diff --git a/refpolicy/Changelog b/refpolicy/Changelog index cde6128a6..b2c5bf344 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,4 @@ +- Move policy build options out of Makefile into build.conf. - Add yppasswd to nis module. - Change optional_policy() to refer to the module name rather than modulename.te. diff --git a/refpolicy/INSTALL b/refpolicy/INSTALL index fa58eca3b..1038bae54 100644 --- a/refpolicy/INSTALL +++ b/refpolicy/INSTALL @@ -9,7 +9,8 @@ If you do not have a modules.conf, one can be generated: make conf -This will create a default modules.conf. After installing the policy sources, +This will create a default modules.conf. Options for the policy +build process can be found in build.conf. After installing the policy sources, the old Make targets have been maintained for the monolithic policy: Local policy development: diff --git a/refpolicy/Makefile b/refpolicy/Makefile index 433d80fee..f9ce2b64b 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -14,59 +14,17 @@ # # The default target is 'policy'. # - -######################################## # -# Configurable portions of the Makefile +# Please see build.conf for policy build options. # -# Policy version -# By default, checkpolicy will create the highest -# version policy it supports. Setting this will -# override the version. This only affects -# monolithic policies. -#OUTPUT_POLICY = 18 - -# Policy Type -# strict, targeted, -# strict-mls, targeted-mls, -# strict-mcs, targeted-mcs -TYPE = targeted-mcs - -# Policy Name -# If set, this will be used as the policy -# name. Otherwise the policy type will be -# used for the name. -NAME = refpolicy - -# Distribution -# Some distributions have portions of policy -# for programs or configurations specific to the -# distribution. Setting this will enable options -# for the distribution. -# redhat, gentoo, debian, and suse are current options. -# Fedora users should enable redhat. -DISTRO = redhat - -# Direct admin init -# Setting this will allow sysadm to directly -# run init scripts, instead of requring run_init. -# This is a build option, as role transitions do -# not work in conditional policy. -DIRECT_INITRC=y - -# Build monolithic policy. Putting n here -# will build a loadable module policy. -MONOLITHIC=y - -# Uncomment this to disable command echoing -#QUIET:=@ - ######################################## # # NO OPTIONS BELOW HERE # +include build.conf + # executable paths PREFIX := /usr BINDIR := $(PREFIX)/bin diff --git a/refpolicy/README b/refpolicy/README index f64a0b108..8b9919982 100644 --- a/refpolicy/README +++ b/refpolicy/README @@ -70,9 +70,19 @@ checklabels Check the labels on the filesystem, and report when restorelabels Relabel the filesystem and report each file that is relabeled. -2) Reference Policy Directories +2) Reference Policy Files and Directories All directories relative to the root of the Reference Policy sources directory. +Makefile General rules for building the policy. + +Rules.modular Rules specific to building loadable module policies. + +Rules.monolithic Rules specific to building monolithic policies. + +build.conf Options which influence the building of the policy, + such as the policy type (strict, targeted, etc.) + and distribution. + config/appconfig-* Application configuration files for all configurations of the Reference Policy (targeted/strict with or without MLS or MCS). These are used by SELinux-aware programs. diff --git a/refpolicy/build.conf b/refpolicy/build.conf new file mode 100644 index 000000000..916a0636c --- /dev/null +++ b/refpolicy/build.conf @@ -0,0 +1,46 @@ +######################################## +# +# Policy build options +# + +# Policy version +# By default, checkpolicy will create the highest +# version policy it supports. Setting this will +# override the version. This only has an +# effect for monolithic policies. +#OUTPUT_POLICY = 18 + +# Policy Type +# strict, targeted, +# strict-mls, targeted-mls, +# strict-mcs, targeted-mcs +TYPE = targeted-mcs + +# Policy Name +# If set, this will be used as the policy +# name. Otherwise the policy type will be +# used for the name. +NAME = refpolicy + +# Distribution +# Some distributions have portions of policy +# for programs or configurations specific to the +# distribution. Setting this will enable options +# for the distribution. +# redhat, gentoo, debian, and suse are current options. +# Fedora users should enable redhat. +DISTRO = redhat + +# Direct admin init +# Setting this will allow sysadm to directly +# run init scripts, instead of requring run_init. +# This is a build option, as role transitions do +# not work in conditional policy. +DIRECT_INITRC=y + +# Build monolithic policy. Putting n here +# will build a loadable module policy. +MONOLITHIC=y + +# Uncomment this to disable command echoing +#QUIET:=@