]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - Makefile
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
add support for netfilter_contexts
[people/stevee/selinux-policy.git] / Makefile
1 #
2 # Makefile for the security policy.
3 #
4 # Targets:
5 #
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
14 #
15 # The default target is 'policy'.
16 #
17 #
18 # Please see build.conf for policy build options.
19 #
20
21 ########################################
22 #
23 # NO OPTIONS BELOW HERE
24 #
25
26 # Include the local build.conf if it exists, otherwise
27 # include the configuration of the root directory.
28 include build.conf
29
30 ifdef LOCAL_ROOT
31 -include $(LOCAL_ROOT)/build.conf
32 endif
33
34 # refpolicy version
35 VERSION = $(shell cat VERSION)
36
37 ifdef LOCAL_ROOT
38 BUILDDIR := $(LOCAL_ROOT)/
39 TMPDIR := $(LOCAL_ROOT)/tmp
40 TAGS := $(LOCAL_ROOT)/tags
41 else
42 TMPDIR := tmp
43 TAGS := tags
44 endif
45
46 # executable paths
47 BINDIR ?= /usr/bin
48 SBINDIR ?= /usr/sbin
49 ifdef TEST_TOOLCHAIN
50 tc_bindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(BINDIR)
51 tc_sbindir := env LD_LIBRARY_PATH="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN)$(SBINDIR)
52 else
53 tc_bindir := $(BINDIR)
54 tc_sbindir := $(SBINDIR)
55 endif
56 CHECKPOLICY ?= $(tc_bindir)/checkpolicy
57 CHECKMODULE ?= $(tc_bindir)/checkmodule
58 SEMODULE ?= $(tc_sbindir)/semodule
59 SEMOD_PKG ?= $(tc_bindir)/semodule_package
60 SEMOD_LNK ?= $(tc_bindir)/semodule_link
61 SEMOD_EXP ?= $(tc_bindir)/semodule_expand
62 LOADPOLICY ?= $(tc_sbindir)/load_policy
63 SETFILES ?= $(tc_sbindir)/setfiles
64 XMLLINT ?= $(BINDIR)/xmllint
65 SECHECK ?= $(BINDIR)/sechecker
66
67 # interpreters and aux tools
68 AWK ?= gawk
69 GREP ?= egrep
70 M4 ?= m4
71 PYTHON ?= python
72 SED ?= sed
73 SORT ?= LC_ALL=C sort
74
75 CFLAGS += -Wall
76
77 # policy source layout
78 POLDIR := policy
79 MODDIR := $(POLDIR)/modules
80 FLASKDIR := $(POLDIR)/flask
81 SECCLASS := $(FLASKDIR)/security_classes
82 ISIDS := $(FLASKDIR)/initial_sids
83 AVS := $(FLASKDIR)/access_vectors
84
85 # local source layout
86 ifdef LOCAL_ROOT
87 LOCAL_POLDIR := $(LOCAL_ROOT)/policy
88 LOCAL_MODDIR := $(LOCAL_POLDIR)/modules
89 endif
90
91 # policy building support tools
92 SUPPORT := support
93 GENXML := $(PYTHON) $(SUPPORT)/segenxml.py
94 GENDOC := $(PYTHON) $(SUPPORT)/sedoctool.py
95 GENPERM := $(PYTHON) $(SUPPORT)/genclassperms.py
96 FCSORT := $(TMPDIR)/fc_sort
97 SETBOOLS := $(AWK) -f $(SUPPORT)/set_bools_tuns.awk
98 get_type_attr_decl := $(SED) -r -f $(SUPPORT)/get_type_attr_decl.sed
99 comment_move_decl := $(SED) -r -f $(SUPPORT)/comment_move_decl.sed
100 gennetfilter := $(PYTHON) $(SUPPORT)/gennetfilter.py
101 # use our own genhomedircon to make sure we have a known usable one,
