merge makefile changes from branch
This commit is contained in:
parent
31b7c0551d
commit
c767b14c94
@ -1,3 +1,10 @@
|
|||||||
|
- Fix labeling targets to use installed file_contexts rather
|
||||||
|
than partial file_contexts in the policy source directory.
|
||||||
|
- Fix build process to use make's internal vpath functions
|
||||||
|
to detect modules rather than using subshells and find.
|
||||||
|
- Add install target for modular policy.
|
||||||
|
- Add load target for modular policy.
|
||||||
|
- Add appconfig dependency to the load target.
|
||||||
- Miscellaneous fixes from Dan Walsh.
|
- Miscellaneous fixes from Dan Walsh.
|
||||||
- Fix corenetwork gen_context()'s to expand during the policy
|
- Fix corenetwork gen_context()'s to expand during the policy
|
||||||
build phase instead of during the generation phase.
|
build phase instead of during the generation phase.
|
||||||
|
@ -5,7 +5,12 @@ To install Reference Policy sources into /etc/selinux/refpolicy/src/policy:
|
|||||||
This will back up a pre-existing source policy to the
|
This will back up a pre-existing source policy to the
|
||||||
/etc/selinux/refpolicy/src/policy.bak directory.
|
/etc/selinux/refpolicy/src/policy.bak directory.
|
||||||
|
|
||||||
After installing the policy sources, the old Make targets have been maintained:
|
If you do not have a modules.conf, one can be generated:
|
||||||
|
|
||||||
|
make conf
|
||||||
|
|
||||||
|
This will create a default modules.conf. After installing the policy sources,
|
||||||
|
the old Make targets have been maintained for the monolithic policy:
|
||||||
|
|
||||||
Local policy development:
|
Local policy development:
|
||||||
|
|
||||||
|
@ -23,7 +23,8 @@
|
|||||||
# Policy version
|
# Policy version
|
||||||
# By default, checkpolicy will create the highest
|
# By default, checkpolicy will create the highest
|
||||||
# version policy it supports. Setting this will
|
# version policy it supports. Setting this will
|
||||||
# override the version.
|
# override the version. This only affects
|
||||||
|
# monolithic policies.
|
||||||
#OUTPUT_POLICY = 18
|
#OUTPUT_POLICY = 18
|
||||||
|
|
||||||
# Policy Type
|
# Policy Type
|
||||||
@ -73,6 +74,7 @@ BINDIR := $(PREFIX)/bin
|
|||||||
SBINDIR := $(PREFIX)/sbin
|
SBINDIR := $(PREFIX)/sbin
|
||||||
CHECKPOLICY := $(BINDIR)/checkpolicy
|
CHECKPOLICY := $(BINDIR)/checkpolicy
|
||||||
CHECKMODULE := $(BINDIR)/checkmodule
|
CHECKMODULE := $(BINDIR)/checkmodule
|
||||||
|
SEMODULE := $(SBINDIR)/semodule
|
||||||
SEMOD_PKG := $(BINDIR)/semodule_package
|
SEMOD_PKG := $(BINDIR)/semodule_package
|
||||||
LOADPOLICY := $(SBINDIR)/load_policy
|
LOADPOLICY := $(SBINDIR)/load_policy
|
||||||
SETFILES := $(SBINDIR)/setfiles
|
SETFILES := $(SBINDIR)/setfiles
|
||||||
@ -119,19 +121,11 @@ INSTALLDIR = $(TOPDIR)/$(NAME)
|
|||||||
SRCPATH = $(INSTALLDIR)/src
|
SRCPATH = $(INSTALLDIR)/src
|
||||||
USERPATH = $(INSTALLDIR)/users
|
USERPATH = $(INSTALLDIR)/users
|
||||||
CONTEXTPATH = $(INSTALLDIR)/contexts
|
CONTEXTPATH = $(INSTALLDIR)/contexts
|
||||||
|
MODPKGDIR = $(DESTDIR)/usr/share/selinux/$(NAME)
|
||||||
|
|
||||||
# enable MLS if requested.
|
# compile strict policy if requested.
|
||||||
ifneq ($(findstring -mls,$(TYPE)),)
|
ifneq ($(findstring strict,$(TYPE)),)
|
||||||
override M4PARAM += -D enable_mls
|
override M4PARAM += -D strict_policy
|
||||||
CHECKPOLICY += -M
|
|
||||||
CHECKMODULE += -M
|
|
||||||
endif
|
|
||||||
|
|
||||||
# enable MLS if MCS requested.
|
|
||||||
ifneq ($(findstring -mcs,$(TYPE)),)
|
|
||||||
override M4PARAM += -D enable_mcs
|
|
||||||
CHECKPOLICY += -M
|
|
||||||
CHECKMODULE += -M
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# compile targeted policy if requested.
