add makefile support for netfilter contexts
This commit is contained in:
Chris PeBenito
parent
6b873c4da0
commit
6962bb3283
|
|
@ -90,6 +90,7 @@ FCSORT := $(TMPDIR)/fc_sort
|
||||||
SETBOOLS := $(AWK) -f $(SUPPORT)/set_bools_tuns.awk
|
SETBOOLS := $(AWK) -f $(SUPPORT)/set_bools_tuns.awk
|
||||||
get_type_attr_decl := $(SED) -r -f $(SUPPORT)/get_type_attr_decl.sed
|
get_type_attr_decl := $(SED) -r -f $(SUPPORT)/get_type_attr_decl.sed
|
||||||
comment_move_decl := $(SED) -r -f $(SUPPORT)/comment_move_decl.sed
|
comment_move_decl := $(SED) -r -f $(SUPPORT)/comment_move_decl.sed
|
||||||
|
gennetfilter := $(PYTHON) $(SUPPORT)/gennetfilter.py
|
||||||
# use our own genhomedircon to make sure we have a known usable one,
|
# use our own genhomedircon to make sure we have a known usable one,
|
||||||
# so policycoreutils updates are not required (RHEL4)
|
# so policycoreutils updates are not required (RHEL4)
|
||||||
genhomedircon := $(PYTHON) $(SUPPORT)/genhomedircon
|
genhomedircon := $(PYTHON) $(SUPPORT)/genhomedircon
|
||||||
|
|
@ -158,6 +159,7 @@ ifneq ($(findstring -mls,$(TYPE)),)
|
||||||
M4PARAM += -D enable_mls
|
M4PARAM += -D enable_mls
|
||||||
CHECKPOLICY += -M
|
CHECKPOLICY += -M
|
||||||
CHECKMODULE += -M
|
CHECKMODULE += -M
|
||||||
|
gennetfilter += -m
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# enable MLS if MCS requested.
|
# enable MLS if MCS requested.
|
||||||
|
|
@ -165,6 +167,7 @@ ifneq ($(findstring -mcs,$(TYPE)),)
|
||||||
M4PARAM += -D enable_mcs
|
M4PARAM += -D enable_mcs
|
||||||
CHECKPOLICY += -M
|
CHECKPOLICY += -M
|
||||||
CHECKMODULE += -M
|
CHECKMODULE += -M
|
||||||
|
gennetfilter += -c
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# enable distribution-specific policy
|
# enable distribution-specific policy
|
||||||
|
|
@ -231,6 +234,7 @@ SEUSERS := $(APPCONF)/seusers
|
||||||
APPDIR := $(CONTEXTPATH)
|
APPDIR := $(CONTEXTPATH)
|
||||||
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
|
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
|
||||||
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
|
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
|
||||||
|
net_contexts := $(BUILDDIR)net_contexts
|
||||||
|
|
||||||
ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
|
ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
|
||||||
ifdef LOCAL_ROOT
|
ifdef LOCAL_ROOT
|
||||||
|
|
@ -340,6 +344,14 @@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/ke
|
||||||
$(verbose) m4 -D self_contained_policy $(M4PARAM) $^ \
|
$(verbose) m4 -D self_contained_policy $(M4PARAM) $^ \
|
||||||
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
|
# Network packet labeling
|
||||||
|
#
|
||||||
|
$(net_contexts): $(MODDIR)/kernel/corenetwork.te.in
|
||||||
|
@echo "Creating netfilter network labeling rules"
|
||||||
|
$(verbose) $(gennetfilter) $^ > $@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Create config files
|
# Create config files
|
||||||
|
|
|
||||||
|
|
@ -231,6 +231,7 @@ clean:
|
||||||
rm -f $(BASE_CONF)
|
rm -f $(BASE_CONF)
|
||||||
rm -f $(BASE_FC)
|
rm -f $(BASE_FC)
|
||||||
rm -f $(BUILDDIR)*.pp
|
rm -f $(BUILDDIR)*.pp
|
||||||
|
rm -f $(net_contexts)
|
||||||
rm -fR $(TMPDIR)
|
rm -fR $(TMPDIR)
|
||||||
|
|
||||||
.PHONY: default all policy base modules install load clean validate
|
.PHONY: default all policy base modules install load clean validate
|
||||||
|
|
|
||||||
|
|
@ -236,6 +236,7 @@ clean:
|
||||||
rm -f $(POLVER)
|
rm -f $(POLVER)
|
||||||
rm -f $(FC)
|
rm -f $(FC)
|
||||||
rm -f $(HOMEDIR_TEMPLATE)
|
rm -f $(HOMEDIR_TEMPLATE)
|
||||||
|
rm -f $(net_contexts)
|
||||||
rm -f *.res
|
rm -f *.res
|
||||||
rm -fR $(TMPDIR)
|
rm -fR $(TMPDIR)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue