a few touchups
This commit is contained in:
Chris PeBenito
parent
dc771ff40e
commit
88c72f4408
@ -99,12 +99,13 @@ install: $(LOADPATH)
|
|||||||
# Build a binary policy locally
|
# Build a binary policy locally
|
||||||
#
|
#
|
||||||
$(POLVER): policy.conf
|
$(POLVER): policy.conf
|
||||||
|
@echo "Compiling $(POLVER)"
|
||||||
ifneq ($(PV),$(KV))
|
ifneq ($(PV),$(KV))
|
||||||
@echo
|
@echo
|
||||||
@echo "WARNING: Policy version mismatch! Is your POLICYCOMPAT set correctly?"
|
@echo "WARNING: Policy version mismatch! Is your POLICYCOMPAT set correctly?"
|
||||||
@echo
|
@echo
|
||||||
endif
|
endif
|
||||||
$(QUIET) $(CHECKPOLICY) $(POLICYCOMPAT) $^ -o $(POLVER)
|
$(QUIET) $(CHECKPOLICY) $(POLICYCOMPAT) $^ -o $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -112,18 +113,20 @@ endif
|
|||||||
#
|
#
|
||||||
$(LOADPATH): policy.conf
|
$(LOADPATH): policy.conf
|
||||||
@mkdir -p $(POLICYPATH)
|
@mkdir -p $(POLICYPATH)
|
||||||
|
@echo "Compiling and installing $(LOADPATH)"
|
||||||
ifneq ($(PV),$(KV))
|
ifneq ($(PV),$(KV))
|
||||||
@echo
|
@echo
|
||||||
@echo "WARNING: Policy version mismatch! Is your POLICYCOMPAT set correctly?"
|
@echo "WARNING: Policy version mismatch! Is your POLICYCOMPAT set correctly?"
|
||||||
@echo
|
@echo
|
||||||
endif
|
endif
|
||||||
$(QUIET) $(CHECKPOLICY) $(POLICYCOMPAT) $^ -o $(LOADPATH)
|
$(QUIET) $(CHECKPOLICY) $(POLICYCOMPAT) $^ -o $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Load the binary policy
|
# Load the binary policy
|
||||||
#
|
#
|
||||||
reload tmp/load: $(LOADPATH) $(FCPATH)
|
reload tmp/load: $(LOADPATH) $(FCPATH)
|
||||||
|
@echo "Loading $(LOADPATH)"
|
||||||
$(QUIET) $(LOADPOLICY) -q $(LOADPATH)
|
$(QUIET) $(LOADPOLICY) -q $(LOADPATH)
|
||||||
@touch tmp/load
|
@touch tmp/load
|
||||||
|
|
||||||
@ -134,11 +137,11 @@ load: tmp/load
|
|||||||
# Construct a monolithic policy.conf
|
# Construct a monolithic policy.conf
|
||||||
#
|
#
|
||||||
policy.conf: $(POLICY_SECTIONS)
|
policy.conf: $(POLICY_SECTIONS)
|
||||||
$(QUIET) # checkpolicy can use the #line directives provided by m4 -s
|
@echo "Creating policy.conf"
|
||||||
$(QUIET) # for error reporting:
|
# checkpolicy can use the #line directives provided by -s for error reporting:
|
||||||
$(QUIET) m4 $(M4PARAM) -s $^ > tmp/$@.tmp
|
$(QUIET) m4 $(M4PARAM) -s $^ > tmp/$@.tmp
|
||||||
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
|
||||||
$(QUIET) # the ordering of these ocontexts matters:
|
# the ordering of these ocontexts matters:
|
||||||
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
|
||||||
$(QUIET) grep ^netifcon tmp/$@.tmp >> $@ || true
|
$(QUIET) grep ^netifcon tmp/$@.tmp >> $@ || true
|
||||||
$(QUIET) grep ^nodecon tmp/$@.tmp >> $@ || true
|
$(QUIET) grep ^nodecon tmp/$@.tmp >> $@ || true
|
||||||
@ -161,6 +164,8 @@ tmp/generated_definitions.conf: $(ALL_MODULES) $(ALL_TE_FILES) $(BASE_MODULE)/co
|
|||||||
$(QUIET) grep -E "^network_(interface|node|port)\(.*\)" $(BASE_MODULE)/corenetwork.te \
|
$(QUIET) grep -E "^network_(interface|node|port)\(.*\)" $(BASE_MODULE)/corenetwork.te \
|
||||||
| m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/global.if $(BASE_MODULE)/corenetwork.if - \
|
| m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/global.if $(BASE_MODULE)/corenetwork.if - \
|
||||||
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
||||||
|
# this is so the xml works:
|
||||||
|
$(QUIET) echo "## </module>" >> $@
|
||||||
|
|
||||||
tmp/all_interfaces.conf: $(ALL_INTERFACES)
|
tmp/all_interfaces.conf: $(ALL_INTERFACES)
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
@ -237,9 +242,10 @@ relabel: $(FC) $(SETFILES)
|
|||||||
xml: policy.xml
|
xml: policy.xml
|
||||||
|
|
||||||
policy.xml: $(ALL_INTERFACES) tmp/generated_definitions.conf
|
policy.xml: $(ALL_INTERFACES) tmp/generated_definitions.conf
|
||||||
echo "<policy>" > $@
|
@echo "Creating $@"
|
||||||
grep -h -E "^##[[:space:]]" $^ | sed -e 's/^##[[:space:]]//g' >> $@
|
$(QUIET) echo "<policy>" > $@
|
||||||
echo "</policy>" >> $@
|
$(QUIET) grep -h -E "^##[[:space:]]" $^ | sed -e 's/^##[[:space:]]//g' >> $@
|
||||||
|
$(QUIET) echo "</policy>" >> $@
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -fR tmp
|
rm -fR tmp
|
||||||
@ -248,4 +254,4 @@ clean:
|
|||||||
rm -f policy.$(PV)
|
rm -f policy.$(PV)
|
||||||
rm -f $(FC)
|
rm -f $(FC)
|
||||||
|
|
||||||
.PHONY: default clean policy install
|
.PHONY: default policy install reload enableaudit checklabels restorelabels relabel xml clean
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user