* [Buildroot] [PATCH 01/17] libsepol: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-05 7:44 ` Thomas Petazzoni
2013-09-04 23:09 ` [Buildroot] [PATCH 02/17] libselinux: " Clayton Shotwell
` (16 subsequent siblings)
17 siblings, 1 reply; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 4 ++
package/libsepol/Config.in | 7 ++++
package/libsepol/libsepol.mk | 69 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 80 insertions(+), 0 deletions(-)
create mode 100644 package/libsepol/Config.in
create mode 100644 package/libsepol/libsepol.mk
diff --git a/package/Config.in b/package/Config.in
index a94cb62..21f7271 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -896,6 +896,10 @@ endif
source "package/xmlstarlet/Config.in"
endmenu
+menu "Security"
+source "package/libsepol/Config.in"
+endmenu
+
menu "System tools"
source "package/acl/Config.in"
source "package/attr/Config.in"
diff --git a/package/libsepol/Config.in b/package/libsepol/Config.in
new file mode 100644
index 0000000..feb7f39
--- /dev/null
+++ b/package/libsepol/Config.in
@@ -0,0 +1,7 @@
+config BR2_PACKAGE_LIBSEPOL
+ bool "libsepol"
+ help
+ Libsepol is the binary policy manipulation library. It doesn't
+ depend upon or use any of the other SELinux components.
+
+ http://selinuxproject.org/page/Main_Page
diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
new file mode 100644
index 0000000..59ca4bb
--- /dev/null
+++ b/package/libsepol/libsepol.mk
@@ -0,0 +1,69 @@
+#############################################################
+#
+# libsepol
+#
+#############################################################
+LIBSEPOL_VERSION = 2.1.9
+LIBSEPOL_SOURCE = libsepol-$(LIBSEPOL_VERSION).tar.gz
+LIBSEPOL_SITE = http://userspace.selinuxproject.org/releases/20130423/
+LIBSEPOL_LICENSE = LGPLv2.1
+LIBSEPOL_LICENSE_FILES = COPYING
+
+##############################
+# Target Section
+##############################
+LIBSEPOL_INSTALL_STAGING = YES
+LIBSEPOL_INSTALL_TARGET = YES
+
+LIBSEPOL_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
+
+define LIBSEPOL_BUILD_CMDS
+ $(MAKE) -C $(@D) $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define LIBSEPOL_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define LIBSEPOL_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+endef
+
+define LIBSEPOL_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+define LIBSEPOL_UNINSTALL_STAGING_CMDS
+ rm -rf $(addprefix $(STAGING_DIR),/usr/include/sepol /usr/bin/chkcon \
+ /usr/lib/pkgconfig/libsepol* /lib/libsepol* /usr/lib/libsepol*)
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man3/*.3)))
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man8/*.8)))
+endef
+
+define LIBSEPOL_UNINSTALL_TARGET_CMDS
+ rm -rf $(addprefix $(TARGET_DIR),/usr/bin/chkcon /usr/lib/pkgconfig/libsepol* \
+ /lib/libsepol* /usr/lib/libsepol*)
+endef
+
+##############################
+# Host Section
+##############################
+HOST_LIBSEPOL_MAKE_CMDS = $(HOST_CONFIGURE_OPTS)
+
+define HOST_LIBSEPOL_BUILD_CMDS
+ $(MAKE) -C $(@D) $(HOST_LIBSEPOL_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_LIBSEPOL_INSTALL_CMDS
+ $(MAKE) -C $(@D) install $(HOST_LIBSEPOL_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ mv $(HOST_DIR)/lib/libsepol.so.1 $(HOST_DIR)/usr/lib
+ (cd $(HOST_DIR)/usr/lib; rm -f libsepol.so; ln -s libsepol.so.1 libsepol.so)
+ -rmdir $(HOST_DIR)/lib
+endef
+
+define HOST_LIBSEPOL_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 01/17] libsepol: new package
2013-09-04 23:09 ` [Buildroot] [PATCH 01/17] libsepol: new package Clayton Shotwell
@ 2013-09-05 7:44 ` Thomas Petazzoni
2013-09-05 12:58 ` clshotwe at rockwellcollins.com
0 siblings, 1 reply; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-05 7:44 UTC (permalink / raw)
To: buildroot
Dear Clayton Shotwell,
On Wed, 4 Sep 2013 18:09:40 -0500, Clayton Shotwell wrote:
> +menu "Security"
> +source "package/libsepol/Config.in"
> +endmenu
You're introducing this new menu directly under "Target packages",
while this package (and a few of the others you're adding) are
libraries, so they should be under "Target packages -> Libraries".
I have nothing against adding both "Target packages -> Security" and
"Target packages -> Libraries -> Security", but that would require a
quick look at the existing packages that would also fit in those new
categories.
> menu "System tools"
> source "package/acl/Config.in"
> source "package/attr/Config.in"
> diff --git a/package/libsepol/Config.in b/package/libsepol/Config.in
> new file mode 100644
> index 0000000..feb7f39
> --- /dev/null
> +++ b/package/libsepol/Config.in
> @@ -0,0 +1,7 @@
> +config BR2_PACKAGE_LIBSEPOL
> + bool "libsepol"
> + help
> + Libsepol is the binary policy manipulation library. It doesn't
> + depend upon or use any of the other SELinux components.
> +
> + http://selinuxproject.org/page/Main_Page
> diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
> new file mode 100644
> index 0000000..59ca4bb
> --- /dev/null
> +++ b/package/libsepol/libsepol.mk
> @@ -0,0 +1,69 @@
> +#############################################################
> +#
> +# libsepol
> +#
> +#############################################################
Nitpick: those ### lines should have 80 dashes, and there should be one
empty line between this header and the first variables.
> +LIBSEPOL_VERSION = 2.1.9
> +LIBSEPOL_SOURCE = libsepol-$(LIBSEPOL_VERSION).tar.gz
This last line is not needed, since it's the default.
> +LIBSEPOL_SITE = http://userspace.selinuxproject.org/releases/20130423/
> +LIBSEPOL_LICENSE = LGPLv2.1
Is it really LGPLv2.1 or LGPLv2.1+ ? It's never said in the COPYING
file, you'd have to look at the copyright headers without the source
code.
> +LIBSEPOL_LICENSE_FILES = COPYING
> +
> +##############################
> +# Target Section
> +##############################
We generally don't put such delimiters.
> +LIBSEPOL_INSTALL_STAGING = YES
> +LIBSEPOL_INSTALL_TARGET = YES
This last line is not needed since it's the default.
> +LIBSEPOL_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
I believe this definition is useless, just use directly
$(TARGET_CONFIGURE_OPTS) where appropriate.
> +
> +define LIBSEPOL_BUILD_CMDS
> + $(MAKE) -C $(@D) $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
DESTDIR is most likely not needed in the build step.
> +endef
> +
> +define LIBSEPOL_INSTALL_STAGING_CMDS
> + $(MAKE) -C $(@D) install $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define LIBSEPOL_INSTALL_TARGET_CMDS
> + $(MAKE) -C $(@D) install $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
> +endef
> +
> +define LIBSEPOL_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +define LIBSEPOL_UNINSTALL_STAGING_CMDS
> + rm -rf $(addprefix $(STAGING_DIR),/usr/include/sepol /usr/bin/chkcon \
> + /usr/lib/pkgconfig/libsepol* /lib/libsepol* /usr/lib/libsepol*)
> + rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man3/*.3)))
> + rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man8/*.8)))
> +endef
> +
> +define LIBSEPOL_UNINSTALL_TARGET_CMDS
> + rm -rf $(addprefix $(TARGET_DIR),/usr/bin/chkcon /usr/lib/pkgconfig/libsepol* \
> + /lib/libsepol* /usr/lib/libsepol*)
> +endef
Don't bother implementing the uninstall commands, we are phasing them
out.
> +
> +##############################
> +# Host Section
> +##############################
Header unneeded.
> +HOST_LIBSEPOL_MAKE_CMDS = $(HOST_CONFIGURE_OPTS)
Just use $(HOST_CONFIGURE_OPTS) where needed.
> +
> +define HOST_LIBSEPOL_BUILD_CMDS
> + $(MAKE) -C $(@D) $(HOST_LIBSEPOL_MAKE_CMDS) DESTDIR=$(HOST_DIR)
DESTDIR generally not needed in the build step.
> +endef
> +
> +define HOST_LIBSEPOL_INSTALL_CMDS
> + $(MAKE) -C $(@D) install $(HOST_LIBSEPOL_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> + mv $(HOST_DIR)/lib/libsepol.so.1 $(HOST_DIR)/usr/lib
> + (cd $(HOST_DIR)/usr/lib; rm -f libsepol.so; ln -s libsepol.so.1 libsepol.so)
> + -rmdir $(HOST_DIR)/lib
So I guess the problem here is that the library gets installed in /lib
while you wanted it in /usr/lib. It's not very pretty but maybe you can
cheat by passing DESTDIR=$(HOST_DIR)/usr.
> +endef
> +
> +define HOST_LIBSEPOL_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +$(eval $(generic-package))
> +$(eval $(host-generic-package))
Thanks!
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 01/17] libsepol: new package
2013-09-05 7:44 ` Thomas Petazzoni
@ 2013-09-05 12:58 ` clshotwe at rockwellcollins.com
2013-09-05 13:19 ` Thomas Petazzoni
2013-09-05 16:46 ` Arnout Vandecappelle
0 siblings, 2 replies; 34+ messages in thread
From: clshotwe at rockwellcollins.com @ 2013-09-05 12:58 UTC (permalink / raw)
To: buildroot
Thomas,
Thanks for the quick review. I have a few questions before I submit a new
version of
the patch.
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on 09/05/2013
02:44:46 AM:
> From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> You're introducing this new menu directly under "Target packages",
> while this package (and a few of the others you're adding) are
> libraries, so they should be under "Target packages -> Libraries".
>
> I have nothing against adding both "Target packages -> Security" and
> "Target packages -> Libraries -> Security", but that would require a
> quick look at the existing packages that would also fit in those new
> categories.
I was hoping to keep all of the SELinux packages in one place to make it
easier
to enable everything but I can move the libraries into a
"Target packages -> Libraries -> Security" instead.
> > +LIBSEPOL_SITE =
http://userspace.selinuxproject.org/releases/20130423/
> > +LIBSEPOL_LICENSE = LGPLv2.1
>
> Is it really LGPLv2.1 or LGPLv2.1+ ? It's never said in the COPYING
> file, you'd have to look at the copyright headers without the source
> code.
I checked the source files and it is definitely LGPLv2.1+. I'll make that
change.
> > +define LIBSEPOL_BUILD_CMDS
> > + $(MAKE) -C $(@D) $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
>
> DESTDIR is most likely not needed in the build step.
Unfortunately, the Makefiles in the SELinux packages require DESTDIR to be
specified
to determine setup include and library paths. I thought it would be
easier
to just work with the existing Makefiles rather than to rewrite them.
> > +define HOST_LIBSEPOL_INSTALL_CMDS
> > + $(MAKE) -C $(@D) install $(HOST_LIBSEPOL_MAKE_CMDS)
DESTDIR=$(HOST_DIR)
> > + mv $(HOST_DIR)/lib/libsepol.so.1 $(HOST_DIR)/usr/lib
> > + (cd $(HOST_DIR)/usr/lib; rm -f libsepol.so; ln -s libsepol.so.
> 1 libsepol.so)
> > + -rmdir $(HOST_DIR)/lib
>
> So I guess the problem here is that the library gets installed in /lib
> while you wanted it in /usr/lib. It's not very pretty but maybe you can
> cheat by passing DESTDIR=$(HOST_DIR)/usr.
Oh I wish these packages followed standard conventions. They are
purposefully
installing the library in /lib and symlinking to it from /usr/lib. This
little
hack was created to correct this to match what most other packages do.
If it is alright, I will just leave it like that and not worry about it
(i.e. have the library install to /lib), otherwise I can patch the
makefile
to make it a little cleaner.
Thanks,
Clayton
Clayton Shotwell
Software Engineer
clshotwe at rockwellcollins.com
www.rockwellcollins.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130905/13b73bbf/attachment.html>
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 01/17] libsepol: new package
2013-09-05 12:58 ` clshotwe at rockwellcollins.com
@ 2013-09-05 13:19 ` Thomas Petazzoni
2013-09-05 16:46 ` Arnout Vandecappelle
1 sibling, 0 replies; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-05 13:19 UTC (permalink / raw)
To: buildroot
Clayton,
On Thu, 5 Sep 2013 07:58:28 -0500, clshotwe at rockwellcollins.com wrote:
> Thanks for the quick review. I have a few questions before I submit a new
> version of the patch.
Sure. Note that many of the comments I did on the first three patches
were identical, and apply to other patches in the series. If you could
rework the other patches according to those general comments, it would
be great (even though there will probably be other details to sort out
than those general comments).
> > I have nothing against adding both "Target packages -> Security" and
> > "Target packages -> Libraries -> Security", but that would require a
> > quick look at the existing packages that would also fit in those new
> > categories.
>
> I was hoping to keep all of the SELinux packages in one place to make it
> easier
> to enable everything but I can move the libraries into a
> "Target packages -> Libraries -> Security" instead.
Well, libraries are normally 'selected' by the applications needing
them. So having the libraries separated from the programs is usually
not a big problem for the user, since library dependencies are
automatically pulled in when programs are enabled.
Moreover, we might end up later with a global knob 'I want SELinux' on
my system (depending on how the SELinux integration will look like),
and we can make that enable all the relevant packages automatically.
> > Is it really LGPLv2.1 or LGPLv2.1+ ? It's never said in the COPYING
> > file, you'd have to look at the copyright headers without the source
> > code.
>
> I checked the source files and it is definitely LGPLv2.1+. I'll make that
> change.
Ok.
>
> > > +define LIBSEPOL_BUILD_CMDS
> > > + $(MAKE) -C $(@D) $(LIBSEPOL_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> >
> > DESTDIR is most likely not needed in the build step.
>
> Unfortunately, the Makefiles in the SELinux packages require DESTDIR to be
> specified
> to determine setup include and library paths. I thought it would be
> easier
> to just work with the existing Makefiles rather than to rewrite them.
Ah, right. libsepol isn't really concerned by this since it doesn't
have any dependency, but libselinux is indeed using DESTDIR at build
time to pass some include or library paths. It's a mistake of the build
system to think that the paths where things are at build time will be
the same as the one where things will be at run time, but anyway, in
this case it doesn't to cause any problem.
