From ed74ed6ed2b08bac368c3510a431b1135751e4d6 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@zerotier.com>
Date: Wed, 16 Feb 2022 12:56:17 -0500
Subject: [PATCH] CentOS/RHEL 6 SELinux permissions.

---
 ext/installfiles/linux/zerotier-one.te | 14 ++++++++++++++
 make-linux.mk                          |  1 +
 zerotier-one.spec                      | 12 ++++++++++++
 3 files changed, 27 insertions(+)
 create mode 100644 ext/installfiles/linux/zerotier-one.te

diff --git a/ext/installfiles/linux/zerotier-one.te b/ext/installfiles/linux/zerotier-one.te
new file mode 100644
index 000000000..978df0b10
--- /dev/null
+++ b/ext/installfiles/linux/zerotier-one.te
@@ -0,0 +1,14 @@
+
+module zerotier-one 1.0;
+
+require {
+	type unconfined_t;
+	type initrc_t;
+	class memprotect mmap_zero;
+}
+
+#============= initrc_t ==============
+allow initrc_t self:memprotect mmap_zero;
+
+#============= unconfined_t ==============
+allow unconfined_t self:memprotect mmap_zero;
diff --git a/make-linux.mk b/make-linux.mk
index eaec7432c..a5a929d8e 100644
--- a/make-linux.mk
+++ b/make-linux.mk
@@ -418,6 +418,7 @@ install:	FORCE
 	rm -f $(DESTDIR)/usr/share/man/man1/zerotier-cli.1.gz
 	cat doc/zerotier-cli.1 | gzip -9 >$(DESTDIR)/usr/share/man/man1/zerotier-cli.1.gz
 	cat doc/zerotier-idtool.1 | gzip -9 >$(DESTDIR)/usr/share/man/man1/zerotier-idtool.1.gz
+	cp ext/installfiles/linux/zerotier-one.te /var/lib/zerotier-one/zerotier-one.te
 
 # Uninstall preserves identity.public and identity.secret since the user might
 # want to save these. These are your ZeroTier address.
diff --git a/zerotier-one.spec b/zerotier-one.spec
index ab43da42e..edcbc6d06 100644
--- a/zerotier-one.spec
+++ b/zerotier-one.spec
@@ -121,6 +121,18 @@ case "$1" in
     chkconfig --add zerotier-one
   ;;
 esac
+if [ -x /usr/bin/checkmodule -a -x /usr/bin/semodule_package -a -x /usr/bin/semodule ]; then
+  rm -f /var/lib/zerotier-one/zerotier-one.mod
+  /usr/bin/checkmodule -M -m -o /var/lib/zerotier-one/zerotier-one.mod /var/lib/zerotier-one/zerotier-one.te
+  if [ -f /var/lib/zerotier-one/zerotier-one.pp ]; then
+    rm -f /var/lib/zerotier-one/zerotier-one.pp
+    /usr/bin/semodule_package -o /var/lib/zerotier-one/zerotier-one.pp -m /var/lib/zerotier-one/zerotier-one.mod
+    /usr/bin/semodule -u /var/lib/zerotier-one/zerotier-one.pp
+  else
+    /usr/bin/semodule_package -o /var/lib/zerotier-one/zerotier-one.pp -m /var/lib/zerotier-one/zerotier-one.mod
+    /usr/bin/semodule -i /var/lib/zerotier-one/zerotier-one.pp
+  fi
+fi
 %endif
 
 %preun