Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 86845 Details for
Bug 133447
Need reiserfs support for reiserfs in SELinux
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
reiserfs support for SELinux (/etc/security/selinux/src/policy/Makefile)
Makefile (text/plain), 5.97 KB, created by
Tetsuji Rai
on 2006-05-16 00:47:02 UTC
(
hide
)
Description:
reiserfs support for SELinux (/etc/security/selinux/src/policy/Makefile)
Filename:
MIME Type:
Creator:
Tetsuji Rai
Created:
2006-05-16 00:47:02 UTC
Size:
5.97 KB
patch
obsolete
># ># Makefile for the security policy. ># ># Targets: ># ># install - compile and install the policy configuration. ># load - compile, install, and load the policy configuration. ># reload - compile, install, and load/reload the policy configuration. ># relabel - relabel filesystems based on the file contexts configuration. ># policy - compile the policy configuration locally for testing/development. ># ># The default target is 'install'. ># > ># Set to y if MLS is enabled in the module. >MLS=n > ># Uncomment if you want to generate policy file compatible with older ># kernels. >#POLICYCOMPAT = -c 15 > >FLASKDIR = flask/ >PREFIX = /usr >BINDIR = $(PREFIX)/bin >SBINDIR = $(PREFIX)/sbin >LOADPOLICY = $(SBINDIR)/load_policy >CHECKPOLICY = $(BINDIR)/checkpolicy >SETFILES = $(SBINDIR)/setfiles > >PV := $(shell $(CHECKPOLICY) $(POLICYCOMPAT) -V |cut -f 1 -d ' ') >KV := $(shell policyvers) >POLICYVER := policy.$(PV) >INSTALLDIR = $(DESTDIR)/etc/security/selinux >LOADPATH = $(INSTALLDIR)/$(POLICYVER) >FCPATH = $(INSTALLDIR)/file_contexts >SRCINSTALLDIR = $(INSTALLDIR)/src >POLICYCONF = $(SRCINSTALLDIR)/policy.conf > >ALL_PROGRAM_MACROS := $(wildcard macros/program/*.te) >ALL_MACROS := $(ALL_PROGRAM_MACROS) $(wildcard macros/*.te) >ALL_TYPES := $(wildcard types/*.te) >ALL_DOMAINS := $(wildcard domains/*.te domains/misc/*.te domains/program/*.te) >ALLTEFILES := attrib.te tmp/program_used_flags.te $(ALL_MACROS) $(ALL_TYPES) $(ALL_DOMAINS) assert.te >TE_RBAC_FILES := $(ALLTEFILES) rbac > >POLICYFILES = $(addprefix $(FLASKDIR),security_classes initial_sids access_vectors) >ifeq ($(MLS),y) >POLICYFILES += mls >endif >POLICYFILES += tunable.te $(TE_RBAC_FILES) >POLICYFILES += users >POLICYFILES += constraints initial_sid_contexts fs_use genfs_contexts net_contexts > >UNUSED_TE_FILES := $(wildcard domains/program/unused/*.te) > >FC = file_contexts/file_contexts >FCFILES=file_contexts/types.fc $(patsubst domains/program/%.te,file_contexts/program/%.fc, $(wildcard domains/program/*.te)) $(wildcard file_contexts/misc/*.fc) > >EINFO = echo -e " \e[32;01m*\e[0m" >EWARN = echo -e " \e[33;01m*\e[0m" >EERROR = echo -e " \e[31;01m*\e[0m" > >install: $(LOADPATH) $(FCPATH) > >$(LOADPATH): $(POLICYCONF) $(CHECKPOLICY) > @$(EINFO) "Policy version: $(PV)" > @$(EINFO) "Kernel version: $(KV)" >ifneq ($(PV),$(KV)) > @$(EWARN) "WARNING: Policy version mismatch. Is your POLICYCOMPAT set correctly?" > @$(EWARN) " See http://hardened.gentoo.org/selinux/selinux-x86-handbook.xml?part=4&chap=1#doc_chap6" > @$(EWARN) " for more information." >endif > @$(EINFO) "Compiling and installing $(POLICYVER)" > @mkdir -p $(INSTALLDIR) > @$(CHECKPOLICY) $(POLICYCOMPAT) -o $@ $(POLICYCONF) ># Note: Can't use install, so not sure how to deal with mode, user, and group ># other than by default. > >policy: $(POLICYVER) > >$(POLICYVER): policy.conf $(CHECKPOLICY) > @$(EINFO) "Policy version: $(PV)" > @$(EINFO) "Kernel