policycoreutils: new package

This package contains the core policy utilities that are required for basic operation of an SELinux system. Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com> Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com> Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com> [Thomas: - Move the Config.in comment at the top of the Config.in file rather than between the main option and its sub-options, as this breaks menuconfig indentation. - Fix the propagation of the libsemanage dependencies. libsemanage depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS and BR2_TOOLCHAIN_USES_GLIBC which were not accounted for. Since it depends on BR2_TOOLCHAIN_USES_GLIBC, then all the gettext related handling becomes useless and has been removed. - Rename the prompt of the restorecond sub-option to just "restorecond". - Use TARGET_CONFIGURE_OPTS and HOST_CONFIGURE_OPTS instead of passing LDFLAGS, CC, etc. manually. - Use make "foreach" function for loops instead of shell "for" loops. - Rework the explanation of why we're passing DESTDIR at build time. - Minor formatting tweaks here and there.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-25 14:26:03 -05:00 · 2016-10-25 14:26:03 -05:00 · cb328f77f8
commit cb328f77f8
parent 8879424b49
9 changed files with 666 additions and 0 deletions
--- a/package/Config.in
+++ b/package/Config.in
@ -1667,6 +1667,7 @@ menu "Real-Time"
 endmenu
 menu "Security"
 	source "package/policycoreutils/Config.in"
 	source "package/setools/Config.in"
 endmenu
--- a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
+++ b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
@ -0,0 +1,131 @@
 The addition of this patch makes the use of DESTDIR
 mandatory as there are conditional checks which would fail if it's not
 defined.
 This patch was updated from the patch provided by Niranjan Reddy to
 accomodate version 2.5
 Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
 Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
 Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
 Signed-off-by: Adam Duskett <Aduskett@gmail.com>
 ---
 policycoreutils/Makefile             | 2 +-
 policycoreutils/newrole/Makefile     | 4 ++--
 policycoreutils/restorecond/Makefile | 5 +++--
 policycoreutils/run_init/Makefile    | 4 ++--
 policycoreutils/sepolicy/Makefile    | 2 +-
 policycoreutils/sestatus/Makefile    | 2 +-
 policycoreutils/setfiles/Makefile    | 4 ++--
 7 files changed, 12 insertions(+), 11 deletions(-)
 diff --git a/Makefile b/Makefile
 index 962ac12..0634a2a 100644
 --- a/Makefile
 +++ b/Makefile
@@ -1,6 +1,6 @@
 SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
 -INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
 +INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
 ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
 	SUBDIRS += restorecond
 diff --git a/newrole/Makefile b/newrole/Makefile
 index 646cd4d..f124a6a 100644
 --- a/newrole/Makefile
 +++ b/newrole/Makefile
@@ -4,8 +4,8 @@ BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
 LOCALEDIR = /usr/share/locale
 -PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 -AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 +PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
