From fe26bd0dd52c93eba1fe7867fd765cd4be3486e6 Mon Sep 17 00:00:00 2001 From: Wolfram Sang Date: Mon, 7 Jan 2013 08:21:52 +0100 Subject: policycoreutils: add package Signed-off-by: Wolfram Sang Signed-off-by: Marc Kleine-Budde --- .../0001-restorecond-use-pkg-config.patch | 34 ++++ ...move-host-path-from-list-of-header-search.patch | 204 +++++++++++++++++++++ ...move-host-path-from-list-of-linker-search.patch | 176 ++++++++++++++++++ ...low-PAMH-AUDITH-and-INOTIFYH-to-be-overwr.patch | 68 +++++++ ...weaks-to-make-it-work-better-with-busybox.patch | 69 +++++++ patches/policycoreutils-2.1.13/series | 8 + rules/policycoreutils.in | 116 ++++++++++++ rules/policycoreutils.make | 161 ++++++++++++++++ 8 files changed, 836 insertions(+) create mode 100644 patches/policycoreutils-2.1.13/0001-restorecond-use-pkg-config.patch create mode 100644 patches/policycoreutils-2.1.13/0002-makefile-remove-host-path-from-list-of-header-search.patch create mode 100644 patches/policycoreutils-2.1.13/0003-makefile-remove-host-path-from-list-of-linker-search.patch create mode 100644 patches/policycoreutils-2.1.13/0004-makefile-Allow-PAMH-AUDITH-and-INOTIFYH-to-be-overwr.patch create mode 100644 patches/policycoreutils-2.1.13/0005-fixfiles-tweaks-to-make-it-work-better-with-busybox.patch create mode 100644 patches/policycoreutils-2.1.13/series create mode 100644 rules/policycoreutils.in create mode 100644 rules/policycoreutils.make diff --git a/patches/policycoreutils-2.1.13/0001-restorecond-use-pkg-config.patch b/patches/policycoreutils-2.1.13/0001-restorecond-use-pkg-config.patch new file mode 100644 index 000000000..89ff58637 --- /dev/null +++ b/patches/policycoreutils-2.1.13/0001-restorecond-use-pkg-config.patch @@ -0,0 +1,34 @@ +From: Wolfram Sang +Date: Mon, 14 Jan 2013 20:04:50 +0100 +Subject: [PATCH] restorecond: use pkg-config + +...instead of hard coding paths. + +Signed-off-by: Wolfram Sang +Signed-off-by: Marc Kleine-Budde +--- + restorecond/Makefile | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/restorecond/Makefile b/restorecond/Makefile +index 3074542..16e60e8 100644 +--- a/restorecond/Makefile ++++ b/restorecond/Makefile +@@ -10,13 +10,13 @@ autostart_DATA = sealertauto.desktop + INITDIR = $(DESTDIR)/etc/rc.d/init.d + SELINUXDIR = $(DESTDIR)/etc/selinux + +-DBUSFLAGS = -DHAVE_DBUS -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include +-DBUSLIB = -ldbus-glib-1 -ldbus-1 ++DBUSFLAGS = -DHAVE_DBUS `pkg-config --cflags dbus-glib-1` ++DBUSLIB = `pkg-config --libs dbus-glib-1` + + CFLAGS ?= -g -Werror -Wall -W +-override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include ++override CFLAGS += $(DBUSFLAGS) + +-LDLIBS += -lselinux $(DBUSLIB) -lglib-2.0 -L$(LIBDIR) ++LDLIBS += -lselinux $(DBUSLIB) + + all: restorecond + diff --git a/patches/policycoreutils-2.1.13/0002-makefile-remove-host-path-from-list-of-header-search.patch b/patches/policycoreutils-2.1.13/0002-makefile-remove-host-path-from-list-of-header-search.patch new file mode 100644 index 000000000..daa548110 --- /dev/null +++ b/patches/policycoreutils-2.1.13/0002-makefile-remove-host-path-from-list-of-header-search.patch @@ -0,0 +1,204 @@ +From: Marc Kleine-Budde +Date: Tue, 15 Jan 2013 11:12:53 +0100 +Subject: [PATCH] makefile: remove host path from list of header search dirs + +Signed-off-by: Marc Kleine-Budde +--- + load_policy/Makefile | 2 +- + newrole/Makefile | 2 +- + run_init/Makefile | 2 +- + sandbox/Makefile | 2 +- + secon/Makefile | 2 +- + semodule/Makefile | 2 +- + semodule_deps/Makefile | 2 +- + semodule_expand/Makefile | 2 +- + semodule_link/Makefile | 2 +- + semodule_package/Makefile | 2 +- + sepolgen-ifgen/Makefile | 2 +- + sestatus/Makefile | 2 +- + setfiles/Makefile | 2 +- + setsebool/Makefile | 2 +- + 14 files changed, 14 insertions(+), 14 deletions(-) + +diff --git a/load_policy/Makefile b/load_policy/Makefile +index 5da2e0d..fb2dcae 100644 +--- a/load_policy/Makefile ++++ b/load_policy/Makefile +@@ -6,7 +6,7 @@ MANDIR ?