Commit Graph

26 Commits

Author SHA1 Message Date
Chris PeBenito bf1d9c5b83 Add validate target for monolithic policy. 2015-02-08 23:15:29 -05:00
Chris PeBenito 6624f9cf7a Drop RHEL4 and RHEL5 support. 2014-09-24 13:10:37 -04:00
Chris PeBenito cce73689ea Always use the unknown permissions handling build option.
This compile-time feature is in the minimum-required checkpolicy/checkmodule
for building the policy, so it should always be used.
2014-06-19 10:52:14 -04:00
Chris PeBenito 0dc377caa4 Add file for placing default_* statements. 2014-04-28 10:00:36 -04:00
Nicolas Iooss c1c11fa2f8 Fix parallel build of the policy
Before this commit, "make -j2" would execute twice at the same time the rules
written to build tmp/all_post.conf because these rules were applied every time
tmp/all_post.conf, tmp/all_attrs_types.conf and tmp/only_te_rules.conf needed
to be built. However, executing twice in parallel such line is buggy:

    $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> \
        tmpdir)/all_post.conf

This is why "make" reports following error for parallel builds:

    Compiling refpolicy-patched base module
    /usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod
    /usr/bin/checkmodule:  loading policy configuration from base.conf
    policy/modules/kernel/ubac.te":710:ERROR 'syntax error' at token
    'fs_use_trans' on line 26520:
    fs_use_trans devtmpfs system_u:object_r:device_t:s0;

    /usr/bin/checkmodule:  error(s) encountered while parsing configuration
    make: *** [tmp/base.mod] Error 1

This commit fixes this bug by splitting the rules in 3 different targets, in
both monolithic and modular builds.
2014-03-14 08:46:46 -04:00
Chris PeBenito f27f36ff15 Make the QUIET build option apply to clean and bare targets. 2014-01-16 11:25:42 -05:00
Chris PeBenito 3bf7fd504c Use python libselinux bindings to determine policy version.
This eliminates the hardcoded /selinux in Rules.monolithic, which
broke when the filesystem mount was moved to /sys/fs/selinux.
2013-06-06 09:27:40 -04:00
Chris PeBenito 458ab7d2ba Fix makefiles to install files with the correct DAC permissions if the umask is not 022.
trac ticket #50
2011-10-19 10:59:16 -04:00
Chris PeBenito d1af485661 Remove rolemap and per-role template support.
This support was deprecated and unused in Reference Policy November 5 2008.
2011-10-14 08:52:21 -04:00
Chris PeBenito adddcf93f6 Fix unexpanded MLS/MCS fields in monolithic seusers file. 2011-08-12 08:28:37 -04:00
Chris PeBenito cee508bcb5 Install the seusers file for monolithic policy. 2009-10-23 11:20:07 -04:00
Chris PeBenito 6627570e85 trunk: fix monolithic building to correctly put USER lines in homedir_template. 2008-11-11 14:22:57 +00:00
Chris PeBenito 296273a719 trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
Chris PeBenito c07f9ccd18 trunk: Add file for enabling policy capabilities. 2008-04-18 14:21:01 +00:00
Chris PeBenito e276d50e21 trunk: Add iferror.m4 rather generate it out of the Makefiles. 2008-03-06 20:17:46 +00:00
Chris PeBenito 285d009351 trunk: do not install netfilter_contexts on monolithic. 2007-11-19 20:02:50 +00:00
Chris PeBenito 8acfcbcc2a trunk: Add support for setting the unknown permissions handling. 2007-09-27 13:41:09 +00:00
Chris PeBenito 96fc0a45be trunk: Fix XML building for external reference builds and headers builds. 2007-09-21 15:06:58 +00:00
Chris PeBenito d17bab02cc stop adding netfilter contexts, as decided at the developers summit 2007-03-21 19:40:55 +00:00
Chris PeBenito 212832373e mkdir policy and file contexts dirs in make load of modular policy. 2006-10-10 15:09:59 +00:00
Chris PeBenito bbcd3c97dd add main part of role-o-matic 2006-09-06 22:07:25 +00:00
Chris PeBenito c634db20c6 fix makefile style so internal variables are lowercase 2006-08-31 17:28:35 +00:00
Chris PeBenito cfd5c5e157 add variable for install, and do other helper pgm cleanup 2006-08-08 21:56:45 +00:00
Chris PeBenito eb8a2639b4 fix target deps for nc 2006-08-07 17:35:30 +00:00
Chris PeBenito 5a7c06fdd1 add support for netfilter_contexts 2006-08-07 17:25:09 +00:00
Chris PeBenito 17de1b790b remove extra level of directory 2006-07-12 20:32:27 +00:00