[selinux-policy: 1471/3172] add makefile support for netfilter contexts

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:12:31 UTC 2010 

commit 6962bb32839459b685180b3f752933cf023b96b6
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu May 25 15:14:19 2006 +0000

    add makefile support for netfilter contexts

 refpolicy/Makefile         |   12 ++++++++++++
 refpolicy/Rules.modular    |    1 +
 refpolicy/Rules.monolithic |    1 +
 3 files changed, 14 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index ae36111..a629d18 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -90,6 +90,7 @@ FCSORT := $(TMPDIR)/fc_sort
 SETBOOLS := $(AWK) -f $(SUPPORT)/set_bools_tuns.awk
 get_type_attr_decl := $(SED) -r -f $(SUPPORT)/get_type_attr_decl.sed
 comment_move_decl := $(SED) -r -f $(SUPPORT)/comment_move_decl.sed
+gennetfilter := $(PYTHON) $(SUPPORT)/gennetfilter.py
 # use our own genhomedircon to make sure we have a known usable one,
 # so policycoreutils updates are not required (RHEL4)
 genhomedircon := $(PYTHON) $(SUPPORT)/genhomedircon
@@ -158,6 +159,7 @@ ifneq ($(findstring -mls,$(TYPE)),)
 	M4PARAM += -D enable_mls
 	CHECKPOLICY += -M
 	CHECKMODULE += -M
+	gennetfilter += -m
 endif
 
 # enable MLS if MCS requested.
@@ -165,6 +167,7 @@ ifneq ($(findstring -mcs,$(TYPE)),)
 	M4PARAM += -D enable_mcs
 	CHECKPOLICY += -M
 	CHECKMODULE += -M
+	gennetfilter += -c
 endif
 
 # enable distribution-specific policy
@@ -231,6 +234,7 @@ SEUSERS := $(APPCONF)/seusers
 APPDIR := $(CONTEXTPATH)
 APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
+net_contexts := $(BUILDDIR)net_contexts
 
 ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
 ifdef LOCAL_ROOT
@@ -342,6 +346,14 @@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/ke
 
 ########################################
 #
+# Network packet labeling
+#
+$(net_contexts): $(MODDIR)/kernel/corenetwork.te.in
+	@echo "Creating netfilter network labeling rules"
+	$(verbose) $(gennetfilter) $^ > $@
+
+########################################
+#
 # Create config files
 #
 conf: $(MOD_CONF) $(BOOLEANS) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular
index d877c36..370e08b 100644
--- a/refpolicy/Rules.modular
+++ b/refpolicy/Rules.modular
@@ -231,6 +231,7 @@ clean:
 	rm -f $(BASE_CONF)
 	rm -f $(BASE_FC)
 	rm -f $(BUILDDIR)*.pp
+	rm -f $(net_contexts)
 	rm -fR $(TMPDIR)
 
 .PHONY: default all policy base modules install load clean validate
diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic
index c597a00..972516a 100644
--- a/refpolicy/Rules.monolithic
+++ b/refpolicy/Rules.monolithic
@@ -236,6 +236,7 @@ clean:
 	rm -f $(POLVER)
 	rm -f $(FC)
 	rm -f $(HOMEDIR_TEMPLATE)
+	rm -f $(net_contexts)
 	rm -f *.res
 	rm -fR $(TMPDIR)

More information about the scm-commits mailing list