= $(PREFIX)/share/man + LOCALEDIR ?= /usr/share/locale + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" ++override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" + LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib + + TARGETS=$(patsubst %.c,%,$(wildcard *.c)) +diff --git a/newrole/Makefile b/newrole/Makefile +index 646cd4d..734b162 100644 +--- a/newrole/Makefile ++++ b/newrole/Makefile +@@ -22,7 +22,7 @@ VERSION = $(shell cat ../VERSION) + + CFLAGS ?= -Werror -Wall -W + EXTRA_OBJS = +-override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" ++override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" + LDLIBS += -lselinux -L$(PREFIX)/lib + ifeq ($(PAMH), /usr/include/security/pam_appl.h) + override CFLAGS += -DUSE_PAM +diff --git a/run_init/Makefile b/run_init/Makefile +index 12b39b4..0949085 100644 +--- a/run_init/Makefile ++++ b/run_init/Makefile +@@ -9,7 +9,7 @@ PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) + AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" ++override CFLAGS += -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" + LDLIBS += -lselinux -L$(PREFIX)/lib + ifeq ($(PAMH), /usr/include/security/pam_appl.h) + override CFLAGS += -DUSE_PAM +diff --git a/sandbox/Makefile b/sandbox/Makefile +index 981c56c..fcaef50 100644 +--- a/sandbox/Makefile ++++ b/sandbox/Makefile +@@ -7,7 +7,7 @@ SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man + LOCALEDIR ?= /usr/share/locale + SHAREDIR ?= $(PREFIX)/share/sandbox +-override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W ++override CFLAGS += $(LDFLAGS) -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W + LDLIBS += -lcgroup -lselinux -lcap-ng -L$(LIBDIR) + SEUNSHARE_OBJS = seunshare.o + +diff --git a/secon/Makefile b/secon/Makefile +index a2d9ca6..4bd6e18 100644 +--- a/secon/Makefile ++++ b/secon/Makefile +@@ -8,7 +8,7 @@ LIBDIR ?= $(PREFIX)/lib + WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal + VERSION = $(shell cat ../VERSION) + CFLAGS ?= $(WARNS) -O1 +-override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR) ++override CFLAGS += -DVERSION=\"$(VERSION)\" + LDLIBS = -lselinux -L$(LIBDIR) + + all: secon +diff --git a/semodule/Makefile b/semodule/Makefile +index a90babe..e45b705 100644 +--- a/semodule/Makefile ++++ b/semodule/Makefile +@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man + LIBDIR ?= $(PREFIX)/lib + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(INCLUDEDIR) ++override CFLAGS += + LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR) + SEMODULE_OBJS = semodule.o + +diff --git a/semodule_deps/Makefile b/semodule_deps/Makefile +index 28d667e..285e0d6 100644 +--- a/semodule_deps/Makefile ++++ b/semodule_deps/Makefile +@@ -6,7 +6,7 @@ LIBDIR ?= $(PREFIX)/lib + MANDIR ?= $(PREFIX)/share/man + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(INCLUDEDIR) ++override CFLAGS += + LDLIBS = $(LIBDIR)/libsepol.a + + all: semodule_deps +diff --git a/semodule_expand/Makefile b/semodule_expand/Makefile +index d34d396..9bfecdf 100644 +--- a/semodule_expand/Makefile ++++ b/semodule_expand/Makefile +@@ -6,7 +6,7 @@ LIBDIR ?= $(PREFIX)/lib + MANDIR ?= $(PREFIX)/share/man + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(INCLUDEDIR) ++override CFLAGS += + LDLIBS = -lsepol -lselinux -L$(LIBDIR) + + all: semodule_expand +diff --git a/semodule_link/Makefile b/semodule_link/Makefile +index 5c11348..f8fc271 100644 +--- a/semodule_link/Makefile ++++ b/semodule_link/Makefile +@@ -6,7 +6,7 @@ MANDIR ?