change monolithic_policy to self_contained_policy for clarity
This commit is contained in:
Chris PeBenito
parent
668be6442b
commit
0e15cdfb50
@ -204,7 +204,7 @@ $(MODDIR)/kernel/corenetwork.if: $(MODDIR)/kernel/corenetwork.if.m4 $(MODDIR)/ke
|
|||||||
@echo "#" >> $@
|
@echo "#" >> $@
|
||||||
$(QUIET) cat $(MODDIR)/kernel/corenetwork.if.in >> $@
|
$(QUIET) cat $(MODDIR)/kernel/corenetwork.if.in >> $@
|
||||||
$(QUIET) egrep "^[[:blank:]]*network_(interface|node|port)\(.*\)" $(@:.if=.te).in \
|
$(QUIET) egrep "^[[:blank:]]*network_(interface|node|port)\(.*\)" $(@:.if=.te).in \
|
||||||
| m4 -D monolithic_policy $(M4PARAM) $(M4SUPPORT) $(MODDIR)/kernel/corenetwork.if.m4 - \
|
| m4 -D self_contained_policy $(M4PARAM) $(M4SUPPORT) $(MODDIR)/kernel/corenetwork.if.m4 - \
|
||||||
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
||||||
|
|
||||||
$(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/kernel/corenetwork.te.in
|
$(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/kernel/corenetwork.te.in
|
||||||
@ -212,7 +212,7 @@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/ke
|
|||||||
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
|
@echo "# This is a generated file! Instead of modifying this file, the" >> $@
|
||||||
@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
|
@echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
|
||||||
@echo "#" >> $@
|
@echo "#" >> $@
|
||||||
$(QUIET) m4 -D monolithic_policy $(M4PARAM) $(M4SUPPORT) $^ \
|
$(QUIET) m4 -D self_contained_policy $(M4PARAM) $(M4SUPPORT) $^ \
|
||||||
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -261,7 +261,7 @@ $(USERPATH)/system.users: $(USER_FILES) tmp/generated_definitions.conf
|
|||||||
@echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users
|
@echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users
|
||||||
@echo "# Please edit local.users to make local changes." >> tmp/system.users
|
@echo "# Please edit local.users to make local changes." >> tmp/system.users
|
||||||
@echo "#" >> tmp/system.users
|
@echo "#" >> tmp/system.users
|
||||||
$(QUIET) m4 -D monolithic_policy $(M4PARAM) tmp/generated_definitions.conf $(USER_FILES) | \
|
$(QUIET) m4 -D self_contained_policy $(M4PARAM) tmp/generated_definitions.conf $(USER_FILES) | \
|
||||||
egrep -v "^[[:space:]]*($$|#)" >> tmp/system.users
|
egrep -v "^[[:space:]]*($$|#)" >> tmp/system.users
|
||||||
$(QUIET) install -m 644 tmp/system.users $@
|
$(QUIET) install -m 644 tmp/system.users $@
|
||||||
|
|
||||||
|
|||||||
@ -61,7 +61,7 @@ tmp/base.mod: base.conf
|
|||||||
base.conf: $(BASE_SECTIONS)
|
base.conf: $(BASE_SECTIONS)
|
||||||
@echo "Creating $(NAME) base module policy.conf"
|
@echo "Creating $(NAME) base module policy.conf"
|
||||||
# checkpolicy can use the #line directives provided by -s for error reporting:
|
# checkpolicy can use the #line directives provided by -s for error reporting:
|
||||||
$(QUIET) m4 -D monolithic_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
$(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
||||||
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
||||||
# the ordering of these ocontexts matters:
|
# the ordering of these ocontexts matters:
|
||||||
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
||||||
|
|||||||
@ -78,7 +78,7 @@ reload tmp/load: $(LOADPATH) $(FCPATH)
|
|||||||
policy.conf: $(POLICY_SECTIONS)
|
policy.conf: $(POLICY_SECTIONS)
|
||||||
@echo "Creating $(NAME) policy.conf"
|
@echo "Creating $(NAME) policy.conf"
|
||||||
# checkpolicy can use the #line directives provided by -s for error reporting:
|
# checkpolicy can use the #line directives provided by -s for error reporting:
|
||||||
$(QUIET) m4 -D monolithic_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
$(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp
|
||||||
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
||||||
# the ordering of these ocontexts matters:
|
# the ordering of these ocontexts matters:
|
||||||
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
||||||
|
|||||||
@ -262,10 +262,8 @@ userdom_search_staff_home_dir(sulogin_t)
|
|||||||
userdom_search_sysadm_home_dir(sulogin_t)
|
userdom_search_sysadm_home_dir(sulogin_t)