102 # so policycoreutils updates are not required (RHEL4)
103 genhomedircon := $(PYTHON) $(SUPPORT)/genhomedircon
104
105 # documentation paths
106 DOCS := doc
107 XMLDTD = $(DOCS)/policy.dtd
108 LAYERXML = metadata.xml
109 DOCTEMPLATE = $(DOCS)/templates
110 DOCFILES = $(DOCS)/Makefile.example $(addprefix $(DOCS)/,example.te example.if example.fc)
111
112 ifndef LOCAL_ROOT
113 POLXML = $(DOCS)/policy.xml
114 TUNXML = $(DOCS)/global_tunables.xml
115 BOOLXML = $(DOCS)/global_booleans.xml
116 HTMLDIR = $(DOCS)/html
117 else
118 POLXML = $(LOCAL_ROOT)/doc/policy.xml
119 TUNXML = $(LOCAL_ROOT)/doc/global_tunables.xml
120 BOOLXML = $(LOCAL_ROOT)/doc/global_booleans.xml
121 HTMLDIR = $(LOCAL_ROOT)/doc/html
122 endif
123
124 # config file paths
125 GLOBALTUN = $(POLDIR)/global_tunables
126 GLOBALBOOL = $(POLDIR)/global_booleans
127 TUNABLES = $(POLDIR)/tunables.conf
128 ROLEMAP = $(POLDIR)/rolemap
129 USER_FILES := $(POLDIR)/users
130
131 # local config file paths
132 ifndef LOCAL_ROOT
133 MOD_CONF = $(POLDIR)/modules.conf
134 BOOLEANS = $(POLDIR)/booleans.conf
135 else
136 MOD_CONF = $(LOCAL_POLDIR)/modules.conf
137 BOOLEANS = $(LOCAL_POLDIR)/booleans.conf
138 endif
139
140 # install paths
141 PKGNAME ?= refpolicy-$(VERSION)
142 PREFIX = $(DESTDIR)/usr
143 TOPDIR = $(DESTDIR)/etc/selinux
144 INSTALLDIR = $(TOPDIR)/$(NAME)
145 SRCPATH = $(INSTALLDIR)/src
146 USERPATH = $(INSTALLDIR)/users
147 CONTEXTPATH = $(INSTALLDIR)/contexts
148 FCPATH = $(CONTEXTPATH)/files/file_contexts
149 NCPATH = $(CONTEXTPATH)/netfilter_contexts
150 SHAREDIR = $(PREFIX)/share/selinux
151 MODPKGDIR = $(SHAREDIR)/$(NAME)
152 HEADERDIR = $(MODPKGDIR)/include
153 DOCSDIR = $(PREFIX)/share/doc/$(PKGNAME)
154
155 # compile strict policy if requested.
156 ifneq ($(findstring strict,$(TYPE)),)
157 M4PARAM += -D strict_policy
158 endif
159
160 # compile targeted policy if requested.
161 ifneq ($(findstring targeted,$(TYPE)),)
162 M4PARAM += -D targeted_policy
163 endif
164
165 # enable MLS if requested.
166 ifneq ($(findstring -mls,$(TYPE)),)
167 M4PARAM += -D enable_mls
168 CHECKPOLICY += -M
169 CHECKMODULE += -M
170 gennetfilter += -m
171 endif
172
173 # enable MLS if MCS requested.
174 ifneq ($(findstring -mcs,$(TYPE)),)
175 M4PARAM += -D enable_mcs
176 CHECKPOLICY += -M
177 CHECKMODULE += -M
178 gennetfilter += -c
179 endif
180
181 # enable distribution-specific policy
182 ifneq ($(DISTRO),)
183 M4PARAM += -D distro_$(DISTRO)
184 endif
185
186 # rhel4 also implies redhat
187 ifeq "$(DISTRO)" "rhel4"
188 M4PARAM += -D distro_redhat
189 endif
190
191 # enable polyinstantiation
192 ifeq ($(POLY),y)
193 M4PARAM += -D enable_polyinstantiation
194 endif
195
196 ifneq ($(OUTPUT_POLICY),)
197 CHECKPOLICY += -c $(OUTPUT_POLICY)
198 endif
199
200 # if not set, use the type as the name.
