--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
+<CodeBlocks_project_file>
+ <FileVersion major="1" minor="6" />
+ <Project>
+ <Option title="nether" />
+ <Option pch_mode="2" />
+ <Option compiler="gcc" />
+ <MakeCommands>
+ <Build command="$make root@guest make all -C devel/nether" />
+ <CompileFile command="$make -f $makefile $file" />
+ <Clean command="$make -f $makefile clean$target" />
+ <DistClean command="$make -f $makefile distclean$target" />
+ <AskRebuildNeeded command="$make -q -f $makefile $target" />
+ <SilentBuild command="$make root@guest make all -C devel/nether > $(CMD_NULL)" />
+ </MakeCommands>
+ <Build>
+ <Target title="Debug">
+ <Option output="obj/nether" prefix_auto="1" extension_auto="1" />
+ <Option working_dir="obj" />
+ <Option object_output="obj/Debug/" />
+ <Option type="0" />
+ <Option compiler="gcc" />
+ <Option parameters="-B /etc/nether.policy -l stderr" />
+ <Compiler>
+ <Add option="-std=c++11" />
+ <Add option="-Wfatal-errors" />
+ <Add option="-Wextra" />
+ <Add option="-Wall" />
+ <Add option="-g" />
+ <Add option="-DHAVE_CYNARA" />
+ <Add option="-D_DEBUG" />
+ <Add directory="include" />
+ <Add directory="/usr/local/include/cynara" />
+ </Compiler>
+ <Linker>
+ <Add library="libnetfilter_queue" />
+ <Add library="libnfnetlink" />
+ <Add library="libcynara-client-async" />
+ <Add library="libcynara-commons" />
+ <Add directory="/usr/local/lib" />
+ </Linker>
+ <MakeCommands>
+ <Build command="$make root@guest make all -C devel/nether" />
+ <CompileFile command="$make -f $makefile $file" />
+ <Clean command="$make root@guest make clean -C devel/nether" />
+ <DistClean command="$make -f $makefile distclean$target" />
+ <AskRebuildNeeded command="$make -q -f $makefile $target" />
+ <SilentBuild command="$make root@guest make all -C devel/nether > $(CMD_NULL)" />
+ </MakeCommands>
+ </Target>
+ <Target title="Release">
+ <Option output="bin/Release/nether" prefix_auto="1" extension_auto="1" />
+ <Option object_output="obj/Release/" />
+ <Option type="1" />
+ <Option compiler="gcc" />
+ <Compiler>
+ <Add option="-O2" />
+ <Add option="-std=c++11" />
+ </Compiler>
+ <Linker>
+ <Add option="-s" />
+ </Linker>
+ </Target>
+ </Build>
+ <Compiler>
+ <Add option="-fomit-frame-pointer" />
+ <Add option="-std=c++11" />
+ <Add option="-w" />
+ <Add option="-fexceptions" />
+ <Add option="-fPIC" />
+ </Compiler>
+ <Unit filename="include/logger/backend-file.hpp" />
+ <Unit filename="include/logger/backend-journal.hpp" />
+ <Unit filename="include/logger/backend-null.hpp" />
+ <Unit filename="include/logger/backend-stderr.hpp" />
+ <Unit filename="include/logger/backend-syslog.hpp" />
+ <Unit filename="include/logger/backend.hpp" />
+ <Unit filename="include/logger/ccolor.hpp" />
+ <Unit filename="include/logger/config.hpp" />
+ <Unit filename="include/logger/formatter.hpp" />
+ <Unit filename="include/logger/level.hpp" />
+ <Unit filename="include/logger/logger-scope.hpp" />
+ <Unit filename="include/logger/logger.hpp" />
+ <Unit filename="include/nether_CynaraBackend.h" />
+ <Unit filename="include/nether_DummyBackend.h" />
+ <Unit filename="include/nether_FileBackend.h" />
+ <Unit filename="include/nether_Manager.h" />
+ <Unit filename="include/nether_Netlink.h" />
+ <Unit filename="include/nether_PolicyBackend.h" />
+ <Unit filename="include/nether_Types.h" />
+ <Unit filename="include/nether_Utils.h" />
+ <Unit filename="src/logger/backend-file.cpp" />
+ <Unit filename="src/logger/backend-journal.cpp" />
+ <Unit filename="src/logger/backend-stderr.cpp" />
+ <Unit filename="src/logger/backend-syslog.cpp" />
+ <Unit filename="src/logger/ccolor.cpp" />
+ <Unit filename="src/logger/formatter.cpp" />
+ <Unit filename="src/logger/level.cpp" />
+ <Unit filename="src/logger/logger-scope.cpp" />
+ <Unit filename="src/logger/logger.cpp" />
+ <Unit filename="src/nether_CynaraBackend.cpp" />
+ <Unit filename="src/nether_DummyBackend.cpp" />
+ <Unit filename="src/nether_FileBackend.cpp" />
+ <Unit filename="src/nether_Main.cpp" />
+ <Unit filename="src/nether_Manager.cpp" />
+ <Unit filename="src/nether_Netlink.cpp" />
+ <Unit filename="src/nether_NetworkUtils.cpp" />
+ <Extensions>
+ <envvars />
+ <code_completion />
+ <debugger>
+ <search_path add="/root/devel/nether/" />
+ <search_path add="/root/devel/nether/src" />
+ <search_path add="/root/devel/nether/include" />
+ </debugger>
+ <lib_finder disable_auto="1" />
+ </Extensions>
+ </Project>
+</CodeBlocks_project_file>
--- /dev/null
+Name: nether
+Epoch: 1
+Version: 0.0.1
+Release: 0
+Source0: %{name}-%{version}.tar.gz
+License: Apache-2.0
+Group: Security/Other
+Summary: Daemon for enforcing network privileges
+BuildRequires: cmake
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: libnetfilter_queue-devel
+Requires: iptables
+
+%description
+This package provides a daemon used to manage zones - start, stop and switch
+between them. A process from inside a zone can request a switch of context
+(display, input devices) to the other zone.
+
+%files
+%manifest packaging/nether.manifest
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_bindir}/nether
+%dir /etc/nether
+%config /etc/nether/nether.policy
+%config /etc/nether/setrules.sh
+%config /etc/nether/nether.rules
+%prep
+%setup -q
+
+%build
+%{!?build_type:%define build_type "RELEASE"}
+
+%if %{build_type} == "DEBUG" || %{build_type} == "PROFILING" || %{build_type} == "CCOV"
+ CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE"
+ CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE"
+%endif
+
+%cmake . -DVERSION=%{version} \
+ -DCMAKE_BUILD_TYPE=%{build_type} \
+ -DSCRIPT_INSTALL_DIR=%{script_dir} \
+ -DSYSTEMD_UNIT_DIR=%{_unitdir}
+make -k %{?jobs:-j%jobs}
+
+%install
+%make_install
+
+%clean
+rm -rf %{buildroot}
+
+%post
+# Refresh systemd services list after installation
+if [ $1 == 1 ]; then
+ systemctl daemon-reload || :
+fi
+# set needed caps on the binary to allow restart without loosing them
+setcap CAP_SYS_ADMIN,CAP_MAC_OVERRIDE+ei %{_bindir}/nether
+
+%preun
+# Stop the service before uninstall
+if [ $1 == 0 ]; then
+ systemctl stop nether.service || :
+fi
+
+%postun
+# Refresh systemd services list after uninstall/upgrade
+systemctl daemon-reload || :
projects / platform / core / security / nether.git / commitdiff