diff options
| author |   Topi Miettinen <toiwoton@gmail.com> | 2020-04-22 19:13:02 +0300 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2020-08-09 19:58:44 -0700 |
| commit | 7e72cf779053324c466d557178726b106809e157 (patch) | |
| tree | 8d4c0c63c68b7cf2f19e16da5f91086dae0241ad /Makefile | |
| parent | ssh: fix for debian wrapper script (diff) | |
| download | hardened-refpolicy-7e72cf779053324c466d557178726b106809e157.tar.gz hardened-refpolicy-7e72cf779053324c466d557178726b106809e157.tar.bz2 hardened-refpolicy-7e72cf779053324c466d557178726b106809e157.zip | |
Build and install Netfilter rules
Build SECMARK rules for iptables and NFT, install them as
/usr/share/doc/$PKGNAME/netfilter_contexts{,.nft}.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -163,7 +163,6 @@ contextpath := $(installdir)/contexts homedirpath := $(contextpath)/files/homedir_template fcpath := $(contextpath)/files/file_contexts fcsubspath := $(contextpath)/files/file_contexts.subs_dist -ncpath := $(contextpath)/netfilter_contexts sharedir := $(prefix)/share/selinux modpkgdir := $(sharedir)/$(strip $(NAME)) headerdir := $(modpkgdir)/include @@ -260,6 +259,8 @@ user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types lxc_contexts openrc_contexts virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) net_contexts := $(builddir)net_contexts +net_contexts_nft := $(builddir)net_contexts.nft +docfiles += $(net_contexts) $(net_contexts_nft) all_layers := $(shell find $(moddir)/* -maxdepth 0 -type d) ifdef LOCAL_ROOT @@ -393,6 +394,10 @@ $(net_contexts): $(moddir)/kernel/corenetwork.te.in @echo "Creating netfilter network labeling rules" $(verbose) $(gennetfilter) $^ > $@ +$(net_contexts_nft): $(moddir)/kernel/corenetwork.te.in + @echo "Creating netfilter NFT network labeling rules" + $(verbose) $(gennetfilter) --nft $^ > $@ + ######################################## # # Create config files @@ -555,7 +560,7 @@ endif # # Install policy documentation # -install-docs: $(tmpdir)/html +install-docs: $(tmpdir)/html $(docfiles) @mkdir -p $(docsdir)/html @echo "Installing policy documentation" $(verbose) $(INSTALL) -m 644 $(docfiles) $(docsdir) |