So, fine for passing DESTDIR= at build time, but since it's unusual,
maybe a comment above the BUILD_CMDS would be nice, like:
# DESTDIR= is needed at build time, as it's used by the Makefile to
# compute some library and header paths
(don't hesitate to fix my broken English as needed).
> > > +define HOST_LIBSEPOL_INSTALL_CMDS
> > > + $(MAKE) -C $(@D) install $(HOST_LIBSEPOL_MAKE_CMDS)
> DESTDIR=$(HOST_DIR)
> > > + mv $(HOST_DIR)/lib/libsepol.so.1 $(HOST_DIR)/usr/lib
> > > + (cd $(HOST_DIR)/usr/lib; rm -f libsepol.so; ln -s libsepol.so.
> > 1 libsepol.so)
> > > + -rmdir $(HOST_DIR)/lib
> >
> > So I guess the problem here is that the library gets installed in /lib
> > while you wanted it in /usr/lib. It's not very pretty but maybe you can
> > cheat by passing DESTDIR=$(HOST_DIR)/usr.
>
> Oh I wish these packages followed standard conventions. They are
> purposefully
> installing the library in /lib and symlinking to it from /usr/lib. This
> little
> hack was created to correct this to match what most other packages do.
> If it is alright, I will just leave it like that and not worry about it
> (i.e. have the library install to /lib), otherwise I can patch the
> makefile to make it a little cleaner.
Ok, then probably what you did looks like the best compromise. Maybe a
little comment above that explains what you're doing this would be
good. Generally speaking, whenever something 'unusual' is done, it's
good to add a comment, which will help both at review time, but also at
maintenance time.
Best regards,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 01/17] libsepol: new package
2013-09-05 12:58 ` clshotwe at rockwellcollins.com
2013-09-05 13:19 ` Thomas Petazzoni
@ 2013-09-05 16:46 ` Arnout Vandecappelle
2013-09-06 6:28 ` Thomas Petazzoni
1 sibling, 1 reply; 34+ messages in thread
From: Arnout Vandecappelle @ 2013-09-05 16:46 UTC (permalink / raw)
To: buildroot
On 09/05/13 14:58, clshotwe at rockwellcollins.com wrote:
> > > +define HOST_LIBSEPOL_INSTALL_CMDS
> > > + $(MAKE) -C $(@D) install $(HOST_LIBSEPOL_MAKE_CMDS)
> DESTDIR=$(HOST_DIR)
> > > + mv $(HOST_DIR)/lib/libsepol.so.1 $(HOST_DIR)/usr/lib
> > > + (cd $(HOST_DIR)/usr/lib; rm -f libsepol.so; ln -s libsepol.so.
> > 1 libsepol.so)
> > > + -rmdir $(HOST_DIR)/lib
> >
> > So I guess the problem here is that the library gets installed in /lib
> > while you wanted it in /usr/lib. It's not very pretty but maybe you can
> > cheat by passing DESTDIR=$(HOST_DIR)/usr.
>
> Oh I wish these packages followed standard conventions. They are
> purposefully
> installing the library in /lib and symlinking to it from /usr/lib. This
> little
> hack was created to correct this to match what most other packages do.
I don't think it's really necessary to do this move just because it
looks nicer. I think it's better to stay with upstream. Although this
would be the first package to install anything in $(HOST_DIR)/lib, we
anyway already have
HOST_LDFLAGS += -L$(HOST_DIR)/lib ...
We don't have an rpath for it, though, so maybe that should be added.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 01/17] libsepol: new package
2013-09-05 16:46 ` Arnout Vandecappelle
@ 2013-09-06 6:28 ` Thomas Petazzoni
2013-09-09 17:36 ` Clayton Shotwell
0 siblings, 1 reply; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-06 6:28 UTC (permalink / raw)
To: buildroot
Dear Arnout Vandecappelle,
On Thu, 05 Sep 2013 18:46:22 +0200, Arnout Vandecappelle wrote:
> I don't think it's really necessary to do this move just because it
> looks nicer. I think it's better to stay with upstream. Although this
> would be the first package to install anything in $(HOST_DIR)/lib, we
> anyway already have
>
> HOST_LDFLAGS += -L$(HOST_DIR)/lib ...
>
> We don't have an rpath for it, though, so maybe that should be added.
Yes, that's the other option. I don't have a strong feeling about this.
At some point, I was thinking of proposing to remove $(HOST_DIR)/usr
and have everything under $(HOST_DIR)/ directly. The advantage is that
the binaries of the toolchain would be directly under $(HOST_DIR)/bin,
which would mean creating a tarball of $(HOST_DIR) would create a
toolchain that is more similar to other cross-compilation toolchains
you can find around (Linaro, CodeSourcery, etc.).
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 01/17] libsepol: new package
2013-09-06 6:28 ` Thomas Petazzoni
@ 2013-09-09 17:36 ` Clayton Shotwell
0 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-09 17:36 UTC (permalink / raw)
To: buildroot
Thomas,
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on 09/06/2013
01:28:27 AM:
> On Thu, 05 Sep 2013 18:46:22 +0200, Arnout Vandecappelle wrote:
>
> > I don't think it's really necessary to do this move
> just because it
> > looks nicer. I think it's better to stay with upstream.
> Although this
> > would be the first package to install anything in $
> (HOST_DIR)/lib, we
> > anyway already have
> >
> > HOST_LDFLAGS += -L$(HOST_DIR)/lib ...
> >
> > We don't have an rpath for it, though, so maybe that
> should be added.
>
> Yes, that's the other option. I don't have a strong
> feeling about this.
>
> At some point, I was thinking of proposing to remove $(HOST_DIR)/usr
> and have everything under $(HOST_DIR)/ directly. The
> advantage is that
> the binaries of the toolchain would be directly under $
> (HOST_DIR)/bin,
> which would mean creating a tarball of $(HOST_DIR) would create a
> toolchain that is more similar to other cross-compilation toolchains
> you can find around (Linaro, CodeSourcery, etc.).
I will go ahead and keep the move in there the way it currently is. If
the $(HOST_DIR)/usr folder is removed, there will have to be more cleanup
to this package to have it not install into the $(HOST_DIR)/usr folder
anyway. All-in-all, this package does not follow standard install
practices.
Thanks,
Clayton
Clayton Shotwell
Software Engineer
clshotwe at rockwellcollins.com
www.rockwellcollins.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130909/68b775e0/attachment.html>
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 02/17] libselinux: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 01/17] libsepol: new package Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-05 7:51 ` Thomas Petazzoni
2013-09-04 23:09 ` [Buildroot] [PATCH 03/17] ustr: " Clayton Shotwell
` (15 subsequent siblings)
17 siblings, 1 reply; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/libselinux/Config.in | 22 +++++++
package/libselinux/libselinux.mk | 128 ++++++++++++++++++++++++++++++++++++++
3 files changed, 151 insertions(+), 0 deletions(-)
create mode 100644 package/libselinux/Config.in
create mode 100644 package/libselinux/libselinux.mk
diff --git a/package/Config.in b/package/Config.in
index 21f7271..bf68827 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -898,6 +898,7 @@ endmenu
menu "Security"
source "package/libsepol/Config.in"
+source "package/libselinux/Config.in"
endmenu
menu "System tools"
diff --git a/package/libselinux/Config.in b/package/libselinux/Config.in
new file mode 100644
index 0000000..4f3be64
--- /dev/null
+++ b/package/libselinux/Config.in
@@ -0,0 +1,22 @@
+config BR2_PACKAGE_LIBSELINUX
+ bool "libselinux"
+ depends on BR2_LINUX_KERNEL
+ help
+ libselinux is the runtime SELinux library that provides interfaces
+ (e.g. library functions for the SELinux kernel APIs like getcon(),
+ other support functions like getseuserbyname()) to SELinux-aware
+ applications. libselinux may use the shared libsepol to manipulate
+ the binary policy if necessary (e.g. to downgrade the policy format
+ to an older version supported by the kernel) when loading policy.
+
+ http://selinuxproject.org/page/Main_Page
+
+if BR2_PACKAGE_LIBSELINUX
+
+config BR2_PACKAGE_LIBSELINUX_PYTHON_BINDINGS
+ select BR2_PACKAGE_PYTHON
+ bool "python bindings"
+ help
+ enable building python bindings
+
+endif
diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
new file mode 100644
index 0000000..ed90186
--- /dev/null
+++ b/package/libselinux/libselinux.mk
@@ -0,0 +1,128 @@
+################################################################################
+#
+# libselinux
+#
+################################################################################
+LIBSELINUX_VERSION = 2.1.13
+LIBSELINUX_SOURCE = libselinux-$(LIBSELINUX_VERSION).tar.gz
+LIBSELINUX_SITE = http://userspace.selinuxproject.org/releases/20130423/
+LIBSELINUX_LICENSE = PublicDomain
+LIBSELINUX_LICENSE_FILES = LICENSE
+
+##############################
+# Target Section
+##############################
+LIBSELINUX_DEPENDENCIES = libsepol pcre
+
+LIBSELINUX_INSTALL_STAGING = YES
+LIBSELINUX_INSTALL_TARGET = YES
+
+LIBSELINUX_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread"
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX_PYTHON_BINDINGS),y)
+
+LIBSELINUX_DEPENDENCIES += python host-swig host-python
+LIBSELINUX_MAKE_CMDS += PYINC="-I$(STAGING_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/" \
+ PYTHONLIBDIR="-L$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/" \
+ PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
+ SWIG_LIB="$(HOST_DIR)/usr/share/swig/$(SWIG_VERSION)/"
+
+define LIBSELINUX_PYTHON_BUILD_CMDS
+ $(MAKE) -C $(@D) $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR) swigify
+ $(MAKE) -C $(@D) $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR) pywrap
+endef
+
+define LIBSELINUX_PYTHON_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install-pywrap $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define LIBSELINUX_PYTHON_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install-pywrap $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+endef
+
+define LIBSELINUX_PYTHON_UNINSTALL_STAGING_CMDS
+ rm -rf $(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/selinux
+endef
+
+define LIBSELINUX_PYTHON_UNINSTALL_TARGET_CMDS
+ rm -rf $(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/selinux
+endef
+
+endif
+
+define LIBSELINUX_BUILD_CMDS
+ $(MAKE) -C $(@D) $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR) all
+ $(LIBSELINUX_PYTHON_BUILD_CMDS)
+endef
+
+define LIBSELINUX_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+ $(LIBSELINUX_PYTHON_INSTALL_STAGING_CMDS)
+endef
+
+define LIBSELINUX_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+ $(LIBSELINUX_PYTHON_INSTALL_TARGET_CMDS)
+endef
+
+define LIBSELINUX_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+LIBSELINUX_SBIN_FILES = avcstat compute_av compute_create compute_member \
+ compute_relabel compute_user getconlist getdefaultcon getenforce \
+ getfilecon getpidcon getsebool getseuser matchpathcon policyvers \
+ sefcontext_compile selinux_check_securetty_context selinuxenabled \
+ selinuxexeccon setenforce setfilecon togglesebool
+
+define LIBSELINUX_UNINSTALL_STAGING_CMDS
+ rm -rf $(addprefix $(STAGING_DIR), /usr/include/selinux \
+ $(addprefix /usr/sbin/, $(LIBSELINUX_SBIN_FILES)) \
+ /usr/lib/pkgconfig/libselinux* /usr/lib/libselinux* /lib/libselinux*)
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man3/*.3)))
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man5/,$(notdir $(wildcard $(@D)/man/man5/*.5)))
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man8/,$(notdir $(wildcard $(@D)/man/man8/*.8)))
+ $(LIBSELINUX_PYTHON_UNINSTALL_STAGING_CMDS)
+endef
+
+define LIBSELINUX_UNINSTALL_TARGET_CMDS
+ rm -rf $(addprefix $(TARGET_DIR), /usr/include/selinux \
+ $(addprefix /usr/sbin/, $(LIBSELINUX_SBIN_FILES)) \
+ /usr/lib/pkgconfig/libselinux* /usr/lib/libselinux* /lib/libselinux*)
+ $(LIBSELINUX_PYTHON_UNINSTALL_TARGET_CMDS)
+endef
+
+##############################
+# Host Section
+##############################
+HOST_LIBSELINUX_DEPENDENCIES = host-python host-libsepol host-swig host-pcre
+
+HOST_LIBSELINUX_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) LDFLAGS="$(HOST_LDFLAGS) -lpcre -lpthread"\
+ PYINC="-I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/" \
+ PYTHONLIBDIR="-L$(HOST_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/" \
+ PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
+ SWIG_LIB="$(HOST_DIR)/usr/share/swig/$(SWIG_VERSION)/" \
+
+define HOST_LIBSELINUX_BUILD_CMDS
+ $(MAKE) -C $(@D) $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR) all
+ $(MAKE) -C $(@D) $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR) swigify
+ $(MAKE) -C $(@D) $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR) pywrap
+endef
+
+define HOST_LIBSELINUX_INSTALL_CMDS
+ $(MAKE) -C $(@D) install install-pywrap $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ mv $(HOST_DIR)/lib/libselinux.so.1 $(HOST_DIR)/usr/lib
+ (cd $(HOST_DIR)/usr/lib; rm -f libselinux.so; ln -s libselinux.so.1 libselinux.so)
+ rmdir $(HOST_DIR)/lib
+ (if -f $(HOST_DIR)/sbin/matchpathcon; then \
+ mv $(HOST_DIR)/sbin/matchpathcon $(HOST_DIR)/usr/sbin/; \
+ rmdir $(HOST_DIR)/sbin; \
+ fi)
+endef
+
+define HOST_LIBSELINUX_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 02/17] libselinux: new package
2013-09-04 23:09 ` [Buildroot] [PATCH 02/17] libselinux: " Clayton Shotwell
@ 2013-09-05 7:51 ` Thomas Petazzoni
2013-09-05 13:18 ` clshotwe at rockwellcollins.com
0 siblings, 1 reply; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-05 7:51 UTC (permalink / raw)
To: buildroot
Dear Clayton Shotwell,
On Wed, 4 Sep 2013 18:09:41 -0500, Clayton Shotwell wrote:
> menu "Security"
> source "package/libsepol/Config.in"
> +source "package/libselinux/Config.in"
> endmenu
Same comment as previous package: libselinux is a library, so it should
be under Target packages -> Libraries.
