2 # Makefile for the security policy.
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
15 # The default target is 'policy'.
18 # Please see build.conf for policy build options.
21 ########################################
23 # NO OPTIONS BELOW HERE
26 # Include the local build.conf if it exists, otherwise
27 # include the configuration of the root directory.
31 -include $(LOCAL_ROOT
)/build.conf
35 VERSION
= $(shell cat VERSION
)
38 BUILDDIR
:= $(LOCAL_ROOT
)/
39 TMPDIR
:= $(LOCAL_ROOT
)/tmp
40 TAGS
:= $(LOCAL_ROOT
)/tags
50 tc_bindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(BINDIR
)
51 tc_sbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(SBINDIR
)
53 tc_bindir
:= $(BINDIR
)
54 tc_sbindir
:= $(SBINDIR
)
56 CHECKPOLICY ?
= $(tc_bindir
)/checkpolicy
57 CHECKMODULE ?
= $(tc_bindir
)/checkmodule
58 SEMODULE ?
= $(tc_sbindir
)/semodule
59 SEMOD_PKG ?
= $(tc_bindir
)/semodule_package
60 SEMOD_LNK ?
= $(tc_bindir
)/semodule_link
61 SEMOD_EXP ?
= $(tc_bindir
)/semodule_expand
62 LOADPOLICY ?
= $(tc_sbindir
)/load_policy
63 SETFILES ?
= $(tc_sbindir
)/setfiles
64 XMLLINT ?
= $(BINDIR
)/xmllint
65 SECHECK ?
= $(BINDIR
)/sechecker
67 # interpreters and aux tools
77 # policy source layout
79 MODDIR
:= $(POLDIR
)/modules
80 FLASKDIR
:= $(POLDIR
)/flask
81 SECCLASS
:= $(FLASKDIR
)/security_classes
82 ISIDS
:= $(FLASKDIR
)/initial_sids
83 AVS
:= $(FLASKDIR
)/access_vectors
87 LOCAL_POLDIR
:= $(LOCAL_ROOT
)/policy
88 LOCAL_MODDIR
:= $(LOCAL_POLDIR
)/modules
91 # policy building support tools
93 GENXML
:= $(PYTHON
) $(SUPPORT
)/segenxml.py
94 GENDOC
:= $(PYTHON
) $(SUPPORT
)/sedoctool.py
95 GENPERM
:= $(PYTHON
) $(SUPPORT
)/genclassperms.py
96 FCSORT
:= $(TMPDIR
)/fc_sort
97 SETBOOLS
:= $(AWK
) -f
$(SUPPORT
)/set_bools_tuns.awk
98 get_type_attr_decl
:= $(SED
) -r
-f
$(SUPPORT
)/get_type_attr_decl.sed
99 comment_move_decl
:= $(SED
) -r
-f
$(SUPPORT
)/comment_move_decl.sed
100 gennetfilter
:= $(PYTHON
) $(SUPPORT
)/gennetfilter.py
101 # use our own genhomedircon to make sure we have a known usable one,
102 # so policycoreutils updates are not required (RHEL4)
103 genhomedircon
:= $(PYTHON
) $(SUPPORT
)/genhomedircon
105 # documentation paths
107 XMLDTD
= $(DOCS
)/policy.dtd
108 LAYERXML
= metadata.xml
109 DOCTEMPLATE
= $(DOCS
)/templates
110 DOCFILES
= $(DOCS
)/Makefile.example
$(addprefix $(DOCS
)/,example.te example.if example.
fc)
