,0 +1,40 @@ + +## policy for ly + +######################################## +## +## Execute ly_exec_t in the ly domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`ly_domtrans',` + gen_require(` + type ly_t, ly_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, ly_exec_t, ly_t) +') + +###################################### +## +## Execute ly in the caller domain. +## +## +## +## Domain allowed access. +## +## +# +interface(`ly_exec',` + gen_require(` + type ly_exec_t; + ') + + corecmd_search_bin($1) + can_exec($1, ly_exec_t) +') diff --git a/selinux/ly.sh b/selinux/ly.sh new file mode 100755 index 00000000..dabb6f71 --- /dev/null +++ b/selinux/ly.sh @@ -0,0 +1,52 @@ +#!/bin/sh -e + +DIRNAME=`dirname $0` +cd $DIRNAME +USAGE="$0 [ --update ]" +if [ `id -u` != 0 ]; then +echo 'You must be root to run this script' +exit 1 +fi + +if [ $# -eq 1 ]; then + if [ "$1" = "--update" ] ; then + time=`ls -l --time-style="+%x %X" ly.te | awk '{ printf "%s %s", $6, $7 }'` + rules=`ausearch --start $time -m avc --raw -se ly` + if [ x"$rules" != "x" ] ; then + echo "Found avc's to update policy with" + echo -e "$rules" | audit2allow -R + echo "Do you want these changes added to policy [y/n]?" + read ANS + if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then + echo "Updating policy" + echo -e "$rules" | audit2allow -R >> ly.te + # Fall though and rebuild policy + else + exit 0 + fi + else + echo "No new avcs found" + exit 0 + fi + else + echo -e $USAGE + exit 1 + fi +elif [ $# -ge 2 ] ; then + echo -e $USAGE + exit 1 +fi + +echo "Building and Loading Policy" +set -x +make -f /usr/share/selinux/devel/Makefile ly.pp || exit +/usr/sbin/semodule -i ly.pp + +# Generate a man page off the installed module +sepolicy manpage -p . -d ly_t +# Fixing the file context on /usr/bin/ly +/sbin/restorecon -F -R -v /usr/bin/ly +# Generate a rpm package for the newly generated policy + +pwd=$(pwd) +rpmbuild --define "_sourcedir ${pwd}" --define "_specdir ${pwd}" --define "_builddir ${pwd}" --define "_srcrpmdir ${pwd}" --define "_rpmdir ${pwd}" --define "_buildrootdir ${pwd}/.build" -ba ly_selinux.spec diff --git a/selinux/ly.te b/selinux/ly.te new file mode 100755 index 00000000..8df62fc2 --- /dev/null +++ b/selinux/ly.te @@ -0,0 +1,32 @@ +policy_module(ly, 1.0.0) + +######################################## +# +# Declarations +# + +type ly_t; +type ly_exec_t; +init_daemon_domain(ly_t, ly_exec_t) + +permissive ly_t; + +######################################## +# +# ly local policy +# +allow ly_t self:capability { setgid setuid }; +allow ly_t self:process { fork signal_perms }; +allow ly_t self:process transition; +allow ly_t self:fifo_file rw_fifo_file_perms; +allow ly_t self:unix_stream_socket create_stream_socket_perms; + +domain_use_interactive_fds(ly_t) + +files_read_etc_files(ly_t) + +auth_use_nsswitch(ly_t) + +logging_send_audit_msgs(ly_t) + +miscfiles_read_localization(ly_t) diff --git a/selinux/ly_selinux.spec b/selinux/ly_selinux.spec new file mode 100755 index 00000000..ee6cb98c --- /dev/null +++ b/selinux/ly_selinux.spec @@ -0,0 +1,70 @@ +# vim: sw=4:ts=4:et + + +%define relabel_files() \ +restorecon -R /usr/bin/ly; \ + +%define selinux_policyver 3.14.6-34 + +Name: ly_selinux +Version: 1.0 +Release: 1%{?dist} +Summary: SELinux policy module for ly + +Group: System Environment/Base +License: WTFPL +# This is an example. You will need to change it. +URL: https://github.com/nullgemm/ly +Source0: ly.pp +Source1: ly.if +Source2: ly_selinux.8 + + +Requires: policycoreutils, libselinux-utils +Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils +Requires(postun): policycoreutils +BuildArch: noarch + +%description +This package installs and sets up the SELinux policy security module for ly. + +%install +install -d %{buildroot}%{_datadir}/selinux/packages +install -m 644 %{SOURCE0} %{buildroot}%{_datadir}/selinux/packages +install -d %{buildroot}%{_datadir}/selinux/devel/include/contrib +install -m 644 %{SOURCE1} %{buildroot}%{_datadir}/selinux/devel/include/contrib/ +install -d %{buildroot}%{_mandir}/man8/ +install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/ly_selinux.8 +install -d %{buildroot}/etc/selinux/targeted/contexts/users/ + + +%post +semodule -n -i %{_datadir}/selinux/packages/ly.pp +if /usr/sbin/selinuxenabled ; then + /usr/sbin/load_policy + %relabel_files + +fi; +exit 0 + +%postun +if [ $1 -eq 0 ]; then + semodule -n -r ly + if /usr/sbin/selinuxenabled ; then + /usr/sbin/load_policy + %relabel_files + + fi; +fi; +exit 0 + +%files +%attr(0600,root,root) %{_datadir}/selinux/packages/ly.pp +%{_datadir}/selinux/devel/include/contrib/ly.if +%{_mandir}/man8/ly_selinux.8.* + + +%changelog +* Wed Feb 3 2021 YOUR NAME 1.0-1 +- Initial version + From 974aca51cbaf40279c629cc020668918ec8bac54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 00:33:35 +0100 Subject: [PATCH 02/26] Turn into ly.spec.rpkg --- ly.spec => ly.spec.rpkg | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) rename ly.spec => ly.spec.rpkg (56%) diff --git a/ly.spec b/ly.spec.rpkg similarity index 56% rename from ly.spec rename to ly.spec.rpkg index 78979358..b3357bc3 100644 --- a/ly.spec +++ b/ly.spec.rpkg @@ -1,17 +1,21 @@ -Name: ly -Version: 0.5 -Release: 2 -Summary: A TUI display manager -License: WTFPL -BuildRequires: libxcb-devel -BuildRequires: pam-devel -Requires: libxcb -Requires: pam +Name: {{{ git_dir_name }}} +Version: {{{ git_dir_version }}} +Release: 1%{?dist} +Summary: A TUI display manager +License: WTFPL +URL: https://github.com/nullgemm/ly +VCS: {{{ git_dir_vcs }}} +Source: {{{ git_dir_pack }}} +BuildRequires: libxcb-devel +BuildRequires: pam-devel +Requires: libxcb +Requires: pam %description Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD. %prep +{{{ git_dir_setup_macro }}} make github %build @@ -40,3 +44,4 @@ DESTDIR="%{buildroot}" make install /etc/pam.d/ly %changelog +{{{ git_dir_changelog }}} From 43a40faf79b00230771a72cbfad658deec093a15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 00:58:17 +0100 Subject: [PATCH 03/26] Build Requires make --- ly.spec.rpkg | 1 + 1 file changed, 1 insertion(+) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index b3357bc3..6dbf8109 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -8,6 +8,7 @@ VCS: {{{ git_dir_vcs }}} Source: {{{ git_dir_pack }}} BuildRequires: libxcb-devel BuildRequires: pam-devel +BuildRequires: make Requires: libxcb Requires: pam From 1926901edac23358905f23c6e5a47ede87416b64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 01:47:01 +0100 Subject: [PATCH 04/26] Fix it up --- .copr/Makefile | 2 ++ ly.spec.rpkg => ly.spec | 14 +++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 .copr/Makefile rename ly.spec.rpkg => ly.spec (77%) diff --git a/.copr/Makefile b/.copr/Makefile new file mode 100644 index 00000000..09b443a7 --- /dev/null +++ b/.copr/Makefile @@ -0,0 +1,2 @@ +srpm: + make github diff --git a/ly.spec.rpkg b/ly.spec similarity index 77% rename from ly.spec.rpkg rename to ly.spec index 6dbf8109..888a0829 100644 --- a/ly.spec.rpkg +++ b/ly.spec @@ -1,11 +1,9 @@ -Name: {{{ git_dir_name }}} -Version: {{{ git_dir_version }}} -Release: 1%{?dist} +Name: ly +Version: 0.5.2 +Release: 0 Summary: A TUI display manager License: WTFPL URL: https://github.com/nullgemm/ly -VCS: {{{ git_dir_vcs }}} -Source: {{{ git_dir_pack }}} BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make @@ -16,10 +14,11 @@ Requires: pam Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD. %prep -{{{ git_dir_setup_macro }}} +cd src make github %build +cd src make %install @@ -29,6 +28,8 @@ mkdir -p %{buildroot}/usr/bin/ mkdir -p %{buildroot}/usr/lib/systemd/system/ mkdir -p %{buildroot}/etc/pam.d/ DESTDIR="%{buildroot}" make install +chmod -x %{buildroot}/etc/ly/config.ini +chmod -x %{buildroot}/etc/ly/lang/* %files /usr/bin/ly @@ -45,4 +46,3 @@ DESTDIR="%{buildroot}" make install /etc/pam.d/ly %changelog -{{{ git_dir_changelog }}} From a7dedbab1b3f418db117af404d56a36ed4b528bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 01:52:05 +0100 Subject: [PATCH 05/26] Just the rpmbuild --- .copr/Makefile | 2 +- ly.spec | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.copr/Makefile b/.copr/Makefile index 09b443a7..09f5599e 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -1,2 +1,2 @@ srpm: - make github + rpmbuild -bs ly.spec diff --git a/ly.spec b/ly.spec index 888a0829..c893e3f8 100644 --- a/ly.spec +++ b/ly.spec @@ -1,9 +1,10 @@ Name: ly Version: 0.5.2 -Release: 0 +Release: 1 Summary: A TUI display manager License: WTFPL URL: https://github.com/nullgemm/ly +Source: https://github.com/dhalucario/ly/archive/v0.5.2.tar.gz BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make From 5c04c996d58e518563bc2ce43f267edcd318827e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 02:19:24 +0100 Subject: [PATCH 06/26] This makes some more sense now --- .copr/Makefile | 3 ++- ly.spec | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.copr/Makefile b/.copr/Makefile index 09f5599e..4902cbbf 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -1,2 +1,3 @@ srpm: - rpmbuild -bs ly.spec + make github + rpmbuild -vv -bs ly.spec --define "_srcrpmdir $(outdir)" diff --git a/ly.spec b/ly.spec index c893e3f8..fae665b9 100644 --- a/ly.spec +++ b/ly.spec @@ -4,7 +4,6 @@ Release: 1 Summary: A TUI display manager License: WTFPL URL: https://github.com/nullgemm/ly -Source: https://github.com/dhalucario/ly/archive/v0.5.2.tar.gz BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make @@ -15,8 +14,10 @@ Requires: pam Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD. %prep -cd src -make github +tar -czvf v0.5.2.tar.gz %{buildroot} +mv v0.5.2.tar.gz %{_sourcedir} +cd %{_sourcedir} +ls -la %build cd src From 16922531e2e462f1de29929f6bc407da8ce300f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 02:34:24 +0100 Subject: [PATCH 07/26] cd to spec first --- .copr/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/.copr/Makefile b/.copr/Makefile index 4902cbbf..e36d39ef 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -1,3 +1,4 @@ srpm: + cd $(spec) make github rpmbuild -vv -bs ly.spec --define "_srcrpmdir $(outdir)" From a14e6b52249adb19b5111b381639a203c1ecc508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 02:54:25 +0100 Subject: [PATCH 08/26] Just copy everything from github at that point --- ly.spec | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ly.spec b/ly.spec index fae665b9..e77f87fe 100644 --- a/ly.spec +++ b/ly.spec @@ -4,6 +4,7 @@ Release: 1 Summary: A TUI display manager License: WTFPL URL: https://github.com/nullgemm/ly +Source: https://github.com/dhalucario/ly/archive/v0.5.2.tar.gz BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make @@ -14,17 +15,18 @@ Requires: pam Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD. %prep -tar -czvf v0.5.2.tar.gz %{buildroot} -mv v0.5.2.tar.gz %{_sourcedir} -cd %{_sourcedir} -ls -la +rm * -rf +git clone https://github.com/dhalucario/ly.git +cd