|
||||||
|
|
||||||
# suse and debian do not use pam with sulogin...
|
# suse and debian do not use pam with sulogin...
|
||||||
ifdef(`monolithic_policy',`
|
ifdef(`distro_suse', `define(`sulogin_no_pam')')
|
||||||
ifdef(`distro_suse', `define(`sulogin_no_pam')')
|
ifdef(`distro_debian', `define(`sulogin_no_pam')')
|
||||||
ifdef(`distro_debian', `define(`sulogin_no_pam')')
|
|
||||||
')
|
|
||||||
|
|
||||||
ifdef(`sulogin_no_pam', `
|
ifdef(`sulogin_no_pam', `
|
||||||
allow sulogin_t self:capability sys_tty_config;
|
allow sulogin_t self:capability sys_tty_config;
|
||||||
|
|||||||
@ -9,7 +9,7 @@
|
|||||||
# For adding the module statement
|
# For adding the module statement
|
||||||
#
|
#
|
||||||
define(`policy_module',`
|
define(`policy_module',`
|
||||||
ifdef(`monolithic_policy',`',`
|
ifdef(`self_contained_policy',`',`
|
||||||
module $1 $2;
|
module $1 $2;
|
||||||
|
|
||||||
require { all_kernel_class_perms }
|
require { all_kernel_class_perms }
|
||||||
@ -21,7 +21,7 @@ define(`policy_module',`
|
|||||||
# For use in interfaces, to optionally insert a require block
|
# For use in interfaces, to optionally insert a require block
|
||||||
#
|
#
|
||||||
define(`gen_require',`
|
define(`gen_require',`
|
||||||
ifdef(`monolithic_policy',`',`
|
ifdef(`self_contained_policy',`',`
|
||||||
define(`in_gen_require_block')
|
define(`in_gen_require_block')
|
||||||
require {
|
require {
|
||||||
$1
|
$1
|
||||||
@ -83,7 +83,7 @@ define(`policy_call_depth',0)
|
|||||||
# Optional policy handling
|
# Optional policy handling
|
||||||
#
|
#
|
||||||
define(`optional_policy',`
|
define(`optional_policy',`
|
||||||
ifdef(`monolithic_policy',`
|
ifdef(`self_contained_policy',`
|
||||||
ifdef(`$1',`$2',`$3')
|
ifdef(`$1',`$2',`$3')
|
||||||
',`
|
',`
|
||||||
optional {
|
optional {
|
||||||
@ -110,18 +110,18 @@ define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
|
|||||||
#
|
#
|
||||||
define(`gen_tunable',`
|
define(`gen_tunable',`
|
||||||
ifdef(`in_gen_require_block',`
|
ifdef(`in_gen_require_block',`
|
||||||
ifdef(`monolithic_policy',`
|
ifdef(`self_contained_policy',`
|
||||||
bool $1;
|
bool $1;
|
||||||
',`
|
',`
|
||||||
# loadable module tunable
|
# loadable module tunable
|
||||||
# declaration will go here
|
# require will go here
|
||||||
# instead of bool when
|
# instead of bool when
|
||||||
# loadable modules support
|
# loadable modules support
|
||||||
# tunables
|
# tunables
|
||||||
bool $1;
|
bool $1;
|
||||||
')
|
')
|
||||||
',`
|
',`
|
||||||
ifdef(`monolithic_policy',`
|
ifdef(`self_contained_policy',`
|
||||||
bool $1 dflt_or_overr(`$1'_conf,$2);
|
bool $1 dflt_or_overr(`$1'_conf,$2);
|
||||||
',`
|
',`
|
||||||
# loadable module tunable
|
# loadable module tunable
|
||||||
@ -139,7 +139,7 @@ define(`gen_tunable',`
|
|||||||
# Tunable policy handling
|
# Tunable policy handling
|
||||||
#
|
#
|
||||||
define(`tunable_policy',`
|
define(`tunable_policy',`
|
||||||
ifdef(`monolithic_policy',`
|
ifdef(`self_contained_policy',`
|
||||||
if (`$1') {
|
if (`$1') {
|
||||||
$2
|
$2
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user