113 POLXML
= $(DOCS
)/policy.xml
114 TUNXML
= $(DOCS
)/global_tunables.xml
115 BOOLXML
= $(DOCS
)/global_booleans.xml
116 HTMLDIR
= $(DOCS
)/html
118 POLXML
= $(LOCAL_ROOT
)/doc
/policy.xml
119 TUNXML
= $(LOCAL_ROOT
)/doc
/global_tunables.xml
120 BOOLXML
= $(LOCAL_ROOT
)/doc
/global_booleans.xml
121 HTMLDIR
= $(LOCAL_ROOT
)/doc
/html
125 GLOBALTUN
= $(POLDIR
)/global_tunables
126 GLOBALBOOL
= $(POLDIR
)/global_booleans
127 TUNABLES
= $(POLDIR
)/tunables.conf
128 ROLEMAP
= $(POLDIR
)/rolemap
129 USER_FILES
:= $(POLDIR
)/users
131 # local config file paths
133 MOD_CONF
= $(POLDIR
)/modules.conf
134 BOOLEANS
= $(POLDIR
)/booleans.conf
136 MOD_CONF
= $(LOCAL_POLDIR
)/modules.conf
137 BOOLEANS
= $(LOCAL_POLDIR
)/booleans.conf
141 PKGNAME ?
= refpolicy-
$(VERSION
)
142 PREFIX
= $(DESTDIR
)/usr
143 TOPDIR
= $(DESTDIR
)/etc
/selinux
144 INSTALLDIR
= $(TOPDIR
)/$(NAME
)
145 SRCPATH
= $(INSTALLDIR
)/src
146 USERPATH
= $(INSTALLDIR
)/users
147 CONTEXTPATH
= $(INSTALLDIR
)/contexts
148 FCPATH
= $(CONTEXTPATH
)/files
/file_contexts
149 NCPATH
= $(CONTEXTPATH
)/netfilter_contexts
150 SHAREDIR
= $(PREFIX
)/share
/selinux
151 MODPKGDIR
= $(SHAREDIR
)/$(NAME
)
152 HEADERDIR
= $(MODPKGDIR
)/include
153 DOCSDIR
= $(PREFIX
)/share
/doc
/$(PKGNAME
)
155 # compile strict policy if requested.
156 ifneq ($(findstring strict
,$(TYPE
)),)
157 M4PARAM
+= -D strict_policy
160 # compile targeted policy if requested.
161 ifneq ($(findstring targeted
,$(TYPE
)),)
162 M4PARAM
+= -D targeted_policy
165 # enable MLS if requested.
166 ifneq ($(findstring -mls
,$(TYPE
)),)
167 M4PARAM
+= -D enable_mls
173 # enable MLS if MCS requested.
174 ifneq ($(findstring -mcs
,$(TYPE
)),)
175 M4PARAM
+= -D enable_mcs
181 # enable distribution-specific policy
183 M4PARAM
+= -D distro_
$(DISTRO
)
186 # rhel4 also implies redhat
187 ifeq "$(DISTRO)" "rhel4"
188 M4PARAM
+= -D distro_redhat
191 # enable polyinstantiation
193 M4PARAM
+= -D enable_polyinstantiation
196 ifneq ($(OUTPUT_POLICY
),)
197 CHECKPOLICY
+= -c
$(OUTPUT_POLICY
)
200 # if not set, use the type as the name.
203 ifeq ($(DIRECT_INITRC
),y
)
204 M4PARAM
+= -D direct_sysadm_daemon
211 M4PARAM
+= -D hide_broken_symptoms
213 # we need exuberant ctags; unfortunately it is named
214 # differently on different distros
215 ifeq ($(DISTRO
),debian
)
216 CTAGS
:= ctags-exuberant
219 ifeq ($(DISTRO
),gentoo
)
220 CTAGS
:= exuberant-ctags
225 # determine the policy version and current kernel version if possible
226 PV
:= $(shell $(CHECKPOLICY
) -V |cut
-f
1 -d
' ')
227 KV
:= $(shell cat
/selinux
/policyvers
)
229 # dont print version warnings if we are unable to determine
230 # the currently running kernel's policy version
235 M4SUPPORT
:= $(wildcard $(POLDIR
)/support
/*.spt
)
237 M4SUPPORT
+= $(wildcard $(LOCAL_POLDIR
)/support
/*.spt
)
240 APPCONF
:= config
/appconfig-
$(TYPE
)
241 SEUSERS
:= $(APPCONF
)/seusers
242 APPDIR
:= $(CONTEXTPATH
)
243 APPFILES
:= $(addprefix $(APPDIR
)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types
) $(CONTEXTPATH
)/files
/media
244 CONTEXTFILES
+= $(wildcard $(APPCONF
)/*_context
*) $(APPCONF
)/media
245 net_contexts
:= $(BUILDDIR
)net_contexts
247 ALL_LAYERS
:= $(filter-out $(MODDIR
)/CVS
,$(shell find
$(wildcard $(MODDIR
)/*) -maxdepth
0 -type d
))
249 ALL_LAYERS
+= $(filter-out $(LOCAL_MODDIR
)/CVS
,$(shell find
$(wildcard $(LOCAL_MODDIR
)/*) -maxdepth
0 -type d
))
252 GENERATED_TE
:= $(basename $(foreach dir,$(ALL_LAYERS
),$(wildcard $(dir)/*.te.in
)))
253 GENERATED_IF
:= $(basename $(foreach dir,$(ALL_LAYERS
),$(wildcard $(dir)/*.if.in
)))
254 GENERATED_FC
:= $(basename $(foreach dir,$(ALL_LAYERS
),$(wildcard $(dir)/*.