ly +git checkout v0.5.2 +make github %build -cd src +cd ly make %install -cd src +cd ly mkdir -p %{buildroot}/etc/ mkdir -p %{buildroot}/usr/bin/ mkdir -p %{buildroot}/usr/lib/systemd/system/ From b8b31386e1df31b8ae7b0ed14cd57f50c69d1051 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 03:06:01 +0100 Subject: [PATCH 09/26] move to rpkg again but this time remove setup --- ly.spec => ly.spec.rpkg | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) rename ly.spec => ly.spec.rpkg (85%) diff --git a/ly.spec b/ly.spec.rpkg similarity index 85% rename from ly.spec rename to ly.spec.rpkg index e77f87fe..9a9e11c9 100644 --- a/ly.spec +++ b/ly.spec.rpkg @@ -1,10 +1,10 @@ -Name: ly -Version: 0.5.2 -Release: 1 +Name: {{{ git_dir_name }}} +Version: {{{ git_dir_version }}} +Release: 1%{?dist} Summary: A TUI display manager License: WTFPL URL: https://github.com/nullgemm/ly -Source: https://github.com/dhalucario/ly/archive/v0.5.2.tar.gz +VCS: {{{ git_dir_vcs }}} BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make @@ -50,3 +50,4 @@ chmod -x %{buildroot}/etc/ly/lang/* /etc/pam.d/ly %changelog +{{{ git_dir_changelog }}} From 7d4b25fc707570fa891c079d0d7db56459663de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 03:25:55 +0100 Subject: [PATCH 10/26] Dont remove spec file --- ly.spec.rpkg | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index 9a9e11c9..fc977827 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -15,8 +15,7 @@ Requires: pam Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD. %prep -rm * -rf -git clone https://github.com/dhalucario/ly.git +git clone https://github.com/dhalucario/ly.git ly cd ly git checkout v0.5.2 make github From 289624bc8850655482e7ec8cd941af8506111104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 03:35:45 +0100 Subject: [PATCH 11/26] Test src stuff --- ly.spec.rpkg | 1 + 1 file changed, 1 insertion(+) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index fc977827..3514556c 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -5,6 +5,7 @@ Summary: A TUI display manager License: WTFPL URL: https://github.com/nullgemm/ly VCS: {{{ git_dir_vcs }}} +Source: {{{ git_dir_pack }}} BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make From cd738eafa771d1d36100ebae70f3ce2f6efa85e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 03:46:08 +0100 Subject: [PATCH 12/26] Actually push git before trying to build --- ly.spec.rpkg | 1 + 1 file changed, 1 insertion(+) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index 3514556c..c805af63 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -9,6 +9,7 @@ Source: {{{ git_dir_pack }}} BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make +BuildRequires: git Requires: libxcb Requires: pam From dfe918358e450d1694d6e94e6f64eb62c2831caf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Mon, 8 Feb 2021 03:51:05 +0100 Subject: [PATCH 13/26] Add gcc --- ly.spec.rpkg | 1 + 1 file changed, 1 insertion(+) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index c805af63..334ef86f 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -10,6 +10,7 @@ BuildRequires: libxcb-devel BuildRequires: pam-devel BuildRequires: make BuildRequires: git +BuildRequires: gcc Requires: libxcb Requires: pam From 3deedba040daf154700c391d46993b1c8e92c8d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Wed, 10 Feb 2021 01:21:16 +0100 Subject: [PATCH 14/26] WIP SELinux --- ly.spec.rpkg | 26 +++++++++++++++ makefile | 5 +++ selinux/ly.fc | 1 - selinux/ly.if | 40 ----------------------- selinux/ly.sh | 52 ------------------------------ selinux/ly_selinux.spec | 70 ----------------------------------------- 6 files changed, 