Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

    PaulHowarth/Blog/2006-04-19

Wednesday 19th April 2006

Fedora Extras

  • Imported perl-Crypt-RSA and perl-Net-SSH-Perl into CVS and built them

  • Updated perl-MIME-tools to 5.420 (my first update since taking over the package from Ville Skyttä)

  • Mailed upstream bittorrent about (Bug #189295)

SELinux

Made a policy module for mock that allows builds for legacy distros like Red Hat Linux 7.3 on a Fedora Core 5 host. Without the module, execmod AVCs occur because the old DSOs that need to be loaded aren't labelled textrel_shlib_t in the mock root.

mock.if: 

########################################
## <summary>
##      Create objects in the /var/lib/mock directory
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
## <param name="file_type">
##      <summary>
##      The type of the object to be created
##      </summary>
## </param>
## <param name="object_class">
##      <summary>
##      The object class.
##      </summary>
## </param>
#
interface(`files_var_lib_mock_filetrans',`
        gen_require(`
                type var_t, var_lib_t, mock_var_lib_t;
        ')

        allow $1 var_t:dir search_dir_perms;
        allow $1 var_lib_t:dir search_dir_perms;
        allow $1 mock_var_lib_t:dir rw_dir_perms;
        type_transition $1 mock_var_lib_t:$3 $2;
')

mock.fc: 

/var/lib/mock(/[^/]*)? gen_context(system_u:object_r:mock_var_lib_t,s0)
/var/lib/mock/[^/]*/.* gen_context(system_u:object_r:mock_root_t,s0)

mock.te: 

policy_module(mock, 0.5)

require {
        type unconfined_t;
};

# New types for mock, used for files
type mock_root_t;
files_type(mock_root_t)
type mock_var_lib_t;
files_type(mock_var_lib_t)

# Type transition needed to ensure roots get created as mock_root_t
files_var_lib_mock_filetrans(unconfined_t,mock_root_t,{ file dir })

# Old libraries may need execmod permission
allow unconfined_t mock_root_t:file execmod;

Building and installing is easy. Copy the three files into an empty directory and do: 

# make -f /usr/share/selinux/devel/Makefile
Compliling targeted mock module
/usr/bin/checkmodule:  loading policy configuration from tmp/mock.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 5) to tmp/mock.mod
Creating targeted mock.pp policy package
rm tmp/mock.mod.fc tmp/mock.mod
# semodule -i mock.pp

/!\ The selinux-policy and checkpolicy packages are required

This all seems to work very nicely, provided the module is loaded before mock is installed so that /var/lib/mock gets created as mock_var_lib_t

Otherwise, a restorecon is needed.

Recent