Go to file
Yuli Khodorkovskiy cae4a4c951 libsemanage: add support for HLL to CIL compilers
An HLL to CIL compiler must exist in the compiler_directory path which
is configubrable in semanage.conf. By default, this path is
/usr/libexec/selinux/hll/. The compiler name needs to match the HLL
language extension. For example, for pp files,
/usr/libexec/selinux/hll/pp must exist.

The HLL infrastructure uncompresses the HLL module and pipes the data to
the appropriate CIL compiler. The output CIL from the compiler is read
from another pipe, compressed, and saved to the module store as a cached
CIL file. This file will be used on all subsequent policy builds, unless
a new module is installed with the same name at the same priority, at
which point the cache is deleted and is subsequently rebuilt and cached.

A new option is added to semanage.conf, ignore_cache, which if set to
true will cause the cached CIL files to be ignored and all HLL files to
be recompiled and the resulting CIL to be recached.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2014-08-26 08:03:31 -04:00
checkpolicy Bump version and update ChangeLog for release. 2014-05-06 13:30:27 -04:00
libselinux libselinux: Compiled file context files and the original should have the same permissions 2014-08-26 07:59:02 -04:00
libsemanage libsemanage: add support for HLL to CIL compilers 2014-08-26 08:03:31 -04:00
libsepol libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
policycoreutils policycoreutils: add a HLL compiler to convert policy packages (.pp) to CIL 2014-08-26 08:03:31 -04:00
scripts Add make-update script and fix release script. 2013-10-31 14:34:02 -04:00
sepolgen sepolgen: remove unnecessary grammar in interface call param list 2014-08-26 07:59:08 -04:00
.gitignore Squashed 'libsepol/cil/' content from commit c13ce01 2014-08-26 08:02:58 -04:00
Makefile Squashed 'libsepol/cil/' content from commit c13ce01 2014-08-26 08:02:58 -04:00
README Squashed 'libsepol/cil/' content from commit c13ce01 2014-08-26 08:02:58 -04:00

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.