201 NAME ?= $(TYPE)
202
203 ifeq ($(DIRECT_INITRC),y)
204 M4PARAM += -D direct_sysadm_daemon
205 endif
206
207 ifeq ($(QUIET),y)
208 verbose = @
209 endif
210
211 M4PARAM += -D hide_broken_symptoms
212
213 # we need exuberant ctags; unfortunately it is named
214 # differently on different distros
215 ifeq ($(DISTRO),debian)
216 CTAGS := ctags-exuberant
217 endif
218
219 ifeq ($(DISTRO),gentoo)
220 CTAGS := exuberant-ctags
221 endif
222
223 CTAGS ?= ctags
224
225 # determine the policy version and current kernel version if possible
226 PV := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
227 KV := $(shell cat /selinux/policyvers)
228
229 # dont print version warnings if we are unable to determine
230 # the currently running kernel's policy version
231 ifeq ($(KV),)
232 KV := $(PV)
233 endif
234
235 M4SUPPORT := $(wildcard $(POLDIR)/support/*.spt)
236 ifdef LOCAL_ROOT
237 M4SUPPORT += $(wildcard $(LOCAL_POLDIR)/support/*.spt)
238 endif
239
240 APPCONF := config/appconfig-$(TYPE)
241 SEUSERS := $(APPCONF)/seusers
242 APPDIR := $(CONTEXTPATH)
243 APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media
244 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
245 net_contexts := $(BUILDDIR)net_contexts
246
247 ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
248 ifdef LOCAL_ROOT
249 ALL_LAYERS += $(filter-out $(LOCAL_MODDIR)/CVS,$(shell find $(wildcard $(LOCAL_MODDIR)/*) -maxdepth 0 -type d))
250 endif
251
252 GENERATED_TE := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te.in)))
253 GENERATED_IF := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.if.in)))
254 GENERATED_FC := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.fc.in)))
255
256 # sort here since it removes duplicates, which can happen
257 # when a generated file is already generated
258 DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(GENERATED_TE))
259
260 # modules.conf setting for base module
261 MODBASE := base
262
263 # modules.conf setting for loadable module
264 MODMOD := module
265
266 # modules.conf setting for unused module
267 MODUNUSED := off
268
269 # test for module overrides from command line
270 MOD_TEST = $(filter $(APPS_OFF), $(APPS_BASE) $(APPS_MODS))
271 MOD_TEST += $(filter $(APPS_MODS), $(APPS_BASE))
272 ifneq ($(strip $(MOD_TEST)),)
273 $(error Applications must be base, module, or off, and not in more than one list! $(strip $(MOD_TEST)) found in multiple lists!)
274 endif
275
276 # add on suffix to modules specified on command line
277 CMDLINE_BASE := $(addsuffix .te,$(APPS_BASE))
278 CMDLINE_MODS := $(addsuffix .te,$(APPS_MODS))
279 CMDLINE_OFF := $(addsuffix .te,$(APPS_OFF))
280
281 # extract settings from modules.conf
282 MOD_CONF_BASE := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF) 2> /dev/null)))
283 MOD_CONF_MODS := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF) 2> /dev/null)))
284 MOD_CONF_OFF := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODUNUSED)") print $$1 }' $(MOD_CONF) 2> /dev/null)))
285
286 BASE_MODS := $(CMDLINE_BASE)
287 MOD_MODS := $(CMDLINE_MODS)
288 OFF_MODS := $(CMDLINE_OFF)
289
290 BASE_MODS += $(filter-out $(CMDLINE_OFF) $(CMDLINE_BASE) $(CMDLINE_MODS), $(MOD_CONF_BASE))
291 MOD_MODS += $(filter-out $(CMDLINE_OFF) $(CMDLINE_BASE) $(CMDLINE_MODS), $(MOD_CONF_MODS))
292 OFF_MODS += $(filter-out $(CMDLINE_OFF) $(CMDLINE_BASE) $(CMDLINE_MODS), $(MOD_CONF_OFF))
293
294 # add modules not in modules.conf to the off list
295 OFF_MODS += $(filter-out $(BASE_MODS) $(MOD_MODS) $(OFF_MODS),$(notdir $(DETECTED_MODS)))
296
297 # filesystems to be used in labeling targets
298 FILESYSTEMS = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs).*rw/{print $$3}';)
299
300 ########################################
301 #
302 # Functions
303 #
304
305 # parse-rolemap modulename,outputfile
306 define parse-rolemap
307 $(verbose) m4 $(M4PARAM) $(ROLEMAP) | \
308 awk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
309 endef
310
311 # peruser-expansion modulename,outputfile
312 define peruser-expansion
313 $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
314 $(call parse-rolemap,$1,$2)
315 $(verbose) echo "')" >> $2
316 endef
317
318 ########################################
319 #
320 # Load appropriate rules
321 #
322
323 ifeq ($(MONOLITHIC),y)
324 include Rules.monolithic
325 else
326 include Rules.modular
327 endif
328
329 ########################################
330 #
331 # Generated files
332 #
333 # NOTE: There is no "local" version of these files.