 +AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
 # This will make newrole a setuid root program.
 # The capabilities used are: CAP_AUDIT_WRITE.
 diff --git a/restorecond/Makefile b/restorecond/Makefile
 index f99e1e7..92a4a4d 100644
 --- a/restorecond/Makefile
 +++ b/restorecond/Makefile
@@ -11,11 +11,12 @@ autostart_DATA = sealertauto.desktop
 INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
 SELINUXDIR = $(DESTDIR)/etc/selinux
 -DBUSFLAGS = -DHAVE_DBUS -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include
 +DBUSFLAGS = -DHAVE_DBUS -I$(DESTDIR)/usr/include/dbus-1.0 -I$(DESTDIR)/usr/lib64/dbus-1.0/include -I$(DESTDIR)/usr/lib/dbus-1.0/include
 DBUSLIB = -ldbus-glib-1 -ldbus-1
 CFLAGS ?= -g -Werror -Wall -W
 -override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include
 +override CFLAGS += -I$(DESTDIR)/usr/include $(DBUSFLAGS) -I$(DESTDIR)/usr/include/glib-2.0 \
 +-I$(DESTDIR)/usr/lib64/glib-2.0/include -I$(DESTDIR)/usr/lib/glib-2.0/include
 LDLIBS += -lselinux $(DBUSLIB) -lglib-2.0 -L$(LIBDIR)
 diff --git a/run_init/Makefile b/run_init/Makefile
 index 5815a08..c81179b 100644
 --- a/run_init/Makefile
 +++ b/run_init/Makefile
@@ -5,8 +5,8 @@ SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
 LOCALEDIR ?= /usr/share/locale
 -PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
 -AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 +PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
 +AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 diff --git a/sepolicy/Makefile b/sepolicy/Makefile
 index 39d46e8..6624373 100644
 --- a/sepolicy/Makefile
 +++ b/sepolicy/Makefile
@@ -12,7 +12,7 @@ LOCALEDIR ?= /usr/share/locale
 BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
 SHAREDIR ?= $(PREFIX)/share/sandbox
 CFLAGS ?= -Wall -Werror -Wextra -W
 -override CFLAGS += -I$(PREFIX)/include -DPACKAGE="policycoreutils" -DSHARED -shared
 +override CFLAGS = $(LDFLAGS) -I$(DESTDIR)/usr/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
 BASHCOMPLETIONS=sepolicy-bash-completion.sh
 diff --git a/sestatus/Makefile b/sestatus/Makefile
 index c04ff00..e10c32c 100644
 --- a/sestatus/Makefile
 +++ b/sestatus/Makefile
@@ -6,7 +6,7 @@ ETCDIR ?= $(DESTDIR)/etc
 LIBDIR ?= $(PREFIX)/lib
 CFLAGS ?= -Werror -Wall -W
 -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
 +override CFLAGS += -I$(DESTDIR)/usr/include -D_FILE_OFFSET_BITS=64
 LDLIBS = -lselinux -L$(LIBDIR)
 all: sestatus
 diff --git a/setfiles/Makefile b/setfiles/Makefile
 index 98f4f7d..eb26ed0 100644
 --- a/setfiles/Makefile
 +++ b/setfiles/Makefile
@@ -3,13 +3,13 @@ PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 MANDIR = $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 -AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
 +AUDITH = $(shell ls  $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
 PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
 ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
 CFLAGS ?= -g -Werror -Wall -W
 -override CFLAGS += -I$(PREFIX)/include
 +override CFLAGS += -I$(DESTDIR)/usr/include
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 ifeq ($(AUDITH), /usr/include/libaudit.h)
 -- 
 2.7.4
--- a/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
+++ b/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
@ -0,0 +1,211 @@
 From 7f99a727cdb8160d49bb0d0554fc88787980c971 Mon Sep 17 00:00:00 2001
 From: Adam Duskett <Aduskett@gmail.com>
 Date: Thu, 14 Jul 2016 13:16:03 -0400
 Subject: [PATCH] Add PREFIX to host paths
 Updates the remaining hardcoded host paths used in the build to be
 prefixed with a PREFIX path to allow cross compilation.
 Updated to work with version 2.5
 Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
 Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
 Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
 Signed-off-by: Adam Duskett <Aduskett@gmail.com>
 ---
 policycoreutils/Makefile              |  4 +++-
 policycoreutils/audit2allow/Makefile  |  2 +-
 policycoreutils/load_policy/Makefile  |  2 +-
 policycoreutils/mcstrans/src/Makefile | 17 +++++++++--------
 policycoreutils/newrole/Makefile      |  8 ++++----
 policycoreutils/run_init/Makefile     |  8 ++++----
 policycoreutils/sepolicy/Makefile     |  2 +-
 policycoreutils/setfiles/Makefile     |  4 ++--
 8 files changed, 25 insertions(+), 22 deletions(-)
 diff --git a/Makefile b/Makefile
 index 0634a2a..bd99b1c 100644
 --- a/Makefile
 +++ b/Makefile
@@ -1,8 +1,10 @@
 +PREFIX  ?= $(DESTDIR)/usr
 +
 SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
 INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
 -ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
 +ifeq (${INOTIFYH}, $(PREFIX)/include/sys/inotify.h)
 	SUBDIRS += restorecond
 endif
 diff --git a/audit2allow/Makefile b/audit2allow/Makefile
 index 87d2502..d4108fe 100644
 --- a/audit2allow/Makefile
 +++ b/audit2allow/Makefile
@@ -5,7 +5,7 @@ PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
 -LOCALEDIR ?= /usr/share/locale
 +LOCALEDIR ?= $(PREFIX)/share/locale
 all: audit2why
 diff --git a/load_policy/Makefile b/load_policy/Makefile
 index 7c5bab0..5cd0bbb 100644
 --- a/load_policy/Makefile
 +++ b/load_policy/Makefile
@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 USRSBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
 -LOCALEDIR ?= /usr/share/locale
 +LOCALEDIR ?= $(PREFIX)/share/locale
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
 index 907a1f1..6fda57e 100644
 --- a/mcstrans/src/Makefile
 +++ b/mcstrans/src/Makefile
@@ -1,23 +1,24 @@
 ARCH = $(shell uname -i)
 +# Installation directories.
