[gentoo-commits] proj/hardened-refpolicy:next commit in: support/, /

[gentoo-commits] proj/hardened-refpolicy:next commit in: support/, /

[Jason Zaman]

commit:     267fec5485ba817987ca1e420f1093071c66e6dc
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Oct 20 19:01:23 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 03:34:52 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=267fec54

Add systemd build option.

 Makefile               | 5 +++++
 build.conf             | 4 ++++
 support/Makefile.devel | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/Makefile b/Makefile
index 09fae9d..1bc69a1 100644
--- a/Makefile
+++ b/Makefile
@@ -192,6 +192,10 @@ ifeq "$(DISTRO)" "ubuntu"
 	M4PARAM += -D distro_debian
 endif
 
+ifeq "$(SYSTEMD)" "y"
+	M4PARAM += -D init_systemd
+endif
+
 ifneq ($(OUTPUT_POLICY),)
 	CHECKPOLICY += -c $(OUTPUT_POLICY)
 endif
@@ -524,6 +528,7 @@ ifneq "$(DISTRO)" ""
 endif
 	$(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
 	$(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
+	$(verbose) echo "SYSTEMD ?= $(SYSTEMD)" >> $(headerdir)/build.conf
 	$(verbose) echo "override UBAC := $(UBAC)" >> $(headerdir)/build.conf
 	$(verbose) echo "override MLS_SENS := $(MLS_SENS)" >> $(headerdir)/build.conf
 	$(verbose) echo "override MLS_CATS := $(MLS_CATS)" >> $(headerdir)/build.conf

diff --git a/build.conf b/build.conf
index 0fffc2a..087d952 100644
--- a/build.conf
+++ b/build.conf
@@ -44,6 +44,10 @@ UNK_PERMS = deny
 # not work in conditional policy.
 DIRECT_INITRC = n
 
+# Systemd
+# Setting this will configure systemd as the init system.
+SYSTEMD = n
+
 # Build monolithic policy.  Putting y here
 # will build a monolithic policy.
 MONOLITHIC = n

diff --git a/support/Makefile.devel b/support/Makefile.devel
index ae52932..d1cbef9 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -58,6 +58,10 @@ ifneq ($(DISTRO),)
 	M4PARAM += -D distro_$(DISTRO)
 endif
 
+ifeq "$(SYSTEMD)" "y"
+	M4PARAM += -D init_systemd
+endif
+
 ifeq ($(DIRECT_INITRC),y)
 	M4PARAM += -D direct_sysadm_daemon
 endif

[gentoo-commits] proj/hardened-refpolicy:master commit in: /, support/

[Jason Zaman]

commit:     267fec5485ba817987ca1e420f1093071c66e6dc
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Oct 20 19:01:23 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 03:34:52 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=267fec54

Add systemd build option.

 Makefile               | 5 +++++
 build.conf             | 4 ++++
 support/Makefile.devel | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/Makefile b/Makefile
index 09fae9d..1bc69a1 100644
--- a/Makefile
+++ b/Makefile
@@ -192,6 +192,10 @@ ifeq "$(DISTRO)" "ubuntu"
 	M4PARAM += -D distro_debian
 endif
 
+ifeq "$(SYSTEMD)" "y"
+	M4PARAM += -D init_systemd
+endif
+
 ifneq ($(OUTPUT_POLICY),)
 	CHECKPOLICY += -c $(OUTPUT_POLICY)
 endif
@@ -524,6 +528,7 @@ ifneq "$(DISTRO)" ""
 endif
 	$(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
 	$(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
+	$(verbose) echo "SYSTEMD ?= $(SYSTEMD)" >> $(headerdir)/build.conf
 	$(verbose) echo "override UBAC := $(UBAC)" >> $(headerdir)/build.conf
 	$(verbose) echo "override MLS_SENS := $(MLS_SENS)" >> $(headerdir)/build.conf
 	$(verbose) echo "override MLS_CATS := $(MLS_CATS)" >> $(headerdir)/build.conf

diff --git a/build.conf b/build.conf
index 0fffc2a..087d952 100644
--- a/build.conf
+++ b/build.conf
@@ -44,6 +44,10 @@ UNK_PERMS = deny
 # not work in conditional policy.
 DIRECT_INITRC = n
 