|
# compile targeted policy if requested.
|
||||||
@ -139,13 +133,27 @@ ifneq ($(findstring targeted,$(TYPE)),)
|
|||||||
override M4PARAM += -D targeted_policy
|
override M4PARAM += -D targeted_policy
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# enable MLS if requested.
|
||||||
|
ifneq ($(findstring -mls,$(TYPE)),)
|
||||||
|
override M4PARAM += -D enable_mls
|
||||||
|
override CHECKPOLICY += -M
|
||||||
|
override CHECKMODULE += -M
|
||||||
|
endif
|
||||||
|
|
||||||
|
# enable MLS if MCS requested.
|
||||||
|
ifneq ($(findstring -mcs,$(TYPE)),)
|
||||||
|
override M4PARAM += -D enable_mcs
|
||||||
|
override CHECKPOLICY += -M
|
||||||
|
override CHECKMODULE += -M
|
||||||
|
endif
|
||||||
|
|
||||||
# enable distribution-specific policy
|
# enable distribution-specific policy
|
||||||
ifneq ($(DISTRO),)
|
ifneq ($(DISTRO),)
|
||||||
override M4PARAM += -D distro_$(DISTRO)
|
override M4PARAM += -D distro_$(DISTRO)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifneq ($(OUTPUT_POLICY),)
|
ifneq ($(OUTPUT_POLICY),)
|
||||||
CHECKPOLICY += -c $(OUTPUT_POLICY)
|
override CHECKPOLICY += -c $(OUTPUT_POLICY)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifeq ($(NAME),)
|
ifeq ($(NAME),)
|
||||||
@ -168,14 +176,11 @@ ifeq ($(KV),)
|
|||||||
KV := $(PV)
|
KV := $(PV)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
FC := file_contexts
|
|
||||||
POLVER := policy.$(PV)
|
|
||||||
|
|
||||||
M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
|
M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
|
||||||
|
|
||||||
APPCONF := config/appconfig-$(TYPE)
|
APPCONF := config/appconfig-$(TYPE)
|
||||||
APPDIR := $(CONTEXTPATH)
|
APPDIR := $(CONTEXTPATH)
|
||||||
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
|
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts) $(CONTEXTPATH)/files/media
|
||||||
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
|
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
|
||||||
USER_FILES := $(POLDIR)/systemuser $(POLDIR)/users
|
USER_FILES := $(POLDIR)/systemuser $(POLDIR)/users
|
||||||
|
|
||||||
@ -196,10 +201,8 @@ MODBASE := base
|
|||||||
MODMOD := module
|
MODMOD := module
|
||||||
|
|
||||||
# extract settings from modules.conf
|
# extract settings from modules.conf
|
||||||
BASE_MODS := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null),$(subst ./,,$(shell find -iname $(mod).te)))
|
BASE_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null))
|
||||||
MOD_MODS := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null),$(subst ./,,$(shell find -iname $(mod).te)))
|
MOD_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null))
|
||||||
|
|
||||||
HOMEDIR_TEMPLATE = tmp/homedir_template
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -364,14 +367,14 @@ bare: clean
|
|||||||
rm -f $(MOD_CONF)
|
rm -f $(MOD_CONF)
|
||||||
rm -f $(BOOLEANS)
|
rm -f $(BOOLEANS)
|
||||||
rm -fR $(HTMLDIR)
|
rm -fR $(HTMLDIR)
|
||||||
#ifneq ($(GENERATED_TE),)
|
ifneq ($(GENERATED_TE),)
|
||||||
# rm -f $(GENERATED_TE)
|
rm -f $(GENERATED_TE)
|
||||||
#endif
|
endif
|
||||||
#ifneq ($(GENERATED_IF),)
|
ifneq ($(GENERATED_IF),)
|
||||||
# rm -f $(GENERATED_IF)
|
rm -f $(GENERATED_IF)
|
||||||
#endif
|
endif
|
||||||
#ifneq ($(GENERATED_FC),)
|
ifneq ($(GENERATED_FC),)
|
||||||
# rm -f $(GENERATED_FC)
|
rm -f $(GENERATED_FC)
|
||||||
#endif
|
endif
|
||||||
|
|
||||||
.PHONY: install-src install-appconfig conf html bare
|
.PHONY: install-src install-appconfig conf html bare
|
||||||
|
@ -37,6 +37,19 @@ modules Compile and package all Reference Policy modules
|
|||||||
MODULENAME.pp Compile and package the MODULENAME Reference Policy
|
MODULENAME.pp Compile and package the MODULENAME Reference Policy
|
||||||
module.
