diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | support-files/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | support-files/SELinux/CMakeLists.txt | 35 | ||||
| -rw-r--r-- | support-files/SELinux/centos6-mariadb.te | 9 | ||||
| -rw-r--r-- | support-files/SELinux/rhel4-mysql.fc (renamed from support-files/RHEL4-SElinux/mysql.fc) | 0 | ||||
| -rw-r--r-- | support-files/SELinux/rhel4-mysql.te (renamed from support-files/RHEL4-SElinux/mysql.te) | 0 | ||||
| -rw-r--r-- | support-files/rpm/server-postin.sh | 7 |
7 files changed, 52 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore index 8b6e416ec45..4d96bfe65a3 100644 --- a/.gitignore +++ b/.gitignore @@ -221,6 +221,7 @@ support-files/mysql.spec support-files/mysqld_multi.server support-files/wsrep.cnf support-files/wsrep_notify +support-files/SELinux/centos6-mariadb.pp tags tests/async_queries tests/bug25714 diff --git a/support-files/CMakeLists.txt b/support-files/CMakeLists.txt index 4677bd59415..67a7b508e33 100644 --- a/support-files/CMakeLists.txt +++ b/support-files/CMakeLists.txt @@ -67,7 +67,7 @@ IF(UNIX) ENDFOREACH() IF(INSTALL_SUPPORTFILESDIR) INSTALL(FILES magic DESTINATION ${inst_location} COMPONENT SupportFiles) - INSTALL(DIRECTORY RHEL4-SElinux/ DESTINATION ${inst_location}/SELinux/RHEL4 COMPONENT SupportFiles) + ADD_SUBDIRECTORY(SELinux) ENDIF() INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development) diff --git a/support-files/SELinux/CMakeLists.txt b/support-files/SELinux/CMakeLists.txt new file mode 100644 index 00000000000..e3cdb26ca8f --- /dev/null +++ b/support-files/SELinux/CMakeLists.txt @@ -0,0 +1,35 @@ +# Copyright (c) 2017, MariaDB +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +FIND_PROGRAM(CHECKMODULE checkmodule) +FIND_PROGRAM(SEMODULE_PACKAGE semodule_package) +MARK_AS_ADVANCED(CHECKMODULE SEMODULE_PACKAGE) + +SET(params DESTINATION ${INSTALL_SUPPORTFILESDIR}/SELinux COMPONENT SupportFiles) + +IF(CHECKMODULE AND SEMODULE_PACKAGE) + FOREACH(pol centos6-mariadb) + SET(src ${CMAKE_CURRENT_SOURCE_DIR}/${pol}.te) + SET(mod ${CMAKE_CURRENT_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/${pol}-pp.dir/${pol}.mod) + SET(out ${CMAKE_CURRENT_BINARY_DIR}/${pol}.pp) + ADD_CUSTOM_COMMAND(OUTPUT ${out} + COMMAND ${CHECKMODULE} -M -m ${src} -o ${mod} + COMMAND ${SEMODULE_PACKAGE} -m ${mod} -o ${out} + DEPENDS ${src}) + ADD_CUSTOM_TARGET(${pol}-pp ALL DEPENDS ${out}) + INSTALL(FILES ${out} ${params}) + ENDFOREACH() +ENDIF() +INSTALL(FILES centos6-mariadb.te rhel4-mysql.fc rhel4-mysql.te ${params}) diff --git a/support-files/SELinux/centos6-mariadb.te b/support-files/SELinux/centos6-mariadb.te new file mode 100644 index 00000000000..1d3de52c700 --- /dev/null +++ b/support-files/SELinux/centos6-mariadb.te @@ -0,0 +1,9 @@ +module mariadb 1.0; + +require { + type mysqld_safe_t; + class capability { setuid setgid }; +} + +#============= mysqld_safe_t ============== +allow mysqld_safe_t self:capability { setuid setgid }; diff --git a/support-files/RHEL4-SElinux/mysql.fc b/support-files/SELinux/rhel4-mysql.fc index aa0fced4bbc..aa0fced4bbc 100644 --- a/support-files/RHEL4-SElinux/mysql.fc +++ b/support-files/SELinux/rhel4-mysql.fc diff --git a/support-files/RHEL4-SElinux/mysql.te b/support-files/SELinux/rhel4-mysql.te index d2609244640..d2609244640 100644 --- a/support-files/RHEL4-SElinux/mysql.te +++ b/support-files/SELinux/rhel4-mysql.te diff --git a/support-files/rpm/server-postin.sh b/support-files/rpm/server-postin.sh index cd2aec4d84a..377a752824d 100644 --- a/support-files/rpm/server-postin.sh +++ b/support-files/rpm/server-postin.sh @@ -79,7 +79,12 @@ if [ -f /etc/redhat-release ] ; then echo ' make load' echo echo - fi + fi + if grep 'CentOS release 6' /etc/redhat-release >/dev/null 2>&1; then + if [ -x /usr/sbin/semodule ] ; then + /usr/sbin/semodule -i /usr/share/mysql/SELinux/centos6-mariadb.pp + fi + fi fi if [ -x sbin/restorecon ] ; then |