 +PREFIX  ?= $(DESTDIR)/usr
 +SBINDIR ?= $(DESTDIR)/sbin
 +INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
 +SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
 +
 ifeq "$(ARCH)" "x86_64"
 	# In case of 64 bit system, use these lines
 -	LIBDIR=/usr/lib64
 +	LIBDIR=$(PREFIX)/lib64
 else 
 ifeq "$(ARCH)" "i686"
 	# In case of 32 bit system, use these lines
 -	LIBDIR=/usr/lib
 +	LIBDIR=$(PREFIX)/lib
 else
 ifeq "$(ARCH)" "i386"
 	# In case of 32 bit system, use these lines
 -	LIBDIR=/usr/lib
 +	LIBDIR=$(PREFIX)/lib
 endif
 endif
 endif
 -# Installation directories.
 -PREFIX  ?= $(DESTDIR)/usr
 -SBINDIR ?= $(DESTDIR)/sbin
 -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
 -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
 PROG_SRC=mcstrans.c  mcscolor.c  mcstransd.c  mls_level.c
 PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
 diff --git a/newrole/Makefile b/newrole/Makefile
 index f124a6a..b687a09 100644
 --- a/newrole/Makefile
 +++ b/newrole/Makefile
@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
 -LOCALEDIR = /usr/share/locale
 +LOCALEDIR =  $(PREFIX)/share/locale
 PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
 # Enable capabilities to permit newrole to generate audit records.
@@ -24,7 +24,7 @@ CFLAGS ?= -Werror -Wall -W
 EXTRA_OBJS =
 override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -L$(PREFIX)/lib
 -ifeq ($(PAMH), /usr/include/security/pam_appl.h)
 +ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	EXTRA_OBJS += hashtab.o
 	LDLIBS += -lpam -lpam_misc
@@ -32,7 +32,7 @@ else
 	override CFLAGS += -D_XOPEN_SOURCE=500
 	LDLIBS += -lcrypt
 endif
 -ifeq ($(AUDITH), /usr/include/libaudit.h)
 +ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
 	override CFLAGS += -DUSE_AUDIT
 	LDLIBS += -laudit
 endif
@@ -66,7 +66,7 @@ install: all
 	test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
 	install -m $(MODE) newrole $(BINDIR)
 	install -m 644 newrole.1 $(MANDIR)/man1/
 -ifeq ($(PAMH), /usr/include/security/pam_appl.h)
 +ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
 	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
 ifeq ($(LSPP_PRIV),y)
 	install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
 diff --git a/run_init/Makefile b/run_init/Makefile
 index c81179b..ce0df9f 100644
 --- a/run_init/Makefile
 +++ b/run_init/Makefile
@@ -4,21 +4,21 @@ PREFIX ?= $(DESTDIR)/usr
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
 ETCDIR ?= $(DESTDIR)/etc
 -LOCALEDIR ?= /usr/share/locale
 +LOCALEDIR ?= $(PREFIX)/share/locale
 PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
 AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
 CFLAGS ?= -Werror -Wall -W
 override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
 LDLIBS += -lselinux -L$(PREFIX)/lib
 -ifeq ($(PAMH), /usr/include/security/pam_appl.h)
 +ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
 	override CFLAGS += -DUSE_PAM
 	LDLIBS += -lpam -lpam_misc
 else
 	override CFLAGS += -D_XOPEN_SOURCE=500
 	LDLIBS += -lcrypt
 endif
 -ifeq ($(AUDITH), /usr/include/libaudit.h)
 +ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
 	override CFLAGS += -DUSE_AUDIT
 	LDLIBS += -laudit
 endif
@@ -38,7 +38,7 @@ install: all