|
module.
|
||||||
|
|
||||||
|
all Compile and package the base module and all Reference
|
||||||
|
Policy modules configured to be built as loadable
|
||||||
|
modules.
|
||||||
|
|
||||||
|
install Compile, package, and install the base module and
|
||||||
|
Reference Policy modules configured to be built as
|
||||||
|
loadable modules.
|
||||||
|
|
||||||
|
load Compile, package, and install the base module and
|
||||||
|
Reference Policy modules configured to be built as
|
||||||
|
loadable modules, then insert them into the module
|
||||||
|
store.
|
||||||
|
|
||||||
Make targets specific to monolithic policies:
|
Make targets specific to monolithic policies:
|
||||||
|
|
||||||
policy Compile a policy locally for development and testing.
|
policy Compile a policy locally for development and testing.
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# Rules and Targets for building modular policies
|
# Rules and Targets for building modular policies
|
||||||
#
|
#
|
||||||
|
|
||||||
ALL_MODULES := $(filter $(BASE_MODS) $(MOD_MODS),$(DETECTED_MODS))
|
ALL_MODULES := $(BASE_MODS) $(MOD_MODS)
|
||||||
ALL_INTERFACES := $(ALL_MODULES:.te=.if)
|
ALL_INTERFACES := $(ALL_MODULES:.te=.if)
|
||||||
|
|
||||||
BASE_PKG := base.pp
|
BASE_PKG := base.pp
|
||||||
@ -19,6 +19,9 @@ BASE_FC_FILES := $(BASE_MODS:.te=.fc)
|
|||||||
MOD_MODULES := $(MOD_MODS:.te=.mod)
|
MOD_MODULES := $(MOD_MODS:.te=.mod)
|
||||||
MOD_PKGS := $(notdir $(MOD_MODS:.te=.pp))
|
MOD_PKGS := $(notdir $(MOD_MODS:.te=.pp))
|
||||||
|
|
||||||
|
# policy packages to install
|
||||||
|
INSTPKG := $(addprefix $(MODPKGDIR)/,$(BASE_PKG) $(MOD_PKGS))
|
||||||
|
|
||||||
# search layer dirs for source files
|
# search layer dirs for source files
|
||||||
vpath %.te $(ALL_LAYERS)
|
vpath %.te $(ALL_LAYERS)
|
||||||
vpath %.if $(ALL_LAYERS)
|
vpath %.if $(ALL_LAYERS)
|
||||||
@ -36,9 +39,40 @@ base: $(BASE_PKG)
|
|||||||
|
|
||||||
modules: $(MOD_PKGS)
|
modules: $(MOD_PKGS)
|
||||||
|
|
||||||
#policy: $(POLVER)
|
install: $(INSTPKG) $(APPFILES)
|
||||||
#install: $(LOADPATH) $(FCPATH) $(APPFILES) $(USERPATH)/local.users
|
|
||||||
#load: tmp/load
|
########################################
|
||||||
|
#
|
||||||
|
# Load all configured modules
|
||||||
|
#
|
||||||
|
load: $(INSTPKG) $(APPFILES)
|
||||||
|
@echo "Loading configured modules."
|
||||||
|
$(QUIET) $(SEMODULE) -s $(NAME) -b $(MODPKGDIR)/$(BASE_PKG) $(foreach mod,$(MOD_PKGS),-i $(MODPKGDIR)/$(mod))
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Install policy packages
|
||||||
|
#
|
||||||
|
$(MODPKGDIR)/%.pp: %.pp
|
||||||
|
@mkdir -p $(MODPKGDIR)
|
||||||
|
@echo "Installing $(@F) policy package."
