trunk: Add support for setting the unknown permissions handling.
This commit is contained in:
parent
aef93a760f
commit
8acfcbcc2a
@ -1,3 +1,4 @@
|
|||||||
|
- Add support for setting the unknown permissions handling.
|
||||||
- Fix XML building for external reference builds and headers builds.
|
- Fix XML building for external reference builds and headers builds.
|
||||||
- Patch to add missing requirements in userdomain interfaces from Shintaro
|
- Patch to add missing requirements in userdomain interfaces from Shintaro
|
||||||
Fujiwara.
|
Fujiwara.
|
||||||
|
3
Makefile
3
Makefile
@ -201,6 +201,9 @@ endif
|
|||||||
# if not set, use the type as the name.
|
# if not set, use the type as the name.
|
||||||
NAME ?= $(TYPE)
|
NAME ?= $(TYPE)
|
||||||
|
|
||||||
|
# default unknown permissions setting
|
||||||
|
#UNK_PERMS ?= deny
|
||||||
|
|
||||||
ifeq ($(DIRECT_INITRC),y)
|
ifeq ($(DIRECT_INITRC),y)
|
||||||
M4PARAM += -D direct_sysadm_daemon
|
M4PARAM += -D direct_sysadm_daemon
|
||||||
endif
|
endif
|
||||||
|
@ -96,6 +96,9 @@ $(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers
|
|||||||
@test -d $(builddir) || mkdir -p $(builddir)
|
@test -d $(builddir) || mkdir -p $(builddir)
|
||||||
$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
|
$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
|
||||||
|
|
||||||
|
ifneq "$(UNK_PERMS)" ""
|
||||||
|
$(base_mod): CHECKMODULE += -U $(UNK_PERMS)
|
||||||
|
endif
|
||||||
$(base_mod): $(base_conf)
|
$(base_mod): $(base_conf)
|
||||||
@echo "Compiling $(NAME) base module"
|
@echo "Compiling $(NAME) base module"
|
||||||
$(verbose) $(CHECKMODULE) $^ -o $@
|
$(verbose) $(CHECKMODULE) $^ -o $@
|
||||||
|
@ -63,6 +63,9 @@ resetlabels: $(fcpath)
|
|||||||
#
|
#
|
||||||
# Build a binary policy locally
|
# Build a binary policy locally
|
||||||
#
|
#
|
||||||
|
ifneq "$(UNK_PERMS)" ""
|
||||||
|
$(polver): CHECKPOLICY += -U $(UNK_PERMS)
|
||||||
|
endif
|
||||||
$(polver): $(policy_conf)
|
$(polver): $(policy_conf)
|
||||||
@echo "Compiling $(NAME) $(polver)"
|
@echo "Compiling $(NAME) $(polver)"
|
||||||
ifneq ($(pv),$(kv))
|
ifneq ($(pv),$(kv))
|
||||||
@ -76,6 +79,9 @@ endif
|
|||||||
#
|
#
|
||||||
# Install a binary policy
|
# Install a binary policy
|
||||||
#
|
#
|
||||||
|
ifneq "$(UNK_PERMS)" ""
|
||||||
|
$(loadpath): CHECKPOLICY += -U $(UNK_PERMS)
|
||||||
|
endif
|
||||||
$(loadpath): $(policy_conf)
|
$(loadpath): $(policy_conf)
|
||||||
@mkdir -p $(policypath)
|
@mkdir -p $(policypath)
|
||||||
@echo "Compiling and installing $(NAME) $(loadpath)"
|
@echo "Compiling and installing $(NAME) $(loadpath)"
|
||||||
|
@ -31,6 +31,14 @@ NAME = refpolicy
|
|||||||
# Fedora users should enable redhat.
|
# Fedora users should enable redhat.
|
||||||
#DISTRO = redhat
|
#DISTRO = redhat
|
||||||
|
|
||||||
|
# Unknown Permissions Handling
|
||||||
|
# The behavior for handling permissions defined in the
|
||||||
|
# kernel but missing from the policy. The permissions
|
||||||
|
# can either be allowed, denied, or the policy loading
|
||||||
|
# can be rejected.
|
||||||
|
# allow, deny, and reject are current options.
|
||||||
|
#UNK_PERMS = deny
|
||||||
|
|
||||||
# Direct admin init
|
# Direct admin init
|
||||||
# Setting this will allow sysadm to directly
|
# Setting this will allow sysadm to directly
|
||||||
# run init scripts, instead of requring run_init.
|
# run init scripts, instead of requring run_init.
|
||||||
|
Loading…
Reference in New Issue
Block a user