334 #
335 generate: $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
336
337 $(MODDIR)/kernel/corenetwork.if: $(MODDIR)/kernel/corenetwork.if.m4 $(MODDIR)/kernel/corenetwork.if.in
338 @echo "#" > $@
339 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
340 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
341 @echo "#" >> $@
342 $(verbose) cat $(MODDIR)/kernel/corenetwork.if.in >> $@
343 $(verbose) egrep "^[[:blank:]]*network_(interface|node|port|packet)\(.*\)" $(@:.if=.te).in \
344 | m4 -D self_contained_policy $(M4PARAM) $(MODDIR)/kernel/corenetwork.if.m4 - \
345 | sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
346
347 $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/kernel/corenetwork.te.in
348 @echo "#" > $@
349 @echo "# This is a generated file! Instead of modifying this file, the" >> $@
350 @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
351 @echo "#" >> $@
352 $(verbose) m4 -D self_contained_policy $(M4PARAM) $^ \
353 | sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
354
355 ########################################
356 #
357 # Network packet labeling
358 #
359 $(net_contexts): $(MODDIR)/kernel/corenetwork.te.in
360 @echo "Creating netfilter network labeling rules"
361 $(verbose) $(gennetfilter) $^ > $@
362
363 ########################################
364 #
365 # Create config files
366 #
367 conf: $(MOD_CONF) $(BOOLEANS) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
368
369 $(MOD_CONF) $(BOOLEANS): $(POLXML)
370 @echo "Updating $(MOD_CONF) and $(BOOLEANS)"
371 $(verbose) $(GENDOC) -b $(BOOLEANS) -m $(MOD_CONF) -x $(POLXML)
372
373 ########################################
374 #
375 # Generate the fc_sort program
376 #
377 $(FCSORT) : $(SUPPORT)/fc_sort.c
378 $(verbose) $(CC) $(CFLAGS) $(SUPPORT)/fc_sort.c -o $(FCSORT)
379
380 ########################################
381 #
382 # Documentation generation
383 #
384
385 # minimal dependencies here, because we don't want to rebuild
386 # this and its dependents every time the dependencies
387 # change. Also use all .if files here, rather then just the
388 # enabled modules.
389 xml: $(POLXML)
390 $(POLXML): $(DETECTED_MODS:.te=.if) $(foreach dir,$(ALL_LAYERS),$(dir)/$(LAYERXML))
391 @echo "Creating $(@F)"
392 @test -d $(dir $(POLXML)) || mkdir -p $(dir $(POLXML))
393 @test -d $(TMPDIR) || mkdir -p $(TMPDIR)
394 $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
395 $(verbose) echo '<!DOCTYPE policy SYSTEM "$(notdir $(XMLDTD))">' >> $@
396 $(verbose) $(GENXML) -w -m $(LAYERXML) -t $(GLOBALTUN) -b $(GLOBALBOOL) -o $(DOCS) $(ALL_LAYERS) >> $@
397 $(verbose) if test -x $(XMLLINT) && test -f $(XMLDTD); then \
398 $(XMLLINT) --noout --path $(dir $(XMLDTD)) --dtdvalid $(XMLDTD) $@ ;\
399 fi
400
401 $(TUNXML) $(BOOLXML): $(POLXML)
402
403 html $(TMPDIR)/html: $(POLXML)
404 @echo "Building html interface reference documentation in $(HTMLDIR)"