fc.in
)))
256 # sort here since it removes duplicates, which can happen
257 # when a generated file is already generated
258 DETECTED_MODS
:= $(sort $(foreach dir,$(ALL_LAYERS
),$(wildcard $(dir)/*.te
)) $(GENERATED_TE
))
260 # modules.conf setting for base module
263 # modules.conf setting for loadable module
266 # modules.conf setting for unused module
269 # test for module overrides from command line
270 MOD_TEST
= $(filter $(APPS_OFF
), $(APPS_BASE
) $(APPS_MODS
))
271 MOD_TEST
+= $(filter $(APPS_MODS
), $(APPS_BASE
))
272 ifneq ($(strip $(MOD_TEST
)),)
273 $(error Applications must be base
, module
, or off
, and not in more than one list
! $(strip $(MOD_TEST
)) found in multiple lists
!)
276 # add on suffix to modules specified on command line
277 CMDLINE_BASE
:= $(addsuffix .te
,$(APPS_BASE
))
278 CMDLINE_MODS
:= $(addsuffix .te
,$(APPS_MODS
))
279 CMDLINE_OFF
:= $(addsuffix .te
,$(APPS_OFF
))
281 # extract settings from modules.conf
282 MOD_CONF_BASE
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODBASE)") print $$1 }' $(MOD_CONF
) 2> /dev
/null
)))
283 MOD_CONF_MODS
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODMOD)") print $$1 }' $(MOD_CONF
) 2> /dev
/null
)))
284 MOD_CONF_OFF
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODUNUSED)") print $$1 }' $(MOD_CONF
) 2> /dev
/null
)))
286 BASE_MODS
:= $(CMDLINE_BASE
)
287 MOD_MODS
:= $(CMDLINE_MODS
)
288 OFF_MODS
:= $(CMDLINE_OFF
)
290 BASE_MODS
+= $(filter-out $(CMDLINE_OFF
) $(CMDLINE_BASE
) $(CMDLINE_MODS
), $(MOD_CONF_BASE
))
291 MOD_MODS
+= $(filter-out $(CMDLINE_OFF
) $(CMDLINE_BASE
) $(CMDLINE_MODS
), $(MOD_CONF_MODS
))
292 OFF_MODS
+= $(filter-out $(CMDLINE_OFF
) $(CMDLINE_BASE
) $(CMDLINE_MODS
), $(MOD_CONF_OFF
))
294 # add modules not in modules.conf to the off list
295 OFF_MODS
+= $(filter-out $(BASE_MODS
) $(MOD_MODS
) $(OFF_MODS
),$(notdir $(DETECTED_MODS
)))
297 # filesystems to be used in labeling targets
298 FILESYSTEMS
= $(shell mount | grep
-v
"context=" | egrep
-v
'\((|.*,)bind(,.*|)\)' | awk
'/(ext[23]| xfs| jfs).*rw/{print $$3}';)
300 ########################################
305 # parse-rolemap modulename,outputfile
307 $(verbose
) m4
$(M4PARAM
) $(ROLEMAP
) | \
308 awk
'/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
311 # peruser-expansion modulename,outputfile
312 define peruser-expansion
313 $(verbose
) echo
"ifdef(\`""$1""_per_userdomain_template',\`" > $2
314 $(call parse-rolemap
,$1,$2)
315 $(verbose
) echo
"')" >> $2
318 ########################################
320 # Load appropriate rules
323 ifeq ($(MONOLITHIC
),y
)
324 include Rules.monolithic
326 include Rules.modular
329 ########################################
333 # NOTE: There is no "local" version of these files.
