rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

*** empty log message ***

Browse Source
This commit is contained in:
Daniel J Walsh 2006-02-22 00:53:12 +00:00
parent d5ae27dcc7
commit a57054e5e9
2 changed files with 63 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Makefile.devel
View File

@ -24,8 +24,6 @@ PYTHON ?= python
# set default build options if missing # set default build options if missing
NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE) NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE)
MLSENABLED := $(shell cat /selinux/mls) MLSENABLED := $(shell cat /selinux/mls)
MODPKGDIR := $(SHAREDIR)/$(NAME)
ifeq ($(MLSENABLED),1) ifeq ($(MLSENABLED),1)
MCSFLAG=-mcs MCSFLAG=-mcs
endif endif
@ -35,6 +33,16 @@ DIRECT_INITRC ?= n
POLY ?= n POLY ?= n
QUIET ?= y QUIET ?= y
genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
docs = doc
polxml = $(docs)/policy.xml
xmldtd = $(HEADERDIR)/support/policy.dtd
layerxml = metadata.xml
globaltun = $(HEADERDIR)/global_tunables.xml
globalbool = $(HEADERDIR)/global_booleans.xml
# compile strict policy if requested. # compile strict policy if requested.
ifneq ($(findstring strict,$(TYPE)),) ifneq ($(findstring strict,$(TYPE)),)
M4PARAM += -D strict_policy M4PARAM += -D strict_policy
@ -73,21 +81,33 @@ ifeq ($(DIRECT_INITRC),y)
M4PARAM += -D direct_sysadm_daemon M4PARAM += -D direct_sysadm_daemon
endif endif
ifneq ($(VERBOSE),y) ifeq ($(QUIET),y)
quiet := @ verbose := @
endif endif
M4PARAM += -D hide_broken_symptoms M4PARAM += -D hide_broken_symptoms
# policy headers # policy headers
m4support := $(wildcard $(HEADERDIR)/*.spt) m4support = $(wildcard $(HEADERDIR)/support/*.spt)
all_interfaces := $(wildcard $(HEADERDIR)/*.if) all_layers = $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
rolemap := $(HEADERDIR)/rolemap all_interfaces = $(foreach layer,$(all_layers),$(wildcard $(layer)/*.if))
rolemap = $(HEADERDIR)/rolemap
detected_mods := $(wildcard *.te) detected_layers = $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
detected_ifs := $(detected_mods:.te=.if) 3rd_party_mods = $(wildcard *.te)
all_packages := $(detected_mods:.te=.pp) 3rd_party_ifs = $(3rd_party_mods:.te=.if)
install_mods := $(MODPKGDIR)/$(all_packages) detected_mods = $(3rd_party_mods) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.te))
detected_ifs = $(3rd_party_ifs) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.if))
all_packages = $(notdir $(detected_mods:.te=.pp))
vpath %.te $(detected_layers)
vpath %.if $(detected_layers)
vpath %.fc $(detected_layers)
# if there are modules in the current directory, add them into the third party layer
ifneq "$(3rd_party_ifs)" ""
genxml += -3 .
endif
######################################## ########################################
# #
@ -107,6 +127,10 @@ define peruser-expansion
$(verbose) echo "')" >> $2 $(verbose) echo "')" >> $2
endef endef
.PHONY: clean all xml
.SUFFIXES:
.SUFFIXES: .pp
######################################## ########################################
# #
# Main targets # Main targets
@ -114,6 +138,8 @@ endef
all: $(all_packages) all: $(all_packages)
xml: $(polxml)
######################################## ########################################
# #
# Build module packages # Build module packages
@ -136,6 +162,26 @@ tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
@test -d tmp || mkdir -p tmp @test -d tmp || mkdir -p tmp
$(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@ $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
########################################
#
# Documentation generation
#
# minimal dependencies here, because we don't want to rebuild
# this and its dependents every time the dependencies
# change. Also use all .if files here, rather then just the
# enabled modules.
$(polxml): $(detected_ifs) $(foreach dir,$(all_layers),$(dir)/$(layerxml))
@echo "Creating $@"
@mkdir -p doc
$(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
$(verbose) echo '<!DOCTYPE policy SYSTEM "$(xmldtd)">' >> $@
$(verbose) $(genxml) -m $(layerxml) --tunables-xml $(globaltun) --booleans-xml $(globalbool) $(all_layers) $(detected_layers) >> $@
$(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
$(XMLLINT) --noout --dtdvalid $(xmldtd) $@ ;\
fi
######################################## ########################################
# #
# Clean the environment # Clean the environment
@ -144,5 +190,3 @@ tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
clean: clean:
rm -fR tmp rm -fR tmp
rm -f *.pp rm -f *.pp
.PHONY: clean install all default

7
selinux-policy.spec
View File

@ -9,7 +9,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 2.2.19 Version: 2.2.19
Release: 1 Release: 2
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -289,6 +289,11 @@ SELinux Reference policy development files
%changelog %changelog
* Tue Feb 21 2006 Dan Walsh <dwalsh@redhat.com> 2.2.19-2
- Fix swapon
- allow httpd_sys_script_t to be entered via a shell
- Allow httpd_sys_script_t to read eventpolfs
* Tue Feb 21 2006 Dan Walsh <dwalsh@redhat.com> 2.2.19-1 * Tue Feb 21 2006 Dan Walsh <dwalsh@redhat.com> 2.2.19-1
- Update from upstream - Update from upstream