>
> menu "System tools"
> diff --git a/package/libselinux/Config.in b/package/libselinux/Config.in
> new file mode 100644
> index 0000000..4f3be64
> --- /dev/null
> +++ b/package/libselinux/Config.in
> @@ -0,0 +1,22 @@
> +config BR2_PACKAGE_LIBSELINUX
> + bool "libselinux"
> + depends on BR2_LINUX_KERNEL
Hum, can you clarify why a dependency on the kernel is needed here?
> + help
> + libselinux is the runtime SELinux library that provides interfaces
> + (e.g. library functions for the SELinux kernel APIs like getcon(),
> + other support functions like getseuserbyname()) to SELinux-aware
> + applications. libselinux may use the shared libsepol to manipulate
> + the binary policy if necessary (e.g. to downgrade the policy format
> + to an older version supported by the kernel) when loading policy.
> +
> + http://selinuxproject.org/page/Main_Page
> +
> +if BR2_PACKAGE_LIBSELINUX
> +
> +config BR2_PACKAGE_LIBSELINUX_PYTHON_BINDINGS
> + select BR2_PACKAGE_PYTHON
Here I am not sure whether we should have:
(1) An option that selects BR2_PACKAGE_PYTHON (as you did)
(2) An option that depends on BR2_PACKAGE_PYTHON
(3) No option at all, and have the package automatically enable Python
bindings when BR2_PACKAGE_PYTHON is enabled.
What do the others think?
> + bool "python bindings"
> + help
> + enable building python bindings
> +
> +endif
> diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
> new file mode 100644
> index 0000000..ed90186
> --- /dev/null
> +++ b/package/libselinux/libselinux.mk
> @@ -0,0 +1,128 @@
> +################################################################################
> +#
> +# libselinux
> +#
> +################################################################################
One empty line between header and variables.
> +LIBSELINUX_VERSION = 2.1.13
> +LIBSELINUX_SOURCE = libselinux-$(LIBSELINUX_VERSION).tar.gz
This line is not needed, that's the default value.
> +LIBSELINUX_SITE = http://userspace.selinuxproject.org/releases/20130423/
> +LIBSELINUX_LICENSE = PublicDomain
> +LIBSELINUX_LICENSE_FILES = LICENSE
> +
> +##############################
> +# Target Section
> +##############################
Comment not needed.
> +LIBSELINUX_DEPENDENCIES = libsepol pcre
Then you should select BR2_PACKAGE_LIBSEPOL and BR2_PACKAGE_PCRE in
your Config.in file.
> +
> +LIBSELINUX_INSTALL_STAGING = YES
> +LIBSELINUX_INSTALL_TARGET = YES
This last line is not needed, that's the default.
> +
> +LIBSELINUX_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread"
This could use a little bit of wrapping:
LIBSELINUX_MAKE_CMDS = \
$(TARGET_CONFIGURE_OPTS) \
LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread"
BTW, I'm not sure _MAKE_CMDS is really the appropriate suffix, maybe
_MAKE_OPTS ?
> +ifeq ($(BR2_PACKAGE_LIBSELINUX_PYTHON_BINDINGS),y)
> +
> +LIBSELINUX_DEPENDENCIES += python host-swig host-python
> +LIBSELINUX_MAKE_CMDS += PYINC="-I$(STAGING_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/" \
> + PYTHONLIBDIR="-L$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/" \
> + PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
> + SWIG_LIB="$(HOST_DIR)/usr/share/swig/$(SWIG_VERSION)/"
> +
> +define LIBSELINUX_PYTHON_BUILD_CMDS
> + $(MAKE) -C $(@D) $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR) swigify
> + $(MAKE) -C $(@D) $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR) pywrap
DESTDIR really needed at build time ?
> +endef
> +
> +define LIBSELINUX_PYTHON_INSTALL_STAGING_CMDS
> + $(MAKE) -C $(@D) install-pywrap $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define LIBSELINUX_PYTHON_INSTALL_TARGET_CMDS
> + $(MAKE) -C $(@D) install-pywrap $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
> +endef
> +
> +define LIBSELINUX_PYTHON_UNINSTALL_STAGING_CMDS
> + rm -rf $(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/selinux
> +endef
> +
> +define LIBSELINUX_PYTHON_UNINSTALL_TARGET_CMDS
> + rm -rf $(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/selinux
> +endef
You can get rid of install commands.
> +
> +endif
> +
> +define LIBSELINUX_BUILD_CMDS
> + $(MAKE) -C $(@D) $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR) all
DESTDIR unneeded at build time.
> + $(LIBSELINUX_PYTHON_BUILD_CMDS)
> +endef
> +
> +define LIBSELINUX_INSTALL_STAGING_CMDS
> + $(MAKE) -C $(@D) install $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> + $(LIBSELINUX_PYTHON_INSTALL_STAGING_CMDS)
> +endef
> +
> +define LIBSELINUX_INSTALL_TARGET_CMDS
> + $(MAKE) -C $(@D) install $(LIBSELINUX_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
> + $(LIBSELINUX_PYTHON_INSTALL_TARGET_CMDS)
> +endef
> +
> +define LIBSELINUX_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +LIBSELINUX_SBIN_FILES = avcstat compute_av compute_create compute_member \
> + compute_relabel compute_user getconlist getdefaultcon getenforce \
> + getfilecon getpidcon getsebool getseuser matchpathcon policyvers \
> + sefcontext_compile selinux_check_securetty_context selinuxenabled \
> + selinuxexeccon setenforce setfilecon togglesebool
> +
> +define LIBSELINUX_UNINSTALL_STAGING_CMDS
> + rm -rf $(addprefix $(STAGING_DIR), /usr/include/selinux \
> + $(addprefix /usr/sbin/, $(LIBSELINUX_SBIN_FILES)) \
> + /usr/lib/pkgconfig/libselinux* /usr/lib/libselinux* /lib/libselinux*)
> + rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man3/*.3)))
> + rm -f $(addprefix $(STAGING_DIR)/usr/man/man5/,$(notdir $(wildcard $(@D)/man/man5/*.5)))
> + rm -f $(addprefix $(STAGING_DIR)/usr/man/man8/,$(notdir $(wildcard $(@D)/man/man8/*.8)))
> + $(LIBSELINUX_PYTHON_UNINSTALL_STAGING_CMDS)
> +endef
> +
> +define LIBSELINUX_UNINSTALL_TARGET_CMDS
> + rm -rf $(addprefix $(TARGET_DIR), /usr/include/selinux \
> + $(addprefix /usr/sbin/, $(LIBSELINUX_SBIN_FILES)) \
> + /usr/lib/pkgconfig/libselinux* /usr/lib/libselinux* /lib/libselinux*)
> + $(LIBSELINUX_PYTHON_UNINSTALL_TARGET_CMDS)
> +endef
Yeah, just drop the uninstall commands.
> +##############################
> +# Host Section
> +##############################
Drop this header.
> +HOST_LIBSELINUX_DEPENDENCIES = host-python host-libsepol host-swig host-pcre
So for the host variant, the Python bindings are always enabled? Is
there a reason for that?
> +
> +HOST_LIBSELINUX_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) LDFLAGS="$(HOST_LDFLAGS) -lpcre -lpthread"\
> + PYINC="-I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/" \
> + PYTHONLIBDIR="-L$(HOST_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/" \
> + PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
> + SWIG_LIB="$(HOST_DIR)/usr/share/swig/$(SWIG_VERSION)/" \
> +
> +define HOST_LIBSELINUX_BUILD_CMDS
> + $(MAKE) -C $(@D) $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR) all
> + $(MAKE) -C $(@D) $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR) swigify
> + $(MAKE) -C $(@D) $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR) pywrap
DESTDIR usually not needed at build time.
> +endef
> +
> +define HOST_LIBSELINUX_INSTALL_CMDS
> + $(MAKE) -C $(@D) install install-pywrap $(HOST_LIBSELINUX_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> + mv $(HOST_DIR)/lib/libselinux.so.1 $(HOST_DIR)/usr/lib
> + (cd $(HOST_DIR)/usr/lib; rm -f libselinux.so; ln -s libselinux.so.1 libselinux.so)
> + rmdir $(HOST_DIR)/lib
> + (if -f $(HOST_DIR)/sbin/matchpathcon; then \
> + mv $(HOST_DIR)/sbin/matchpathcon $(HOST_DIR)/usr/sbin/; \
> + rmdir $(HOST_DIR)/sbin; \
> + fi)
Same suggestion as above: what if you pass DESTDIR=$(HOST_DIR)/usr ?
Thanks!
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 02/17] libselinux: new package
2013-09-05 7:51 ` Thomas Petazzoni
@ 2013-09-05 13:18 ` clshotwe at rockwellcollins.com
0 siblings, 0 replies; 34+ messages in thread
From: clshotwe at rockwellcollins.com @ 2013-09-05 13:18 UTC (permalink / raw)
To: buildroot
Thomas,
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on 09/05/2013
02:51:29 AM:
> > menu "Security"
> > source "package/libsepol/Config.in"
> > +source "package/libselinux/Config.in"
> > endmenu
>
> Same comment as previous package: libselinux is a library, so it should
> be under Target packages -> Libraries.
Agree
> > +config BR2_PACKAGE_LIBSELINUX
> > + bool "libselinux"
> > + depends on BR2_LINUX_KERNEL
>
> Hum, can you clarify why a dependency on the kernel is needed here?
Probably shouldn't be an explicit one, though SELinux will not work
outside of Linux. I will go ahead and remove this dependency.
> > +config BR2_PACKAGE_LIBSELINUX_PYTHON_BINDINGS
> > + select BR2_PACKAGE_PYTHON
>
> Here I am not sure whether we should have:
>
> (1) An option that selects BR2_PACKAGE_PYTHON (as you did)
>
> (2) An option that depends on BR2_PACKAGE_PYTHON
>
> (3) No option at all, and have the package automatically enable Python
> bindings when BR2_PACKAGE_PYTHON is enabled.
>
> What do the others think?
I added this option because the policycoreutils package contains utilities
that rely on the python bindings from the libselinux and sepolgen
packages. What I can do is remove the option and have the bindings for
libselinux and sepolgen depend on BR2_PACKAGE_PYTHON. I can then change
policycoreutils select BR2_PACKAGE_PYTHON which would enable the other
two. This would also allow the bindings to be generated any time Python
support is enabled.
> Then you should select BR2_PACKAGE_LIBSEPOL and BR2_PACKAGE_PCRE in
> your Config.in file.
Can do.
> > +HOST_LIBSELINUX_DEPENDENCIES = host-python host-libsepol host-
> swig host-pcre
>
> So for the host variant, the Python bindings are always enabled? Is
> there a reason for that?
This was just a easier way than checking to see if host python is being
installed. Should I break this out and if so, what should I check to see
if the host version is being installed?
The same DESTDIR comments from my previous email apply to this package
also. I will pull the generic changes into all of my patches and resubmit
them if that works for you.
Thanks,
Clayton
Clayton Shotwell
Software Engineer
clshotwe at rockwellcollins.com
www.rockwellcollins.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130905/15910dc8/attachment-0001.html>
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 03/17] ustr: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 01/17] libsepol: new package Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 02/17] libselinux: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-05 7:57 ` Thomas Petazzoni
2013-09-04 23:09 ` [Buildroot] [PATCH 04/17] libsemanage: " Clayton Shotwell
` (14 subsequent siblings)
17 siblings, 1 reply; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/ustr/Config.in | 6 +
.../ustr-1.0.4-crossCompileModifications.patch | 104 ++++++++++++++++++++
package/ustr/ustr.mk | 68 +++++++++++++
4 files changed, 179 insertions(+), 0 deletions(-)
create mode 100644 package/ustr/Config.in
create mode 100644 package/ustr/ustr-1.0.4-crossCompileModifications.patch
create mode 100644 package/ustr/ustr.mk
diff --git a/package/Config.in b/package/Config.in
index bf68827..fa70e84 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -677,6 +677,7 @@ source "package/pcre/Config.in"
source "package/popt/Config.in"
source "package/readline/Config.in"
source "package/slang/Config.in"
+source "package/ustr/Config.in"
endmenu
menu "JSON/XML"
diff --git a/package/ustr/Config.in b/package/ustr/Config.in
new file mode 100644
index 0000000..62db57d
--- /dev/null
+++ b/package/ustr/Config.in
@@ -0,0 +1,6 @@
+config BR2_PACKAGE_USTR
+ bool "ustr"
+ help
+ A small, safe string library.
+
+ http://www.and.org/ustr/
diff --git a/package/ustr/ustr-1.0.4-crossCompileModifications.patch b/package/ustr/ustr-1.0.4-crossCompileModifications.patch
new file mode 100644
index 0000000..aad9b81
--- /dev/null
+++ b/package/ustr/ustr-1.0.4-crossCompileModifications.patch
@@ -0,0 +1,104 @@
+diff -urN a/ustr-compiler.h b/ustr-compiler.h
+--- a/ustr-compiler.h 2008-02-15 14:12:28.000000000 -0600
++++ b/ustr-compiler.h 2012-06-15 11:04:55.000000000 -0500
+@@ -13,10 +13,10 @@
+
+ /* We assume this is enough,
+ * C99 specifies that va_copy() exists and is a macro */
+-#ifdef va_copy
++#if defined va_copy
+ # define USTR_CONF_HAVE_VA_COPY 1
+ # define USTR__VA_COPY(x, y) va_copy(x, y)
+-#elif __va_copy
++#elif defined __va_copy
+ # define USTR_CONF_HAVE_VA_COPY 1
+ # define USTR__VA_COPY(x, y) __va_copy(x, y)
+ #else
+--- a/Makefile 2008-03-05 21:38:00.000000000 -0600
++++ b/Makefile 2013-07-11 08:42:42.630440683 -0500
+@@ -8,8 +8,8 @@
+ VERS_ESONAME =1
+ VERS_ESO =$(VERS_ESONAME).0.4
+
+-DESTDIR =
+-prefix=/usr
++DESTDIR ?=
++prefix ?= /usr
+ datadir=$(prefix)/share
+ libdir=$(prefix)/lib
+ libexecdir=$(prefix)/libexec
+@@ -18,7 +18,7 @@
+ SHRDIR=$(datadir)/ustr-$(VERS_FULL)
+ DOCSHRDIR=$(datadir)/doc/ustr-devel-$(VERS_FULL)
+ EXAMDIR=$(SHRDIR)/examples
+-mandir=$(datadir)/doc/man
++mandir=$(datadir)/man
+ MBINDIR=$(libexecdir)/ustr-$(VERS_FULL)
+
+ ###############################################################################
+@@ -28,12 +28,12 @@
+ ###############################################################################
+ HIDE=@
+
+-CC = cc
+-AR = ar
+-RANLIB = ranlib
+-LDCONFIG = /sbin/ldconfig
++CC ?= cc
++AR ?= ar
++RANLIB ?= ranlib
+
+-CFLAGS = -O2 -g
++CFLAGS ?= -O2 -g
++LDFLAGS ?=
+
+ # Debug versions...
