From 6962bb32839459b685180b3f752933cf023b96b6 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 25 May 2006 15:14:19 +0000 Subject: [PATCH] add makefile support for netfilter contexts --- refpolicy/Makefile | 12 ++++++++++++ refpolicy/Rules.modular | 1 + refpolicy/Rules.monolithic | 1 + 3 files changed, 14 insertions(+) diff --git a/refpolicy/Makefile b/refpolicy/Makefile index ae361118d..a629d18bd 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -90,6 +90,7 @@ FCSORT := $(TMPDIR)/fc_sort SETBOOLS := $(AWK) -f $(SUPPORT)/set_bools_tuns.awk get_type_attr_decl := $(SED) -r -f $(SUPPORT)/get_type_attr_decl.sed comment_move_decl := $(SED) -r -f $(SUPPORT)/comment_move_decl.sed +gennetfilter := $(PYTHON) $(SUPPORT)/gennetfilter.py # use our own genhomedircon to make sure we have a known usable one, # so policycoreutils updates are not required (RHEL4) genhomedircon := $(PYTHON) $(SUPPORT)/genhomedircon @@ -158,6 +159,7 @@ ifneq ($(findstring -mls,$(TYPE)),) M4PARAM += -D enable_mls CHECKPOLICY += -M CHECKMODULE += -M + gennetfilter += -m endif # enable MLS if MCS requested. @@ -165,6 +167,7 @@ ifneq ($(findstring -mcs,$(TYPE)),) M4PARAM += -D enable_mcs CHECKPOLICY += -M CHECKMODULE += -M + gennetfilter += -c endif # enable distribution-specific policy @@ -231,6 +234,7 @@ SEUSERS := $(APPCONF)/seusers APPDIR := $(CONTEXTPATH) APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media +net_contexts := $(BUILDDIR)net_contexts ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d)) ifdef LOCAL_ROOT @@ -340,6 +344,14 @@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/ke $(verbose) m4 -D self_contained_policy $(M4PARAM) $^ \ | sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@ +######################################## +# +# Network packet labeling +# +$(net_contexts): $(MODDIR)/kernel/corenetwork.te.in + @echo "Creating netfilter network labeling rules" + $(verbose) $(gennetfilter) $^ > $@ + ######################################## # # Create config files diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular index d877c3618..370e08bc8 100644 --- a/refpolicy/Rules.modular +++ b/refpolicy/Rules.modular @@ -231,6 +231,7 @@ clean: rm -f $(BASE_CONF) rm -f $(BASE_FC) rm -f $(BUILDDIR)*.pp + rm -f $(net_contexts) rm -fR $(TMPDIR) .PHONY: default all policy base modules install load clean validate diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic index c597a0011..972516a11 100644 --- a/refpolicy/Rules.monolithic +++ b/refpolicy/Rules.monolithic @@ -236,6 +236,7 @@ clean: rm -f $(POLVER) rm -f $(FC) rm -f $(HOMEDIR_TEMPLATE) + rm -f $(net_contexts) rm -f *.res rm -fR $(TMPDIR)