diff options
| author | Nathan Straz <nstraz@redhat.com> | 2009-11-19 17:55:21 -0500 |
|---|---|---|
| committer | Nathan Straz <nstraz@redhat.com> | 2009-11-19 17:55:21 -0500 |
| commit | d29dd2b1490a689a3a8f1cb1f5f6375118b208e4 (patch) | |
| tree | 6ff6039799efc47eb203eb39eaf913d427ae00c4 /SELinux | |
| parent | bb3a9a109400c6b325f38a96ca65f5e684f63b71 (diff) | |
| download | qarsh-d29dd2b1490a689a3a8f1cb1f5f6375118b208e4.tar.gz qarsh-d29dd2b1490a689a3a8f1cb1f5f6375118b208e4.tar.xz qarsh-d29dd2b1490a689a3a8f1cb1f5f6375118b208e4.zip | |
Pull in all services and apps interfaces
This isn't completely possible because some interfaces cause
syntax or load errors. We need to keep a list of interfaces
to filter out to get something that loads.
This adds gxpp as a requirement to build qarsh.
Diffstat (limited to 'SELinux')
| -rw-r--r-- | SELinux/Makefile | 28 | ||||
| -rw-r--r-- | SELinux/qarshd.bad-interfaces | 32 | ||||
| -rw-r--r-- | SELinux/qarshd.te.m4 | 2 |
3 files changed, 44 insertions, 18 deletions
diff --git a/SELinux/Makefile b/SELinux/Makefile index 57aec51..c810efb 100644 --- a/SELinux/Makefile +++ b/SELinux/Makefile @@ -1,29 +1,25 @@ - # Since qarshd.te is generated, set an explicit dep on qarshd.pp all: qarshd.pp -vpath qarshd.% /usr/share/selinux/packages/qarsh selinux_devel := /usr/share/selinux/devel -interfaces := services/aisexec.if \ - services/ccs.if \ - services/rgmanager.if \ - services/rhcs.if \ - system/lvm.if \ - system/logging.if - - -interfaces_full := $(addprefix $(selinux_devel)/include/, $(interfaces)) -# Wouldn't it be nice to do them all? -#interfaces_full := $(wildcard $(selinux_devel)/include/services/*.if) - include $(selinux_devel)/Makefile qarshd.te: qarshd.te.in qarshd.te.trans cat $^ > $@ -qarshd.te.trans: qarshd.te.m4 $(interfaces_full) - $(M4) $^ | grep qarshd_t > $@ +# Pull all interfaces listed in policy.xml from the services or apps layer +# which have one parameter named domains and whose name contains domtrans +allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml) +badinterfaces := $(shell cat qarshd.bad-interfaces) + +# Filter out interfaces which break policy building or loading. +interfaces = $(filter-out $(badinterfaces), $(allinterfaces)) + +qarshd.te.trans: $(selinux_devel)/policy.xml qarshd.bad-interfaces + for d in $(interfaces); do \ + echo "$$d(qarshd_t)"; \ + done > $@ # Add a cleanup step for our generated files clean: clean-qarsh diff --git a/SELinux/qarshd.bad-interfaces b/SELinux/qarshd.bad-interfaces new file mode 100644 index 0000000..62a06c5 --- /dev/null +++ b/SELinux/qarshd.bad-interfaces @@ -0,0 +1,32 @@ +apache_script_domtrans +authbind_domtrans +avahi_initrc_domtrans +clockspeed_domtrans_cli +ddclient_domtrans +dnsmasq_initrc_domtrans +domain_entry_file_spec_domtrans +exim_domtrans +fail2ban_domtrans +init_script_domtrans_spec +loadkeys_domtrans +nx_spec_domtrans_server +oav_domtrans_update +openca_domtrans +pegasus_domtrans +pki_ca_script_domtrans +pki_kra_script_domtrans +pki_ocsp_script_domtrans +pki_ra_script_domtrans +pki_tks_script_domtrans +pki_tps_script_domtrans +portslave_domtrans +postgrey_script_domtrans +qemu_domtrans +qmail_domtrans_inject +qmail_domtrans_queue +rssh_spec_domtrans_all_users +spamassassin_spamd_initrc_domtrans +tor_domtrans +usernetctl_domtrans +uwimap_domtrans +yam_domtrans diff --git a/SELinux/qarshd.te.m4 b/SELinux/qarshd.te.m4 deleted file mode 100644 index 27291b1..0000000 --- a/SELinux/qarshd.te.m4 +++ /dev/null @@ -1,2 +0,0 @@ -define(interface, `ifelse(regexp($1, `domtrans$'), `-1', , `$1(qarshd_t)')') - |