31 insertions(+), 163 deletions(-) delete mode 100755 selinux/ly.fc delete mode 100755 selinux/ly.if delete mode 100755 selinux/ly.sh delete mode 100755 selinux/ly_selinux.spec diff --git a/ly.spec.rpkg b/ly.spec.rpkg index 334ef86f..ea32a9b1 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -1,3 +1,8 @@ +%define relabel_files() \ +restorecon -R /usr/bin/ly; \ + +%define selinux_policyver 3.14.6-34 + Name: {{{ git_dir_name }}} Version: {{{ git_dir_version }}} Release: 1%{?dist} @@ -37,6 +42,26 @@ DESTDIR="%{buildroot}" make install chmod -x %{buildroot}/etc/ly/config.ini chmod -x %{buildroot}/etc/ly/lang/* +%post +semodule -n -i %{_datadir}/selinux/packages/ly.pp +if /usr/sbin/selinuxenabled ; then + /usr/sbin/load_policy + %relabel_files + +fi; +exit 0 + +%postun +if [ $1 -eq 0 ]; then + semodule -n -r ly + if /usr/sbin/selinuxenabled ; then + /usr/sbin/load_policy + %relabel_files + + fi; +fi; +exit 0 + %files /usr/bin/ly /usr/lib/systemd/system/ly.service @@ -50,6 +75,7 @@ chmod -x %{buildroot}/etc/ly/lang/* /etc/ly/wsetup.sh /etc/ly/config.ini /etc/pam.d/ly +/etc/selinux/packages/ly.pp %changelog {{{ git_dir_changelog }}} diff --git a/makefile b/makefile index eef31ad0..8dfc145c 100644 --- a/makefile +++ b/makefile @@ -92,6 +92,11 @@ installnoconf: $(BIND)/$(NAME) @install -DZ $(RESD)/ly.service -m 644 -t ${DESTDIR}/usr/lib/systemd/system @install -DZ $(RESD)/pam.d/ly -m 644 -t ${DESTDIR}/etc/pam.d +makeselinux: + @echo "installing selinux modules" + @checkmodule -M -m -o ly.mod selinux/ly.te + @semodule_package -o ly.pp -m ly.mod + uninstall: @echo "uninstalling" @rm -rf ${DESTDIR}/etc/ly diff --git a/selinux/ly.fc b/selinux/ly.fc deleted file mode 100755 index 4a96a7b2..00000000 --- a/selinux/ly.fc +++ /dev/null @@ -1 +0,0 @@ -/usr/bin/ly -- gen_context(system_u:object_r:ly_exec_t,s0) diff --git a/selinux/ly.if b/selinux/ly.if deleted file mode 100755 index f546adce..00000000 --- a/selinux/ly.if +++ /dev/null @@ -1,40 +0,0 @@ - -## policy for ly - -######################################## -## -## Execute ly_exec_t in the ly domain. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`ly_domtrans',` - gen_require(` - type ly_t, ly_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, ly_exec_t, ly_t) -') - -###################################### -## -## Execute ly in the caller domain. -## -## -## -## Domain allowed access. -## -## -# -interface(`ly_exec',` - gen_require(` - type ly_exec_t; - ') - - corecmd_search_bin($1) - can_exec($1, ly_exec_t) -') diff --git a/selinux/ly.sh b/selinux/ly.sh deleted file mode 100755 index dabb6f71..00000000 --- a/selinux/ly.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -e - -DIRNAME=`dirname $0` -cd $DIRNAME -USAGE="$0 [ --update ]" -if [ `id -u` != 0 ]; then -echo 'You must be root to run this script' -exit 1 -fi - -if [ $# -eq 1 ]; then - if [ "$1" = "--update" ] ; then - time=`ls -l --time-style="+%x %X" ly.te | awk '{ printf "%s %s", $6, $7 }'` - rules=`ausearch --start $time -m avc --raw -se ly` - if [ x"$rules" != "x" ] ; then - echo "Found avc's to update policy with" - echo -e "$rules" | audit2allow -R - echo "Do you want these changes added to policy [y/n]?" - read ANS - if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then - echo "Updating policy" - echo -e "$rules" | audit2allow -R >> ly.te - # Fall though and rebuild policy - else - exit 0 - fi - else - echo "No new avcs found" - exit 0 - fi - else - echo -e $USAGE - exit 1 - fi -elif [ $# -ge 2 ] ; then - echo -e $USAGE - exit 1 -fi - -echo "Building and Loading Policy" -set -x -make -f /usr/share/selinux/devel/Makefile ly.pp || exit -/usr/sbin/semodule -i ly.pp - -# Generate a man page off the installed module -sepolicy manpage -p . -d ly_t -# Fixing the file context on /usr/bin/ly -/sbin/restorecon -F -R -v /usr/bin/ly -# Generate a rpm package for the newly generated policy - -pwd=$(pwd) -rpmbuild --define "_sourcedir ${pwd}" --define "_specdir ${pwd}" --define "_builddir ${pwd}" --define "_srcrpmdir ${pwd}" --define "_rpmdir ${pwd}" --define "_buildrootdir ${pwd}/.build" -ba ly_selinux.spec diff --git a/selinux/ly_selinux.spec b/selinux/ly_selinux.spec deleted file mode 100755 index ee6cb98c..00000000 --- a/selinux/ly_selinux.spec +++ /dev/null @@ -1,70 +0,0 @@ -# vim: sw=4:ts=4:et - - -%define relabel_files() \ -restorecon -R /usr/bin/ly; \ - -%define selinux_policyver 3.14.6-34 - -Name: ly_selinux -Version: 1.0 -Release: 1%{?dist} -Summary: SELinux policy module for ly - -Group: System Environment/Base -License: WTFPL -# This is an example. You will need to change it. -URL: https://github.com/nullgemm/ly -Source0: ly.pp -Source1: ly.if -Source2: ly_selinux.8 - - -Requires: policycoreutils, libselinux-utils -Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils -Requires(postun): policycoreutils -BuildArch: noarch - -%description -This package installs and sets up the SELinux policy security module for ly. - -%install -install -d %{buildroot}%{_datadir}/selinux/packages -install -m 644 %{SOURCE0} %{buildroot}%{_datadir}/selinux/packages -install -d %{buildroot}%{_datadir}/selinux/devel/include/contrib -install -m 644 %{SOURCE1} %{buildroot}%{_datadir}/selinux/devel/include/contrib/ -install -d %{buildroot}%{_mandir}/man8/ -install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/ly_selinux.8 -install -d %{buildroot}/etc/selinux/targeted/contexts/users/ - - -%post -semodule -n -i %{_datadir}/selinux/packages/ly.pp -if /usr/sbin/selinuxenabled ; then - /usr/sbin/load_policy - %relabel_files - -fi; -exit 0 - -%postun -if [ $1 -eq 0 ]; then - semodule -n -r ly - if /usr/sbin/selinuxenabled ; then - /usr/sbin/load_policy - %relabel_files - - fi; -fi; -exit 0 - -%files -%attr(0600,root,root) %{_datadir}/selinux/packages/ly.pp -%{_datadir}/selinux/devel/include/contrib/ly.if -%{_mandir}/man8/ly_selinux.8.* - - -%changelog -* Wed Feb 3 2021 YOUR NAME 1.0-1 -- Initial version - From f79330cda328f79b5e38805d9f5261f51f7dd63a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Wed, 10 Feb 2021 01:23:03 +0100 Subject: [PATCH 15/26] Add installselinux to spec.rpkg --- ly.spec.rpkg | 1 + 1 file changed, 1 insertion(+) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index ea32a9b1..3ab63055 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -39,6 +39,7 @@ mkdir -p %{buildroot}/usr/bin/ mkdir -p %{buildroot}/usr/lib/systemd/system/ mkdir -p %{buildroot}/etc/pam.d/ DESTDIR="%{buildroot}" make install +DESTDIR="%{buildroot}" make installselinux chmod -x %{buildroot}/etc/ly/config.ini chmod -x %{buildroot}/etc/ly/lang/* From 96a556a34548456837d1b1e5ec21172ad28184f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Wed, 10 Feb 2021 01:32:09 +0100 Subject: [PATCH 16/26] Move the pp file into the right folder --- makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/makefile b/makefile index 8dfc145c..de536ddd 100644 --- a/makefile +++ b/makefile @@ -96,6 +96,7 @@ makeselinux: @echo "installing selinux modules" @checkmodule -M -m -o ly.mod selinux/ly.te @semodule_package -o ly.pp -m ly.mod + @cp ly.pp $(DESTDIR)/etc/selinux/packages/ly.pp uninstall: @echo "uninstalling" From d2fcb2e87daf396b7ec9c0f3214d545c3ecba74b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Wed, 10 Feb 2021 01:37:52 +0100 Subject: [PATCH 17/26] Rename target --- makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefile b/makefile index de536ddd..673d651a 100644 --- a/makefile +++ b/makefile @@ -92,7 +92,7 @@ installnoconf: $(BIND)/$(NAME) @install -DZ $(RESD)/ly.service -m 644 -t ${DESTDIR}/usr/lib/systemd/system @install -DZ $(RESD)/pam.d/ly -m 644 -t ${DESTDIR}/etc/pam.d -makeselinux: +installselinux: @echo "installing selinux modules" @checkmodule -M -m -o ly.mod selinux/ly.te @semodule_package -o ly.pp -m ly.mod From ec230541f39322c1ee7e32460973123b381bd2a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Wed, 10 Feb 2021 01:46:15 +0100 Subject: [PATCH 18/26] Use make selinux macros --- makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefile b/makefile index 673d651a..d3987eca 100644 --- a/makefile +++ b/makefile @@ -94,9 +94,8 @@ installnoconf: $(BIND)/$(NAME) installselinux: @echo "installing selinux modules" - @checkmodule -M -m -o ly.mod selinux/ly.te - @semodule_package -o ly.pp -m ly.mod - @cp ly.pp $(DESTDIR)/etc/selinux/packages/ly.pp + @make -f /usr/share/selinux/devel/Makefile ly.pp + #@cp ly.pp $(DESTDIR)/etc/selinux/packages/ly.pp uninstall: @echo "uninstalling" From 9c70ff55766ae7391025a5673d2d42ab75ea458d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Wed, 10 Feb 2021 01:47:30 +0100 Subject: [PATCH 19/26] Add selinux policy tools to needed packages --- ly.spec.rpkg | 1 + 1 file changed, 1 insertion(+) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index 3ab63055..06f03066 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -16,6 +16,7 @@ BuildRequires: pam-devel BuildRequires: make BuildRequires: git BuildRequires: gcc +BuildRequires: selinux-policy-devel Requires: libxcb Requires: pam From b336b706050c55ea233ae0a7d72203f0a3ddc71d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Wed, 10 Feb 2021 01:52:38 +0100 Subject: [PATCH 20/26] Remove versioning on git clone --- ly.spec.rpkg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index 06f03066..43912f19 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -26,7 +26,7 @@ Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD. %prep git clone https://github.com/dhalucario/ly.git ly cd ly -git checkout v0.5.2 +# git checkout v0.5.2 make github %build From 4ba42400ce56c0d055cf65b1f43f413bed1b8336 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Thu, 11 Feb 2021 22:50:10 +0100 Subject: [PATCH 21/26] Use install instead of cp 1 --- makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefile b/makefile index d3987eca..6aa8c7d4 100644 --- a/makefile +++ b/makefile @@ -93,9 +93,9 @@ installnoconf: $(BIND)/$(NAME) @install -DZ $(RESD)/pam.d/ly -m 644 -t ${DESTDIR}/etc/pam.d installselinux: - @echo "installing selinux modules" - @make -f /usr/share/selinux/devel/Makefile ly.pp - #@cp ly.pp $(DESTDIR)/etc/selinux/packages/ly.pp + echo "installing selinux modules" + make -f /usr/share/selinux/devel/Makefile ly.pp + @install -DZ ly.pp ${DESTDIR}/etc/selinux/packages/ly.pp uninstall: @echo "uninstalling" From ccb9dfabc57ab1d96a1b4efc291bf2ce9a514d44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Sun, 14 Feb 2021 13:48:51 +0100 Subject: [PATCH 22/26] Move package somewhere else for install --- ly.spec.rpkg | 2 +- makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index 43912f19..0d5eb34f 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -77,7 +77,7 @@ exit 0 /etc/ly/wsetup.sh /etc/ly/config.ini /etc/pam.d/ly -/etc/selinux/packages/ly.pp +/usr/share/selinux/packages/ly.pp %changelog {{{ git_dir_changelog }}} diff --git a/makefile b/makefile index 6aa8c7d4..8790b970 100644 --- a/makefile +++ b/makefile @@ -95,7 +95,7 @@ installnoconf: $(BIND)/$(NAME) installselinux: echo "installing selinux modules" make -f /usr/share/selinux/devel/Makefile ly.pp - @install -DZ ly.pp ${DESTDIR}/etc/selinux/packages/ly.pp + @install -DZ ly.pp ${DESTDIR}/usr/share/selinux/packages uninstall: @echo "uninstalling" From 90f18e9b343d96e5c1fc065140c661f3a5fa1c7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Sun, 14 Feb 2021 13:51:04 +0100 Subject: [PATCH 23/26] We can't relabel nonexistant files anyway --- ly.spec.rpkg | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index 0d5eb34f..f09b0367 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -56,11 +56,6 @@ exit 0 %postun if [ $1 -eq 0 ]; then semodule -n -r ly - if /usr/sbin/selinuxenabled ; then - /usr/sbin/load_policy - %relabel_files - - fi; fi; exit 0 From 9d774d93c5a562a2ae0c263fe2efdde75e8f57c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Sun, 14 Feb 2021 14:10:04 +0100 Subject: [PATCH 24/26] Add name to install --- makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefile b/makefile index 8790b970..ae52cb09 100644 --- a/makefile +++ b/makefile @@ -95,7 +95,7 @@ installnoconf: $(BIND)/$(NAME) installselinux: echo "installing selinux modules" make -f /usr/share/selinux/devel/Makefile ly.pp - @install -DZ ly.pp ${DESTDIR}/usr/share/selinux/packages + @install -DZ ly.pp ${DESTDIR}/usr/share/selinux/packages/ly.pp uninstall: @echo "uninstalling" From 552d5334355799a43432491eac8faa523f0ea1d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Sun, 14 Feb 2021 14:39:48 +0100 Subject: [PATCH 25/26] Try to fix path --- ly.spec.rpkg | 2 +- makefile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ly.spec.rpkg b/ly.spec.rpkg index f09b0367..f73e5ba5 100644 --- a/ly.spec.rpkg +++ b/ly.spec.rpkg @@ -45,7 +45,7 @@ chmod -x %{buildroot}/etc/ly/config.ini chmod -x %{buildroot}/etc/ly/lang/* %post -semodule -n -i %{_datadir}/selinux/packages/ly.pp +semodule -n -i /usr/share/selinux/packages/ly.pp if /usr/sbin/selinuxenabled ; then /usr/sbin/load_policy %relabel_files diff --git a/makefile b/makefile index ae52cb09..061b469f 100644 --- a/makefile +++ b/makefile @@ -93,8 +93,8 @@ installnoconf: $(BIND)/$(NAME) @install -DZ $(RESD)/pam.d/ly -m 644 -t ${DESTDIR}/etc/pam.d installselinux: - echo "installing selinux modules" - make -f /usr/share/selinux/devel/Makefile ly.pp + @echo "installing selinux modules" + @make -f /usr/share/selinux/devel/Makefile ly.pp @install -DZ ly.pp ${DESTDIR}/usr/share/selinux/packages/ly.pp uninstall: From 271b4f88987e73c53fbde974ca801588c12aff1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Gr=C3=BCnewald?= Date: Sun, 14 Feb 2021 14:59:59 +0100 Subject: [PATCH 26/26] Add more files for labels --- selinux/ly.fc | 1 + selinux/ly.if | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 selinux/ly.fc create mode 100644 selinux/ly.if diff --git a/selinux/ly.fc b/selinux/ly.fc new file mode 100644 index 00000000..4a96a7b2 --- /dev/null +++ b/selinux/ly.fc @@ -0,0 +1 @@ +/usr/bin/ly -- gen_context(system_u:object_r:ly_exec_t,s0) diff --git a/selinux/ly.if b/selinux/ly.if new file mode 100644 index 00000000..568f979f --- /dev/null +++ b/selinux/ly.if @@ -0,0 +1,41 @@ + +## policy for ly + +######################################## +## +## Execute ly_exec_t in the ly domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`ly_domtrans',` + gen_require(` + type ly_t, ly_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, ly_exec_t, ly_t) +') + +###################################### +## +## Execute ly in the caller domain. +## +## +## +## Domain allowed access. +## +## +# +interface(`ly_exec',` + gen_require(` + type ly_exec_t; + ') + + corecmd_search_bin($1) + can_exec($1, ly_exec_t) +') +