= $(PREFIX)/share/man + LIBDIR ?= $(PREFIX)/lib + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(INCLUDEDIR) ++override CFLAGS += + LDLIBS = -lsepol -lselinux -L$(LIBDIR) + + all: semodule_link +diff --git a/semodule_package/Makefile b/semodule_package/Makefile +index 928b5e3..dad21ec 100644 +--- a/semodule_package/Makefile ++++ b/semodule_package/Makefile +@@ -6,7 +6,7 @@ LIBDIR ?= $(PREFIX)/lib + MANDIR ?= $(PREFIX)/share/man + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(INCLUDEDIR) ++override CFLAGS += + LDLIBS = -lsepol -lselinux -L$(LIBDIR) + + all: semodule_package semodule_unpackage +diff --git a/sepolgen-ifgen/Makefile b/sepolgen-ifgen/Makefile +index 07af599..08f80b0 100644 +--- a/sepolgen-ifgen/Makefile ++++ b/sepolgen-ifgen/Makefile +@@ -5,7 +5,7 @@ LIBDIR ?= $(PREFIX)/lib + INCLUDEDIR ?= $(PREFIX)/include + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(INCLUDEDIR) ++override CFLAGS += + LDLIBS = $(LIBDIR)/libsepol.a + + all: sepolgen-ifgen-attr-helper +diff --git a/sestatus/Makefile b/sestatus/Makefile +index c5db7a3..46d4b81 100644 +--- a/sestatus/Makefile ++++ b/sestatus/Makefile +@@ -6,7 +6,7 @@ ETCDIR ?= $(DESTDIR)/etc + LIBDIR ?= $(PREFIX)/lib + + CFLAGS = -Werror -Wall -W +-override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 ++override CFLAGS += -D_FILE_OFFSET_BITS=64 + LDLIBS = -lselinux -L$(LIBDIR) + + all: sestatus +diff --git a/setfiles/Makefile b/setfiles/Makefile +index 4b44b3c..579dc34 100644 +--- a/setfiles/Makefile ++++ b/setfiles/Makefile +@@ -9,7 +9,7 @@ PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$ + ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }') + + CFLAGS = -g -Werror -Wall -W +-override CFLAGS += -I$(PREFIX)/include ++override CFLAGS += + LDLIBS = -lselinux -lsepol -L$(LIBDIR) + + ifeq ($(AUDITH), /usr/include/libaudit.h) +diff --git a/setsebool/Makefile b/setsebool/Makefile +index a6addc5..5fb13f2 100644 +--- a/setsebool/Makefile ++++ b/setsebool/Makefile +@@ -7,7 +7,7 @@ LIBDIR ?= $(PREFIX)/lib + BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/ + + CFLAGS ?= -Werror -Wall -W +-override CFLAGS += -I$(INCLUDEDIR) ++override CFLAGS += + LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR) + SETSEBOOL_OBJS = setsebool.o + diff --git a/patches/policycoreutils-2.1.13/0003-makefile-remove-host-path-from-list-of-linker-search.patch b/patches/policycoreutils-2.1.13/0003-makefile-remove-host-path-from-list-of-linker-search.patch new file mode 100644 index 000000000..4c7c124c9 --- /dev/null +++ b/patches/policycoreutils-2.1.13/0003-makefile-remove-host-path-from-list-of-linker-search.patch @@ -0,0 +1,176 @@ +From: Marc Kleine-Budde +Date: Tue, 15 Jan 2013 11:13:24 +0100 +Subject: [PATCH] makefile: remove host path from list of linker search dirs + +Signed-off-by: Marc Kleine-Budde +--- + load_policy/Makefile | 2 +- + newrole/Makefile | 2 +- + run_init/Makefile | 2 +- + sandbox/Makefile | 2 +- + secon/Makefile | 2 +- + semodule/Makefile | 2 +- + semodule_expand/Makefile | 2 +- + semodule_link/Makefile | 2 +- + semodule_package/Makefile | 2 +- + sestatus/Makefile | 2 +- + setfiles/Makefile | 2 +- + setsebool/Makefile | 2 +- + 12 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/load_policy/Makefile b/load_policy/Makefile +index fb2dcae..9478c0d 100644 +--- a/load_policy/Makefile ++++ b/load_policy/Makefile +@@ -7,7 +7,7 @@ LOCALEDIR ?