commit: 70c06276d352e4513bd68ca085b07e5e2d8e6205
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Feb 22 16:32:50 2024 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 1 17:05:38 2024 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=70c06276
Rules.monolithic: pre-compile fcontexts on install
On install pre-compile the file contexts.
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
Makefile | 1 +
Rules.monolithic | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/Makefile b/Makefile
index b93e133be..3f1d30605 100644
--- a/Makefile
+++ b/Makefile
@@ -64,6 +64,7 @@ SEMOD_EXP ?= $(tc_usrbindir)/semodule_expand
LOADPOLICY ?= $(tc_usrsbindir)/load_policy
SEPOLGEN_IFGEN ?= $(tc_usrbindir)/sepolgen-ifgen
SETFILES ?= $(tc_sbindir)/setfiles
+SEFCONTEXT_COMPILE ?= $(tc_usrsbindir)/sefcontext_compile
XMLLINT ?= $(BINDIR)/xmllint
SECHECK ?= $(BINDIR)/sechecker
diff --git a/Rules.monolithic b/Rules.monolithic
index d6d0e6f28..d6e20a371 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -232,6 +232,12 @@ $(fcpath): $(fc) $(loadpath) $(userpath)/system.users
$(verbose) $(INSTALL) -m 0644 $(fc) $(fcpath)
$(verbose) $(INSTALL) -m 0644 $(homedir_template) $(homedirpath)
$(verbose) $(UMASK) 022 ; $(genhomedircon) -d $(topdir) -t $(NAME)
+ $(verbose) if $(SEFCONTEXT_COMPILE) -i > /dev/null 2>&1 ; then \
+ $(SEFCONTEXT_COMPILE) $(fcpath) ;\
+ $(SEFCONTEXT_COMPILE) $(fcpath).homedirs ;\
+ else \
+ echo "$@ Pre-compiled file context not generated! Please
install the sefcontext_compile tool (commonly part of libselinux-utils)." ;\
+ fi
########################################
#