405 @test -d $(HTMLDIR) || mkdir -p $(HTMLDIR)
406 @test -d $(TMPDIR) || mkdir -p $(TMPDIR)
407 $(verbose) $(GENDOC) -d $(HTMLDIR) -T $(DOCTEMPLATE) -x $(POLXML)
408 $(verbose) cp $(DOCTEMPLATE)/*.css $(HTMLDIR)
409 @touch $(TMPDIR)/html
410
411 ########################################
412 #
413 # Runtime binary policy patching of users
414 #
415 $(USERPATH)/system.users: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(USER_FILES)
416 @mkdir -p $(TMPDIR)
417 @mkdir -p $(USERPATH)
418 @echo "Installing system.users"
419 @echo "# " > $(TMPDIR)/system.users
420 @echo "# Do not edit this file. " >> $(TMPDIR)/system.users
421 @echo "# This file is replaced on reinstalls of this policy." >> $(TMPDIR)/system.users
422 @echo "# Please edit local.users to make local changes." >> $(TMPDIR)/system.users
423 @echo "#" >> $(TMPDIR)/system.users
424 $(verbose) m4 -D self_contained_policy $(M4PARAM) $^ | sed -r -e 's/^[[:blank:]]+//' \
425 -e '/^[[:blank:]]*($$|#)/d' >> $(TMPDIR)/system.users
426 $(verbose) install -m 644 $(TMPDIR)/system.users $@
427
428 $(USERPATH)/local.users: config/local.users
429 @mkdir -p $(USERPATH)
430 @echo "Installing local.users"
431 $(verbose) install -b -m 644 $< $@
432
433 ########################################
434 #
435 # Appconfig files
436 #
437 install-appconfig: $(APPFILES)
438
439 $(INSTALLDIR)/booleans: $(BOOLEANS)
440 @mkdir -p $(TMPDIR)
441 @mkdir -p $(INSTALLDIR)
442 $(verbose) sed -r -e 's/false/0/g' -e 's/true/1/g' \
443 -e '/^[[:blank:]]*($$|#)/d' $(BOOLEANS) | sort > $(TMPDIR)/booleans
444 $(verbose) install -m 644 $(TMPDIR)/booleans $@
445
446 $(CONTEXTPATH)/files/media: $(APPCONF)/media
447 @mkdir -p $(CONTEXTPATH)/files/
448 $(verbose) install -m 644 $< $@
449
450 $(APPDIR)/default_contexts: $(APPCONF)/default_contexts
451 @mkdir -p $(APPDIR)
452 $(verbose) install -m 644 $< $@
453
454 $(APPDIR)/removable_context: $(APPCONF)/removable_context
455 @mkdir -p $(APPDIR)
456 $(verbose) install -m 644 $< $@
457
458 $(APPDIR)/default_type: $(APPCONF)/default_type
459 @mkdir -p $(APPDIR)
460 $(verbose) install -m 644 $< $@
461
462 $(APPDIR)/userhelper_context: $(APPCONF)/userhelper_context
463 @mkdir -p $(APPDIR)
464 $(verbose) install -m 644 $< $@
465
466 $(APPDIR)/initrc_context: $(APPCONF)/initrc_context
467 @mkdir -p $(APPDIR)
468 $(verbose) install -m 644 $< $@
469
470 $(APPDIR)/failsafe_context: $(APPCONF)/failsafe_context
471 @mkdir -p $(APPDIR)
472 $(verbose) install -m 644 $< $@
473
474 $(APPDIR)/dbus_contexts: $(APPCONF)/dbus_contexts
475 @mkdir -p $(APPDIR)
476 $(verbose) install -m 644 $< $@
477
478 $(APPDIR)/users/root: $(APPCONF)/root_default_contexts
479 @mkdir -p $(APPDIR)/users
480 $(verbose) install -m 644 $< $@
481
482 ########################################
483 #
484 # Install policy headers
485 #
486 install-headers: $(TUNXML) $(BOOLXML)
487 @mkdir -p $(HEADERDIR)
488 @echo "Installing $(TYPE) policy headers."