 	install -m 755 open_init_pty $(SBINDIR)
 	install -m 644 run_init.8 $(MANDIR)/man8/
 	install -m 644 open_init_pty.8 $(MANDIR)/man8/
 -ifeq ($(PAMH), /usr/include/security/pam_appl.h)
 +ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
 	install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
 endif
 diff --git a/sepolicy/Makefile b/sepolicy/Makefile
 index 6624373..a16f8de 100644
 --- a/sepolicy/Makefile
 +++ b/sepolicy/Makefile
@@ -8,7 +8,7 @@ BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
 DATADIR ?= $(PREFIX)/share
 MANDIR ?= $(PREFIX)/share/man
 -LOCALEDIR ?= /usr/share/locale
 +LOCALEDIR ?= $(PREFIX)/share/locale
 BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
 SHAREDIR ?= $(PREFIX)/share/sandbox
 CFLAGS ?= -Wall -Werror -Wextra -W
 diff --git a/setfiles/Makefile b/setfiles/Makefile
 index eb26ed0..3c6b80d 100644
 --- a/setfiles/Makefile
 +++ b/setfiles/Makefile
@@ -12,7 +12,7 @@ CFLAGS ?= -g -Werror -Wall -W
 override CFLAGS += -I$(DESTDIR)/usr/include
 LDLIBS = -lselinux -lsepol -L$(LIBDIR)
 -ifeq ($(AUDITH), /usr/include/libaudit.h)
 +ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
 	override CFLAGS += -DUSE_AUDIT
 	LDLIBS += -laudit
 endif
 -- 
 2.7.4
--- a/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
+++ b/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
@ -0,0 +1,43 @@
 From 7424f2bea0cb412e96202f596ad8077131589f40 Mon Sep 17 00:00:00 2001
 From: Adam Duskett <Aduskett@gmail.com>
 Date: Thu, 14 Jul 2016 13:18:24 -0400
 Subject: [PATCH] Remove hardcoded arch variable.
 Allow the ARCH value to be passed in as original configuration was
 solely based on host architecture.
 This patch was updated to work with version 2.5
 Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
 Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
 Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
 Signed-off-by: Adam Duskett <Aduskett@gmail.com>
 ---
 policycoreutils/mcstrans/src/Makefile   | 1 -
 policycoreutils/mcstrans/utils/Makefile | 1 -
 2 files changed, 2 deletions(-)
 diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
 index 6fda57e..7b4489f 100644
 --- a/mcstrans/src/Makefile
 +++ b/mcstrans/src/Makefile
@@ -1,4 +1,3 @@
 -ARCH = $(shell uname -i)
 # Installation directories.
 PREFIX  ?= $(DESTDIR)/usr
 SBINDIR ?= $(DESTDIR)/sbin
 diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
 index 1ffb027..912fe12 100644
 --- a/mcstrans/utils/Makefile
 +++ b/mcstrans/utils/Makefile
@@ -2,7 +2,6 @@
 PREFIX ?= $(DESTDIR)/usr
 BINDIR ?= $(PREFIX)/sbin
 -ARCH = $(shell uname -i)
 ifeq "$(ARCH)" "x86_64"
         # In case of 64 bit system, use these lines
         LIBDIR=/usr/lib64
 -- 
 2.7.4
--- a/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
+++ b/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
@ -0,0 +1,42 @@
 From 27fd1c85ca95b5d66ab0241a08242a75b60b375c Mon Sep 17 00:00:00 2001
 From: Adam Duskett <Aduskett@gmail.com>
 Date: Thu, 14 Jul 2016 13:22:57 -0400
 Subject: [PATCH] Change sepolicy python install arguments to be a variable
 To allow the python install arguments to be overwritten, change the
 arguments to be a variable. This also cleans up the DESTDIR detection a
 little bit.