+# Systemd
+# Setting this will configure systemd as the init system.
+SYSTEMD = n
+
 # Build monolithic policy.  Putting y here
 # will build a monolithic policy.
 MONOLITHIC = n

diff --git a/support/Makefile.devel b/support/Makefile.devel
index ae52932..d1cbef9 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -58,6 +58,10 @@ ifneq ($(DISTRO),)
 	M4PARAM += -D distro_$(DISTRO)
 endif
 
+ifeq "$(SYSTEMD)" "y"
+	M4PARAM += -D init_systemd
+endif
+
 ifeq ($(DIRECT_INITRC),y)
 	M4PARAM += -D direct_sysadm_daemon
 endif

[gentoo-commits] proj/hardened-refpolicy:master commit in: /, support/

[Jason Zaman]

commit:     b05fd6b11dc292faad625280ff1af3099346295c
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu May 31 21:41:59 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Jun  8 09:21:01 2018 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b05fd6b1

Switch all remaining Python references to the Python 3 interpreter.

 INSTALL                                     | 2 +-
 Makefile                                    | 2 +-
 Vagrantfile                                 | 1 -
 support/Makefile.devel                      | 2 +-
 support/selinux-policy-refpolicy.spec       | 2 +-
 support/selinux-refpolicy-sources.spec.skel | 6 ++++--
 6 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/INSTALL b/INSTALL
index c56ae479..013bc23f 100644
--- a/INSTALL
+++ b/INSTALL
@@ -3,7 +3,7 @@ Reference Policy has the following build requirements:
 	* libsemanage 2.6
 	* checkpolicy 2.6
 	* policycoreutils 2.6
-	* Python >= 2.6
+	* Python >= 3.4
 	* GCC
 
 To install Reference Policy sources into /etc/selinux/refpolicy/src/policy:

diff --git a/Makefile b/Makefile
index 89387367..1447f5b1 100644
--- a/Makefile
+++ b/Makefile
@@ -71,7 +71,7 @@ AWK ?= gawk
 GREP ?= egrep
 INSTALL ?= install
 M4 ?= m4 -E -E
-PYTHON ?= python -t -t -E -W error
+PYTHON ?= python3 -t -t -E -W error
 SED ?= sed
 SORT ?= LC_ALL=C sort
 UMASK ?= umask

diff --git a/Vagrantfile b/Vagrantfile
index 129de68a..b01db622 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -36,7 +36,6 @@ Vagrant.configure("2") do |config|
       make \
       kernel-devel \
       selinux-policy-devel \
-      libselinux-python \
       libselinux-python3 \
       >/dev/null
 

diff --git a/support/Makefile.devel b/support/Makefile.devel
index d531dd88..bcca2d98 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -5,7 +5,7 @@ INSTALL ?= install
 M4 ?= m4
 SED ?= sed
 EINFO ?= echo
-PYTHON ?= python
+PYTHON ?= python3
 CUT ?= cut
 
 NAME ?= $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config))

diff --git a/support/selinux-policy-refpolicy.spec b/support/selinux-policy-refpolicy.spec
index f06d2e79..83f3a800 100644
--- a/support/selinux-policy-refpolicy.spec
+++ b/support/selinux-policy-refpolicy.spec
@@ -18,7 +18,7 @@ BuildArch: noarch
 # FIXME Need to ensure these have correct versions
 BuildRequires: checkpolicy >= 2.1.8
 BuildRequires: policycoreutils >= 2.1.10
-BuildRequires: python >= 2.6
+BuildRequires: python >= 3.4
 BuildRequires: libsepol >= 2.1.4
 BuildRequires: libsemanage >= 2.0.29
 BuildRequires: m4 make gcc

diff --git a/support/selinux-refpolicy-sources.spec.skel b/support/selinux-refpolicy-sources.spec.skel
index 8a6dbe2e..ee7cbd1e 100644
--- a/support/selinux-refpolicy-sources.spec.skel
+++ b/support/selinux-refpolicy-sources.spec.skel
@@ -11,8 +11,10 @@ License: GPL
 Group: System Environment/Base
 PreReq: m4 make policycoreutils kernel gcc
 Requires: checkpolicy >= 1.33.1
-Requires: python make m4
-BuildRequires: make m4 python
+Requires: python >= 3.4
+Requires: make m4
+BuildRequires: make m4
+BuildRequires: python >= 3.4
 Obsoletes: policy-sources
 Source: refpolicy-%{version}.tar.bz2
 Url: http://oss.tresys.com/projects/refpolicy

