diff --git a/refpolicy/Changelog b/refpolicy/Changelog index 42024c690..54a9b76ba 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,5 @@ +- Fix expansion of interfaces from disabled + modules. - Rsync can be long running from init, added rules to allow this. - Add polyinstantiation build option. diff --git a/refpolicy/Makefile b/refpolicy/Makefile index 1148f134a..f31133634 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -159,12 +159,16 @@ DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(G # modules.conf setting for base module MODBASE := base -# modules.conf setting for module +# modules.conf setting for loadable module MODMOD := module +# modules.conf setting for unused module +MODUNUSED := off + # extract settings from modules.conf BASE_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null)) MOD_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null)) +OFF_MODS := $(addsuffix .te,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODUNUSED)") print $$1 }' $(MOD_CONF) 2> /dev/null)) ######################################## # diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular index da58eac47..0552a3919 100644 --- a/refpolicy/Rules.modular +++ b/refpolicy/Rules.modular @@ -3,7 +3,7 @@ # Rules and Targets for building modular policies # -ALL_MODULES := $(BASE_MODS) $(MOD_MODS) +ALL_MODULES := $(BASE_MODS) $(MOD_MODS) $(OFF_MODS) ALL_INTERFACES := $(ALL_MODULES:.te=.if) BASE_PKG := base.pp @@ -17,7 +17,7 @@ BASE_POST_TE_FILES := $(USER_FILES) $(POLDIR)/constraints BASE_FC_FILES := $(BASE_MODS:.te=.fc) MOD_MODULES := $(MOD_MODS:.te=.mod) -MOD_PKGS := $(notdir $(MOD_MODS:.te=.pp)) +MOD_PKGS := $(MOD_MODS:.te=.pp) # policy packages to install INSTPKG := $(addprefix $(MODPKGDIR)/,$(BASE_PKG) $(MOD_PKGS)) @@ -110,7 +110,7 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(BASE_TE_FILES) $(QUIET) $(GENPERM) $(AVS) $(SECCLASS) > $@ # per-userdomain templates $(QUIET) echo "define(\`per_userdomain_templates',\`" >> $@ - $(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \ + $(QUIET) for i in $(patsubst %.te,%,$(BASE_MODS) $(MOD_MODS)); do \ echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \ >> $@ ;\ done