1 |
commit: f920d4616e262d68762efb6f842afed0448beda0 |
2 |
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> |
3 |
AuthorDate: Tue Mar 22 17:21:23 2022 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 31 02:40:53 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f920d461 |
7 |
|
8 |
Rules.modular: add pure-load target |
9 |
|
10 |
Add a target for modular polices to load all built modules while |
11 |
simultaneously removing all non Reference Policy ones. This will remove |
12 |
dropped Reference Policy modules and user installed ones. |
13 |
|
14 |
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> |
15 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
16 |
|
17 |
Rules.modular | 13 ++++++++++++- |
18 |
1 file changed, 12 insertions(+), 1 deletion(-) |
19 |
|
20 |
diff --git a/Rules.modular b/Rules.modular |
21 |
index 63a10e7f..f7ee2c11 100644 |
22 |
--- a/Rules.modular |
23 |
+++ b/Rules.modular |
24 |
@@ -58,6 +58,17 @@ load: $(instpkg) $(appfiles) |
25 |
@$(INSTALL) -d -m 0755 $(policypath) $(dir $(fcpath)) |
26 |
$(verbose) $(SEMODULE) -s $(NAME) -i $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod)) |
27 |
|
28 |
+######################################## |
29 |
+# |
30 |
+# Load all configured modules and remove foreign ones |
31 |
+# |
32 |
+pure-load: $(instpkg) $(appfiles) |
33 |
+# make sure two directories exist since they are not |
34 |
+# created by semanage |
35 |
+ @echo "Loading configured modules." |
36 |
+ @$(INSTALL) -d -m 0755 $(policypath) $(dir $(fcpath)) |
37 |
+ $(verbose) $(SEMODULE) -s $(NAME) -i $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod)) $(foreach omod,$(filter-out base $(notdir $(mod_mods:.te=)),$(shell $(SEMODULE) -l)),-r $(omod)) |
38 |
+ |
39 |
######################################## |
40 |
# |
41 |
# Install policy packages |
42 |
@@ -226,4 +237,4 @@ clean: |
43 |
$(verbose) rm -f $(net_contexts) $(net_contexts_nft) |
44 |
$(verbose) rm -fR $(tmpdir) |
45 |
|
46 |
-.PHONY: default all policy base modules install load clean validate |
47 |
+.PHONY: default all policy base modules install load pure-load clean validate |