335 generate
: $(GENERATED_TE
) $(GENERATED_IF
) $(GENERATED_FC
)
337 $(MODDIR
)/kernel
/corenetwork.if
: $(MODDIR
)/kernel
/corenetwork.if.m4
$(MODDIR
)/kernel
/corenetwork.if.in
339 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
340 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
342 $(verbose
) cat
$(MODDIR
)/kernel
/corenetwork.if.in
>> $@
343 $(verbose
) egrep
"^[[:blank:]]*network_(interface|node|port|packet)\(.*\)" $(@
:.if
=.te
).in \
344 | m4
-D self_contained_policy
$(M4PARAM
) $(MODDIR
)/kernel
/corenetwork.if.m4
- \
345 | sed
-e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
347 $(MODDIR
)/kernel
/corenetwork.te
: $(MODDIR
)/kernel
/corenetwork.te.m4
$(MODDIR
)/kernel
/corenetwork.te.in
349 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
350 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
352 $(verbose
) m4
-D self_contained_policy
$(M4PARAM
) $^ \
353 | sed
-e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
355 ########################################
357 # Network packet labeling
359 $(net_contexts
): $(MODDIR
)/kernel
/corenetwork.te.in
360 @echo
"Creating netfilter network labeling rules"
361 $(verbose
) $(gennetfilter
) $^
> $@
363 ########################################
365 # Create config files
367 conf
: $(MOD_CONF
) $(BOOLEANS
) $(GENERATED_TE
) $(GENERATED_IF
) $(GENERATED_FC
)
369 $(MOD_CONF
) $(BOOLEANS
): $(POLXML
)
370 @echo
"Updating $(MOD_CONF) and $(BOOLEANS)"
371 $(verbose
) $(GENDOC
) -b
$(BOOLEANS
) -m
$(MOD_CONF
) -x
$(POLXML
)
373 ########################################
375 # Generate the fc_sort program
377 $(FCSORT
) : $(SUPPORT
)/fc_sort.c
378 $(verbose
) $(CC
) $(CFLAGS
) $(SUPPORT
)/fc_sort.c
-o
$(FCSORT
)
380 ########################################
382 # Documentation generation
385 # minimal dependencies here, because we don't want to rebuild
386 # this and its dependents every time the dependencies
387 # change. Also use all .if files here, rather then just the
390 $(POLXML
): $(DETECTED_MODS
:.te
=.if
) $(foreach dir,$(ALL_LAYERS
),$(dir)/$(LAYERXML
))
391 @echo
"Creating $(@F)"
392 @
test -d
$(dir $(POLXML
)) || mkdir
-p
$(dir $(POLXML
))
393 @
test -d
$(TMPDIR
) || mkdir
-p
$(TMPDIR
)
394 $(verbose
) echo
'<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
395 $(verbose
) echo
'<!DOCTYPE policy SYSTEM "$(notdir $(XMLDTD))">' >> $@
396 $(verbose
) $(GENXML
) -w
-m
$(LAYERXML
) -t
$(GLOBALTUN
) -b
$(GLOBALBOOL
) -o
$(DOCS
) $(ALL_LAYERS
) >> $@
397 $(verbose
) if
test -x
$(XMLLINT
) && test -f
$(XMLDTD
); then \
398 $(XMLLINT
) --noout
--path
$(dir $(XMLDTD
)) --dtdvalid
$(XMLDTD
) $@
;\
401 $(TUNXML
) $(BOOLXML
): $(POLXML
)
403 html
$(TMPDIR
)/html
: $(POLXML
)
404 @echo