= /usr/share/locale + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" +-LDLIBS += -lsepol -lselinux -L$(PREFIX)/lib ++LDLIBS += -lsepol -lselinux + + TARGETS=$(patsubst %.c,%,$(wildcard *.c)) + +diff --git a/newrole/Makefile b/newrole/Makefile +index 734b162..e9834a3 100644 +--- a/newrole/Makefile ++++ b/newrole/Makefile +@@ -23,7 +23,7 @@ VERSION = $(shell cat ../VERSION) + CFLAGS ?= -Werror -Wall -W + EXTRA_OBJS = + override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" +-LDLIBS += -lselinux -L$(PREFIX)/lib ++LDLIBS += -lselinux + ifeq ($(PAMH), /usr/include/security/pam_appl.h) + override CFLAGS += -DUSE_PAM + EXTRA_OBJS += hashtab.o +diff --git a/run_init/Makefile b/run_init/Makefile +index 0949085..da45cc2 100644 +--- a/run_init/Makefile ++++ b/run_init/Makefile +@@ -10,7 +10,7 @@ AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" +-LDLIBS += -lselinux -L$(PREFIX)/lib ++LDLIBS += -lselinux + ifeq ($(PAMH), /usr/include/security/pam_appl.h) + override CFLAGS += -DUSE_PAM + LDLIBS += -lpam -lpam_misc +diff --git a/sandbox/Makefile b/sandbox/Makefile +index fcaef50..d0a7d5a 100644 +--- a/sandbox/Makefile ++++ b/sandbox/Makefile +@@ -8,7 +8,7 @@ MANDIR ?= $(PREFIX)/share/man + LOCALEDIR ?= /usr/share/locale + SHAREDIR ?= $(PREFIX)/share/sandbox + override CFLAGS += $(LDFLAGS) -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W +-LDLIBS += -lcgroup -lselinux -lcap-ng -L$(LIBDIR) ++LDLIBS += -lcgroup -lselinux -lcap-ng + SEUNSHARE_OBJS = seunshare.o + + all: sandbox seunshare sandboxX.sh start +diff --git a/secon/Makefile b/secon/Makefile +index 4bd6e18..1f074ff 100644 +--- a/secon/Makefile ++++ b/secon/Makefile +@@ -9,7 +9,7 @@ WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wca + VERSION = $(shell cat ../VERSION) + CFLAGS ?= $(WARNS) -O1 + override CFLAGS += -DVERSION=\"$(VERSION)\" +-LDLIBS = -lselinux -L$(LIBDIR) ++LDLIBS = -lselinux + + all: secon + +diff --git a/semodule/Makefile b/semodule/Makefile +index e45b705..5ac4393 100644 +--- a/semodule/Makefile ++++ b/semodule/Makefile +@@ -7,7 +7,7 @@ LIBDIR ?= $(PREFIX)/lib + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += +-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR) ++LDLIBS = -lsepol -lselinux -lsemanage + SEMODULE_OBJS = semodule.o + + all: semodule +diff --git a/semodule_expand/Makefile b/semodule_expand/Makefile +index 9bfecdf..9d9c3c9 100644 +--- a/semodule_expand/Makefile ++++ b/semodule_expand/Makefile +@@ -7,7 +7,7 @@ MANDIR ?= $(PREFIX)/share/man + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += +-LDLIBS = -lsepol -lselinux -L$(LIBDIR) ++LDLIBS = -lsepol -lselinux + + all: semodule_expand + +diff --git a/semodule_link/Makefile b/semodule_link/Makefile +index f8fc271..cbb7cb7 100644 +--- a/semodule_link/Makefile ++++ b/semodule_link/Makefile +@@ -7,7 +7,7 @@ LIBDIR ?= $(PREFIX)/lib + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += +-LDLIBS = -lsepol -lselinux -L$(LIBDIR) ++LDLIBS = -lsepol -lselinux + + all: semodule_link + +diff --git a/semodule_package/Makefile b/semodule_package/Makefile +index dad21ec..9238014 100644 +--- a/semodule_package/Makefile ++++ b/semodule_package/Makefile +@@ -7,7 +7,7 @@ MANDIR ?= $(PREFIX)/share/man + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += +-LDLIBS = -lsepol -lselinux -L$(LIBDIR) ++LDLIBS = -lsepol -lselinux + + all: semodule_package semodule_unpackage + +diff --git a/sestatus/Makefile b/sestatus/Makefile +index 46d4b81..1007d64 100644 +--- a/sestatus/Makefile ++++ b/sestatus/Makefile +@@ -7,7 +7,7 @@ LIBDIR ?