(about) 1 # Some bits borrowed from the openstack-selinux package 2 Name: docker-engine-selinux 3 Version: %{_version} 4 Release: %{_release}%{?dist} 5 Summary: SELinux Policies for the open-source application container engine 6 BuildArch: noarch 7 Group: Tools/Docker 8 9 License: GPLv2 10 Source: %{name}.tar.gz 11 12 URL: 13 Vendor: Docker 14 Packager: Docker <> 15 16 # Version of SELinux we were using 17 %if 0%{?fedora} == 20 18 %global selinux_policyver 3.12.1-197 19 %endif # fedora 20 20 %if 0%{?fedora} == 21 21 %global selinux_policyver 3.13.1-105 22 %endif # fedora 21 23 %if 0%{?fedora} >= 22 24 %global selinux_policyver 3.13.1-128 25 %endif # fedora 22 26 %if 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?oraclelinux} >= 7 27 %global selinux_policyver 3.13.1-23 28 %endif # centos,rhel,oraclelinux 7 29 30 %global selinuxtype targeted 31 %global moduletype services 32 %global modulenames docker 33 34 Requires(post): selinux-policy-base >= %{selinux_policyver}, selinux-policy-targeted >= %{selinux_policyver}, policycoreutils, policycoreutils-python libselinux-utils 35 BuildRequires: selinux-policy selinux-policy-devel 36 37 # conflicting packages 38 Conflicts: docker-selinux 39 40 # Usage: _format var format 41 # Expand 'modulenames' into various formats as needed 42 # Format must contain '$x' somewhere to do anything useful 43 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; 44 45 # Relabel files 46 %global relabel_files() \ 47 /sbin/restorecon -R %{_bindir}/docker %{_localstatedir}/run/docker.sock %{_localstatedir}/run/ %{_sysconfdir}/docker %{_localstatedir}/log/docker %{_localstatedir}/log/lxc %{_localstatedir}/lock/lxc %{_usr}/lib/systemd/system/docker.service /root/.docker &> /dev/null || : \ 48 49 %description 50 SELinux policy modules for use with Docker 51 52 %prep 53 %if 0%{?centos} <= 6 54 %setup -n %{name} 55 %else 56 %autosetup -n %{name} 57 %endif 58 59 %build 60 make SHARE="%{_datadir}" TARGETS="%{modulenames}" 61 62 %install 63 64 # Install SELinux interfaces 65 %_format INTERFACES $x.if 66 install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} 67 install -p -m 644 $INTERFACES %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} 68 69 # Install policy modules 70 %_format MODULES $x.pp.bz2 71 install -d %{buildroot}%{_datadir}/selinux/packages 72 install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages 73 74 %post 75 # 76 # Install all modules in a single transaction 77 # 78 if [ $1 -eq 1 ]; then 79 %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 80 fi 81 %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 82 %{_sbindir}/semodule -n -s %{selinuxtype} -i $MODULES 83 if %{_sbindir}/selinuxenabled ; then 84 %{_sbindir}/load_policy 85 %relabel_files 86 if [ $1 -eq 1 ]; then 87 restorecon -R %{_sharedstatedir}/docker 88 fi 89 fi 90 91 %postun 92 if [ $1 -eq 0 ]; then 93 %{_sbindir}/semodule -n -r %{modulenames} &> /dev/null || : 94 if %{_sbindir}/selinuxenabled ; then 95 %{_sbindir}/load_policy 96 %relabel_files 97 fi 98 fi 99 100 %files 101 %doc LICENSE 102 %defattr(-,root,root,0755) 103 %attr(0644,root,root) %{_datadir}/selinux/packages/*.pp.bz2 104 %attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/*.if 105 106 %changelog 107 * Tue Dec 1 2015 Jessica Frazelle <> 1.9.1-1 108 - add licence to rpm 109 - add selinux-policy and docker-engine-selinux rpm