policycoreutils has a pretty peculiar interpretation of DESTDIR and
PREFIX. PREFIX is not consistently used: some installation paths and
include paths are forced to $(DESTDIR)/usr/... . In other cases,
PREFIX is indeed used. PREFIX defaults to $(DESTDIR)/usr
Try to be a little bit more correct by passing both DESTDIR and PREFIX,
both set to $(HOST_DIR). This is not a complete fix: some things are
still installed in $(HOST_DIR)/usr - but nothing we care about (just
manpages, systemd services, ...). More importantly, however, it still
looks for e.g. D-Bus in $(DESTDIR)/usr/include/dbus-1.0.
Still, it's better than nothing.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.
This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This python utility scans the logs for messages logged when the system
denied permission for operations, and generates a snippet of policy
rules which, if loaded into policy, might have allowed those operations
to succeed. However, this utility only generates Type Enforcement (TE)
allow rules.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: adjust Config.in to propagate the dependencies of sepolgen,
checkpolicy and python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Updated to match Config.in select of libglib2
package as dependency if restorecon is enabled.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package contains the core policy utilities that are required
for basic operation of an SELinux system.
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
[Thomas:
- Move the Config.in comment at the top of the Config.in file rather
than between the main option and its sub-options, as this breaks
menuconfig indentation.
- Fix the propagation of the libsemanage dependencies. libsemanage
depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS and
BR2_TOOLCHAIN_USES_GLIBC which were not accounted for. Since it
depends on BR2_TOOLCHAIN_USES_GLIBC, then all the gettext related
handling becomes useless and has been removed.
- Rename the prompt of the restorecond sub-option to just
"restorecond".
- Use TARGET_CONFIGURE_OPTS and HOST_CONFIGURE_OPTS instead of
passing LDFLAGS, CC, etc. manually.
- Use make "foreach" function for loops instead of shell "for" loops.
- Rework the explanation of why we're passing DESTDIR at build time.
- Minor formatting tweaks here and there.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