version: $(KV)" >ifneq ($(PV),$(KV)) > @$(EWARN) "WARNING: Policy version mismatch. Is your POLICYCOMPAT set correctly?" > @$(EWARN) " See http://hardened.gentoo.org/selinux/selinux-x86-handbook.xml?part=4&chap=1#doc_chap6" > @$(EWARN) " for more information." >endif > @$(EINFO) "Compiling $(POLICYVER)" > @$(CHECKPOLICY) $(POLICYCOMPAT) -o $@ policy.conf > >$(POLICYCONF): policy.conf > @mkdir -p $(SRCINSTALLDIR) > @install -m 644 policy.conf $@ > >reload tmp/load: $(LOADPATH) $(FCPATH) > @$(EINFO) "Loading $(POLICYVER)" > @$(LOADPOLICY) -q $(LOADPATH) > @touch tmp/load > >load: tmp/load > >enableaudit: policy.conf > @$(EINFO) "Removing dontaudit rules from policy.conf" > @sed -i -e '/^dontaudit/d' policy.conf > >policy.conf: $(POLICYFILES) > @$(EINFO) "Creating policy.conf" > @m4 $(M4PARAM) -D distro_gentoo -Imacros -s $^ > $@.tmp > @mv $@.tmp $@ > @for i in `find . -iname '._cfg????_*'`; do \ > $(EWARN) "WARNING: Config protect file: $$i"; done > >tmp/program_used_flags.te: $(wildcard domains/program/*.te) domains/program > @mkdir -p tmp > @( cd domains/program/ ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@.tmp > @( cd domains/misc/ ; for n in *.te ; do echo "define(\`$$n')"; done ) >> $@.tmp > @echo "define(\`arch_`uname -m`')" | sed s/i[3-6]86/x86/ >> $@.tmp > @mv $@.tmp $@ > >FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs|jfs|reiserfs).*rw/{print $$3}';` > >checklabels: $(FC) $(SETFILES) > @$(EINFO) "Checking labels on filesystem types: ext2 ext3 xfs jfs reiserfs" > @if [ -z "$(FILESYSTEMS)" ]; then \ > $(EERROR) "No appropriate xattr filesystems detected!" ;\ > $(EERROR) "Only the above filesystem types are supported in SELinux." ;\ > false ;\ > fi > @$(SETFILES) -v -n $(FC) $(FILESYSTEMS) > >restorelabels: $(FC) $(SETFILES) > @$(EINFO) "Restoring labels on filesystem types: ext2 ext3 xfs jfs reiserfs" > @if [ -z "$(FILESYSTEMS)" ]; then \ > $(EERROR) "No appropriate xattr filesystems detected!" ;\ > $(EERROR) "Only the above filesystem types are supported in SELinux." ;\ > false ;\ > fi > @$(SETFILES) -v $(FC) $(FILESYSTEMS) > >relabel: $(FC) $(SETFILES) > @$(EINFO) "Relabeling filesystem types: ext2 ext3 xfs jfs reiserfs" > @if [ -z "$(FILESYSTEMS)" ]; then \ > $(EERROR) "No appropriate xattr filesystems detected!" ;\ > $(EERROR) "Only the above filesystem types are supported in SELinux." ;\ > false ;\ > fi > @$(SETFILES) $(FC) $(FILESYSTEMS) > ># this is a nasty hack since 'make relabel' doesnt work in chroot >chroot_relabel: $(FC) $(SETFILES) > @echo > @echo > @$(EWARN) "THIS SHOULD ONLY BE USED INSIDE A CHROOT!!!" > @echo > @$(EWARN) "Otherwise use \"make relabel\"" > @echo > @echo > @$(SETFILES) $(FC) -r / / > >file_contexts/misc: > mkdir -p file_contexts/misc > >contexts $(FCPATH): $(FC) > @$(EINFO) "Installing file_contexts" > @mkdir -p $(INSTALLDIR) > @install -m 644 $(FC) $(FCPATH) > >$(FC): $(FCFILES) domains/program domains/misc file_contexts/program file_contexts/misc users > @$(EINFO) "Building file_contexts" > @m4 -D distro_gentoo $(FCFILES) > $@.tmp > @grep -v "^/root" $@.tmp > $@.root > @/usr/sbin/genhomedircon.old . $@.root > $@ > @grep "^/root" $@.tmp >> $@ > @-rm $@.tmp $@.root > @$(SETFILES) -q -c $(LOADPATH) $(FC) > >clean: > rm -f policy.conf $(POLICYVER) > rm -fR tmp > rm -f $(FC) > rm -f flask/*.h
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=86845">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 133447
: 86845 |
86846
