1 %define script_dir %{_sbindir}
2 # Security Containers Server's user info - it should already exist in the system
3 %define scs_user security-containers
4 %define libvirt_group libvirt
5 # The group that has read and write access to /dev/input/event* devices.
6 # It may vary between platforms.
7 %define input_event_group input
8 # The group has access to /dev/loop* devices.
9 %define disk_group disk
10 # The group that has write access to /dev/tty* devices.
13 Name: security-containers
16 Source0: %{name}-%{version}.tar.gz
19 Summary: Daemon for managing containers
21 BuildRequires: boost-devel
22 BuildRequires: libvirt-devel
23 BuildRequires: libjson-devel >= 0.10
24 BuildRequires: libcap-ng-devel
25 BuildRequires: pkgconfig(libConfig)
26 BuildRequires: pkgconfig(libLogger)
27 BuildRequires: pkgconfig(libSimpleDbus)
28 BuildRequires: pkgconfig(glib-2.0)
29 BuildRequires: pkgconfig(libsystemd-journal)
30 BuildRequires: pkgconfig(libvirt-glib-1.0)
31 BuildRequires: pkgconfig(sqlite3)
32 Requires: libvirt-daemon >= 1.2.4
33 Requires(post): libcap-tools
36 This package provides a daemon used to manage containers - start, stop and switch
37 between them. A process from inside a container can request a switch of context
38 (display, input devices) to the other container.
41 %manifest packaging/security-containers.manifest
42 %defattr(644,root,root,755)
43 %attr(755,root,root) %{_bindir}/security-containers-server
44 %dir /etc/security-containers
45 %dir /etc/security-containers/containers
46 %dir /etc/security-containers/libvirt-config
47 %dir /etc/security-containers/templates
48 %config /etc/security-containers/daemon.conf
49 %config /etc/security-containers/containers/*.conf
50 %config /etc/security-containers/libvirt-config/*.xml
51 %config /etc/security-containers/templates/*.conf
52 %config /etc/security-containers/templates/*.xml
53 %{_unitdir}/security-containers.service
54 %{_unitdir}/multi-user.target.wants/security-containers.service
55 /etc/dbus-1/system.d/org.tizen.containers.host.conf
61 %{!?build_type:%define build_type "RELEASE"}
63 %if %{build_type} == "DEBUG" || %{build_type} == "PROFILING"
64 CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE"
65 CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE"
68 %cmake . -DVERSION=%{version} \
69 -DCMAKE_BUILD_TYPE=%{build_type} \
70 -DSCRIPT_INSTALL_DIR=%{script_dir} \
71 -DSYSTEMD_UNIT_DIR=%{_unitdir} \
72 -DPYTHON_SITELIB=%{python_sitelib} \
73 -DSECURITY_CONTAINERS_USER=%{scs_user} \
74 -DLIBVIRT_GROUP=%{libvirt_group} \
75 -DINPUT_EVENT_GROUP=%{input_event_group} \
76 -DDISK_GROUP=%{disk_group} \
77 -DTTY_GROUP=%{tty_group}
78 make -k %{?jobs:-j%jobs}
82 mkdir -p %{buildroot}/%{_unitdir}/multi-user.target.wants
83 ln -s ../security-containers.service %{buildroot}/%{_unitdir}/multi-user.target.wants/security-containers.service
89 # Refresh systemd services list after installation
91 systemctl daemon-reload || :
93 # set needed caps on the binary to allow restart without loosing them
94 setcap CAP_SYS_ADMIN,CAP_MAC_OVERRIDE,CAP_SYS_TTY_CONFIG+ei %{_bindir}/security-containers-server
97 # Stop the service before uninstall
99 systemctl stop security-containers.service || :
103 # Refresh systemd services list after uninstall/upgrade
104 systemctl daemon-reload || :
105 if [ $1 -ge 1 ]; then
106 # TODO: at this point an appropriate notification should show up
107 eval `systemctl show security-containers --property=MainPID`
108 if [ -n "$MainPID" -a "$MainPID" != "0" ]; then
111 echo "Security Containers updated. Reboot is required for the changes to take effect..."
113 echo "Security Containers removed. Reboot is required for the changes to take effect..."
116 ## Client Package ##############################################################
118 Summary: Security Containers Client
119 Group: Development/Libraries
120 Requires: security-containers = %{version}-%{release}
121 Requires(post): /sbin/ldconfig
122 Requires(postun): /sbin/ldconfig
125 Library interface to the security-containers daemon
128 %manifest packaging/libsecurity-containers-client.manifest
129 %defattr(644,root,root,755)
130 %attr(755,root,root) %{_libdir}/libsecurity-containers.so.0.0.1
131 %{_libdir}/libsecurity-containers.so.0
133 %post client -p /sbin/ldconfig
135 %postun client -p /sbin/ldconfig
138 ## Devel Package ###############################################################
140 Summary: Security Containers Client Devel
141 Group: Development/Libraries
142 Requires: security-containers = %{version}-%{release}
143 Requires: security-containers-client = %{version}-%{release}
146 Development package including the header files for the client library
149 %manifest packaging/security-containers.manifest
150 %defattr(644,root,root,755)
151 %{_libdir}/libsecurity-containers.so
152 %{_includedir}/security-containers
153 %{_libdir}/pkgconfig/*.pc
156 ## Container Support Package ###################################################
157 # TODO move to a separate repository
158 %package container-support
159 Summary: Security Containers Support
160 Group: Security/Other
161 Conflicts: security-containers
163 %description container-support
164 Containers support installed inside every container.
166 %files container-support
167 %manifest packaging/security-containers-container-support.manifest
168 %defattr(644,root,root,755)
169 /etc/dbus-1/system.d/org.tizen.containers.domain.conf
172 ## Container Daemon Package ####################################################
173 # TODO move to a separate repository
174 %package container-daemon
175 Summary: Security Containers Containers Daemon
176 Group: Security/Other
177 Requires: security-containers-container-support = %{version}-%{release}
179 %description container-daemon
180 Daemon running inside every container.
182 %files container-daemon
183 %manifest packaging/security-containers-container-daemon.manifest
184 %defattr(644,root,root,755)
185 %attr(755,root,root) %{_bindir}/security-containers-container-daemon
186 /etc/dbus-1/system.d/org.tizen.containers.domain.daemon.conf
189 ## Test Package ################################################################
191 Summary: Security Containers Tests
192 Group: Development/Libraries
193 Requires: security-containers = %{version}-%{release}
194 Requires: security-containers-client = %{version}-%{release}
199 Unit tests for both: server and client and integration tests.
202 %manifest packaging/security-containers-server-tests.manifest
203 %defattr(644,root,root,755)
204 %attr(755,root,root) %{_bindir}/security-containers-server-unit-tests
205 %attr(755,root,root) %{script_dir}/sc_all_tests.py
206 %attr(755,root,root) %{script_dir}/sc_int_tests.py
207 %attr(755,root,root) %{script_dir}/sc_launch_test.py
208 %{script_dir}/sc_test_parser.py
209 %{_datadir}/security-containers
210 %{python_sitelib}/sc_integration_tests
211 /etc/dbus-1/system.d/org.tizen.containers.tests.conf