[selinux-policy: 427/3172] change modules.conf behavior to be in line with behavior which will be used in the future for base m
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:41:39 UTC 2010
commit 19db6ba5a9d2bcdd2be16bae005c8f64775b27ec
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Jun 28 17:31:18 2005 +0000
change modules.conf behavior to be in line with behavior which will be used in the future for base module
refpolicy/Makefile | 29 +++++++++++++++++++----------
1 files changed, 19 insertions(+), 10 deletions(-)
---
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 09661b4..bc1c474 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -121,7 +121,7 @@ APPCONF = config/appconfig
M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
GLOBALTUN := $(POLDIR)/global_tunables
-MOD_DISABLE := $(POLDIR)/modules.conf
+MOD_CONF := $(POLDIR)/modules.conf
TUNABLES := $(POLDIR)/tunables.conf
APPDIR := $(CONTEXTPATH)
@@ -129,7 +129,6 @@ APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
USER_FILES := $(POLDIR)/users
-DISABLEMOD := $(foreach mod,$(shell egrep -v '^[[:blank:]]*\#' $(MOD_DISABLE)),$(subst ./,,$(shell find -iname $(mod).te)))
ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
GENERATED_TE := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te.in)))
@@ -139,7 +138,10 @@ GENERATED_FC := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.fc.in
# sort here since it removes duplicates, which can happen
# when a generated file is already generated
DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(GENERATED_TE))
-ALL_MODULES := $(filter-out $(DISABLEMOD),$(DETECTED_MODS))
+
+MODON = on
+ENABLEMOD := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODON)") print $$1 }' $(MOD_CONF)),$(subst ./,,$(shell find -iname $(mod).te)))
+ALL_MODULES := $(filter $(ENABLEMOD),$(DETECTED_MODS))
PRE_TE_FILES := $(addprefix $(FLASKDIR)/,security_classes initial_sids access_vectors) $(M4SUPPORT) $(POLDIR)/mls
ALL_INTERFACES := $(ALL_MODULES:.te=.if)
@@ -240,10 +242,16 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES)
$(QUIET) $(SETTUN) $(TUNABLES) >> $@
tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
+ifeq ($(ALL_INTERFACES),)
+ $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
+endif
@test -d tmp || mkdir -p tmp
$(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
tmp/all_te_files.conf: $(ALL_TE_FILES)
+ifeq ($(ALL_TE_FILES),)
+ $(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
+endif
@test -d tmp || mkdir -p tmp
$(QUIET) cat $^ > $@
@@ -345,11 +353,11 @@ relabel: $(FC) $(SETFILES)
#
# Create config files
#
-conf: $(MOD_DISABLE) $(TUNABLES) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
+conf: $(MOD_CONF) $(TUNABLES) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
-$(MOD_DISABLE) $(TUNABLES): $(POLXML)
- @echo "Creating $(MOD_DISABLE) and $(TUNABLES)"
- $(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(TUNABLES) -m ../$(MOD_DISABLE) -x ../$(POLXML)
+$(MOD_CONF) $(TUNABLES): $(POLXML)
+ @echo "Updating $(MOD_CONF) and $(TUNABLES)"
+ $(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(TUNABLES) -m ../$(MOD_CONF) -x ../$(POLXML)
########################################
#
@@ -358,8 +366,9 @@ $(MOD_DISABLE) $(TUNABLES): $(POLXML)
# minimal dependencies here, because we don't want to rebuild
# this and its dependents every time the dependencies
-# change
-$(POLXML): $(ALL_INTERFACES)
+# change. Also use all .if files here, rather then just the
+# enabled modules.
+$(POLXML): $(DETECTED_MODS:.te=.if)
@echo "Creating $@"
@mkdir -p tmp
$(QUIET) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
@@ -476,7 +485,7 @@ bare: clean
rm -f $(POLXML)
rm -f $(SUPPORT)/*.pyc
rm -f $(FCSORT)
- rm -f $(MOD_DISABLE)
+ rm -f $(MOD_CONF)
rm -f $(TUNABLES)
rm -fR $(HTMLDIR)
ifneq ($(GENERATED_TE),)
More information about the scm-commits
mailing list