[selinux-policy: 278/3172] more fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:28:55 UTC 2010
commit 84eb353cd9e9919a75a2ae232666264e6f3d4094
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jun 8 13:44:23 2005 +0000
more fixes
refpolicy/Makefile | 51 ++++++++++++++++++---------------------
refpolicy/support/set_tunables | 7 +++++
2 files changed, 31 insertions(+), 27 deletions(-)
---
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index c627f34..fa86b4d 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -57,6 +57,7 @@ SETFILES := $(SBINDIR)/setfiles
SUPPORT := support
GENDOC := $(SUPPORT)/sedoctool.py
FCSORT := $(SUPPORT)/fc_sort
+SETTUN := $(SUPPORT)/set_tunables
XMLLINT := $(BINDIR)/xmllint
@@ -115,8 +116,9 @@ FLASKDIR = $(POLDIR)/flask
APPCONF = config/appconfig
M4SUPPORT = $(POLDIR)/support/support_macros $(wildcard $(POLDIR)/support/*.spt)
+GLOBALTUN := $(POLDIR)/global_tunables
MOD_DISABLE := $(POLDIR)/modules.disable
-TUNABLES = $(POLDIR)/tunables.conf
+TUNABLES := $(POLDIR)/tunables.conf
APPDIR := $(CONTEXTPATH)
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
@@ -136,7 +138,7 @@ POST_TE_FILES := $(POLDIR)/users $(POLDIR)/constraints
ALL_FC_FILES := $(ALL_MODULES:.te=.fc)
-POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf
+POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_interfaces.conf tmp/all_attrs_types.conf $(GLOBALTUN) tmp/only_te_rules.conf tmp/all_post.conf
DOCTOOLS = doc
XMLDTD = $(DOCTOOLS)/policy.dtd
@@ -199,10 +201,10 @@ reload tmp/load: $(LOADPATH) $(FCPATH)
#
policy.conf: $(POLICY_SECTIONS)
@echo "Creating $(NAME) policy.conf"
-# checkpolicy can use the #line directives provided by -s for error reporting:
+ # checkpolicy can use the #line directives provided by -s for error reporting:
$(QUIET) m4 $(M4PARAM) -s $^ > tmp/$@.tmp
$(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@
-# the ordering of these ocontexts matters:
+ # the ordering of these ocontexts matters:
$(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true
$(QUIET) grep ^netifcon tmp/$@.tmp >> $@ || true
$(QUIET) grep ^nodecon tmp/$@.tmp >> $@ || true
@@ -211,8 +213,8 @@ tmp/pre_te_files.conf: $(PRE_TE_FILES)
@test -d tmp || mkdir -p tmp
$(QUIET) cat $^ > $@
-tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES) $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te
-# per-userdomain templates:
+tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES) $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te $(TUNABLES)
+ # per-userdomain templates:
@test -d tmp || mkdir -p tmp
$(QUIET) echo "define(\`per_userdomain_templates',\`" > $@
$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
@@ -220,16 +222,14 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES) $(BASE_MODULE)/cor
>> $@ ;\
done
$(QUIET) echo "')" >> $@
-# define foo.te
+ # define foo.te
$(QUIET) for i in $(notdir $(ALL_MODULES)); do \
echo "define(\`$$i')" >> $@ ;\
done
-# generate network interfaces
$(QUIET) egrep "^network_(interface|node|port)\(.*\)" $(BASE_MODULE)/corenetwork.te \
| m4 $(M4PARAM) -D monolithic_policy -D interface_pass $(M4SUPPORT) $(BASE_MODULE)/corenetwork.if - \
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
-# this is so the xml works:
- $(QUIET) echo "## </module>" >> $@
+ $(QUIET) $(SETTUN) $(TUNABLES) >> $@
tmp/all_interfaces.conf: $(ALL_INTERFACES)
@test -d tmp || mkdir -p tmp
@@ -259,21 +259,6 @@ tmp/all_attrs_types.conf tmp/only_te_rules.conf tmp/all_post.conf: tmp/all_te_fi
########################################
#
-# Create config files
-#
-conf $(MOD_DISABLE) $(TUNABLES): tmp/policy.xml
- @echo "Creating $(MOD_DISABLE) and $(TUNABLES)"
-# @echo "# This file contains a listing of available modules." > $(MOD_DISABLE)
-# @echo "# To prevent a module from being used in policy" >> $(MOD_DISABLE)
-# @echo "# creation, uncomment the line with its name." >> $(MOD_DISABLE)
-# @echo "" >> $(MOD_DISABLE)
-# @for i in $(sort $(patsubst %.te,%,$(notdir $(ALL_TE_FILES)))); do \
-# echo "#$$i" >> $(MOD_DISABLE) ;\
-# done
- $(QUIET) $(GENDOC) -x tmp/policy.xml -t $(TUNABLES) -m $(MOD_DISABLE)
-
-########################################
-#
# Remove the dontaudit rules from the policy.conf
#
enableaudit: policy.conf
@@ -330,17 +315,29 @@ relabel: $(FC) $(SETFILES)
########################################
#
+# Create config files
+#
+conf $(MOD_DISABLE) $(TUNABLES): tmp/policy.xml
+ @echo "Creating $(MOD_DISABLE) and $(TUNABLES)"
+ $(QUIET) cd tmp && ../$(GENDOC) -t ../$(TUNABLES) -m ../$(MOD_DISABLE) -x ../tmp/policy.xml
+
+########################################
+#
# Documentation generation
#
-tmp/policy.xml: $(ALL_INTERFACES) tmp/generated_definitions.conf
+# no dependencies here, because we don't want to rebuild
+# this and its dependents every time the dependencies
+# change
+tmp/policy.xml:
@echo "Creating $@"
+ @mkdir -p tmp
$(QUIET) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
$(QUIET) echo '<!DOCTYPE policy SYSTEM "policy.dtd">' >> $@
$(QUIET) echo "<policy>" >> $@
# process this through m4 to eliminate the generated definitions templates.
# currently these are only in corenetwork.if
- $(QUIET) m4 $^ | egrep -h "^##[[:blank:]]" | sed -e 's/^##[[:blank:]]//g' >> $@
+ $(QUIET) m4 $(ALL_INTERFACES) $(GLOBALTUN) | egrep -h "^##[[:blank:]]" | sed -e 's/^##[[:blank:]]//g' >> $@
$(QUIET) echo "</policy>" >> $@
$(QUIET) if test -x $(XMLLINT) && test -f $(XMLDTD); then \
cp $(XMLDTD) tmp ;\
diff --git a/refpolicy/support/set_tunables b/refpolicy/support/set_tunables
new file mode 100755
index 0000000..81b0156
--- /dev/null
+++ b/refpolicy/support/set_tunables
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# this file exists because this line is
+# too hard to escape correctly in a makefile
+
+egrep -v '^[[:blank:]]*(\#.*)?$' $1 \
+ | awk '{ print "define(`"$1"_conf'\'',`"$3"'\'')" }'
More information about the scm-commits
mailing list