 Updated to work with version 2.5
 Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
 Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
 Signed-off-by: Adam Duskett <Aduskett@gmail.com>
 ---
 policycoreutils/sepolicy/Makefile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/sepolicy/Makefile b/sepolicy/Makefile
 index a16f8de..2013301 100644
 --- a/sepolicy/Makefile
 +++ b/sepolicy/Makefile
@@ -1,4 +1,7 @@
 PYTHON ?= python
 +ifneq ($(DESTDIR),)
 +PYTHON_INSTALL_ARGS ?= --root $(DESTDIR)
 +endif
 # Installation directories.
 PREFIX ?= $(DESTDIR)/usr
@@ -32,7 +35,7 @@ test:
 	@$(PYTHON) test_sepolicy.py -v
 install:
 -	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
 +	$(PYTHON) setup.py install $(PYTHON_INSTALL_ARGS)
 	[ -d $(BINDIR) ] || mkdir -p $(BINDIR)
 	install -m 755 sepolicy.py $(BINDIR)/sepolicy
 	(cd $(BINDIR); ln -sf sepolicy sepolgen)
 -- 
 2.7.4
--- a/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
+++ b/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
@ -0,0 +1,56 @@
 From d1bc28c5b2efe60a0ee04d9c171928d0f3475654 Mon Sep 17 00:00:00 2001
 From: Adam Duskett <Aduskett@gmail.com>
 Date: Thu, 14 Jul 2016 13:26:23 -0400
 Subject: [PATCH] Check to see if DBUS is enabled.
 Adds a condition to prevent linking against dbus when at build time
 dbus has not been enabled.
 Updated for 2.5.
 Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
 Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
 Signed-off-by: Adam Duskett <Aduskett@gmail.com>
 ---
 policycoreutils/restorecond/Makefile | 2 ++
 policycoreutils/restorecond/user.c   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 diff --git a/restorecond/Makefile b/restorecond/Makefile
 index 92a4a4d..95f38a6 100644
 --- a/restorecond/Makefile
 +++ b/restorecond/Makefile
@@ -11,8 +11,10 @@ autostart_DATA = sealertauto.desktop
 INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
 SELINUXDIR = $(DESTDIR)/etc/selinux
 +ifdef ENABLE_DBUS
 DBUSFLAGS = -DHAVE_DBUS -I$(DESTDIR)/usr/include/dbus-1.0 -I$(DESTDIR)/usr/lib64/dbus-1.0/include -I$(DESTDIR)/usr/lib/dbus-1.0/include
 DBUSLIB = -ldbus-glib-1 -ldbus-1
 +endif
 CFLAGS ?= -g -Werror -Wall -W
 override CFLAGS += -I$(DESTDIR)/usr/include $(DBUSFLAGS) -I$(DESTDIR)/usr/include/glib-2.0 \
 diff --git a/restorecond/user.c b/restorecond/user.c
 index 714aae7..a04cddb 100644
 --- a/restorecond/user.c
 +++ b/restorecond/user.c
@@ -54,7 +54,6 @@ static const char *PATH="/org/selinux/Restorecond";
 static const char *INTERFACE="org.selinux.RestorecondIface";
 static const char *RULE="type='signal',interface='org.selinux.RestorecondIface'";
 -static int local_lock_fd = -1;
 static DBusHandlerResult
 signal_filter (DBusConnection *connection  __attribute__ ((__unused__)), DBusMessage *message, void *user_data)
@@ -101,6 +100,7 @@ static int dbus_server(GMainLoop *loop) {
 #include <selinux/selinux.h>
 #include <sys/file.h>
 +static int local_lock_fd = -1;
 /* size of the event structure, not counting name */
 #define EVENT_SIZE  (sizeof (struct inotify_event))
 /* reasonable guess as to size of 1024 events */
 -- 
 2.7.4
--- a/package/policycoreutils/Config.in
+++ b/package/policycoreutils/Config.in
@ -0,0 +1,61 @@
 comment "policycoreutils needs a glibc toolchain w/ threads, dynamic library"
 	depends on !BR2_arc
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on !BR2_TOOLCHAIN_USES_GLIBC || \
 		!BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
 config BR2_PACKAGE_POLICYCOREUTILS
 	bool "policycoreutils"
 	select BR2_PACKAGE_LIBSEMANAGE
 	select BR2_PACKAGE_LIBCAP_NG
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # libsemanage
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
 	depends on !BR2_STATIC_LIBS #libsemanage
 	depends on !BR2_arc # libsemanage
 	depends on BR2_TOOLCHAIN_USES_GLIBC # libsemanage
 	help
 	  Policycoreutils is a collection of policy utilities (originally
 	  the "core" set of utilities needed to use SELinux, although it
 	  has grown a bit over time), which have different dependencies.