[gentoo-commits] proj/hardened-refpolicy:master commit in: /, support/

[Jason Zaman]

commit:     38107cc3d4864c0436c40e44016b66533fcde6ed
Author:     Ondrej Mosnacek <omosnace <AT> redhat <DOT> com>
AuthorDate: Wed May 22 07:00:23 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jul 13 06:43:14 2019 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=38107cc3

Fix find commands in Makefiles

Without this fix, building a custom module in a directory that contains
a file with special characters in its name (e.g. '(') triggers a syntax
error:

$ cat >foo.te <<EOF
module foo 1.0;
require {
	class file entrypoint;
	type shell_exec_t;
	type vmtools_unconfined_t;
}
allow vmtools_unconfined_t shell_exec_t : file entrypoint;
EOF
$ touch "my broken (file)"
$ make -f /usr/share/selinux/devel/Makefile foo.pp
/bin/sh: -c: line 0: syntax error near unexpected token `('
/bin/sh: -c: line 0: `find anaconda-ks.cfg my broken (file) vncserver.strace systemd.strace rhel-server-7.6-x86_64-boot.iso rt_minimal.c vnc.cil foo.te rsyslog tmp virt-install.log evil_banner.sh livemedia.log program.log foo.if rhel7-minimal.ks TestZip.java TestZip.class foo.fc sudoloop foo.pp strace.log -maxdepth 0 -type d'

Link: https://bugzilla.redhat.com/show_bug.cgi?id=1692676
Reported-by: Renaud Métrich <rmetrich <AT> redhat.com>
Suggested-by: Petr Lautrbach <plautrba <AT> redhat.com>
Signed-off-by: Ondrej Mosnacek <omosnace <AT> redhat.com>
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

 Makefile               | 4 ++--
 support/Makefile.devel | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index dba38fc4..28bc1a52 100644
--- a/Makefile
+++ b/Makefile
@@ -261,9 +261,9 @@ user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _defaul
 appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types lxc_contexts openrc_contexts virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names)
 net_contexts := $(builddir)net_contexts
 
-all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
+all_layers := $(shell find $(moddir)/* -maxdepth 0 -type d)
 ifdef LOCAL_ROOT
-all_layers += $(shell find $(wildcard $(local_moddir)/*) -maxdepth 0 -type d)
+all_layers += $(shell find $(local_moddir)/* -maxdepth 0 -type d)
 endif
 
 generated_te := $(basename $(foreach dir,$(all_layers),$(wildcard $(dir)/*.te.in)))

diff --git a/support/Makefile.devel b/support/Makefile.devel
index f3daca11..afb8e48a 100644
--- a/support/Makefile.devel
+++ b/support/Makefile.devel
@@ -88,11 +88,11 @@ M4PARAM += -D hide_broken_symptoms -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$
 # policy headers
 m4support = $(wildcard $(HEADERDIR)/support/*.spt)
 
-header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
+header_layers := $(filter-out $(HEADERDIR)/support,$(shell find $(HEADERDIR)/* -maxdepth 0 -type d))
 header_xml := $(addsuffix .xml,$(header_layers))
 header_interfaces := $(foreach layer,$(header_layers),$(wildcard $(layer)/*.if))
 
-local_layers := $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
+local_layers := $(filter-out CVS tmp $(docs),$(shell find * -maxdepth 0 -type d))
 local_xml := $(addprefix tmp/, $(addsuffix .xml,$(local_layers)))
 
 all_layer_names := $(sort $(notdir $(header_layers) $(local_layers)))