+ WARNS = -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security # -Wfloat-equal -- no floats
+@@ -398,7 +398,6 @@
+ ln -s $(DBG_LIB_SHARED) $(DESTDIR)$(libdir)/$(DBG_LIB_SHARED_NAME)
+ -rm -f $(DESTDIR)$(libdir)/$(DBG_LIB_SHAREDEV)
+ ln -s $(DBG_LIB_SHARED_NAME) $(DESTDIR)$(libdir)/$(DBG_LIB_SHAREDEV)
+- $(LDCONFIG) -n $(DESTDIR)$(libdir)
+ install -pm 644 -t $(DESTDIR)$(includedir) $(SRC_HDRS)
+ install -pm 644 -t $(DESTDIR)$(SHRDIR) $(SRC_SRCS)
+ install -pm 644 -t $(DESTDIR)$(SHRDIR) $(XSRC_SRCS)
+@@ -414,8 +413,7 @@
+
+ install-multilib-linux: install autoconf_64b ustr-import-multilib
+ install -d $(DESTDIR)$(MBINDIR)
+- $(HIDE)mlib=`./autoconf_64b`; \
+- if test "x$$mlib" = "x1"; then mlib=64; else mlib=32; fi; \
++ $(HIDE))if test "`echo "__SIZEOF_SIZE_T__" | $(CC) -E -x c - | tail -n 1`" = 8; then mlib=64; else mlib=32; fi; \
+ mv -f $(DESTDIR)$(includedir)/ustr-conf-debug.h \
+ $(DESTDIR)$(includedir)/ustr-conf-debug-$$mlib.h; \
+ mv -f $(DESTDIR)$(includedir)/ustr-conf.h \
+@@ -451,7 +449,8 @@
+
+ ustr-import: ustr-import.in autoconf_64b autoconf_vsnprintf
+ $(HIDE)echo Creating $@
+- $(HIDE)sz64=`./autoconf_64b`; vsnp=`./autoconf_vsnprintf`; \
++ $(HIDE)if test "`echo "__SIZEOF_SIZE_T__" | $(CC) -E -x c - | tail -n 1`" = 8; then sz64=1; else sz64=0; fi; \
++ if test "`./autoconf_vsnprintf`" = 0; then vsnp=0; else vsnp=1; fi; \
+ sed -e 's, at INCLUDEDIR@,$(includedir),g' -e 's, at SHRDIR@,$(SHRDIR),g' -e 's, at VERS@,$(VERS),g' -e 's, at VERS_FULL@,$(VERS_FULL),g' -e "s, at HAVE_64bit_SIZE_MAX@,$$sz64,g" -e "s, at HAVE_RETARDED_VSNPRINTF@,$$vsnp,g" < $< > $@
+ $(HIDE)chmod 755 $@
+
+@@ -485,7 +484,8 @@
+ ustr-conf.h: ustr-conf.h.in autoconf_64b autoconf_vsnprintf
+ $(HIDE)echo Creating $@
+ $(HIDE)have_stdint_h=0; dbg1=0; dbg2=0; \
+- sz64=`./autoconf_64b`; vsnp=`./autoconf_vsnprintf`; \
++ if test "`echo "__SIZEOF_SIZE_T__" | $(CC) -E -x c - | tail -n 1`" = 8; then sz64=1; else sz64=0; fi; \
++ if test "`./autoconf_vsnprintf`" = 0; then vsnp=0; else vsnp=1; fi; \
+ if test -f "/usr/include/stdint.h"; then have_stdint_h=1; fi; \
+ if test -f "$(prefix)/include/stdint.h"; then have_stdint_h=1; fi; \
+ if test -f "$(includedir)/stdint.h"; then have_stdint_h=1; fi; \
+@@ -494,7 +494,8 @@
+ ustr-conf-debug.h: ustr-conf.h.in autoconf_64b autoconf_vsnprintf
+ $(HIDE)echo Creating $@
+ $(HIDE)have_stdint_h=0; dbg1=1; dbg2=1; \
+- sz64=`./autoconf_64b`; vsnp=`./autoconf_vsnprintf`; \
++ if test "`echo "__SIZEOF_SIZE_T__" | $(CC) -E -x c - | tail -n 1`" = 8; then sz64=1; else sz64=0; fi; \
++ if test "`./autoconf_vsnprintf`" = 0; then vsnp=0; else vsnp=1; fi; \
+ if test -f "/usr/include/stdint.h"; then have_stdint_h=1; fi; \
+ if test -f "$(prefix)/include/stdint.h"; then have_stdint_h=1; fi; \
+ if test -f "$(includedir)/stdint.h"; then have_stdint_h=1; fi; \
diff --git a/package/ustr/ustr.mk b/package/ustr/ustr.mk
new file mode 100644
index 0000000..46b8bb4
--- /dev/null
+++ b/package/ustr/ustr.mk
@@ -0,0 +1,68 @@
+#############################################################
+#
+# ustr
+#
+#############################################################
+USTR_VERSION = 1.0.4
+USTR_SOURCE = ustr-$(USTR_VERSION).tar.bz2
+USTR_SITE = http://www.and.org/ustr/$(USTR_VERSION)/
+USTR_LICENSE = BSD-2c MIT LGPLv2+
+USTR_LICENSE_FILES = LICENCE LICENSE_BSD LICENSE_LGPL LICENSE_MIT
+
+##############################
+# Target Section
+##############################
+USTR_INSTALL_STAGING = YES
+USTR_INSTALL_TARGET = YES
+
+USTR_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
+
+define USTR_BUILD_CMDS
+ $(MAKE) -C $(@D) all $(USTR_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+ $(MAKE) -C $(@D) all-shared $(USTR_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define USTR_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install $(USTR_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define USTR_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install $(USTR_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+endef
+
+define USTR_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+define USTR_UNINSTALL_STAGING_CMDS
+ rm -rf $(addprefix $(TARGET_DIR),/usr/lib/libustr* /usr/lib/pkgconfig/ustr* \
+ /usr/bin/ustr* /usr/include/ustr* /usr/include/ \
+ /usr/share/doc/ustr-$(USTR_VERSION) /usr/share/ustr-$(USTR_VERSION) \
+ /usr/share/man/man1/ustr* /usr/share/man/man3/ustr*)
+endef
+
+define USTR_UNINSTALL_TARGET_CMDS
+ rm -rf $(addprefix $(TARGET_DIR),/usr/lib/libustr* /usr/lib/pkgconfig/ustr* \
+ /usr/bin/ustr* /usr/include/ustr*)
+endef
+
+##############################
+# Host Section
+##############################
+HOST_USTR_MAKE_CMDS = $(HOST_CONFIGURE_OPTS)
+
+define HOST_USTR_BUILD_CMDS
+ $(MAKE) -C $(@D) all $(HOST_USTR_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D) all-shared $(HOST_USTR_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_USTR_INSTALL_CMDS
+ $(MAKE) -C $(@D) install $(HOST_USTR_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_USTR_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 03/17] ustr: new package
2013-09-04 23:09 ` [Buildroot] [PATCH 03/17] ustr: " Clayton Shotwell
@ 2013-09-05 7:57 ` Thomas Petazzoni
0 siblings, 0 replies; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-05 7:57 UTC (permalink / raw)
To: buildroot
Dear Clayton Shotwell,
On Wed, 4 Sep 2013 18:09:42 -0500, Clayton Shotwell wrote:
> diff --git a/package/ustr/ustr-1.0.4-crossCompileModifications.patch b/package/ustr/ustr-1.0.4-crossCompileModifications.patch
Patch names should not contain the version number, but instead a number
that allows patches to be applied in the right order. See
http://buildroot.org/downloads/manual/manual.html#patch-policy.
Also, while it is not written anywhere explicitly, the patch filename
should be all in lower case.
> new file mode 100644
> index 0000000..aad9b81
The patch should contain a description + Signed-off-by line. See
http://buildroot.org/downloads/manual/manual.html#_format_and_licensing_of_the_package_patches.
> diff --git a/package/ustr/ustr.mk b/package/ustr/ustr.mk
> new file mode 100644
> index 0000000..46b8bb4
> --- /dev/null
> +++ b/package/ustr/ustr.mk
> @@ -0,0 +1,68 @@
> +#############################################################
> +#
> +# ustr
> +#
> +#############################################################
80 dashes, one empty line between header and variables.
> +USTR_VERSION = 1.0.4
> +USTR_SOURCE = ustr-$(USTR_VERSION).tar.bz2
> +USTR_SITE = http://www.and.org/ustr/$(USTR_VERSION)/
> +USTR_LICENSE = BSD-2c MIT LGPLv2+
> +USTR_LICENSE_FILES = LICENCE LICENSE_BSD LICENSE_LGPL LICENSE_MIT
> +
> +##############################
> +# Target Section
> +##############################
Comment not needed.
> +USTR_INSTALL_STAGING = YES
> +USTR_INSTALL_TARGET = YES
Last line not needed.
> +
> +USTR_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
Use $(TARGET_CONFIGURE_OPTS) directly.
> +
> +define USTR_BUILD_CMDS
> + $(MAKE) -C $(@D) all $(USTR_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> + $(MAKE) -C $(@D) all-shared $(USTR_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
DESTDIR typically not needed when building. Also, you can probably
combine this in one line:
$(MAKE) -C $(@D) \
$(USTR_MAKE_CMDS) all all-shared
However, there's one thing we've forgotten: we try to support static
library builds in Buildroot, when BR2_PREFER_STATIC_LIB is enabled. So
when it's possible, it'd be great if the packages could behave nicely
when BR2_PREFER_STATIC_LIB=y (by disabling the build of shared
libraries). If it's not possible or too complicated, we can add a
depends on !BR2_PREFER_STATIC_LIB.
> +endef
> +
> +define USTR_INSTALL_STAGING_CMDS
> + $(MAKE) -C $(@D) install $(USTR_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define USTR_INSTALL_TARGET_CMDS
> + $(MAKE) -C $(@D) install $(USTR_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
> +endef
> +
> +define USTR_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +define USTR_UNINSTALL_STAGING_CMDS
> + rm -rf $(addprefix $(TARGET_DIR),/usr/lib/libustr* /usr/lib/pkgconfig/ustr* \
> + /usr/bin/ustr* /usr/include/ustr* /usr/include/ \
> + /usr/share/doc/ustr-$(USTR_VERSION) /usr/share/ustr-$(USTR_VERSION) \
> + /usr/share/man/man1/ustr* /usr/share/man/man3/ustr*)
> +endef
> +
> +define USTR_UNINSTALL_TARGET_CMDS
> + rm -rf $(addprefix $(TARGET_DIR),/usr/lib/libustr* /usr/lib/pkgconfig/ustr* \
> + /usr/bin/ustr* /usr/include/ustr*)
> +endef
Drop the uninstall comands.
> +##############################
> +# Host Section
> +##############################
> +HOST_USTR_MAKE_CMDS = $(HOST_CONFIGURE_OPTS)
> +
> +define HOST_USTR_BUILD_CMDS
> + $(MAKE) -C $(@D) all $(HOST_USTR_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> + $(MAKE) -C $(@D) all-shared $(HOST_USTR_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> +endef
Same comments as above, for everything :)
Thanks!
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 04/17] libsemanage: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (2 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 03/17] ustr: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 05/17] checkpolicy: " Clayton Shotwell
` (13 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/libsemanage/Config.in | 21 ++++
.../libsemanage-2.1.10-execptionLibPathFix.patch | 10 ++
package/libsemanage/libsemanage.mk | 113 ++++++++++++++++++++
4 files changed, 145 insertions(+), 0 deletions(-)
create mode 100644 package/libsemanage/Config.in
create mode 100644 package/libsemanage/libsemanage-2.1.10-execptionLibPathFix.patch
create mode 100644 package/libsemanage/libsemanage.mk
diff --git a/package/Config.in b/package/Config.in
index fa70e84..b6b3cec 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -900,6 +900,7 @@ endmenu
menu "Security"
source "package/libsepol/Config.in"
source "package/libselinux/Config.in"
+source "package/libsemanage/Config.in"
endmenu
menu "System tools"
diff --git a/package/libsemanage/Config.in b/package/libsemanage/Config.in
new file mode 100644
index 0000000..d4a9868
--- /dev/null
+++ b/package/libsemanage/Config.in
@@ -0,0 +1,21 @@
+config BR2_PACKAGE_LIBSEMANAGE
+ bool "libsemanage"
+ help
+ libsemanage is the policy management library. It uses libsepol for binary
+ policy manipulation and libselinux for interacting with the SELinux
+ system. It also exec's helper programs for loading policy and for checking
+ whether the file_contexts configuration is valid (load_policy and
+ setfiles from policycoreutils) presently, although this may change at
+ least for the bootstrapping case (for rpm).
