diff options
author | Nathan Straz <nstraz@redhat.com> | 2009-11-19 17:55:21 -0500 |
---|---|---|
committer | Nathan Straz <nstraz@redhat.com> | 2009-11-19 17:55:21 -0500 |
commit | d29dd2b1490a689a3a8f1cb1f5f6375118b208e4 (patch) | |
tree | 6ff6039799efc47eb203eb39eaf913d427ae00c4 /SELinux/Makefile | |
parent | bb3a9a109400c6b325f38a96ca65f5e684f63b71 (diff) | |
download | qarsh-d29dd2b1490a689a3a8f1cb1f5f6375118b208e4.tar.gz qarsh-d29dd2b1490a689a3a8f1cb1f5f6375118b208e4.tar.xz qarsh-d29dd2b1490a689a3a8f1cb1f5f6375118b208e4.zip |
Pull in all services and apps interfaces
This isn't completely possible because some interfaces cause
syntax or load errors. We need to keep a list of interfaces
to filter out to get something that loads.
This adds gxpp as a requirement to build qarsh.
Diffstat (limited to 'SELinux/Makefile')
-rw-r--r-- | SELinux/Makefile | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/SELinux/Makefile b/SELinux/Makefile index 57aec51..c810efb 100644 --- a/SELinux/Makefile +++ b/SELinux/Makefile @@ -1,29 +1,25 @@ - # Since qarshd.te is generated, set an explicit dep on qarshd.pp all: qarshd.pp -vpath qarshd.% /usr/share/selinux/packages/qarsh selinux_devel := /usr/share/selinux/devel -interfaces := services/aisexec.if \ - services/ccs.if \ - services/rgmanager.if \ - services/rhcs.if \ - system/lvm.if \ - system/logging.if - - -interfaces_full := $(addprefix $(selinux_devel)/include/, $(interfaces)) -# Wouldn't it be nice to do them all? -#interfaces_full := $(wildcard $(selinux_devel)/include/services/*.if) - include $(selinux_devel)/Makefile qarshd.te: qarshd.te.in qarshd.te.trans cat $^ > $@ -qarshd.te.trans: qarshd.te.m4 $(interfaces_full) - $(M4) $^ | grep qarshd_t > $@ +# Pull all interfaces listed in policy.xml from the services or apps layer +# which have one parameter named domains and whose name contains domtrans +allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml) +badinterfaces := $(shell cat qarshd.bad-interfaces) + +# Filter out interfaces which break policy building or loading. +interfaces = $(filter-out $(badinterfaces), $(allinterfaces)) + +qarshd.te.trans: $(selinux_devel)/policy.xml qarshd.bad-interfaces + for d in $(interfaces); do \ + echo "$$d(qarshd_t)"; \ + done > $@ # Add a cleanup step for our generated files clean: clean-qarsh |