= $(PREFIX)/lib + + CFLAGS = -Werror -Wall -W + override CFLAGS += -D_FILE_OFFSET_BITS=64 +-LDLIBS = -lselinux -L$(LIBDIR) ++LDLIBS = -lselinux + + all: sestatus + +diff --git a/setfiles/Makefile b/setfiles/Makefile +index 579dc34..33f1c11 100644 +--- a/setfiles/Makefile ++++ b/setfiles/Makefile +@@ -10,7 +10,7 @@ ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ + + CFLAGS = -g -Werror -Wall -W + override CFLAGS += +-LDLIBS = -lselinux -lsepol -L$(LIBDIR) ++LDLIBS = -lselinux -lsepol + + ifeq ($(AUDITH), /usr/include/libaudit.h) + override CFLAGS += -DUSE_AUDIT +diff --git a/setsebool/Makefile b/setsebool/Makefile +index 5fb13f2..f4bde6b 100644 +--- a/setsebool/Makefile ++++ b/setsebool/Makefile +@@ -8,7 +8,7 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/ + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += +-LDLIBS = -lsepol -lselinux -lsemanage -L$(LIBDIR) ++LDLIBS = -lsepol -lselinux -lsemanage + SETSEBOOL_OBJS = setsebool.o + + BASHCOMPLETIONS=setsebool-bash-completion.sh diff --git a/patches/policycoreutils-2.1.13/0004-makefile-Allow-PAMH-AUDITH-and-INOTIFYH-to-be-overwr.patch b/patches/policycoreutils-2.1.13/0004-makefile-Allow-PAMH-AUDITH-and-INOTIFYH-to-be-overwr.patch new file mode 100644 index 000000000..27f46209b --- /dev/null +++ b/patches/policycoreutils-2.1.13/0004-makefile-Allow-PAMH-AUDITH-and-INOTIFYH-to-be-overwr.patch @@ -0,0 +1,68 @@ +From: Marc Kleine-Budde +Date: Tue, 15 Jan 2013 11:33:01 +0100 +Subject: [PATCH] makefile: Allow PAMH, AUDITH and INOTIFYH to be overwritten + by ENV + +Signed-off-by: Marc Kleine-Budde +--- + Makefile | 2 +- + newrole/Makefile | 4 ++-- + run_init/Makefile | 4 ++-- + setfiles/Makefile | 2 +- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/Makefile b/Makefile +index 77d8c80..7c85244 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui + +-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) ++INOTIFYH ?= $(shell ls /usr/include/sys/inotify.h 2>/dev/null) + + ifeq (${INOTIFYH}, /usr/include/sys/inotify.h) + SUBDIRS += restorecond +diff --git a/newrole/Makefile b/newrole/Makefile +index e9834a3..96bf978 100644 +--- a/newrole/Makefile ++++ b/newrole/Makefile +@@ -4,8 +4,8 @@ BINDIR ?= $(PREFIX)/bin + MANDIR ?= $(PREFIX)/share/man + ETCDIR ?= $(DESTDIR)/etc + LOCALEDIR = /usr/share/locale +-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) ++PAMH ?= $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) ++AUDITH ?= $(shell ls /usr/include/libaudit.h 2>/dev/null) + # Enable capabilities to permit newrole to generate audit records. + # This will make newrole a setuid root program. + # The capabilities used are: CAP_AUDIT_WRITE. +diff --git a/run_init/Makefile b/run_init/Makefile +index da45cc2..43bd935 100644 +--- a/run_init/Makefile ++++ b/run_init/Makefile +@@ -5,8 +5,8 @@ SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man + ETCDIR ?= $(DESTDIR)/etc + LOCALEDIR ?= /usr/share/locale +-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) ++PAMH ?= $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) ++AUDITH ?= $(shell ls /usr/include/libaudit.h 2>/dev/null) + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" +diff --git a/setfiles/Makefile b/setfiles/Makefile +index 33f1c11..4b3aaa0 100644 +--- a/setfiles/Makefile ++++ b/setfiles/Makefile +@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr + SBINDIR ?= $(DESTDIR)/sbin + MANDIR = $(PREFIX)/share/man + LIBDIR ?= $(PREFIX)/lib +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) ++AUDITH ?