+
+ http://selinuxproject.org/page/Main_Page
+
+if BR2_PACKAGE_LIBSEMANAGE
+
+config BR2_PACKAGE_LIBSEMANAGE_PYTHON_BINDINGS
+ select BR2_PACKAGE_PYTHON
+ bool "python bindings"
+ help
+ enable building python bindings
+
+endif
diff --git a/package/libsemanage/libsemanage-2.1.10-execptionLibPathFix.patch b/package/libsemanage/libsemanage-2.1.10-execptionLibPathFix.patch
new file mode 100644
index 0000000..3972a79
--- /dev/null
+++ b/package/libsemanage/libsemanage-2.1.10-execptionLibPathFix.patch
@@ -0,0 +1,10 @@
+--- a/src/exception.sh 2011-12-21 11:46:04.000000000 -0600
++++ b/src/exception.sh 2012-08-27 11:29:58.000000000 -0500
+@@ -9,6 +9,6 @@
+ }
+ "
+ }
+-gcc -x c -c - -aux-info temp.aux < ../include/semanage/semanage.h
++gcc -x c -c - -aux-info temp.aux -I../include < ../include/semanage/semanage.h
+ for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done
+ rm -f -- temp.aux -.o
diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
new file mode 100644
index 0000000..39098e8
--- /dev/null
+++ b/package/libsemanage/libsemanage.mk
@@ -0,0 +1,113 @@
+#############################################################
+#
+# libsemanage
+#
+#############################################################
+LIBSEMANAGE_VERSION = 2.1.10
+LIBSEMANAGE_SOURCE = libsemanage-$(LIBSEMANAGE_VERSION).tar.gz
+LIBSEMANAGE_SITE = http://userspace.selinuxproject.org/releases/20130423/
+LIBSEPOL_LICENSE = LGPLv2.1
+LIBSEPOL_LICENSE_FILES = COPYING
+
+##############################
+# Target Section
+##############################
+LIBSEMANAGE_DEPENDENCIES = host-bison libsepol libselinux ustr bzip2
+
+LIBSEMANAGE_INSTALL_STAGING = YES
+LIBSEMANAGE_INSTALL_TARGET = YES
+
+LIBSEMANAGE_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
+
+ifeq ($(BR2_PACKAGE_LIBSEMANAGE_PYTHON_BINDINGS),y)
+
+LIBSEMANAGE_DEPENDENCIES += python host-swig host-python
+LIBSEMANAGE_MAKE_CMDS += PYINC="-I$(STAGING_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/" \
+ PYTHONLIBDIR="-L$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/" \
+ PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
+ SWIG_LIB="$(HOST_DIR)/usr/share/swig/$(SWIG_VERSION)/"
+
+define LIBSEMANAGE_PYTHON_BUILD_CMDS
+ $(MAKE) -C $(@D) $(LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(STAGING_DIR) swigify
+ $(MAKE) -C $(@D) $(LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(STAGING_DIR) pywrap
+endef
+
+define LIBSEMANAGE_PYTHON_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install-pywrap $(LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define LIBSEMANAGE_PYTHON_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install-pywrap $(LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+endef
+
+define LIBSEMANAGE_PYTHON_UNINSTALL_STAGING_CMDS
+ rm -f $(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/*semanage*
+endef
+
+define LIBSEMANAGE_PYTHON_UNINSTALL_TARGET_CMDS
+ rm -f $(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages/*semanage*
+endef
+
+endif
+
+define LIBSEMANAGE_BUILD_CMDS
+ $(MAKE) -C $(@D) $(LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(STAGING_DIR) all
+ $(LIBSEMANAGE_PYTHON_BUILD_CMDS)
+endef
+
+define LIBSEMANAGE_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install $(LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+ $(LIBSEMANAGE_PYTHON_INSTALL_STAGING_CMDS)
+endef
+
+define LIBSEMANAGE_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install $(LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+ rm -rf $(addprefix $(TARGET_DIR),/usr/share/man/ /usr/include/)
+ $(LIBSEMANAGE_PYTHON_INSTALL_TARGET_CMDS)
+endef
+
+define LIBSEMANAGE_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+define LIBSEMANAGE_UNINSTALL_STAGING_CMDS
+ rm -rf $(addprefix $(STAGING_DIR),/usr/include/semanage /usr/lib/libsemanage* \
+ /usr/lib/pkgconfig/libsemanage* /etc/selinux/semanage.conf)
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man3/*.3)))
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man3/,$(notdir $(wildcard $(@D)/man/man5/*.5)))
+ $(LIBSEMANAGE_PYTHON_UNINSTALL_STAGING_CMDS)
+endef
+
+define LIBSEMANAGE_UNINSTALL_TARGET_CMDS
+ rm -rf $(addprefix $(TARGET_DIR),/usr/lib/libsemanage* \
+ /usr/lib/pkgconfig/libsemanage* /etc/selinux/semanage.conf)
+ $(LIBSEMANAGE_PYTHON_UNINSTALL_TARGET_CMDS)
+endef
+
+##############################
+# Host Section
+##############################
+HOST_LIBSEMANAGE_DEPENDENCIES = host-python host-bison host-libsepol host-libselinux host-ustr host-bzip2
+
+HOST_LIBSEMANAGE_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
+ PYINC="-I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/" \
+ PYTHONLIBDIR="-L$(HOST_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/" \
+ PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
+ SWIG_LIB="$(HOST_DIR)/usr/share/swig/$(SWIG_VERSION)/"
+
+define HOST_LIBSEMANAGE_BUILD_CMDS
+ $(MAKE) -C $(@D) $(HOST_LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(HOST_DIR) all
+ $(MAKE) -C $(@D) $(HOST_LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(HOST_DIR) swigify
+ $(MAKE) -C $(@D) $(HOST_LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(HOST_DIR) pywrap
+endef
+
+define HOST_LIBSEMANAGE_INSTALL_CMDS
+ $(MAKE) -C $(@D) install install-pywrap $(HOST_LIBSEMANAGE_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_LIBSEMANAGE_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 05/17] checkpolicy: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (3 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 04/17] libsemanage: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-06 17:56 ` Thomas Petazzoni
2013-09-04 23:09 ` [Buildroot] [PATCH 06/17] sepolgen: " Clayton Shotwell
` (12 subsequent siblings)
17 siblings, 1 reply; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/checkpolicy/Config.in | 11 ++++++
package/checkpolicy/checkpolicy.mk | 71 ++++++++++++++++++++++++++++++++++++
3 files changed, 83 insertions(+), 0 deletions(-)
create mode 100644 package/checkpolicy/Config.in
create mode 100644 package/checkpolicy/checkpolicy.mk
diff --git a/package/Config.in b/package/Config.in
index b6b3cec..5c4adb9 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -898,6 +898,7 @@ source "package/xmlstarlet/Config.in"
endmenu
menu "Security"
+source "package/checkpolicy/Config.in"
source "package/libsepol/Config.in"
source "package/libselinux/Config.in"
source "package/libsemanage/Config.in"
diff --git a/package/checkpolicy/Config.in b/package/checkpolicy/Config.in
new file mode 100644
index 0000000..2c4819f
--- /dev/null
+++ b/package/checkpolicy/Config.in
@@ -0,0 +1,11 @@
+config BR2_PACKAGE_CHECKPOLICY
+ bool "checkpolicy"
+ select BR2_PACKAGE_FLEX
+ help
+ checkpolicy is the policy compiler. It uses libsepol to
+ generate the binary policy. checkpolicy uses the static
+ libsepol since it deals with low level details of the policy
+ that have not been encapsulated/abstracted by a proper
+ shared library interface.
+
+ http://selinuxproject.org/page/Main_Page
diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
new file mode 100644
index 0000000..e61e053
--- /dev/null
+++ b/package/checkpolicy/checkpolicy.mk
@@ -0,0 +1,71 @@
+#############################################################
+#
+# checkpolicy
+#
+#############################################################
+CHECKPOLICY_VERSION = 2.1.12
+CHECKPOLICY_SOURCE = checkpolicy-$(CHECKPOLICY_VERSION).tar.gz
+CHECKPOLICY_SITE = http://userspace.selinuxproject.org/releases/20130423/
+CHECKPOLICY_LICENSE = GPLv2
+CHECKPOLICY_LICENSE_FILES = COPYING
+
+##############################
+# Target Section
+##############################
+CHECKPOLICY_DEPENDENCIES = host-flex host-bison libselinux flex
+
+CHECKPOLICY_INSTALL_STAGING = YES
+CHECKPOLICY_INSTALL_TARGET = YES
+
+CHECKPOLICY_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
+ LEX="$(HOST_DIR)/usr/bin/flex" \
+ YACC="$(HOST_DIR)/usr/bin/bison -y"
+
+define CHECKPOLICY_BUILD_CMDS
+ $(MAKE) -C $(@D) $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define CHECKPOLICY_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define CHECKPOLICY_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+endef
+
+define CHECKPOLICY_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+define CHECKPOLICY_UNINSTALL_STAGING_CMDS
+ rm -f $(STAGING_DIR)/usr/bin/checkpolicy
+ rm -f $(addprefix $(STAGING_DIR)/usr/man/man8/,$(notdir $(wildcard $(@D)/*.8)))
+endef
+
+define CHECKPOLICY_UNINSTALL_TARGET_CMDS
+ rm -f $(TARGET_DIR)/usr/bin/checkpolicy
+endef
+
+##############################
+# Host Section
+##############################
+HOST_CHECKPOLICY_DEPENDENCIES = host-libselinux host-flex host-bison
+
+HOST_CHECKPOLICY_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
+ LEX="$(HOST_DIR)/usr/bin/flex" \
+ YACC="$(HOST_DIR)/usr/bin/bison -y"
+
+define HOST_CHECKPOLICY_BUILD_CMDS
+ $(MAKE) -C $(@D) $(HOST_CHECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_CHECKPOLICY_INSTALL_CMDS
+ $(MAKE) -C $(@D) install $(CHOST_HECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_CHECKPOLICY_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 05/17] checkpolicy: new package
2013-09-04 23:09 ` [Buildroot] [PATCH 05/17] checkpolicy: " Clayton Shotwell
@ 2013-09-06 17:56 ` Thomas Petazzoni
2013-09-09 17:33 ` Clayton Shotwell
0 siblings, 1 reply; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-06 17:56 UTC (permalink / raw)
To: buildroot
Dear Clayton Shotwell,
On Wed, 4 Sep 2013 18:09:44 -0500, Clayton Shotwell wrote:
> --- /dev/null
> +++ b/package/checkpolicy/Config.in
> @@ -0,0 +1,11 @@
> +config BR2_PACKAGE_CHECKPOLICY
> + bool "checkpolicy"
> + select BR2_PACKAGE_FLEX
> + help
> + checkpolicy is the policy compiler. It uses libsepol to
> + generate the binary policy. checkpolicy uses the static
> + libsepol since it deals with low level details of the policy
> + that have not been encapsulated/abstracted by a proper
> + shared library interface.
> +
> + http://selinuxproject.org/page/Main_Page
Is a target variant of this package really needed? In the context of
Buildroot and cross-compilation, I would expect the policy to be
written on the development machine, the compilation to happen on the
development machine, and only the resulting binary copied to the target.
We generally don't support "development" on the target, and we expect
the system generated by Buildroot to be ready to use. I am not familiar
with SELinux at all, but my understanding is that this Buildroot policy
should translate into just the SELinux binary policy to be installed on
the target, the compiler being kept on the host.
Other comments below.
> diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
> new file mode 100644
> index 0000000..e61e053
> --- /dev/null
> +++ b/package/checkpolicy/checkpolicy.mk
> @@ -0,0 +1,71 @@
> +#############################################################
> +#
> +# checkpolicy
> +#
> +#############################################################
80 dashes, empty line missing.
> +CHECKPOLICY_VERSION = 2.1.12
> +CHECKPOLICY_SOURCE = checkpolicy-$(CHECKPOLICY_VERSION).tar.gz
Not needed, that's the default.
> +CHECKPOLICY_SITE = http://userspace.selinuxproject.org/releases/20130423/
> +CHECKPOLICY_LICENSE = GPLv2
Really GPLv2, not GPLv2+ ?
> +CHECKPOLICY_LICENSE_FILES = COPYING
> +
> +##############################
> +# Target Section
> +##############################
We can remove this comment.
> +CHECKPOLICY_DEPENDENCIES = host-flex host-bison libselinux flex
So flex is needed both on the target, and at runtime?
> +
> +CHECKPOLICY_INSTALL_STAGING = YES
> +CHECKPOLICY_INSTALL_TARGET = YES
Last line not needed, that's the default.
> +
> +CHECKPOLICY_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
> + LEX="$(HOST_DIR)/usr/bin/flex" \
> + YACC="$(HOST_DIR)/usr/bin/bison -y"
> +
> +define CHECKPOLICY_BUILD_CMDS
> + $(MAKE) -C $(@D) $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define CHECKPOLICY_INSTALL_STAGING_CMDS
> + $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define CHECKPOLICY_INSTALL_TARGET_CMDS
> + $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
> +endef
> +
> +define CHECKPOLICY_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +define CHECKPOLICY_UNINSTALL_STAGING_CMDS
> + rm -f $(STAGING_DIR)/usr/bin/checkpolicy
> + rm -f $(addprefix $(STAGING_DIR)/usr/man/man8/,$(notdir $(wildcard $(@D)/*.8)))
> +endef
> +
> +define CHECKPOLICY_UNINSTALL_TARGET_CMDS
> + rm -f $(TARGET_DIR)/usr/bin/checkpolicy
> +endef
You can get rid of uninstall commands.
> +##############################
> +# Host Section
> +##############################
Comment not needed.
> +HOST_CHECKPOLICY_DEPENDENCIES = host-libselinux host-flex host-bison
> +
> +HOST_CHECKPOLICY_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
> + LEX="$(HOST_DIR)/usr/bin/flex" \
> + YACC="$(HOST_DIR)/usr/bin/bison -y"
> +
> +define HOST_CHECKPOLICY_BUILD_CMDS
> + $(MAKE) -C $(@D) $(HOST_CHECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> +endef
> +
> +define HOST_CHECKPOLICY_INSTALL_CMDS
> + $(MAKE) -C $(@D) install $(CHOST_HECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> +endef
> +
> +define HOST_CHECKPOLICY_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +$(eval $(generic-package))
> +$(eval $(host-generic-package))
Thanks,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 05/17] checkpolicy: new package
2013-09-06 17:56 ` Thomas Petazzoni
@ 2013-09-09 17:33 ` Clayton Shotwell
2013-09-11 16:44 ` Arnout Vandecappelle
0 siblings, 1 reply; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-09 17:33 UTC (permalink / raw)
To: buildroot
Thomas,
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on 09/06/2013
12:56:09 PM:
> Is a target variant of this package really needed? In the context of
> Buildroot and cross-compilation, I would expect the policy to be
> written on the development machine, the compilation to happen on the
> development machine, and only the resulting binary copied
> to the target.
>
> We generally don't support "development" on the target,
> and we expect
> the system generated by Buildroot to be ready to use. I am
> not familiar
> with SELinux at all, but my understanding is that this
> Buildroot policy
> should translate into just the SELinux binary policy to be
> installed on
> the target, the compiler being kept on the host.