 	  sestatus, secon, run_init, and newrole only use libselinux.
 	  load_policy and setfiles only use libselinux and libsepol.
 	  semodule and semanage use libsemanage (and thus bring in
 	  dependencies on libsepol and libselinux as well). setsebool
 	  uses libselinux to make non-persistent boolean changes (via
 	  the kernel interface) and uses libsemanage to make persistent
 	  boolean changes.
 	  The base package will install the following utilities:
 	      load_policy
 	      newrole
 	      restorecond
 	      run_init
 	      secon
 	      semodule
 	      semodule_deps
 	      semodule_expand
 	      semodule_link
 	      semodule_package
 	      sepolgen-ifgen
 	      sestatus
 	      setfiles
 	      setsebool
 	  http://selinuxproject.org/page/Main_Page
 if BR2_PACKAGE_POLICYCOREUTILS
 config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
 	bool "restorecond"
 	select BR2_PACKAGE_LIBGLIB2
 	depends on BR2_USE_WCHAR # glib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
 	depends on BR2_USE_MMU # glib2
 	help
 	  Enable restorecond to be built
 comment "restorecond needs a toolchain w/ wchar, threads"
 	depends on BR2_USE_MMU
 	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
 endif
--- a/package/policycoreutils/policycoreutils.hash
+++ b/package/policycoreutils/policycoreutils.hash
@ -0,0 +1,2 @@
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 sha256 329382cfe9fa977678abf541dcd8fe3847cf0c83b24654c8f7322343907078a1 policycoreutils-2.5.tar.gz
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@ -0,0 +1,119 @@
 ################################################################################
 #
 # policycoreutils
 #
 ################################################################################
 POLICYCOREUTILS_VERSION = 2.5
 POLICYCOREUTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
 POLICYCOREUTILS_LICENSE = GPLv2
 POLICYCOREUTILS_LICENSE_FILES = COPYING
 POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng
 ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
 POLICYCOREUTILS_DEPENDENCIES += linux-pam
 POLICYCOREUTILS_MAKE_OPTS += NAMESPACE_PRIV=y
 define POLICYCOREUTILS_INSTALL_TARGET_LINUX_PAM_CONFS
 	$(INSTALL) -D -m 0644 $(@D)/newrole/newrole-lspp.pamd $(TARGET_DIR)/etc/pam.d/newrole
 	$(INSTALL) -D -m 0644 $(@D)/run_init/run_init.pamd $(TARGET_DIR)/etc/pam.d/run_init
 endef
 endif
 ifeq ($(BR2_PACKAGE_AUDIT),y)
 POLICYCOREUTILS_DEPENDENCIES += audit
 POLICYCOREUTILS_MAKE_OPTS += AUDIT_LOG_PRIV=y
 endif
 # Enable LSPP_PRIV if both audit and linux pam are enabled
 ifeq ($(BR2_PACKAGE_LINUX_PAM)$(BR2_PACKAGE_AUDIT),yy)
 POLICYCOREUTILS_MAKE_OPTS += LSPP_PRIV=y
 endif
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support.
