1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
################################################################################
#
# policycoreutils
#
################################################################################
POLICYCOREUTILS_VERSION = 2.6
POLICYCOREUTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
POLICYCOREUTILS_LICENSE = GPL-2.0
POLICYCOREUTILS_LICENSE_FILES = COPYING
POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
POLICYCOREUTILS_DEPENDENCIES += linux-pam
POLICYCOREUTILS_MAKE_OPTS += NAMESPACE_PRIV=y
define POLICYCOREUTILS_INSTALL_TARGET_LINUX_PAM_CONFS
$(INSTALL) -D -m 0644 $(@D)/newrole/newrole-lspp.pamd $(TARGET_DIR)/etc/pam.d/newrole
$(INSTALL) -D -m 0644 $(@D)/run_init/run_init.pamd $(TARGET_DIR)/etc/pam.d/run_init
endef
endif
ifeq ($(BR2_PACKAGE_AUDIT),y)
POLICYCOREUTILS_DEPENDENCIES += audit
POLICYCOREUTILS_MAKE_OPTS += AUDIT_LOG_PRIV=y
endif
# Enable LSPP_PRIV if both audit and linux pam are enabled
ifeq ($(BR2_PACKAGE_LINUX_PAM)$(BR2_PACKAGE_AUDIT),yy)
POLICYCOREUTILS_MAKE_OPTS += LSPP_PRIV=y
endif
# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
# large file support.
# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
POLICYCOREUTILS_MAKE_OPTS += \
$(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS" \
CPPFLAGS="$(TARGET_CPPFLAGS) -U_FILE_OFFSET_BITS" \
ARCH="$(BR2_ARCH)"
POLICYCOREUTILS_MAKE_DIRS = \
load_policy newrole run_init \
secon semodule semodule_deps \
semodule_expand semodule_link \
semodule_package sepolgen-ifgen \
sestatus setfiles setsebool
ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
POLICYCOREUTILS_MAKE_DIRS += restorecond
POLICYCOREUTILS_DEPENDENCIES += libglib2
endif
ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW),y)
ifeq ($(BR2_PACKAGE_PYTHON3),y)
POLICYCOREUTILS_DEPENDENCIES += python3
POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
else
POLICYCOREUTILS_DEPENDENCIES += python
POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
endif
POLICYCOREUTILS_DEPENDENCIES += sepolgen checkpolicy
POLICYCOREUTILS_MAKE_DIRS += audit2allow
endif
# We need to pass DESTDIR at build time because it's used by
# policycoreutils build system to find headers and libraries.
define POLICYCOREUTILS_BUILD_CMDS
$(foreach d,$(POLICYCOREUTILS_MAKE_DIRS),
$(MAKE) -C $(@D)/$(d) $(POLICYCOREUTILS_MAKE_OPTS) \
DESTDIR=$(STAGING_DIR) all
)
endef
define POLICYCOREUTILS_INSTALL_TARGET_CMDS
$(foreach d,$(POLICYCOREUTILS_MAKE_DIRS),
$(MAKE) -C $(@D)/$(d) $(POLICYCOREUTILS_MAKE_OPTS) \
DESTDIR=$(TARGET_DIR) install
)
endef
HOST_POLICYCOREUTILS_DEPENDENCIES = \
host-libsemanage host-dbus-glib \
host-sepolgen host-setools
# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
# large file support.
# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
# We need to pass DESTDIR at build time because it's used by
# policycoreutils build system to find headers and libraries.
# We also need to pass PREFIX because it defaults to $(DESTDIR)/usr
HOST_POLICYCOREUTILS_MAKE_OPTS = \
$(HOST_CONFIGURE_OPTS) \
CFLAGS="$(HOST_CFLAGS) -U_FILE_OFFSET_BITS" \
CPPFLAGS="$(HOST_CPPFLAGS) -U_FILE_OFFSET_BITS" \
PYTHON="$(HOST_DIR)/bin/python" \
PYTHON_INSTALL_ARGS="$(HOST_PKG_PYTHON_DISTUTILS_INSTALL_OPTS)" \
ARCH="$(HOSTARCH)" \
DESTDIR=$(HOST_DIR) \
PREFIX=$(HOST_DIR)
ifeq ($(BR2_PACKAGE_PYTHON3),y)
HOST_POLICYCOREUTILS_DEPENDENCIES += host-python3
HOST_POLICYCOREUTILS_MAKE_OPTS += \
PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
else
HOST_POLICYCOREUTILS_DEPENDENCIES += host-python
HOST_POLICYCOREUTILS_MAKE_OPTS += \
PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
endif
# Note: We are only building the programs required by the refpolicy build
HOST_POLICYCOREUTILS_MAKE_DIRS = \
load_policy semodule semodule_deps \
semodule_expand semodule_link \
semodule_package setfiles restorecond \
audit2allow scripts semanage sepolicy
define HOST_POLICYCOREUTILS_BUILD_CMDS
$(foreach d,$(HOST_POLICYCOREUTILS_MAKE_DIRS),
$(MAKE) -C $(@D)/$(d) $(HOST_POLICYCOREUTILS_MAKE_OPTS) all
)
endef
define HOST_POLICYCOREUTILS_INSTALL_CMDS
$(foreach d,$(HOST_POLICYCOREUTILS_MAKE_DIRS),
$(MAKE) -C $(@D)/$(d) $(HOST_POLICYCOREUTILS_MAKE_OPTS) install
)
# Fix python paths
$(SED) 's%/usr/bin/%$(HOST_DIR)/bin/%g' $(HOST_DIR)/bin/audit2allow
$(SED) 's%/usr/bin/%$(HOST_DIR)/bin/%g' $(HOST_DIR)/bin/sepolgen-ifgen
$(SED) 's%/usr/bin/%$(HOST_DIR)/bin/%g' $(HOST_DIR)/bin/sepolicy
endef
$(eval $(generic-package))
$(eval $(host-generic-package))
|