"Building html interface reference documentation in $(HTMLDIR)"
405 @
test -d
$(HTMLDIR
) || mkdir
-p
$(HTMLDIR
)
406 @
test -d
$(TMPDIR
) || mkdir
-p
$(TMPDIR
)
407 $(verbose
) $(GENDOC
) -d
$(HTMLDIR
) -T
$(DOCTEMPLATE
) -x
$(POLXML
)
408 $(verbose
) cp
$(DOCTEMPLATE
)/*.css
$(HTMLDIR
)
409 @touch
$(TMPDIR
)/html
411 ########################################
413 # Runtime binary policy patching of users
415 $(USERPATH
)/system.users
: $(M4SUPPORT
) $(TMPDIR
)/generated_definitions.conf
$(USER_FILES
)
417 @mkdir
-p
$(USERPATH
)
418 @echo
"Installing system.users"
419 @echo
"# " > $(TMPDIR
)/system.users
420 @echo
"# Do not edit this file. " >> $(TMPDIR
)/system.users
421 @echo
"# This file is replaced on reinstalls of this policy." >> $(TMPDIR
)/system.users
422 @echo
"# Please edit local.users to make local changes." >> $(TMPDIR
)/system.users
423 @echo
"#" >> $(TMPDIR
)/system.users
424 $(verbose
) m4
-D self_contained_policy
$(M4PARAM
) $^ | sed
-r
-e
's/^[[:blank:]]+//' \
425 -e
'/^[[:blank:]]*($$|#)/d' >> $(TMPDIR
)/system.users
426 $(verbose
) install -m
644 $(TMPDIR
)/system.users
$@
428 $(USERPATH
)/local.users
: config
/local.users
429 @mkdir
-p
$(USERPATH
)
430 @echo
"Installing local.users"
431 $(verbose
) install -b
-m
644 $< $@
433 ########################################
437 install-appconfig
: $(APPFILES
)
439 $(INSTALLDIR
)/booleans
: $(BOOLEANS
)
441 @mkdir
-p
$(INSTALLDIR
)
442 $(verbose
) sed
-r
-e
's/false/0/g' -e
's/true/1/g' \
443 -e
'/^[[:blank:]]*($$|#)/d' $(BOOLEANS
) |
sort > $(TMPDIR
)/booleans
444 $(verbose
) install -m
644 $(TMPDIR
)/booleans
$@
446 $(CONTEXTPATH
)/files
/media
: $(APPCONF
)/media
447 @mkdir
-p
$(CONTEXTPATH
)/files
/
448 $(verbose
) install -m
644 $< $@
450 $(APPDIR
)/default_contexts
: $(APPCONF
)/default_contexts
452 $(verbose
) install -m
644 $< $@
454 $(APPDIR
)/removable_context
: $(APPCONF
)/removable_context
456 $(verbose
) install -m
644 $< $@
458 $(APPDIR
)/default_type
: $(APPCONF
)/default_type
460 $(verbose
) install -m
644 $< $@
462 $(APPDIR
)/userhelper_context
: $(APPCONF
)/userhelper_context
464 $(verbose
) install -m
644 $< $@
466 $(APPDIR
)/initrc_context
: $(APPCONF
)/initrc_context
468 $(verbose
) install -m
644 $< $@
470 $(APPDIR
)/failsafe_context
: $(APPCONF
)/failsafe_context
472 $(verbose
) install -m
644 $< $@
474 $(APPDIR
)/dbus_contexts
: $(APPCONF
)/dbus_contexts
476 $(verbose
) install -m
644 $< $@
478 $(APPDIR
)/users
/root
: $(APPCONF
)/root_default_contexts
479 @mkdir
-p
$(APPDIR
)/users
480 $(verbose
) install -m
644 $< $@
482 ########################################
484 # Install policy headers
486 install-headers
: $(TUNXML
) $(BOOLXML
)
487 @mkdir
-p
$(HEADERDIR
)
488 @echo
"Installing $(TYPE) policy headers."
