From 00c2da6ce7c2a39c8d283ae8a15fa21ff931ea25 Mon Sep 17 00:00:00 2001
From: Andy Lake <andy@es.net>
Date: Wed, 20 Dec 2023 03:19:59 +0000
Subject: [PATCH] Fun times with selinux

---
 .../apache-perfsonar_host_exporter.conf       |  4 ++--
 .../selinux/perfsonar_host_metrics.te         | 11 +++++++++++
 .../rpm/perfsonar-host-metrics.spec           | 19 +++++++++++++++++++
 3 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 perfsonar-host-metrics/perfsonar-host-metrics/selinux/perfsonar_host_metrics.te

diff --git a/perfsonar-host-metrics/perfsonar-host-metrics/apache-perfsonar_host_exporter.conf b/perfsonar-host-metrics/perfsonar-host-metrics/apache-perfsonar_host_exporter.conf
index c499b50..cb57e29 100644
--- a/perfsonar-host-metrics/perfsonar-host-metrics/apache-perfsonar_host_exporter.conf
+++ b/perfsonar-host-metrics/perfsonar-host-metrics/apache-perfsonar_host_exporter.conf
@@ -10,7 +10,7 @@
         </IfVersion>
     </Proxy>
 
-    ProxyPass /perfsonar_exporter http://localhost:11284 status=+I
-    ProxyPassReverse /perfsonar_exporter http://localhost:11284 status=+I
+    ProxyPass /perfsonar_host_exporter http://localhost:11284 status=+I
+    ProxyPassReverse /perfsonar_host_exporter http://localhost:11284 status=+I
     ProxyPreserveHost On
 </IfModule>
diff --git a/perfsonar-host-metrics/perfsonar-host-metrics/selinux/perfsonar_host_metrics.te b/perfsonar-host-metrics/perfsonar-host-metrics/selinux/perfsonar_host_metrics.te
new file mode 100644
index 0000000..466f958
--- /dev/null
+++ b/perfsonar-host-metrics/perfsonar-host-metrics/selinux/perfsonar_host_metrics.te
@@ -0,0 +1,11 @@
+
+module perfsonar_host_metrics 1.0;
+
+require {
+	type init_t;
+	type lsregistrationdaemon_var_lib_t;
+	class file read;
+}
+
+#============= init_t ==============
+allow init_t lsregistrationdaemon_var_lib_t:file read;
diff --git a/perfsonar-host-metrics/perfsonar-host-metrics/unibuild-packaging/rpm/perfsonar-host-metrics.spec b/perfsonar-host-metrics/perfsonar-host-metrics/unibuild-packaging/rpm/perfsonar-host-metrics.spec
index 851dd08..580d48a 100644
--- a/perfsonar-host-metrics/perfsonar-host-metrics/unibuild-packaging/rpm/perfsonar-host-metrics.spec
+++ b/perfsonar-host-metrics/perfsonar-host-metrics/unibuild-packaging/rpm/perfsonar-host-metrics.spec
@@ -33,6 +33,10 @@ Requires:       mod_ssl
 Requires:       selinux-policy-%{selinuxtype}
 Requires(post): selinux-policy-%{selinuxtype}
 BuildRequires:  selinux-policy-devel
+Requires:       policycoreutils, libselinux-utils
+Requires(post): policycoreutils
+Requires(postun): policycoreutils
+
 %{?selinux_requires}
 
 %description
@@ -42,16 +46,26 @@ A package that installs and sets-up Prometheus node_exporter for a perfSONAR ins
 %setup -q -n perfsonar-host-metrics-%{version}
 
 %build
+make -f /usr/share/selinux/devel/Makefile -C selinux perfsonar_host_metrics.pp
 
 %install
 make PERFSONAR-ROOTPATH=%{buildroot}/%{pkg_install_base} HTTPD-CONFIGPATH=%{buildroot}/%{httpd_config_base} install
 mkdir -p %{buildroot}/%{_unitdir}/
 install -m 644 *.service %{buildroot}/%{_unitdir}/
+mkdir -p %{buildroot}/usr/share/selinux/packages/
+mv selinux/*.pp %{buildroot}/usr/share/selinux/packages/
 
 %clean
 rm -rf %{buildroot}
 
 %post
+
+#selinux
+semodule -n -i /usr/share/selinux/packages/perfsonar_host_metrics.pp
+if /usr/sbin/selinuxenabled; then
+    /usr/sbin/load_policy
+fi
+
 #Restart/enable opensearch and logstash
 %systemd_post node_exporter.service
 %systemd_post perfsonar-host-exporter.service
@@ -82,6 +96,10 @@ fi
 %systemd_postun_with_restart perfsonar-host-exporter.service
 if [ $1 -eq 0 ]; then
     %selinux_unset_booleans -s %{selinuxtype} %{selinuxbooleans}
+    semodule -n -r perfsonar_host_metrics
+    if /usr/sbin/selinuxenabled; then
+       /usr/sbin/load_policy
+    fi
 fi
 
 %files
@@ -91,6 +109,7 @@ fi
 %attr(0755, perfsonar, perfsonar) %{pkg_install_base}/perfsonar_host_exporter
 %attr(0644, perfsonar, perfsonar) %{httpd_config_base}/apache-node_exporter.conf
 %attr(0644, perfsonar, perfsonar) %{httpd_config_base}/apache-perfsonar_host_exporter.conf
+%attr(0644,root,root) /usr/share/selinux/packages/*
 %{_unitdir}/perfsonar-host-exporter.service
 
 %changelog