Merge pull request #103 from fishilico/validate_modular_fc
Make "validate" target verify file contexts
This commit is contained in:
commit
2f3691e4c8
|
@ -5,6 +5,7 @@
|
||||||
|
|
||||||
all_modules := $(base_mods) $(mod_mods) $(off_mods)
|
all_modules := $(base_mods) $(mod_mods) $(off_mods)
|
||||||
all_interfaces := $(all_modules:.te=.if)
|
all_interfaces := $(all_modules:.te=.if)
|
||||||
|
all_mod_fc := $(addprefix $(tmpdir)/,$(notdir $(all_modules:.te=.mod.fc)))
|
||||||
|
|
||||||
base_pkg := $(builddir)base.pp
|
base_pkg := $(builddir)base.pp
|
||||||
base_fc := $(builddir)base.fc
|
base_fc := $(builddir)base.fc
|
||||||
|
@ -30,7 +31,7 @@ vpath %.te $(all_layers)
|
||||||
vpath %.if $(all_layers)
|
vpath %.if $(all_layers)
|
||||||
vpath %.fc $(all_layers)
|
vpath %.fc $(all_layers)
|
||||||
|
|
||||||
.SECONDARY: $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod)) $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod.fc))
|
.SECONDARY: $(all_mod_fc:.mod.fc=.mod) $(all_mod_fc)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -85,6 +86,9 @@ $(builddir)%.pp: $(tmpdir)/%.mod $(tmpdir)/%.mod.fc
|
||||||
@test -d $(builddir) || mkdir -p $(builddir)
|
@test -d $(builddir) || mkdir -p $(builddir)
|
||||||
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
|
||||||
|
|
||||||
|
$(tmpdir)/all_mods.fc: $(all_mod_fc)
|
||||||
|
$(verbose) cat $^ > $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Create a base module package
|
# Create a base module package
|
||||||
|
@ -198,10 +202,12 @@ $(appdir)/customizable_types: $(base_conf)
|
||||||
#
|
#
|
||||||
# Validate linking and expanding of modules
|
# Validate linking and expanding of modules
|
||||||
#
|
#
|
||||||
validate: $(base_pkg) $(mod_pkgs)
|
validate: $(base_pkg) $(mod_pkgs) $(tmpdir)/all_mods.fc
|
||||||
@echo "Validating policy linking."
|
@echo "Validating policy linking."
|
||||||
$(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $^
|
$(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $(base_pkg) $(mod_pkgs)
|
||||||
$(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin
|
$(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin
|
||||||
|
@echo "Validating policy file contexts."
|
||||||
|
$(verbose) $(SETFILES) -q -c $(tmpdir)/policy.bin $(tmpdir)/all_mods.fc
|
||||||
@echo "Success."
|
@echo "Success."
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|
|
@ -185,7 +185,7 @@ ifdef(`distro_suse', `
|
||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
# this is a static /dev dir "backup mount"
|
# this is a static /dev dir "backup mount"
|
||||||
# if you want to disable udev, you'll have to boot permissive and relabel!
|
# if you want to disable udev, you will have to boot permissive and relabel!
|
||||||
/dev/\.static -d gen_context(system_u:object_r:device_t,s0)
|
/dev/\.static -d gen_context(system_u:object_r:device_t,s0)
|
||||||
/dev/\.static/dev -d gen_context(system_u:object_r:device_t,s0)
|
/dev/\.static/dev -d gen_context(system_u:object_r:device_t,s0)
|
||||||
/dev/\.static/dev/(.*)? <<none>>
|
/dev/\.static/dev/(.*)? <<none>>
|
||||||
|
|
Loading…
Reference in New Issue