nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install-docs target, consolidate relabeling

This commit is contained in:
Chris PeBenito 2006-02-01 13:22:14 +00:00
parent 6bb0da3174
commit 120988c484
2 changed files with 85 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
refpolicy/Makefile
View File

@ -25,10 +25,12 @@
include build.conf include build.conf
# refpolicy version
VERSION = $(shell cat VERSION)
# executable paths # executable paths
PREFIX := /usr BINDIR := /usr/bin
BINDIR := $(PREFIX)/bin SBINDIR := /usr/sbin
SBINDIR := $(PREFIX)/sbin
CHECKPOLICY := $(BINDIR)/checkpolicy CHECKPOLICY := $(BINDIR)/checkpolicy
CHECKMODULE := $(BINDIR)/checkmodule CHECKMODULE := $(BINDIR)/checkmodule
SEMODULE := $(SBINDIR)/semodule SEMODULE := $(SBINDIR)/semodule
@ -64,24 +66,30 @@ XMLDTD = $(DOCS)/policy.dtd
LAYERXML = metadata.xml LAYERXML = metadata.xml
HTMLDIR = $(DOCS)/html HTMLDIR = $(DOCS)/html
DOCTEMPLATE = $(DOCS)/templates DOCTEMPLATE = $(DOCS)/templates
DEVMAKEFILE = $(SUPPORT)/Makefile.devel
EXAMPLEMOD = $(addprefix $(DOCS)/,example.te example.if example.fc)
# config file paths # config file paths
GLOBALTUN := $(POLDIR)/global_tunables GLOBALTUN = $(POLDIR)/global_tunables
GLOBALBOOL := $(POLDIR)/global_booleans GLOBALBOOL = $(POLDIR)/global_booleans
MOD_CONF := $(POLDIR)/modules.conf MOD_CONF = $(POLDIR)/modules.conf
TUNABLES := $(POLDIR)/tunables.conf TUNABLES = $(POLDIR)/tunables.conf
BOOLEANS := $(POLDIR)/booleans.conf BOOLEANS = $(POLDIR)/booleans.conf
ROLEMAP := $(POLDIR)/rolemap ROLEMAP = $(POLDIR)/rolemap
# install paths # install paths
TOPDIR := $(DESTDIR)/etc/selinux PKGNAME ?= refpolicy-$(VERSION)
INSTALLDIR := $(TOPDIR)/$(NAME) PREFIX = $(DESTDIR)/usr
SRCPATH := $(INSTALLDIR)/src TOPDIR = $(DESTDIR)/etc/selinux
USERPATH := $(INSTALLDIR)/users INSTALLDIR = $(TOPDIR)/$(NAME)
CONTEXTPATH := $(INSTALLDIR)/contexts SRCPATH = $(INSTALLDIR)/src
SHAREDIR := $(DESTDIR)$(PREFIX)/share/selinux USERPATH = $(INSTALLDIR)/users
MODPKGDIR := $(SHAREDIR)/$(NAME) CONTEXTPATH = $(INSTALLDIR)/contexts
HEADERDIR := $(SHAREDIR)/refpolicy/include FCPATH = $(CONTEXTPATH)/files/file_contexts
SHAREDIR = $(PREFIX)/share/selinux
MODPKGDIR = $(SHAREDIR)/$(NAME)
HEADERDIR = $(SHAREDIR)/refpolicy/include
DOCSDIR = $(PREFIX)/share/doc/$(PKGNAME)
# compile strict policy if requested. # compile strict policy if requested.
ifneq ($(findstring strict,$(TYPE)),) ifneq ($(findstring strict,$(TYPE)),)
@ -188,6 +196,9 @@ BASE_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 ==
MOD_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null)) MOD_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null))
OFF_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODUNUSED)") print $$1 }' $(MOD_CONF) 2> /dev/null)) OFF_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODUNUSED)") print $$1 }' $(MOD_CONF) 2> /dev/null))
# filesystems to be labeled
FILESYSTEMS = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';)
######################################## ########################################
# #
# Functions # Functions
@ -268,11 +279,12 @@ $(POLXML): $(DETECTED_MODS:.te=.if) $(foreach dir,$(ALL_LAYERS),$(dir)/$(LAYERXM
$(XMLLINT) --noout --dtdvalid $(XMLDTD) $@ ;\ $(XMLLINT) --noout --dtdvalid $(XMLDTD) $@ ;\
fi fi
html: $(POLXML) html tmp/html: $(POLXML)
@echo "Building html interface reference documentation in $(HTMLDIR)" @echo "Building html interface reference documentation in $(HTMLDIR)"
@mkdir -p $(HTMLDIR) @mkdir -p $(HTMLDIR)
$(verbose) cd $(DOCS) && ../$(GENDOC) -d ../$(HTMLDIR) -T ../$(DOCTEMPLATE) -x ../$(POLXML) $(verbose) cd $(DOCS) && ../$(GENDOC) -d ../$(HTMLDIR) -T ../$(DOCTEMPLATE) -x ../$(POLXML)
$(verbose) cp $(DOCTEMPLATE)/*.css $(HTMLDIR) $(verbose) cp $(DOCTEMPLATE)/*.css $(HTMLDIR)
@touch tmp/html
######################################## ########################################
# #
@ -347,11 +359,23 @@ $(APPDIR)/users/root: $(APPCONF)/root_default_contexts
# #
# Install policy headers # Install policy headers
# #
install-headers: $(DETECTED_MODS:.te=.if) $(ROLEMAP) $(M4SUPPORT) $(SUPPORT)/Makefile.devel build.conf install-headers: $(DETECTED_MODS:.te=.if) $(ROLEMAP) $(M4SUPPORT)
mkdir -p $(HEADERDIR) @mkdir -p $(HEADERDIR)
@echo "Installing policy headers"
$(verbose) install -m 644 $^ $(HEADERDIR) $(verbose) install -m 644 $^ $(HEADERDIR)
$(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $(HEADERDIR)/all_perms.spt $(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $(HEADERDIR)/all_perms.spt
########################################
#
# Install policy documentation
#
install-docs: $(DEVMAKEFILE) $(EXAMPLEMOD) build.conf tmp/html
@mkdir -p $(DOCSDIR)/html
@echo "Installing policy documentation"
$(verbose) install -m 644 $(DEVMAKEFILE) $(EXAMPLEMOD) $(DOCSDIR)
$(verbose) install -m 644 build.conf $(DOCSDIR)/build.conf.example
$(verbose) install -m 644 $(wildcard $(HTMLDIR)/*) $(DOCSDIR)/html
######################################## ########################################
# #
# Install policy sources # Install policy sources
@ -376,6 +400,42 @@ tags:
--regex-te='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \ --regex-te='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
--regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{if,te} policy/support/*.spt --regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{if,te} policy/support/*.spt
########################################
#
# Filesystem labeling
#
checklabels:
@echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
$(verbose) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
restorelabels:
@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
$(verbose) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
relabel:
@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
$(verbose) $(SETFILES) $(FCPATH) $(FILESYSTEMS)
resetlabels:
@echo "Resetting labels on filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
$(verbose) $(SETFILES) -F $(FCPATH) $(FILESYSTEMS)
######################################## ########################################
# #
# Clean everything # Clean everything