Very good point and I agree completely. This package is used to compile
the SELinux policy from source and that should only be done on the host. I
will go ahead and remove the target build commands and Config.in file to
keep this a host only utility.
> > +CHECKPOLICY_SITE = http://userspace.selinuxproject.org/
> releases/20130423/
> > +CHECKPOLICY_LICENSE = GPLv2
>
> Really GPLv2, not GPLv2+ ?
Yes, just GPLv2 per most of the headers. Several source files contain no
license information and there are a couple that contain a LGPLv2.1+. I am
going to consider everything under the GPLv2 since that is the most
restrictive license.
Thanks,
Clayton
Clayton Shotwell
Software Engineer
clshotwe at rockwellcollins.com
www.rockwellcollins.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130909/0b5f6af6/attachment.html>
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 05/17] checkpolicy: new package
2013-09-09 17:33 ` Clayton Shotwell
@ 2013-09-11 16:44 ` Arnout Vandecappelle
2013-09-12 7:17 ` Thomas Petazzoni
0 siblings, 1 reply; 34+ messages in thread
From: Arnout Vandecappelle @ 2013-09-11 16:44 UTC (permalink / raw)
To: buildroot
On 09/09/13 19:33, Clayton Shotwell wrote:
> Thomas,
>
> Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on
> 09/06/2013 12:56:09 PM:
> > Is a target variant of this package really needed? In the context of
> > Buildroot and cross-compilation, I would expect the policy to be
> > written on the development machine, the compilation to happen on the
> > development machine, and only the resulting binary copied
> > to the target.
> >
> > We generally don't support "development" on the target,
> > and we expect
> > the system generated by Buildroot to be ready to use. I am
> > not familiar
> > with SELinux at all, but my understanding is that this
> > Buildroot policy
> > should translate into just the SELinux binary policy to be
> > installed on
> > the target, the compiler being kept on the host.
>
> Very good point and I agree completely. This package is used to compile
> the SELinux policy from source and that should only be done on the host.
> I will go ahead and remove the target build commands and Config.in file
> to keep this a host only utility.
Note: you'll probably want to add a Config.in.host for this package, so
people can select it in their config and use it in a post-build script.
In the long term, it is probably also a good idea to have a
system-level SELinux menu where you can specify some policy files to be
put on the target, and buildroot will compile and install them for you.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 05/17] checkpolicy: new package
2013-09-11 16:44 ` Arnout Vandecappelle
@ 2013-09-12 7:17 ` Thomas Petazzoni
0 siblings, 0 replies; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-12 7:17 UTC (permalink / raw)
To: buildroot
Dear Arnout Vandecappelle,
On Wed, 11 Sep 2013 18:44:08 +0200, Arnout Vandecappelle wrote:
> Note: you'll probably want to add a Config.in.host for this
> package, so people can select it in their config and use it in a
> post-build script.
>
> In the long term, it is probably also a good idea to have a
> system-level SELinux menu where you can specify some policy files to
> be put on the target, and buildroot will compile and install them for
> you.
I agree. Usage of SELinux is such a system-wide thing that we might
need an entry for it in the "System configuration" menu for example.
But well, let's get the packages merged first, and we'll work together
to see how to polish the integration.
Best regards,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 06/17] sepolgen: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (4 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 05/17] checkpolicy: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 07/17] setools: " Clayton Shotwell
` (11 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/sepolgen/Config.in | 7 ++++++
package/sepolgen/sepolgen.mk | 46 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 54 insertions(+), 0 deletions(-)
create mode 100644 package/sepolgen/Config.in
create mode 100644 package/sepolgen/sepolgen.mk
diff --git a/package/Config.in b/package/Config.in
index 5c4adb9..ca38111 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -902,6 +902,7 @@ source "package/checkpolicy/Config.in"
source "package/libsepol/Config.in"
source "package/libselinux/Config.in"
source "package/libsemanage/Config.in"
+source "package/sepolgen/Config.in"
endmenu
menu "System tools"
diff --git a/package/sepolgen/Config.in b/package/sepolgen/Config.in
new file mode 100644
index 0000000..9954890
--- /dev/null
+++ b/package/sepolgen/Config.in
@@ -0,0 +1,7 @@
+config BR2_PACKAGE_SEPOLGEN
+ bool "sepolgen"
+ help
+ sepolgen is a python module/library that forms the core
+ of the modern audit2allow (a rewrite).
+
+ http://selinuxproject.org/page/Main_Page
diff --git a/package/sepolgen/sepolgen.mk b/package/sepolgen/sepolgen.mk
new file mode 100644
index 0000000..17f7108
--- /dev/null
+++ b/package/sepolgen/sepolgen.mk
@@ -0,0 +1,46 @@
+#############################################################
+#
+# sepolgen
+#
+#############################################################
+SEPOLGEN_VERSION = 1.1.9
+SEPOLGEN_SOURCE = sepolgen-$(SEPOLGEN_VERSION).tar.gz
+SEPOLGEN_SITE = http://userspace.selinuxproject.org/releases/20130423/
+SEPOLGEN_LICENSE = GPLv2
+SEPOLGEN_LICENSE_FILES = COPYING
+
+SEPOLGEN_DEPENDENCIES = python
+
+SEPOLGEN_INSTALL_STAGING = YES
+SEPOLGEN_INSTALL_TARGET = YES
+
+SEPOLGEN_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
+ PYTHONLIBDIR=/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
+
+define SEPOLGEN_BUILD_CMDS
+ $(MAKE) -C $(@D) $(SEPOLGEN_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define SEPOLGEN_INSTALL_STAGING_CMDS
+ $(MAKE) -C $(@D) install $(SEPOLGEN_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define SEPOLGEN_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) install $(SEPOLGEN_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+endef
+
+define SEPOLGEN_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean
+endef
+
+define SEPOLGEN_UNINSTALL_STAGING_CMDS
+ rm -rf $(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/dist-packages/sepolgen/
+ rm -rf $(STAGING_DIR)/var/lib/sepolgen/
+endef
+
+define SEPOLGEN_UNINSTALL_TARGET_CMDS
+ rm -rf $(TARGET_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/dist-packages/sepolgen/
+ rm -rf $(TARGET_DIR)/var/lib/sepolgen/
+endef
+
+$(eval $(generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 07/17] setools: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (5 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 06/17] sepolgen: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 08/17] libcgroup: " Clayton Shotwell
` (10 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/setools/Config.in | 22 +
.../setools/setools-0001-cross_compile_fixes.patch | 116 +++
.../setools-0002-swig_typedef_python_fixes.patch | 1010 ++++++++++++++++++++
package/setools/setools.mk | 91 ++
5 files changed, 1240 insertions(+), 0 deletions(-)
create mode 100644 package/setools/Config.in
create mode 100644 package/setools/setools-0001-cross_compile_fixes.patch
create mode 100644 package/setools/setools-0002-swig_typedef_python_fixes.patch
create mode 100644 package/setools/setools.mk
diff --git a/package/Config.in b/package/Config.in
index ca38111..9e59b90 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -903,6 +903,7 @@ source "package/libsepol/Config.in"
source "package/libselinux/Config.in"
source "package/libsemanage/Config.in"
source "package/sepolgen/Config.in"
+source "package/setools/Config.in"
endmenu
menu "System tools"
diff --git a/package/setools/Config.in b/package/setools/Config.in
new file mode 100644
index 0000000..649216d
--- /dev/null
+++ b/package/setools/Config.in
@@ -0,0 +1,22 @@
+config BR2_PACKAGE_SETOOLS
+ bool "setools"
+ help
+ SETools is an open source project designed to facilitate SELinux policy
+ analysis. The primary tools are:
+
+ apol - analyze a SELinux policy.
+ seaudit - analyze audit messages from SELinux.
+ seaudit-report - generate highly-customized audit log reports.
+ sechecker - command line tool for performing modular checks on an SELinux policy.
+ sediff - semantic policy difference tool for SELinux.
+ secmds - command-line tools to analyze and search SELinux policy.
+
+if BR2_PACKAGE_SETOOLS
+
+config BR2_PACKAGE_SETOOLS_PYTHON_BINDINGS
+ bool "python bindings"
+ select BR2_PACKAGE_PYTHON
+ help
+ enable building python bindings
+
+endif
diff --git a/package/setools/setools-0001-cross_compile_fixes.patch b/package/setools/setools-0001-cross_compile_fixes.patch
new file mode 100644
index 0000000..d9eca46
--- /dev/null
+++ b/package/setools/setools-0001-cross_compile_fixes.patch
@@ -0,0 +1,116 @@
+diff -urN a/configure.ac b/configure.ac
+--- a/configure.ac 2013-01-16 10:36:24.000000000 -0600
++++ b/configure.ac 2013-07-12 08:22:10.380255248 -0500
+@@ -448,8 +448,9 @@
+ sepol_srcdir="")
+ if test "x${sepol_srcdir}" = "x"; then
+ sepol_srcdir=${sepol_devel_libdir}
+- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
+- AC_MSG_ERROR([make sure libsepol-static is installed]))
++ if test ! -f ${sepol_srcdir}/libsepol.a; then
++ AC_MSG_ERROR([could not find precompiled libsepol.a])
++ fi
+ else
+ AC_MSG_CHECKING([for compatible sepol source tree])
+ sepol_version=${sepol_srcdir}/VERSION
+@@ -484,8 +485,9 @@
+ AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
+ CFLAGS="${sepol_src_save_CFLAGS}"
+ CPPFLAGS="${sepol_src_save_CPPFLAGS}"
+- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
+- AC_MSG_ERROR([could not find precompiled libsepol.a]))
++ if test ! -f ${sepol_srcdir}/libsepol.a; then
++ AC_MSG_ERROR([could not find precompiled libsepol.a])
++ fi
+ sepol_devel_incdir="${sepol_srcdir}/../include"
+ fi
+ SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
+@@ -578,12 +580,13 @@
+ [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
++ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
+ }])],
+ AC_MSG_RESULT([yes]),
+ AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
+ fi
+ sepol_new_expand_boolmap="yes"
++ sepol_new_user_role_mapping="yes"
+ else
+ sepol_new_expand_boolmap="no"
+ fi
+@@ -607,7 +610,8 @@
+ exit(EXIT_FAILURE);
+ }])],
+ sepol_policy_version_max=`cat conftest.data`,
+- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
++ AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
++ sepol_policy_version_max="26")
+ AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
+ CFLAGS="${sepol_save_CFLAGS}"
+ CPPFLAGS="${sepol_save_CPPFLAGS}"
+@@ -631,7 +635,7 @@
+ changequote([,])dnl
+ selinux_save_CFLAGS="${CFLAGS}"
+ CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
+- gcc ${CFLAGS} -o conftest conftest.c >&5
++ ${CC} ${CFLAGS} -o conftest conftest.c >&5
+ selinux_policy_dir=`./conftest`
+ AC_MSG_RESULT(${selinux_policy_dir})
+ CFLAGS="${selinux_save_CFLAGS}"
+diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
+--- a/libqpol/src/policy_define.c 2013-01-16 10:36:24.000000000 -0600
++++ b/libqpol/src/policy_define.c 2013-07-12 08:22:10.380255248 -0500
+@@ -2135,7 +2135,7 @@
+ #ifdef HAVE_SEPOL_ROLE_ATTRS
+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
+ #elif HAVE_SEPOL_USER_ROLE_MAPPING
+- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
++ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
+ #else
+ if (role_set_expand(&roles, &e_roles, policydbp))
+ #endif
+diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
+--- a/m4/ac_python_devel.m4 2013-01-16 10:36:22.000000000 -0600
++++ b/m4/ac_python_devel.m4 2013-07-12 08:22:10.380255248 -0500
+@@ -234,7 +234,7 @@
+ AC_MSG_CHECKING([consistency of all components of python development environment])
+ AC_LANG_PUSH([C])
+ # save current global flags
+- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
++ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
+ CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