|
||||||
|
$(QUIET) install -m 0644 $^ $(MODPKGDIR)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Build module packages
|
||||||
|
#
|
||||||
|
tmp/%.mod: $(M4SUPPORT) tmp/generated_definitions.conf tmp/all_interfaces.conf %.te
|
||||||
|
@echo "Compliling $(NAME) $(@F) module"
|
||||||
|
$(QUIET) m4 $(M4PARAM) -s $^ > $(@:.mod=.tmp)
|
||||||
|
$(QUIET) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
||||||
|
|
||||||
|
tmp/%.mod.fc: $(M4SUPPORT) %.fc
|
||||||
|
$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) $^ > $@
|
||||||
|
|
||||||
|
%.pp: tmp/%.mod tmp/%.mod.fc
|
||||||
|
@echo "Creating $(NAME) $(@F) policy package"
|
||||||
|
$(QUIET) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -48,17 +82,13 @@ $(BASE_PKG): tmp/base.mod $(BASE_FC)
|
|||||||
@echo "Creating $(NAME) base module package"
|
@echo "Creating $(NAME) base module package"
|
||||||
$(QUIET) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)
|
$(QUIET) $(SEMOD_PKG) -o $@ -m tmp/base.mod -f $(BASE_FC)
|
||||||
|
|
||||||
########################################
|
|
||||||
#
|
|
||||||
# Compile a base module
|
|
||||||
#
|
|
||||||
tmp/base.mod: base.conf
|
tmp/base.mod: base.conf
|
||||||
@echo "Compiling $(NAME) base module"
|
@echo "Compiling $(NAME) base module"
|
||||||
$(QUIET) $(CHECKMODULE) $^ -o $@
|
$(QUIET) $(CHECKMODULE) $^ -o $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Construct a base module policy.conf
|
# Construct a base.conf
|
||||||
#
|
#
|
||||||
base.conf: $(BASE_SECTIONS)
|
base.conf: $(BASE_SECTIONS)
|
||||||
@echo "Creating $(NAME) base module policy.conf"
|
@echo "Creating $(NAME) base module policy.conf"
|
||||||
@ -125,45 +155,27 @@ tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_fi
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Construct base module file contexts
|
# Construct a base.fc
|
||||||
#
|
#
|
||||||
$(BASE_FC): $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES) $(FCSORT)
|
$(BASE_FC): tmp/$(BASE_FC).tmp $(FCSORT)
|
||||||
|
$(QUIET) $(FCSORT) $< $@
|
||||||
|
|
||||||
|
tmp/$(BASE_FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES)
|
||||||
ifeq ($(BASE_FC_FILES),)
|
ifeq ($(BASE_FC_FILES),)
|
||||||
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
||||||
endif
|
endif
|
||||||
@echo "Creating $(NAME) base module file contexts."
|
@echo "Creating $(NAME) base module file contexts."