36
refpolicy/Rules.monolithic
View File

@ -6,7 +6,6 @@
# install paths # install paths
POLICYPATH = $(INSTALLDIR)/policy POLICYPATH = $(INSTALLDIR)/policy
LOADPATH = $(POLICYPATH)/$(POLVER) LOADPATH = $(POLICYPATH)/$(POLVER)
FCPATH = $(CONTEXTPATH)/files/file_contexts
HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template HOMEDIRPATH = $(CONTEXTPATH)/files/homedir_template
FC := file_contexts FC := file_contexts
@ -45,6 +44,11 @@ install: $(LOADPATH) $(FCPATH) $(APPFILES) $(USERPATH)/local.users
load: tmp/load load: tmp/load
checklabels: $(FCPATH)
restorelabels: $(FCPATH)
relabel: $(FCPATH)
resetlabels: $(FCPATH)
######################################## ########################################
# #
# Build a binary policy locally # Build a binary policy locally
@ -187,36 +191,6 @@ $(FCPATH): $(FC) $(LOADPATH) $(USERPATH)/system.users
$(verbose) install -m 644 $(HOMEDIR_TEMPLATE) $(HOMEDIRPATH) $(verbose) install -m 644 $(HOMEDIR_TEMPLATE) $(HOMEDIRPATH)
$(verbose) $(GENHOMEDIRCON) -d $(TOPDIR) -t $(NAME) $(USEPWD) $(verbose) $(GENHOMEDIRCON) -d $(TOPDIR) -t $(NAME) $(USEPWD)
########################################
#
# Filesystem labeling
#
FILESYSTEMS := `mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';`
checklabels: $(FCPATH) $(SETFILES)
@echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
$(verbose) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
restorelabels: $(FCPATH) $(SETFILES)
@echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
$(verbose) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
relabel: $(FCPATH) $(SETFILES)
@echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
@if test -z "$(FILESYSTEMS)"; then \
echo "No filesystems with extended attributes found!" ;\
false ;\
fi
$(verbose) $(SETFILES) $(FCPATH) $(FILESYSTEMS)
######################################## ########################################
# #
# Run policy source checks # Run policy source checks