+ AC_TRY_LINK([
+ #include <Python.h>
+diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
+--- a/python/setools/Makefile.am 2013-01-16 10:36:22.000000000 -0600
++++ b/python/setools/Makefile.am 2013-07-12 08:22:19.200251011 -0500
+@@ -22,13 +22,13 @@
+ python-build: sesearch.c seinfo.c
+ @mkdir -p setools
+ @cp __init__.py setools
+- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
++ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
+
+ install-exec-hook:
+- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
+
+ uninstall-hook:
+- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
+
+ clean-local:
+ $(PYTHON) setup.py clean -a
+--- a/python/setools/setup.py 2013-01-16 10:36:22.000000000 -0600
++++ b/python/setools/setup.py 2013-09-04 09:17:48.452916991 -0500
+@@ -8,7 +8,7 @@
+ try:
+ inc=os.getenv("INCLUDES").split(" ")
+ INCLUDES=map(lambda x: x[2:], inc)
+- LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
++ LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
+ except:
+ INCLUDES=""
+ LIBDIRS=""
diff --git a/package/setools/setools-0002-swig_typedef_python_fixes.patch b/package/setools/setools-0002-swig_typedef_python_fixes.patch
new file mode 100644
index 0000000..fbe721a
--- /dev/null
+++ b/package/setools/setools-0002-swig_typedef_python_fixes.patch
@@ -0,0 +1,1010 @@
+--- a/libapol/swig/apol.i 2010-04-23 11:22:08.000000000 -0500
++++ b/libapol/swig/apol.i 2012-08-29 08:04:29.000000000 -0500
+@@ -232,7 +232,7 @@
+ %newobject wrap_apol_str_to_internal_ip(char*);
+ %rename(apol_str_to_internal_ip) wrap_apol_str_to_internal_ip;
+ %inline %{
+- typedef struct apol_ip {
++ typedef struct {
+ uint32_t ip[4];
+ int proto;
+ } apol_ip_t;
+@@ -301,7 +301,7 @@
+ %inline %{
+ typedef struct apol_string_vector apol_string_vector_t;
+ %}
+-typedef struct apol_vector {} apol_vector_t;
++typedef struct {} apol_vector_t;
+ %extend apol_vector_t {
+ apol_vector_t() {
+ return apol_vector_create(NULL);
+@@ -377,7 +377,7 @@
+ return apol_vector_compare(a, b, NULL, NULL, &idx);
+ }
+ %}
+-typedef struct apol_string_vector {} apol_string_vector_t;
++typedef struct {} apol_string_vector_t;
+ %extend apol_string_vector_t {
+ apol_string_vector_t() {
+ return (apol_string_vector_t*)apol_vector_create(free);
+@@ -460,7 +460,7 @@
+ APOL_POLICY_PATH_TYPE_MONOLITHIC = 0,
+ APOL_POLICY_PATH_TYPE_MODULAR
+ } apol_policy_path_type_e;
+-typedef struct apol_policy_path {} apol_policy_path_t;
++typedef struct {} apol_policy_path_t;
+ %extend apol_policy_path_t {
+ apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
+ apol_policy_path_t *p;
+@@ -540,7 +540,7 @@
+ int apol_file_is_policy_path_list(const char *filename);
+
+ /* apol policy */
+-typedef struct apol_policy {} apol_policy_t;
++typedef struct {} apol_policy_t;
+ #define APOL_PERMMAP_MAX_WEIGHT 10
+ #define APOL_PERMMAP_MIN_WEIGHT 1
+ #define APOL_PERMMAP_UNMAPPED 0x00
+@@ -650,7 +650,7 @@
+ };
+
+ /* apol type query */
+-typedef struct apol_type_query {} apol_type_query_t;
++typedef struct {} apol_type_query_t;
+ %extend apol_type_query_t {
+ apol_type_query_t() {
+ apol_type_query_t *tq;
+@@ -692,7 +692,7 @@
+ };
+
+ /* apol attribute query */
+-typedef struct apol_attr_query {} apol_attr_query_t;
++typedef struct {} apol_attr_query_t;
+ %extend apol_attr_query_t {
+ apol_attr_query_t() {
+ apol_attr_query_t *aq;
+@@ -734,7 +734,7 @@
+ };
+
+ /* apol role query */
+-typedef struct apol_role_query {} apol_role_query_t;
++typedef struct {} apol_role_query_t;
+ %extend apol_role_query_t {
+ apol_role_query_t() {
+ apol_role_query_t *rq;
+@@ -786,7 +786,7 @@
+ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t);
+
+ /* apol class query */
+-typedef struct apol_class_query {} apol_class_query_t;
++typedef struct {} apol_class_query_t;
+ %extend apol_class_query_t {
+ apol_class_query_t() {
+ apol_class_query_t *cq;
+@@ -837,7 +837,7 @@
+ };
+
+ /* apol common query */
+-typedef struct apol_common_query {} apol_common_query_t;
++typedef struct {} apol_common_query_t;
+ %extend apol_common_query_t {
+ apol_common_query_t() {
+ apol_common_query_t *cq;
+@@ -879,7 +879,7 @@
+ };
+
+ /* apol perm query */
+-typedef struct apol_perm_query {} apol_perm_query_t;
++typedef struct {} apol_perm_query_t;
+ %extend apol_perm_query_t {
+ apol_perm_query_t() {
+ apol_perm_query_t *pq;
+@@ -921,7 +921,7 @@
+ };
+
+ /* apol bool query */
+-typedef struct apol_bool_query {} apol_bool_query_t;
++typedef struct {} apol_bool_query_t;
+ %extend apol_bool_query_t {
+ apol_bool_query_t() {
+ apol_bool_query_t *bq;
+@@ -963,7 +963,7 @@
+ };
+
+ /* apol mls level */
+-typedef struct apol_mls_level {} apol_mls_level_t;
++typedef struct {} apol_mls_level_t;
+ %extend apol_mls_level_t {
+ apol_mls_level_t() {
+ apol_mls_level_t *aml;
+@@ -1122,11 +1122,11 @@
+ %typemap(in) apol_mls_level_t *lvl {
+ void *x = NULL;
+ Py_IncRef($input);
+- SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_mls_level, 0 | 0 );
++ SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_mls_level_t, 0 | 0 );
+ $1 = (apol_mls_level_t*)x;
+ }
+ #endif
+-typedef struct apol_mls_range {} apol_mls_range_t;
++typedef struct {} apol_mls_range_t;
+ %extend apol_mls_range_t {
+ apol_mls_range_t() {
+ apol_mls_range_t *amr;
+@@ -1276,7 +1276,7 @@
+ %}
+
+ /* apol level query */
+-typedef struct apol_level_query {} apol_level_query_t;
++typedef struct {} apol_level_query_t;
+ %extend apol_level_query_t {
+ apol_level_query_t() {
+ apol_level_query_t * alq;
+@@ -1327,7 +1327,7 @@
+ };
+
+ /* apol cat query */
+-typedef struct apol_cat_query {} apol_cat_query_t;
++typedef struct {} apol_cat_query_t;
+ %extend apol_cat_query_t {
+ apol_cat_query_t() {
+ apol_cat_query_t * acq;
+@@ -1373,11 +1373,11 @@
+ %typemap(in) apol_mls_range_t *rng {
+ void *x = NULL;
+ Py_IncRef($input);
+- SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_mls_range, 0 | 0 );
++ SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_mls_range_t, 0 | 0 );
+ $1 = (apol_mls_range_t*)x;
+ }
+ #endif
+-typedef struct apol_user_query {} apol_user_query_t;
++typedef struct {} apol_user_query_t;
+ %extend apol_user_query_t {
+ apol_user_query_t() {
+ apol_user_query_t *auq;
+@@ -1446,7 +1446,7 @@
+ };
+
+ /* apol context */
+-typedef struct apol_context {} apol_context_t;
++typedef struct {} apol_context_t;
+ %extend apol_context_t {
+ apol_context_t() {
+ apol_context_t *ctx;
+@@ -1581,7 +1581,7 @@
+ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_context_t * search, unsigned int range_compare_type);
+
+ /* apol constraint query */
+-typedef struct apol_constraint_query {} apol_constraint_query_t;
++typedef struct {} apol_constraint_query_t;
+ %extend apol_constraint_query_t {
+ apol_constraint_query_t() {
+ apol_constraint_query_t *acq;
+@@ -1632,7 +1632,7 @@
+ };
+
+ /* apol validatetrans query */
+-typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
++typedef struct {} apol_validatetrans_query_t;
+ %extend apol_validatetrans_query_t {
+ apol_validatetrans_query_t() {
+ apol_validatetrans_query_t *avq;
+@@ -1678,11 +1678,11 @@
+ %typemap(in) apol_context_t *ctx {
+ void *x = NULL;
+ Py_IncRef($input);
+- SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_context, 0 | 0 );
++ SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_context_t, 0 | 0 );
+ $1 = (apol_context_t*)x;
+ }
+ #endif
+-typedef struct apol_genfscon_query {} apol_genfscon_query_t;
++typedef struct {} apol_genfscon_query_t;
+ %extend apol_genfscon_query_t {
+ apol_genfscon_query_t() {
+ apol_genfscon_query_t *agq;
+@@ -1744,7 +1744,7 @@
+ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon);
+
+ /* apol fs_use query */
+-typedef struct apol_fs_use_query {} apol_fs_use_query_t;
++typedef struct {} apol_fs_use_query_t;
+ %extend apol_fs_use_query_t {
+ apol_fs_use_query_t() {
+ apol_fs_use_query_t *afq;
+@@ -1797,7 +1797,7 @@
+ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse);
+
+ /* apol initial sid query */
+-typedef struct apol_isid_query {} apol_isid_query_t;
++typedef struct {} apol_isid_query_t;
+ %extend apol_isid_query_t {
+ apol_isid_query_t() {
+ apol_isid_query_t *aiq;
+@@ -1839,7 +1839,7 @@
+ };
+
+ /* apol portcon query */
+-typedef struct apol_portcon_query {} apol_portcon_query_t;
++typedef struct {} apol_portcon_query_t;
+ %extend apol_portcon_query_t {
+ apol_portcon_query_t() {
+ apol_portcon_query_t *apq;
+@@ -1883,7 +1883,7 @@
+ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon);
+
+ /* apol netifcon query */
+-typedef struct apol_netifcon_query {} apol_netifcon_query_t;
++typedef struct {} apol_netifcon_query_t;
+ %extend apol_netifcon_query_t {
+ apol_netifcon_query_t() {
+ apol_netifcon_query_t *anq;
+@@ -1930,7 +1930,7 @@
+ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon);
+
+ /* apol nodecon query */
+-typedef struct apol_nodecon_query {} apol_nodecon_query_t;
++typedef struct {} apol_nodecon_query_t;
+ %extend apol_nodecon_query_t {
+ apol_nodecon_query_t() {
+ apol_nodecon_query_t *anq;
+@@ -2010,7 +2010,7 @@
+ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon);
+
+ /* apol avrule query */
+-typedef struct apol_avrule_query {} apol_avrule_query_t;
++typedef struct {} apol_avrule_query_t;
+ %extend apol_avrule_query_t {
+ apol_avrule_query_t() {
+ apol_avrule_query_t *avq;
+@@ -2161,7 +2161,7 @@
+ %}
+
+ /* apol terule query */
+-typedef struct apol_terule_query {} apol_terule_query_t;
++typedef struct {} apol_terule_query_t;
+ %extend apol_terule_query_t {
+ apol_terule_query_t() {
+ apol_terule_query_t *atq;
+@@ -2285,7 +2285,7 @@
+ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t * rules);
+
+ /* apol cond rule query */
+-typedef struct apol_cond_query {} apol_cond_query_t;
++typedef struct {} apol_cond_query_t;
+ %extend apol_cond_query_t {
+ apol_cond_query_t() {
+ apol_cond_query_t *acq;
+@@ -2329,7 +2329,7 @@
+ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond);
+
+ /* apol role allow query */
+-typedef struct apol_role_allow_query {} apol_role_allow_query_t;
++typedef struct {} apol_role_allow_query_t;
+ %extend apol_role_allow_query_t {
+ apol_role_allow_query_t() {
+ apol_role_allow_query_t *arq;
+@@ -2385,7 +2385,7 @@
+ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule);
+
+ /* apol role transition rule query */
+-typedef struct apol_role_trans_query {} apol_role_trans_query_t;
++typedef struct {} apol_role_trans_query_t;
+ %extend apol_role_trans_query_t {
+ apol_role_trans_query_t() {
+ apol_role_trans_query_t *arq;
+@@ -2450,7 +2450,7 @@
+ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule);
+
+ /* apol range transition rule query */
+-typedef struct apol_range_trans_query {} apol_range_trans_query_t;
++typedef struct {} apol_range_trans_query_t;
+ %extend apol_range_trans_query_t {
+ apol_range_trans_query_t() {
+ apol_range_trans_query_t *arq;
+@@ -2529,7 +2529,7 @@
+ #define APOL_DOMAIN_TRANS_SEARCH_VALID 0x01
+ #define APOL_DOMAIN_TRANS_SEARCH_INVALID 0x02
+ #define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID)
+-typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
++typedef struct {} apol_domain_trans_analysis_t;
+ %extend apol_domain_trans_analysis_t {
+ apol_domain_trans_analysis_t() {
+ apol_domain_trans_analysis_t *dta;
+@@ -2620,7 +2620,7 @@
+ return v;
+ };
+ };
+-typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
++typedef struct {} apol_domain_trans_result_t;
+ %extend apol_domain_trans_result_t {
+ apol_domain_trans_result_t(apol_domain_trans_result_t *in) {
+ apol_domain_trans_result_t *dtr;
+@@ -2703,7 +2703,7 @@
+ *in = NULL;
+ }
+ %}
+-typedef struct apol_infoflow {} apol_infoflow_t;
++typedef struct {} apol_infoflow_t;
+ %extend apol_infoflow_t {
+ apol_infoflow_t() {
+ BEGIN_EXCEPTION
+@@ -2728,7 +2728,7 @@
+ return v;
+ };
+ };
+-typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
++typedef struct {} apol_infoflow_analysis_t;
+ %extend apol_infoflow_analysis_t {
+ apol_infoflow_analysis_t() {
+ apol_infoflow_analysis_t *aia;
+@@ -2821,7 +2821,7 @@
+ return;
+ };
+ };
+-typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