= $(shell ls /usr/include/libaudit.h 2>/dev/null) + + PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }') + ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }') diff --git a/patches/policycoreutils-2.1.13/0005-fixfiles-tweaks-to-make-it-work-better-with-busybox.patch b/patches/policycoreutils-2.1.13/0005-fixfiles-tweaks-to-make-it-work-better-with-busybox.patch new file mode 100644 index 000000000..197194f1d --- /dev/null +++ b/patches/policycoreutils-2.1.13/0005-fixfiles-tweaks-to-make-it-work-better-with-busybox.patch @@ -0,0 +1,69 @@ +From: Marc Kleine-Budde +Date: Thu, 24 Jan 2013 13:45:08 +0100 +Subject: [PATCH] fixfiles: tweaks to make it work better with busybox + +Signed-off-by: Marc Kleine-Budde +--- + scripts/fixfiles | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/scripts/fixfiles b/scripts/fixfiles +index 989b1ae..0e74d49 100755 +--- a/scripts/fixfiles ++++ b/scripts/fixfiles +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + # fixfiles + # + # Script to restore labels on a SELinux box +@@ -25,7 +25,7 @@ + # number if the current kernel version is greater than 2.6.30, a negative + # number if the current is less than 2.6.30 and 0 if they are the same. + # +-function useseclabel { ++useseclabel() { + VER=`uname -r` + SUP=2.6.30 + expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \ +@@ -43,9 +43,9 @@ FS="`cat /proc/self/mounts | sort | uniq | awk '{print $2}'`" + for i in $FS; do + if [ `useseclabel` -ge 0 ] + then +- grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)seclabel(,|$)' && echo $i ++ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep -q '(^|,)seclabel(,|$)' && echo $i + else +- grep " $i " /proc/self/mounts | grep -v "context=" | egrep --silent '(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs )' && echo $i ++ grep " $i " /proc/self/mounts | grep -v "context=" | egrep -q '(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs )' && echo $i + fi + done + } +@@ -53,14 +53,14 @@ done + get_rw_labeled_mounts() { + FS=`get_all_labeled_mounts | sort | uniq` + for i in $FS; do +- grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)rw(,|$)' && echo $i ++ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep -q '(^|,)rw(,|$)' && echo $i + done + } + + get_ro_labeled_mounts() { + FS=`get_all_labeled_mounts | sort | uniq` + for i in $FS; do +- grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)ro(,|$)' && echo $i ++ grep " $i " /proc/self/mounts | awk '{print $4}' | egrep -q '(^|,)ro(,|$)' && echo $i + done + } + +@@ -191,8 +191,9 @@ fi + } + + rpmlist() { +-rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' +-[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr ++#rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' ++#[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr ++ return + } + + # diff --git a/patches/policycoreutils-2.1.13/series b/patches/policycoreutils-2.1.13/series new file mode 100644 index 000000000..ecf4894c9 --- /dev/null +++ b/patches/policycoreutils-2.1.13/series @@ -0,0 +1,8 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +0001-restorecond-use-pkg-config.patch +0002-makefile-remove-host-path-from-list-of-header-search.patch +0003-makefile-remove-host-path-from-list-of-linker-search.patch +0004-makefile-Allow-PAMH-AUDITH-and-INOTIFYH-to-be-overwr.patch +0005-fixfiles-tweaks-to-make-it-work-better-with-busybox.patch +# 19a316f0a1ef9696634d97495449d12e - git-ptx-patches magic diff --git a/rules/policycoreutils.in b/rules/policycoreutils.in new file mode 100644 index 000000000..521d41452 --- /dev/null +++ b/rules/policycoreutils.in @@ -0,0 +1,116 @@ +## SECTION=selinux + +menuconfig POLICYCOREUTILS + tristate + prompt "policycoreutils" + select DBUS # if POLICYCOREUTILS_SANDBOX + select DBUS_GLIB # if POLICYCOREUTILS_RESTORECOND + select LIBC_CRYPT # if POLICYCOREUTILS_NEWROLE || POLICYCOREUTILS_RUN_INIT + select LIBCAP_NG if POLICYCOREUTILS_SANDBOX || POLICYCOREUTILS_NEWROLE + select LIBCAP_NG if BUILDTIME + select LIBCGROUP if POLICYCOREUTILS_SANDBOX + select LIBCGROUP if BUILDTIME + select