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) tmp/generated_definitions.conf $(BASE_FC_FILES) > tmp/$@.tmp
|
$(QUIET) m4 $(M4PARAM) $^ > $@
|
||||||
$(QUIET) $(FCSORT) tmp/$@.tmp $@
|
|
||||||
|
|
||||||
########################################
|
|
||||||
#
|
|
||||||
# Build module packages
|
|
||||||
#
|
|
||||||
tmp/%.mod: $(M4SUPPORT) tmp/generated_definitions.conf tmp/all_interfaces.conf %.te
|
|
||||||
@if test -z "$(filter $^,$(MOD_MODS))"; then \
|
|
||||||
echo "The $(notdir $(basename $@)) module is not configured to be compiled as a lodable module." ;\
|
|
||||||
false ;\
|
|
||||||
fi
|
|
||||||
@echo "Compliling $(NAME) $(@F) module"
|
|
||||||
$(QUIET) m4 $(M4PARAM) -s $^ > $(@:.mod=.tmp)
|
|
||||||
$(QUIET) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
|
||||||
|
|
||||||
tmp/%.mod.fc: $(M4SUPPORT) %.fc
|
|
||||||
$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) $^ > $@
|
|
||||||
|
|
||||||
%.pp: tmp/%.mod tmp/%.mod.fc
|
|
||||||
@echo "Creating $(NAME) $(@F) policy package"
|
|
||||||
$(QUIET) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Clean the sources
|
# Clean the sources
|
||||||
#
|
#
|
||||||
clean:
|
clean:
|
||||||
rm -fR tmp
|
|
||||||
rm -f base.conf
|
rm -f base.conf
|
||||||
rm -f *.pp
|
rm -f *.pp
|
||||||
rm -f $(BASE_FC)
|
rm -f $(BASE_FC)
|
||||||
|
rm -fR tmp
|
||||||
|
|
||||||
.PHONY: default base modules clean
|
.PHONY: default all base modules install load clean
|
||||||
|
@ -9,13 +9,13 @@ LOADPATH = $(POLICYPATH)/$(POLVER)
|
|||||||
FCPATH = $(CONTEXTPATH)/files/file_contexts
|
FCPATH = $(CONTEXTPATH)/files/file_contexts
|
||||||
HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template
|
HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template
|
||||||
|
|
||||||
# Monolithic still uses booleans file
|
FC := file_contexts
|
||||||
APPFILES += $(INSTALLDIR)/booleans
|
POLVER := policy.$(PV)
|
||||||
|
|
||||||
|
APPFILES += $(APPDIR)/customizable_types $(INSTALLDIR)/booleans
|
||||||
|
|
||||||
# for monolithic policy use all base and module to create policy
|
# for monolithic policy use all base and module to create policy
|
||||||
ENABLEMOD := $(BASE_MODS) $(MOD_MODS)
|
ALL_MODULES := $(BASE_MODS) $(MOD_MODS)
|
||||||
|
|
||||||
ALL_MODULES := $(filter $(ENABLEMOD),$(DETECTED_MODS))
|
|
||||||
|
|
||||||
ALL_INTERFACES := $(ALL_MODULES:.te=.if)
|
ALL_INTERFACES := $(ALL_MODULES:.te=.if)
|
||||||
ALL_TE_FILES := $(ALL_MODULES)
|
ALL_TE_FILES := $(ALL_MODULES)
|
||||||
@ -26,6 +26,13 @@ POST_TE_FILES := $(POLDIR)/systemuser $(POLDIR)/users $(POLDIR)/constraints
|
|||||||
|
|
||||||
POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALBOOL) $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf
|
POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALBOOL) $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf
|
||||||
|
|
||||||
|
HOMEDIR_TEMPLATE = homedir_template
|
||||||
|
|
||||||
|
# search layer dirs for source files
|
||||||
|
vpath %.te $(ALL_LAYERS)
|
||||||
|
vpath %.if $(ALL_LAYERS)
|
||||||
|
vpath %.fc $(ALL_LAYERS)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# default action: build policy locally
|
# default action: build policy locally
|
||||||
@ -69,7 +76,7 @@ endif
|
|||||||
#
|
#
|
||||||
# Load the binary policy
|
# Load the binary policy
|
||||||
#
|
#
|
||||||
reload tmp/load: $(LOADPATH) $(FCPATH)
|
reload tmp/load: $(LOADPATH) $(FCPATH) $(APPFILES)
|
||||||
@echo "Loading $(NAME) $(LOADPATH)"
|
@echo "Loading $(NAME) $(LOADPATH)"
|
||||||
$(QUIET) $(LOADPOLICY) -q $(LOADPATH)
|
$(QUIET) $(LOADPOLICY) -q $(LOADPATH)
|
||||||
@touch tmp/load
|
@touch tmp/load
|
||||||
@ -153,16 +160,18 @@ enableaudit: policy.conf
|
|||||||
#
|
#
|
||||||
# Construct file_contexts
|
# Construct file_contexts
|
||||||
#
|
#
|
||||||
$(FC): $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES) $(FCSORT)
|
$(FC): tmp/$(FC).tmp $(FCSORT)
|
||||||
|
$(QUIET) $(FCSORT) $< $@
|
||||||
|
$(QUIET) grep -e HOME -e ROLE $@ > $(HOMEDIR_TEMPLATE)
|
||||||
|
$(QUIET) sed -i -e /HOME/d -e /ROLE/d $@
|
||||||
|
|
||||||
|
tmp/$(FC).tmp: $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES)
|
||||||
ifeq ($(ALL_FC_FILES),)
|
ifeq ($(ALL_FC_FILES),)
|
||||||
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
|
||||||
endif
|
endif
|
||||||
@echo "Creating $(NAME) file_contexts."
