[PATCH] Github #329: Packaging - Update Fedora spec file to address SELinux
Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> --- contrib/kimchi.spec.fedora.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 77bf6bf..185f0ff 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -105,6 +105,8 @@ iptables -I INPUT -p tcp --dport 8001 -j ACCEPT iptables -I INPUT -p tcp --dport 64667 -j ACCEPT service iptables save >/dev/null 2>&1 %endif +# Add SELinux rules to "open" Kimchi ports +semanage permissive -a httpd_t %preun @@ -129,6 +131,8 @@ if [ "$1" -ge 1 ] ; then /bin/systemctl try-restart kimchid.service >/dev/null 2>&1 || : fi exit 0 +# Rollback SELinux rules +semanage permissive -d httpd_t %clean -- 1.8.3.1
Reviewed-by: Aline Manera <alinefm@linux.vnet.ibm.com> I will apply it to wip branch and continue the tests there. On 04/17/2014 05:51 PM, Paulo Vital wrote:
Signed-off-by: Paulo Vital <pvital@linux.vnet.ibm.com> --- contrib/kimchi.spec.fedora.in | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 77bf6bf..185f0ff 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -105,6 +105,8 @@ iptables -I INPUT -p tcp --dport 8001 -j ACCEPT iptables -I INPUT -p tcp --dport 64667 -j ACCEPT service iptables save >/dev/null 2>&1 %endif +# Add SELinux rules to "open" Kimchi ports +semanage permissive -a httpd_t
%preun
@@ -129,6 +131,8 @@ if [ "$1" -ge 1 ] ; then /bin/systemctl try-restart kimchid.service >/dev/null 2>&1 || : fi exit 0 +# Rollback SELinux rules +semanage permissive -d httpd_t
%clean
participants (2)
-
Aline Manera -
Paulo Vital