489 $(verbose) install -m 644 $(TUNXML) $(BOOLXML) $(HEADERDIR)
490 $(verbose) m4 $(M4PARAM) $(ROLEMAP) > $(HEADERDIR)/$(notdir $(ROLEMAP))
491 $(verbose) mkdir -p $(HEADERDIR)/support
492 $(verbose) install -m 644 $(M4SUPPORT) $(word $(words $(GENXML)),$(GENXML)) $(XMLDTD) $(HEADERDIR)/support
493 $(verbose) $(GENPERM) $(AVS) $(SECCLASS) > $(HEADERDIR)/support/all_perms.spt
494 $(verbose) for i in $(notdir $(ALL_LAYERS)); do \
495 mkdir -p $(HEADERDIR)/$$i ;\
496 install -m 644 $(MODDIR)/$$i/*.if \
497 $(MODDIR)/$$i/metadata.xml \
498 $(HEADERDIR)/$$i ;\
499 done
500 $(verbose) echo "TYPE ?= $(TYPE)" > $(HEADERDIR)/build.conf
501 $(verbose) echo "NAME ?= $(NAME)" >> $(HEADERDIR)/build.conf
502 ifneq "$(DISTRO)" ""
503 $(verbose) echo "DISTRO ?= $(DISTRO)" >> $(HEADERDIR)/build.conf
504 endif
505 $(verbose) echo "MONOLITHIC ?= n" >> $(HEADERDIR)/build.conf
506 $(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(HEADERDIR)/build.conf
507 $(verbose) echo "POLY ?= $(POLY)" >> $(HEADERDIR)/build.conf
508 $(verbose) install -m 644 $(SUPPORT)/Makefile.devel $(HEADERDIR)/Makefile
509
510 ########################################
511 #
512 # Install policy documentation
513 #
514 install-docs: $(TMPDIR)/html
515 @mkdir -p $(DOCSDIR)/html
516 @echo "Installing policy documentation"
517 $(verbose) install -m 644 $(DOCFILES) $(DOCSDIR)
518 $(verbose) install -m 644 $(wildcard $(HTMLDIR)/*) $(DOCSDIR)/html
519
520 ########################################
521 #
522 # Install policy sources
523 #
524 install-src:
525 rm -rf $(SRCPATH)/policy.old
526 -mv $(SRCPATH)/policy $(SRCPATH)/policy.old
527 mkdir -p $(SRCPATH)/policy
528 cp -R . $(SRCPATH)/policy
529
530 ########################################
531 #
532 # Generate tags file
533 #
534 tags: $(TAGS)
535 $(TAGS):
536 @($(CTAGS) --version | grep -q Exuberant) || (echo ERROR: Need exuberant-ctags to function!; exit 1)
537 @LC_ALL=C $(CTAGS) -f $(TAGS) --langdef=te --langmap=te:..te.if.spt \
538 --regex-te='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
539 --regex-te='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
540 --regex-te='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
541 --regex-te='/^[ \t]*define\(`(\w+)/\1/d,define/' \
542 --regex-te='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
543 --regex-te='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy/modules/*/*.{if,te} policy/support/*.spt
544
545 ########################################
546 #
547 # Filesystem labeling
548 #
549 checklabels:
550 @echo "Checking labels on filesystem types: ext2 ext3 xfs jfs"
551 @if test -z "$(FILESYSTEMS)"; then \
552 echo "No filesystems with extended attributes found!" ;\
553 false ;\
554 fi
555 $(verbose) $(SETFILES) -v -n $(FCPATH) $(FILESYSTEMS)
556
557 restorelabels:
558 @echo "Restoring labels on filesystem types: ext2 ext3 xfs jfs"
559 @if test -z "$(FILESYSTEMS)"; then \
560 echo "No filesystems with extended attributes found!" ;\
561 false ;\
562 fi
563 $(verbose) $(SETFILES) -v $(FCPATH) $(FILESYSTEMS)
564
565 relabel:
566 @echo "Relabeling filesystem types: ext2 ext3 xfs jfs"
567 @if test -z "$(FILESYSTEMS)"; then \
568 echo "No filesystems with extended attributes found!" ;\
569 false ;\
570 fi
571 $(verbose) $(SETFILES) $(FCPATH) $(FILESYSTEMS)
572
573 resetlabels:
574 @echo "Resetting labels on filesystem types: ext2 ext3 xfs jfs"
575 @if test -z "$(FILESYSTEMS)"; then \
576 echo "No filesystems with extended attributes found!" ;\
577 false ;\
578 fi
579 $(verbose) $(SETFILES) -F $(FCPATH) $(FILESYSTEMS)
580
581 ########################################
582 #
583 # Clean everything
584 #
585 bare: clean
586 rm -f $(POLXML)
587 rm -f $(TUNXML)
588 rm -f $(BOOLXML)
589 rm -f $(MOD_CONF)
590 rm -f $(BOOLEANS)
591 rm -fR $(HTMLDIR)
592 rm -f $(TAGS)
593 # don't remove these files if we're given a local root
594 ifndef LOCAL_ROOT
595 rm -f $(FCSORT)
596 rm -f $(SUPPORT)/*.pyc
597 ifneq ($(GENERATED_TE),)
598 rm -f $(GENERATED_TE)
599 endif
600 ifneq ($(GENERATED_IF),)
601 rm -f $(GENERATED_IF)
602 endif
603 ifneq ($(GENERATED_FC),)
604 rm -f $(GENERATED_FC)
605 endif
606 endif
607
608 .PHONY: install-src install-appconfig generate xml conf html bare tags
609 .SUFFIXES:
610 .SUFFIXES: .c
The IPFire selinux policy.