From 39869a77cbeb1967acfa1354092c81d05dd79be7 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Wed, 9 Sep 2009 09:59:07 -0700
Subject: Add selinux policy for ns-slapd

This adds a "dirsrv" selinux policy module to confine the ns-slapd
daemon.  The setup and migration perl modules were changed to take
care of any relabeling of installed files if selinux support was
compiled in.

The build system now takes a "--with-selinux" option that will
compile the dirsrv policy module and enable any selinux specific
setup code.

To use the dirsrv policy module, the module will need to be loaded
using the semodule utility.  It is also necessary to relabel the
installed files using restorecon after performing a make install.
All of this will be taken care of in the spec file when in the
case of using a RPM package.
---
 m4/selinux.m4 | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 m4/selinux.m4

(limited to 'm4')

diff --git a/m4/selinux.m4 b/m4/selinux.m4
new file mode 100644
index 00000000..de97c94e
--- /dev/null
+++ b/m4/selinux.m4
@@ -0,0 +1,34 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
+
+AC_CHECKING(for SELinux)
+
+# check for --with-selinux
+AC_MSG_CHECKING(for --with-selinux)
+AC_ARG_WITH(selinux, [  --with-selinux   Build SELinux policy],
+[
+  with_selinux=yes
+  AC_MSG_RESULT(yes)
+  AC_SUBST(with_selinux)
+  if test ! -f "/usr/share/selinux/devel/Makefile"; then
+    AC_MSG_ERROR([SELinux development tools (selinux-policy) not found])
+  fi
+],
+AC_MSG_RESULT(no))
-- 
cgit