LIBSELINUX + select LIBSEMANAGE + select LIBSEPOL + select BUSYBOX_FEATURE_FIND_DELETE if BUSYBOX_FIND + select BUSYBOX_FEATURE_FIND_CONTEXT if BUSYBOX_FIND + help + This package contains the core policy utilities that are required + for basic operation of an SELinux system. These utilities include + load_policy to load policies, setfiles to label filesystems, newrole + to switch roles, and run_init to run /etc/init.d scripts in the proper + context. + +if POLICYCOREUTILS + +config POLICYCOREUTILS_AUDIT2ALLOW + bool + depends on PYTHON + prompt "audit2allow" + +config POLICYCOREUTILS_AUDIT2WHY + bool + depends on POLICYCOREUTILS_AUDIT2ALLOW + prompt "audit2why" + +config POLICYCOREUTILS_CHCAT + bool + depends on PYTHON + prompt "chcat" + +config POLICYCOREUTILS_FIXFILES + bool + prompt "fixfiles" + +config POLICYCOREUTILS_GENHOMEDIRCON + bool + prompt "genhomedircon" + +config POLICYCOREUTILS_LOAD_POLICY + bool + prompt "load_policy" + +config POLICYCOREUTILS_NEWROLE + bool + prompt "newrole" + +config POLICYCOREUTILS_RESTORECOND + bool + prompt "restorecond" + +config POLICYCOREUTILS_RUN_INIT + bool + prompt "run_init" + +config POLICYCOREUTILS_SANDBOX + bool + depends on PYTHON + prompt "sandbox" + +config POLICYCOREUTILS_SECON + bool + prompt "secon" + +config POLICYCOREUTILS_SEMANAGE + bool + depends on PYTHON + prompt "semanage" + +config POLICYCOREUTILS_SEMODULE + bool + prompt "semodule" + +config POLICYCOREUTILS_SEMODULE_DEPS + bool + prompt "semodule_deps" + +config POLICYCOREUTILS_SEMODULE_EXPAND + bool + prompt "semodule_expand" + +config POLICYCOREUTILS_SEMODULE_LINK + bool + prompt "semodule_link" + +config POLICYCOREUTILS_SEMODULE_PACKAGE + bool + prompt "semodule_package" + +config POLICYCOREUTILS_SEPOLGEN_IFGEN + bool + prompt "sepolgen-ifgen" + +config POLICYCOREUTILS_SESTATUS + bool + prompt "sestatus" + +config POLICYCOREUTILS_SETFILES + bool + prompt "setfiles" + +config POLICYCOREUTILS_SETSEBOOL + bool + prompt "setsebool" + +endif diff --git a/rules/policycoreutils.make b/rules/policycoreutils.make new file mode 100644 index 000000000..0709f3911 --- /dev/null +++ b/rules/policycoreutils.make @@ -0,0 +1,161 @@ +# -*-makefile-*- +# +# Copyright (C) 2012 by Wolfram Sang +# +# See CREDITS for details about who has contributed to this project. +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +PACKAGES-$(PTXCONF_POLICYCOREUTILS) += policycoreutils + +# +# Paths and names +# +POLICYCOREUTILS_VERSION := 2.1.13 +POLICYCOREUTILS_MD5 := 97c0b828599fe608f37894989820d71d +POLICYCOREUTILS := policycoreutils-$(POLICYCOREUTILS_VERSION) +POLICYCOREUTILS_SUFFIX := tar.gz +POLICYCOREUTILS_URL := http://userspace.selinuxproject.org/releases/20120924/$(POLICYCOREUTILS).$(POLICYCOREUTILS_SUFFIX) +POLICYCOREUTILS_SOURCE := $(SRCDIR)/$(POLICYCOREUTILS).$(POLICYCOREUTILS_SUFFIX) +POLICYCOREUTILS_DIR := $(BUILDDIR)/$(POLICYCOREUTILS) +POLICYCOREUTILS_LICENSE := GPLv2+ + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +POLICYCOREUTILS_CONF_TOOL := NO +POLICYCOREUTILS_MAKE_ENV := \ + $(CROSS_ENV) \ + CFLAGS="-O2 -Wall" \ + INOTIFYH="/usr/include/sys/inotify.h" \ + PAMH="" \ + AUDITH="" +POLICYCOREUTILS_MAKE_OPT := LIBDIR=$(PTXDIST_SYSROOT_TARGET)/usr/lib + +# +# We don't have PAM or AUDIT, so turn off. +# +# Use the following to turn on: +# (Use these paths, as of version 2.1.13) +# +# PAMH=/usr/include/security/pam_appl.h +# AUDITH=/usr/include/libaudit.h +# + +# ---------------------------------------------------------------------------- +# Target-Install +# ---------------------------------------------------------------------------- + +$(STATEDIR)/policycoreutils.targetinstall: + @$(call