489 $(verbose
) install -m
644 $(TUNXML
) $(BOOLXML
) $(HEADERDIR
)
490 $(verbose
) m4
$(M4PARAM
) $(ROLEMAP
) > $(HEADERDIR
)/$(notdir $(ROLEMAP
))
491 $(verbose
) mkdir
-p
$(HEADERDIR
)/support
492 $(verbose
) install -m
644 $(M4SUPPORT
) $(word $(words $(GENXML
)),$(GENXML
)) $(XMLDTD
) $(HEADERDIR
)/support
493 $(verbose
) $(GENPERM
) $(AVS
) $(SECCLASS
) > $(HEADERDIR
)/support
/all_perms.spt
494 $(verbose
) for i in
$(notdir $(ALL_LAYERS
)); do \
495 mkdir
-p
$(HEADERDIR
)/$$i ;\
496 install -m
644 $(MODDIR
)/$$i/*.if \
497 $(MODDIR
)/$$i/metadata.xml \
500 $(verbose
) echo
"TYPE ?= $(TYPE)" > $(HEADERDIR
)/build.conf
501 $(verbose
) echo
"NAME ?= $(NAME)" >> $(HEADERDIR
)/build.conf
503 $(verbose
) echo
"DISTRO ?= $(DISTRO)" >> $(HEADERDIR
)/build.conf
505 $(verbose
) echo
"MONOLITHIC ?= n" >> $(HEADERDIR
)/build.conf
506 $(verbose
) echo
"DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(HEADERDIR
)/build.conf
507 $(verbose
) echo
"POLY ?= $(POLY)" >> $(HEADERDIR
)/build.conf
508 $(verbose
) install -m
644 $(SUPPORT
)/Makefile.devel
$(HEADERDIR
)/Makefile
510 ########################################
512 # Install policy documentation
514 install-docs
: $(TMPDIR
)/html
515 @mkdir
-p
$(DOCSDIR
)/html
516 @echo
"Installing policy documentation"
517 $(verbose
) install -m
644 $(DOCFILES
) $(DOCSDIR
)
518 $(verbose
) install -m
644 $(wildcard $(HTMLDIR
)/*) $(DOCSDIR
)/html
520 ########################################
522 # Install policy sources
525 rm -rf
$(SRCPATH
)/policy.old
526 -mv
$(SRCPATH
)/policy
$(SRCPATH
)/policy.old
527 mkdir
-p
$(SRCPATH
)/policy
528 cp
-R .
$(SRCPATH
)/policy
530 ########################################
536 @
($(CTAGS
) --version | grep
-q Exuberant
) ||
(echo ERROR
: Need exuberant-ctags to function
!; exit
1)
537 @LC_ALL
=C
$(CTAGS
) -f
$(TAGS
) --langdef
=te
--langmap
=te
:..te.if.spt \
538 --regex-te
='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
539 --regex-te
='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
540 --regex-te
='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
541 --regex-te
='/^[ \t]*define\(`(\w+)/\1/d,define/' \
542 --regex-te
='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
543 --regex-te
='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy
/modules
/*/*.
{if
,te
} policy
/support
/*.spt
545 ########################################
547 # Filesystem labeling
550 @echo
"Checking labels on filesystem types: ext2 ext3 xfs jfs"
551 @if
test -z
"$(FILESYSTEMS)"; then \
552 echo
"No filesystems with extended attributes found!" ;\
555 $(verbose
) $(SETFILES
) -v
-n
$(FCPATH
) $(FILESYSTEMS
)
558 @echo
"Restoring labels on filesystem types: ext2 ext3 xfs jfs"
559 @if
test -z
"$(FILESYSTEMS)"; then \
560 echo
"No filesystems with extended attributes found!" ;\
563 $(verbose
) $(SETFILES
) -v
$(FCPATH
) $(FILESYSTEMS
)
566 @echo
"Relabeling filesystem types: ext2 ext3 xfs jfs"
567 @if
test -z
"$(FILESYSTEMS)"; then \
568 echo
"No filesystems with extended attributes found!" ;\
571 $(verbose
) $(SETFILES
) $(FCPATH
) $(FILESYSTEMS
)
574 @echo
"Resetting labels on filesystem types: ext2 ext3 xfs jfs"
575 @if
test -z
"$(FILESYSTEMS)"; then \
576 echo
"No filesystems with extended attributes found!" ;\
579 $(verbose
) $(SETFILES
) -F
$(FCPATH
) $(FILESYSTEMS
)
581 ########################################
593 # don't remove these files if we're given a local root
596 rm -f
$(SUPPORT
)/*.pyc
597 ifneq ($(GENERATED_TE
),)
598 rm -f
$(GENERATED_TE
)
600 ifneq ($(GENERATED_IF
),)
601 rm -f
$(GENERATED_IF
)
603 ifneq ($(GENERATED_FC
),)
604 rm -f
$(GENERATED_FC
)
608 .PHONY
: install-src install-appconfig generate xml conf html bare
tags