On Sep 13, 2006, at 3:19 PM, Stephen Smalley wrote:
As a side bar, it looks like there is an error in the build of the -
mls
policy that is leaving the usual polyinstantiation-related rules
disabled (controlled by the POLY= build option).
I think this spec file change will fix the error
--- selinux-policy.spec.orig 2006-09-14 08:46:07.000000000 -0500
+++ selinux-policy.spec 2006-09-14 08:46:59.000000000 -0500
@@ -73,8 +73,8 @@ SELinux Policy development package
%dir %{_usr}/share/selinux/mls
%define setupCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%3 bare \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%3 conf \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%4 bare \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%4 conf \
cp -f ${RPM_SOURCE_DIR}/modules-%1.conf ./policy/modules.conf \
cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf ./policy/booleans.conf \
@@ -82,18 +82,18 @@ cp -f ${RPM_SOURCE_DIR}/booleans-%1.conf
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp
", $1 }' %{_sourcedir}/modules-%{1}.conf )
%define installCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%3 base.pp \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%3 modules \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} DESTDIR=%{buildroot} POLY=%3 install \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} DESTDIR=%{buildroot} POLY=%3 install-appconfig \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%4 base.pp \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%4 modules \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} DESTDIR=%{buildroot} POLY=%4 install \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} DESTDIR=%{buildroot} POLY=%4 install-appconfig \
#%{__cp} *.pp %{buildroot}/%{_usr}/share/selinux/%1/ \
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/policy \
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active \
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/contexts/files \
touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/
semanage.read.LOCK \
touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/
semanage.trans.LOCK \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%3 enableaudit \
-make -W base.conf NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3
MONOLITHIC=%{monolithic} POLY=%3 base.pp \
+make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
{monolithic} POLY=%4 enableaudit \
+make -W base.conf NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3
MONOLITHIC=%{monolithic} POLY=%4 base.pp \
install -m0644 base.pp %{buildroot}%{_usr}/share/selinux/%1/
enableaudit.pp \
rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/booleans \
touch %{buildroot}%{_sysconfdir}/selinux/%1/seusers \
@@ -179,7 +179,7 @@ mkdir -p %{buildroot}%{_usr}/share/selin
# Install devel
make clean
-make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro}
DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=
%{name}-%{version} POLY=%3 install-headers install-docs
+make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro}
DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=
%{name}-%{version} POLY=n install-headers install-docs
mkdir %{buildroot}%{_usr}/share/selinux/devel/
mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%
{_usr}/share/selinux/devel/include
install -m 755 ${RPM_SOURCE_DIR}/policygentool %{buildroot}%{_usr}/
share/selinux/devel/
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
