[ovs-dev] [PATCH] rhel/openvswitch.spec: Add SELinux policy.

[Joe Stringer]

Commit 9b897c9125ef ("rhel: provide our own SELinux custom policy
package") added the SELinux policy to the fedora packaging as a
subpackage. This patch makes the corresponding change to
openvswitch.spec, so that users of that specfile can generate the
selinux policy package without having to build all of the fedora
packages.

Signed-off-by: Joe Stringer <joe at ovn.org>
---
As per the reasoning in the link below, I've just duplicated the
subpackage lines from the fedora specfile rather than refactoring these
lines into a separate specfile.

http://openvswitch.org/pipermail/dev/2016-January/065134.html
---
 rhel/openvswitch.spec.in | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in
index ec555a74a901..fbca1efcd17f 100644
--- a/rhel/openvswitch.spec.in
+++ b/rhel/openvswitch.spec.in
@@ -24,6 +24,7 @@ Source: openvswitch-%{version}.tar.gz
 Buildroot: /tmp/openvswitch-rpm
 Requires: logrotate, python >= 2.7, python-six
 BuildRequires: openssl-devel
+BuildRequires: checkpolicy, selinux-policy-devel
 
 %bcond_without check
 
@@ -39,6 +40,15 @@ Group:          Development/Libraries
 %description devel
 This package provides openvswitch headers and libopenvswitch for developers.
 
+%package selinux-policy
+Summary: Open vSwitch SELinux policy
+License: ASL 2.0
+BuildArch: noarch
+Requires: selinux-policy-targeted
+
+%description selinux-policy
+Tailored Open vSwitch SELinux policy
+
 %prep
 %setup -q
 
@@ -46,6 +56,8 @@ This package provides openvswitch headers and libopenvswitch for developers.
 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=%{_localstatedir} \
     --libdir=%{_libdir} --enable-ssl --enable-shared
 make %{_smp_mflags}
+cd selinux
+make -f %{_datadir}/selinux/devel/Makefile
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -63,6 +75,9 @@ rhel_cp etc_sysconfig_network-scripts_ifup-ovs 0755
 rhel_cp etc_sysconfig_network-scripts_ifdown-ovs 0755
 rhel_cp usr_share_openvswitch_scripts_sysconfig.template 0644
 
+install -p -m 644 -D selinux/openvswitch-custom.pp \
+    $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
+
 # Get rid of stuff we don't want to make RPM happy.
 rm \
     $RPM_BUILD_ROOT/usr/bin/ovs-testcontroller \
@@ -132,6 +147,9 @@ fi
 /sbin/chkconfig --add openvswitch
 /sbin/chkconfig openvswitch on
 
+%post selinux-policy
+/usr/sbin/semodule -i %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
+
 %preun
 if [ "$1" = "0" ]; then     # $1 = 0 for uninstall
     /sbin/service openvswitch stop
@@ -145,6 +163,11 @@ if [ "$1" = "0" ]; then     # $1 = 0 for uninstall
     rm -f /etc/openvswitch/vswitchd.cacert
 fi
 
+%postun selinux-policy
+if [ $1 -eq 0 ] ; then
+  /usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
+fi
+
 exit 0
 
 %files
@@ -216,3 +239,7 @@ exit 0
 %{_libdir}/lib*.a
 %{_libdir}/pkgconfig
 %{_includedir}/openvswitch/*
+
+%files selinux-policy
+%defattr(-,root,root)
+%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
-- 
2.9.0