|
@echo "Creating $(NAME) file_contexts."
|
||||||
@test -d tmp || mkdir -p tmp
|
@test -d tmp || mkdir -p tmp
|
||||||
$(QUIET) m4 $(M4PARAM) $(M4SUPPORT) tmp/generated_definitions.conf $(ALL_FC_FILES) > tmp/$@.tmp
|
$(QUIET) m4 $(M4PARAM) $^ > $@
|
||||||
$(QUIET) grep -e HOME -e ROLE tmp/$@.tmp > $(HOMEDIR_TEMPLATE)
|
|
||||||
$(QUIET) sed -i -e /HOME/d -e /ROLE/d tmp/$@.tmp
|
|
||||||
$(QUIET) $(FCSORT) tmp/$@.tmp $@
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -183,26 +192,29 @@ $(FCPATH): $(FC) $(LOADPATH) $(USERPATH)/system.users
|
|||||||
#
|
#
|
||||||
FILESYSTEMS := `mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';`
|
FILESYSTEMS := `mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';`
|
||||||
|
|
||||||
checklabels: $(FC) $(SETFILES)
|
checklabels: $(FCPATH) $(SETFILES)
|
||||||
|
@echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
|
||||||
@if test -z "$(FILESYSTEMS)"; then \
|
@if test -z "$(FILESYSTEMS)"; then \
|
||||||
echo "No filesystems with extended attributes found!" ;\
|
echo "No filesystems with extended attributes found!" ;\
|
||||||
false ;\
|
false ;\
|
||||||
fi
|
fi
|
||||||
$(QUIET) $(SETFILES) -v -n $(FC) $(FILESYSTEMS)
|
$(QUIET) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
|
||||||
|
|
||||||
restorelabels: $(FC) $(SETFILES)
|
restorelabels: $(FCPATH) $(SETFILES)
|
||||||
|
@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
|
||||||
@if test -z "$(FILESYSTEMS)"; then \
|
@if test -z "$(FILESYSTEMS)"; then \
|
||||||
echo "No filesystems with extended attributes found!" ;\
|
echo "No filesystems with extended attributes found!" ;\
|
||||||
false ;\
|
false ;\
|
||||||
fi
|
fi
|
||||||
$(QUIET) $(SETFILES) -v $(FC) $(FILESYSTEMS)
|
$(QUIET) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
|
||||||
|
|
||||||
relabel: $(FC) $(SETFILES)
|
relabel: $(FCPATH) $(SETFILES)
|
||||||
|
@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
|
||||||
@if test -z "$(FILESYSTEMS)"; then \
|
@if test -z "$(FILESYSTEMS)"; then \
|
||||||
echo "No filesystems with extended attributes found!" ;\
|
echo "No filesystems with extended attributes found!" ;\
|
||||||
false ;\
|
false ;\
|
||||||
fi
|
fi
|
||||||
$(QUIET) $(SETFILES) $(FC) $(FILESYSTEMS)
|
$(QUIET) $(SETFILES) $(FCPATH) $(FILESYSTEMS)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -219,10 +231,11 @@ longcheck: policy.conf $(FC)
|
|||||||
# Clean the sources
|
# Clean the sources
|
||||||
#
|
#
|
||||||
clean:
|
clean:
|
||||||
rm -fR tmp
|
|
||||||
rm -f policy.conf
|
rm -f policy.conf
|
||||||
rm -f policy.$(PV)
|
rm -f policy.$(PV)
|
||||||
rm -f $(FC)
|
rm -f $(FC)
|
||||||
|
rm -f $(HOMEDIR_TEMPLATE)
|
||||||
rm -f *.res
|
rm -f *.res
|
||||||
|
rm -fR tmp
|
||||||
|
|
||||||
.PHONY: default policy install load reload enableaudit checklabels restorelabels relabel check longcheck clean
|
.PHONY: default policy install load reload enableaudit checklabels restorelabels relabel check longcheck clean
|
||||||
|
Loading…
Reference in New Issue
Block a user