targetinfo) + + @$(call install_init, policycoreutils) + @$(call install_fixup, policycoreutils,PRIORITY,optional) + @$(call install_fixup, policycoreutils,SECTION,base) + @$(call install_fixup, policycoreutils,AUTHOR,"Wolfram Sang ") + @$(call install_fixup, policycoreutils,DESCRIPTION,missing) + +ifdef PTXCONF_POLICYCOREUTILS_AUDIT2ALLOW + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/audit2allow) + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/sepolgen-ifgen) +endif + +ifdef PTXCONF_POLICYCOREUTILS_AUDIT2WHY + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/audit2why) +endif + +ifdef PTXCONF_POLICYCOREUTILS_CHCAT + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/chcat) +endif + +ifdef PTXCONF_POLICYCOREUTILS_FIXFILES + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /sbin/fixfiles) +endif + +ifdef PTXCONF_POLICYCOREUTILS_GENHOMEDIRCON + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/genhomedircon) +endif + +ifdef PTXCONF_POLICYCOREUTILS_LOAD_POLICY + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /sbin/load_policy) + @$(call install_link, policycoreutils, /sbin/load_policy, /usr/sbin/load_policy) +endif + +ifdef PTXCONF_POLICYCOREUTILS_NEWROLE + @$(call install_copy, policycoreutils, 0, 0, 0555, -, /usr/bin/newrole) +endif + +ifdef PTXCONF_POLICYCOREUTILS_RESTORECOND + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/restorecond) +endif + +ifdef PTXCONF_POLICYCOREUTILS_RUN_INIT + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/run_init) + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/open_init_pty) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SANDBOX + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/sandbox) + @$(call install_copy, policycoreutils, 0, 0, 4555, -, /usr/sbin/seunshare) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SECON + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/secon) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SEMANAGE + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/semanage) + @$(call install_copy, policycoreutils, 0, 0, 0644, -, $(PYTHON_SITEPACKAGES)/seobject.py) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SEMODULE + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/semodule) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SEMODULE_DEPS + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/semodule_deps) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SEMODULE_EXPAND + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/semodule_expand) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SEMODULE_LINK + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/semodule_link) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SEMODULE_PACKAGE + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/semodule_package) + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/semodule_unpackage) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SEPOLGEN_IFGEN + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/bin/sepolgen-ifgen-attr-helper) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SESTATUS + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/sestatus) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SETFILES + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /sbin/setfiles) + @$(call install_link, policycoreutils, setfiles, /sbin/restorecon) +endif + +ifdef PTXCONF_POLICYCOREUTILS_SETSEBOOL + @$(call install_copy, policycoreutils, 0, 0, 0755, -, /usr/sbin/setsebool) +endif + + @$(call install_alternative, policycoreutils, 0, 0, 0644, /etc/sestatus.conf) + + @$(call install_finish, policycoreutils) + + @$(call touch) + +# vim: syntax=make -- cgit v1.2.3