diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2009-09-09 09:59:07 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@redhat.com> | 2009-09-09 09:59:07 -0700 |
| commit | 39869a77cbeb1967acfa1354092c81d05dd79be7 (patch) | |
| tree | dc4cc882f80cd3d5bb7344af4d0703d0665316f3 /Makefile.am | |
| parent | 01b9f5e3b023ef19608bb017560adcca13271e1f (diff) | |
| download | ds-39869a77cbeb1967acfa1354092c81d05dd79be7.tar.gz ds-39869a77cbeb1967acfa1354092c81d05dd79be7.tar.xz ds-39869a77cbeb1967acfa1354092c81d05dd79be7.zip | |
Add selinux policy for ns-slapd
This adds a "dirsrv" selinux policy module to confine the ns-slapd
daemon. The setup and migration perl modules were changed to take
care of any relabeling of installed files if selinux support was
compiled in.
The build system now takes a "--with-selinux" option that will
compile the dirsrv policy module and enable any selinux specific
setup code.
To use the dirsrv policy module, the module will need to be loaded
using the semodule utility. It is also necessary to relabel the
installed files using restorecon after performing a make install.
All of this will be taken care of in the spec file when in the
case of using a RPM package.
Diffstat (limited to 'Makefile.am')
| -rw-r--r-- | Makefile.am | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index ac7ab276..665b1f4f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -94,9 +94,23 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \ ldap/ldif/template-orgunit.ldif ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \ ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif +clean-local: + -rm -rf selinux-built + dberrstrs.h: Makefile perl $(srcdir)/ldap/servers/slapd/mkDBErrStrs.pl -i @db_incdir@ -o . +selinux-built: + cp -r $(srcdir)/selinux $@ + +selinux-built/dirsrv.fc: selinux-built + $(fixupcmd) selinux-built/dirsrv.fc.in > $@ + +selinux-built/dirsrv.pp: selinux-built/dirsrv.fc + cd selinux-built && $(MAKE) + + + #------------------------ # Install Paths #------------------------ @@ -113,6 +127,7 @@ instconfigdir = @instconfigdir@ perldir = $(libdir)@perldir@ infdir = $(datadir)@infdir@ mibdir = $(datadir)@mibdir@ +policydir = $(datadir)/selinux/targeted defaultuser=@defaultuser@ defaultgroup=@defaultgroup@ @@ -150,6 +165,10 @@ else enable_presence = off endif +if SELINUX +POLICY_MODULE = selinux-built/dirsrv.pp +endif + serverplugin_LTLIBRARIES = libacl-plugin.la libattr-unique-plugin.la \ libback-ldbm.la libchainingdb-plugin.la libcollation-plugin.la \ libcos-plugin.la libderef-plugin.la libdes-plugin.la libdistrib-plugin.la \ @@ -170,6 +189,8 @@ noinst_LIBRARIES = libavl.a libldaputil.a #------------------------ # Installed Files #------------------------ +policy_DATA = $(POLICY_MODULE) + config_DATA = $(srcdir)/lib/ldaputil/certmap.conf \ $(srcdir)/ldap/schema/slapd-collations.conf \ ldap/admin/src/template-initconfig @@ -1226,6 +1247,7 @@ fixupcmd = sed \ -e 's,@defaultuser\@,$(defaultuser),g' \ -e 's,@defaultgroup\@,$(defaultgroup),g' \ -e 's,@with_fhs_opt\@,@with_fhs_opt@,g' \ + -e 's,@with_selinux\@,@with_selinux@,g' \ -e 's,@perlexec\@,@perlexec@,g' \ -e 's,@initconfigdir\@,$(initconfigdir),g' else @@ -1277,6 +1299,7 @@ fixupcmd = sed \ -e 's,@defaultuser\@,$(defaultuser),g' \ -e 's,@defaultgroup\@,$(defaultgroup),g' \ -e 's,@with_fhs_opt\@,@with_fhs_opt@,g' \ + -e 's,@with_selinux\@,@with_selinux@,g' \ -e 's,@perlexec\@,@perlexec@,g' \ -e 's,@initconfigdir\@,$(initconfigdir),g' endif |