 # See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
 POLICYCOREUTILS_MAKE_OPTS += \
 	$(TARGET_CONFIGURE_OPTS) \
 	CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS" \
 	ARCH="$(BR2_ARCH)"
 POLICYCOREUTILS_MAKE_DIRS = \
 	load_policy newrole run_init \
 	secon semodule semodule_deps \
 	semodule_expand semodule_link \
 	semodule_package sepolgen-ifgen \
 	sestatus setfiles setsebool
 ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
 POLICYCOREUTILS_MAKE_DIRS += restorecond
 endif
 # We need to pass DESTDIR at build time because it's used by
 # policycoreutils build system to find headers and libraries.
 define POLICYCOREUTILS_BUILD_CMDS
 	$(foreach d,$(POLICYCOREUTILS_MAKE_DIRS),
 		$(MAKE) -C $(@D)/$(d) $(POLICYCOREUTILS_MAKE_OPTS) \
 			DESTDIR=$(STAGING_DIR) all
 	)
 endef
 define POLICYCOREUTILS_INSTALL_TARGET_CMDS
 	$(foreach d,$(POLICYCOREUTILS_MAKE_DIRS),
 		$(MAKE) -C $(@D)/$(d) $(POLICYCOREUTILS_MAKE_OPTS) \
 			DESTDIR=$(TARGET_DIR) install
 	)
 endef
 HOST_POLICYCOREUTILS_DEPENDENCIES = \
 	host-libsemanage host-dbus-glib \
 	host-sepolgen host-setools
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support.
 # See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
 HOST_POLICYCOREUTILS_MAKE_OPTS = \
 	$(HOST_CONFIGURE_OPTS) \
 	CFLAGS="$(HOST_CFLAGS) -U_FILE_OFFSET_BITS" \
 	PYTHON="$(HOST_DIR)/usr/bin/python" \
 	PYTHON_INSTALL_ARGS="$(HOST_PKG_PYTHON_DISTUTILS_INSTALL_OPTS)" \
 	ARCH="$(HOSTARCH)"
 ifeq ($(BR2_PACKAGE_PYTHON3),y)
 HOST_POLICYCOREUTILS_DEPENDENCIES += host-python3
 HOST_POLICYCOREUTILS_MAKE_OPTS += \
 	PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
 else
 HOST_POLICYCOREUTILS_DEPENDENCIES += host-python
 HOST_POLICYCOREUTILS_MAKE_OPTS += \
 	PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
 endif
 # Note: We are only building the programs required by the refpolicy build
 HOST_POLICYCOREUTILS_MAKE_DIRS = \
 	load_policy semodule semodule_deps \
 	semodule_expand semodule_link \
 	semodule_package setfiles restorecond \
 	audit2allow scripts semanage sepolicy
 # We need to pass DESTDIR at build time because it's used by
 # policycoreutils build system to find headers and libraries.
 define HOST_POLICYCOREUTILS_BUILD_CMDS
 	$(foreach d,$(HOST_POLICYCOREUTILS_MAKE_DIRS),
 		$(MAKE) -C $(@D)/$(d) $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
 			DESTDIR=$(HOST_DIR) all
 	)
 endef
 define HOST_POLICYCOREUTILS_INSTALL_CMDS
 	$(foreach d,$(HOST_POLICYCOREUTILS_MAKE_DIRS),
 		$(MAKE) -C $(@D)/$(d) $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
 			DESTDIR=$(HOST_DIR) install
 	)
 	# Fix python paths
 	$(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/audit2allow
 	$(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/sepolgen-ifgen
 	$(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/sepolicy
 endef
 $(eval $(generic-package))
 $(eval $(host-generic-package))
		`@ -0,0 +1,2 @@`
							`# https://github.com/SELinuxProject/selinux/wiki/Releases`
							`sha256 329382cfe9fa977678abf541dcd8fe3847cf0c83b24654c8f7322343907078a1 policycoreutils-2.5.tar.gz`