++typedef struct {} apol_infoflow_graph_t;
+ %extend apol_infoflow_graph_t {
+ apol_infoflow_graph_t() {
+ BEGIN_EXCEPTION
+@@ -2865,7 +2865,7 @@
+ return retval;
+ };
+ };
+-typedef struct apol_infoflow_result {} apol_infoflow_result_t;
++typedef struct {} apol_infoflow_result_t;
+ %extend apol_infoflow_result_t {
+ apol_infoflow_result_t() {
+ BEGIN_EXCEPTION
+@@ -2899,7 +2899,7 @@
+ return (apol_infoflow_result_t*)x;
+ };
+ %}
+-typedef struct apol_infoflow_step {} apol_infoflow_step_t;
++typedef struct {} apol_infoflow_step_t;
+ %extend apol_infoflow_step_t {
+ apol_infoflow_step_t() {
+ BEGIN_EXCEPTION
+@@ -2936,7 +2936,7 @@
+ #define APOL_RELABEL_DIR_FROM 0x02
+ #define APOL_RELABEL_DIR_BOTH (APOL_RELABEL_DIR_TO|APOL_RELABEL_DIR_FROM)
+ #define APOL_RELABEL_DIR_SUBJECT 0x04
+-typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
++typedef struct {} apol_relabel_analysis_t;
+ %extend apol_relabel_analysis_t {
+ apol_relabel_analysis_t() {
+ apol_relabel_analysis_t *ara;
+@@ -3009,7 +3009,7 @@
+ return;
+ };
+ };
+-typedef struct apol_relabel_result {} apol_relabel_result_t;
++typedef struct {} apol_relabel_result_t;
+ %extend apol_relabel_result_t {
+ apol_relabel_result_t() {
+ BEGIN_EXCEPTION
+@@ -3040,7 +3040,7 @@
+ return (apol_relabel_result_t*)x;
+ };
+ %}
+-typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
++typedef struct {} apol_relabel_result_pair_t;
+ %extend apol_relabel_result_pair_t {
+ apol_relabel_result_pair_t() {
+ BEGIN_EXCEPTION
+@@ -3082,7 +3082,7 @@
+ #define APOL_TYPES_RELATION_DIRECT_FLOW 0x1000
+ #define APOL_TYPES_RELATION_TRANS_FLOW_AB 0x4000
+ #define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000
+-typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
++typedef struct {} apol_types_relation_analysis_t;
+ %extend apol_types_relation_analysis_t {
+ apol_types_relation_analysis_t() {
+ apol_types_relation_analysis_t *atr;
+@@ -3137,7 +3137,7 @@
+ return;
+ };
+ };
+-typedef struct apol_types_relation_result {} apol_types_relation_result_t;
++typedef struct {} apol_types_relation_result_t;
+ %extend apol_types_relation_result_t {
+ apol_types_relation_result_t() {
+ BEGIN_EXCEPTION
+@@ -3192,7 +3192,7 @@
+ return apol_types_relation_result_get_domainsBA(self);
+ };
+ };
+-typedef struct apol_types_relation_access {} apol_types_relation_access_t;
++typedef struct {} apol_types_relation_access_t;
+ %extend apol_types_relation_access_t {
+ apol_types_relation_access_t() {
+ BEGIN_EXCEPTION
+--- a/libqpol/swig/qpol.i 2010-04-30 11:23:28.000000000 -0500
++++ b/libqpol/swig/qpol.i 2012-08-29 07:52:17.000000000 -0500
+@@ -226,7 +226,7 @@
+ #define QPOL_MODULE_UNKNOWN 0
+ #define QPOL_MODULE_BASE 1
+ #define QPOL_MODULE_OTHER 2
+-typedef struct qpol_module {} qpol_module_t;
++typedef struct {} qpol_module_t;
+ %extend qpol_module_t {
+ qpol_module_t(const char *path) {
+ qpol_module_t *m;
+@@ -310,7 +310,7 @@
+ #define QPOL_POLICY_OPTION_NO_NEVERALLOWS 0x00000001
+ #define QPOL_POLICY_OPTION_NO_RULES 0x00000002
+ #define QPOL_POLICY_OPTION_MATCH_SYSTEM 0x00000004
+-typedef struct qpol_policy {} qpol_policy_t;
++typedef struct {} qpol_policy_t;
+ typedef void (*qpol_callback_fn_t) (void *varg, struct qpol_policy * policy, int level, const char *fmt, va_list va_args);
+ #define QPOL_POLICY_UNKNOWN -1
+ #define QPOL_POLICY_KERNEL_SOURCE 0
+@@ -684,7 +684,7 @@
+ };
+
+ /* qpol iterator */
+-typedef struct qpol_iterator {} qpol_iterator_t;
++typedef struct {} qpol_iterator_t;
+ %extend qpol_iterator_t {
+ /* user never directly creates, but SWIG expects a constructor */
+ qpol_iterator_t() {
+@@ -734,7 +734,7 @@
+ };
+
+ /* qpol type */
+-typedef struct qpol_type {} qpol_type_t;
++typedef struct {} qpol_type_t;
+ %extend qpol_type_t {
+ qpol_type_t(qpol_policy_t *p, const char *name) {
+ BEGIN_EXCEPTION
+@@ -849,7 +849,7 @@
+ %}
+
+ /* qpol role */
+-typedef struct qpol_role {} qpol_role_t;
++typedef struct {} qpol_role_t;
+ %extend qpol_role_t {
+ qpol_role_t(qpol_policy_t *p, const char *name) {
+ const qpol_role_t *r;
+@@ -917,7 +917,7 @@
+ %}
+
+ /* qpol level */
+-typedef struct qpol_level {} qpol_level_t;
++typedef struct {} qpol_level_t;
+ %extend qpol_level_t {
+ qpol_level_t(qpol_policy_t *p, const char *name) {
+ const qpol_level_t *l;
+@@ -995,7 +995,7 @@
+ %}
+
+ /* qpol cat */
+-typedef struct qpol_cat {} qpol_cat_t;
++typedef struct {} qpol_cat_t;
+ %extend qpol_cat_t {
+ qpol_cat_t(qpol_policy_t *p, const char *name) {
+ const qpol_cat_t *c;
+@@ -1062,7 +1062,7 @@
+ %}
+
+ /* qpol mls range */
+-typedef struct qpol_mls_range {} qpol_mls_range_t;
++typedef struct {} qpol_mls_range_t;
+ %extend qpol_mls_range_t {
+ qpol_mls_range_t() {
+ BEGIN_EXCEPTION
+@@ -1103,7 +1103,7 @@
+ %}
+
+ /* qpol mls level */
+-typedef struct qpol_mls_level {} qpol_mls_level_t;
++typedef struct {} qpol_mls_level_t;
+ %extend qpol_mls_level_t {
+ qpol_mls_level_t() {
+ BEGIN_EXCEPTION
+@@ -1145,7 +1145,7 @@
+ %}
+
+ /* qpol user */
+-typedef struct qpol_user {} qpol_user_t;
++typedef struct {} qpol_user_t;
+ %extend qpol_user_t {
+ qpol_user_t(qpol_policy_t *p, const char *name) {
+ const qpol_user_t *u;
+@@ -1221,7 +1221,7 @@
+ %}
+
+ /* qpol bool */
+-typedef struct qpol_bool {} qpol_bool_t;
++typedef struct {} qpol_bool_t;
+ %extend qpol_bool_t {
+ qpol_bool_t(qpol_policy_t *p, const char *name) {
+ qpol_bool_t *b;
+@@ -1293,7 +1293,7 @@
+ %}
+
+ /* qpol context */
+-typedef struct qpol_context {} qpol_context_t;
++typedef struct {} qpol_context_t;
+ %extend qpol_context_t {
+ qpol_context_t() {
+ BEGIN_EXCEPTION
+@@ -1354,7 +1354,7 @@
+ %}
+
+ /* qpol class */
+-typedef struct qpol_class {} qpol_class_t;
++typedef struct {} qpol_class_t;
+ %extend qpol_class_t {
+ qpol_class_t(qpol_policy_t *p, const char *name) {
+ const qpol_class_t *c;
+@@ -1441,7 +1441,7 @@
+ %}
+
+ /* qpol common */
+-typedef struct qpol_common {} qpol_common_t;
++typedef struct {} qpol_common_t;
+ %extend qpol_common_t {
+ qpol_common_t(qpol_policy_t *p, const char *name) {
+ const qpol_common_t *c;
+@@ -1514,7 +1514,7 @@
+ #define QPOL_FS_USE_NONE 5U
+ #define QPOL_FS_USE_PSID 6U
+ #endif
+-typedef struct qpol_fs_use {} qpol_fs_use_t;
++typedef struct {} qpol_fs_use_t;
+ %extend qpol_fs_use_t {
+ qpol_fs_use_t(qpol_policy_t *p, const char *name) {
+ const qpol_fs_use_t *f;
+@@ -1592,7 +1592,7 @@
+ #define QPOL_CLASS_LNK_FILE 9U
+ #define QPOL_CLASS_SOCK_FILE 12U
+ #endif
+-typedef struct qpol_genfscon {} qpol_genfscon_t;
++typedef struct {} qpol_genfscon_t;
+ %extend qpol_genfscon_t {
+ qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) {
+ qpol_genfscon_t *g;
+@@ -1655,7 +1655,7 @@
+ %}
+
+ /* qpol isid */
+-typedef struct qpol_isid {} qpol_isid_t;
++typedef struct {} qpol_isid_t;
+ %extend qpol_isid_t {
+ qpol_isid_t(qpol_policy_t *p, const char *name) {
+ const qpol_isid_t *i;
+@@ -1699,7 +1699,7 @@
+ %}
+
+ /* qpol netifcon */
+-typedef struct qpol_netifcon {} qpol_netifcon_t;
++typedef struct {} qpol_netifcon_t;
+ %extend qpol_netifcon_t {
+ qpol_netifcon_t(qpol_policy_t *p, const char *name) {
+ const qpol_netifcon_t *n;
+@@ -1755,7 +1755,7 @@
+ /* qpol nodecon */
+ #define QPOL_IPV4 0
+ #define QPOL_IPV6 1
+-typedef struct qpol_nodecon {} qpol_nodecon_t;
++typedef struct {} qpol_nodecon_t;
+ %extend qpol_nodecon_t {
+ qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
+ uint32_t a[4], m[4];
+@@ -1828,7 +1828,7 @@
+ /* from netinet/in.h */
+ #define IPPROTO_TCP 6
+ #define IPPROTO_UDP 17
+-typedef struct qpol_portcon {} qpol_portcon_t;
++typedef struct {} qpol_portcon_t;
+ %extend qpol_portcon_t {
+ qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
+ const qpol_portcon_t *qp;
+@@ -1892,7 +1892,7 @@
+ %}
+
+ /* qpol constraint */
+-typedef struct qpol_constraint {} qpol_constraint_t;
++typedef struct {} qpol_constraint_t;
+ %extend qpol_constraint_t {
+ qpol_constraint_t() {
+ BEGIN_EXCEPTION
+@@ -1944,7 +1944,7 @@
+ %}
+
+ /* qpol validatetrans */
+-typedef struct qpol_validatetrans {} qpol_validatetrans_t;
++typedef struct {} qpol_validatetrans_t;
+ %extend qpol_validatetrans_t {
+ qpol_validatetrans_t() {
+ BEGIN_EXCEPTION
+@@ -2009,7 +2009,7 @@
+ #define QPOL_CEXPR_OP_DOM 3
+ #define QPOL_CEXPR_OP_DOMBY 4
+ #define QPOL_CEXPR_OP_INCOMP 5
+-typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
++typedef struct {} qpol_constraint_expr_node_t;
+ %extend qpol_constraint_expr_node_t {
+ qpol_constraint_expr_node_t() {
+ BEGIN_EXCEPTION
+@@ -2071,7 +2071,7 @@
+ %}
+
+ /* qpol role allow */
+-typedef struct qpol_role_allow {} qpol_role_allow_t;
++typedef struct {} qpol_role_allow_t;
+ %extend qpol_role_allow_t {
+ qpol_role_allow_t() {
+ BEGIN_EXCEPTION
+@@ -2112,7 +2112,7 @@
+ %}
+
+ /* qpol role trans */
+-typedef struct qpol_role_trans {} qpol_role_trans_t;
++typedef struct {} qpol_role_trans_t;
+ %extend qpol_role_trans_t {
+ qpol_role_trans_t() {
+ BEGIN_EXCEPTION
+@@ -2163,7 +2163,7 @@
+ %}
+
+ /* qpol range trans */
+-typedef struct qpol_range_trans {} qpol_range_trans_t;
++typedef struct {} qpol_range_trans_t;
+ %extend qpol_range_trans_t {
+ qpol_range_trans_t() {
+ BEGIN_EXCEPTION
+@@ -2226,7 +2226,7 @@
+ #define QPOL_RULE_NEVERALLOW 128
+ #define QPOL_RULE_AUDITALLOW 2
+ #define QPOL_RULE_DONTAUDIT 4
+-typedef struct qpol_avrule {} qpol_avrule_t;
++typedef struct {} qpol_avrule_t;
+ %extend qpol_avrule_t {
+ qpol_avrule_t() {
+ BEGIN_EXCEPTION
+@@ -2346,7 +2346,7 @@
+ #define QPOL_RULE_TYPE_TRANS 16
+ #define QPOL_RULE_TYPE_CHANGE 64
+ #define QPOL_RULE_TYPE_MEMBER 32
+-typedef struct qpol_terule {} qpol_terule_t;
++typedef struct {} qpol_terule_t;
+ %extend qpol_terule_t {
+ qpol_terule_t() {
+ BEGIN_EXCEPTION
+@@ -2462,7 +2462,7 @@
+ %}
+
+ /* qpol conditional */
+-typedef struct qpol_cond {} qpol_cond_t;
++typedef struct {} qpol_cond_t;
+ %extend qpol_cond_t {
+ qpol_cond_t() {
+ BEGIN_EXCEPTION
+@@ -2555,7 +2555,7 @@
+ #define QPOL_COND_EXPR_XOR 5 /* bool ^ bool */
+ #define QPOL_COND_EXPR_EQ 6 /* bool == bool */
+ #define QPOL_COND_EXPR_NEQ 7 /* bool != bool */
+-typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
++typedef struct {} qpol_cond_expr_node_t;
+ %extend qpol_cond_expr_node_t {
+ qpol_cond_expr_node_t() {
+ BEGIN_EXCEPTION
+@@ -2600,7 +2600,7 @@
+ %}
+
+ /* qpol type set */
+-typedef struct qpol_type_set {} qpol_type_set_t;
++typedef struct {} qpol_type_set_t;
+ %extend qpol_type_set_t {
+ qpol_type_set_t() {
+ BEGIN_EXCEPTION
+@@ -2663,7 +2663,7 @@
+ %}
+
+ /* qpol syn av rule */
+-typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
++typedef struct {} qpol_syn_avrule_t;
+ %extend qpol_syn_avrule_t {
+ qpol_syn_avrule_t() {
+ BEGIN_EXCEPTION
+@@ -2776,7 +2776,7 @@
+ %}
+
+ /* qpol syn te rule */
+-typedef struct qpol_syn_terule {} qpol_syn_terule_t;
++typedef struct {} qpol_syn_terule_t;
+ %extend qpol_syn_terule_t {
+ qpol_syn_terule_t() {
+ BEGIN_EXCEPTION
+--- a/libpoldiff/swig/poldiff.i 2007-10-31 16:03:33.000000000 -0500
++++ b/libpoldiff/swig/poldiff.i 2012-08-29 08:08:02.000000000 -0500
+@@ -258,7 +258,7 @@
+
+ /* for handling the get_stats function */
+ %{
+- typedef struct poldiff_stats {
++ typedef struct {
+ size_t stats[5];
+ } poldiff_stats_t;
+ poldiff_stats_t *poldiff_stats_create() {
+@@ -271,7 +271,7 @@
+ *x = NULL;
+ }
+ %}
+-typedef struct poldiff_stats {} poldiff_stats_t;
++typedef struct {} poldiff_stats_t;
+ %extend poldiff_stats_t {
+ poldiff_stats_t() {
+ poldiff_stats_t *s;
+@@ -336,17 +336,17 @@
+ %typemap(in) apol_policy_t *op {
+ void *x = NULL;
+ Py_IncRef($input);
+- SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_policy, 0 | 0 );
++ SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_policy_t, 0 | 0 );
+ $1 = (apol_policy_t*)x;
+ }
+ %typemap(in) apol_policy_t *mp {
+ void *x = NULL;
+ Py_IncRef($input);
+- SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_policy, 0 | 0 );
++ SWIG_ConvertPtr($input, &x,SWIGTYPE_p_apol_policy_t, 0 | 0 );
+ $1 = (apol_policy_t*)x;
+ }
+ #endif
+-typedef struct poldiff {} poldiff_t;
++typedef struct {} poldiff_t;
+ %extend poldiff_t {
+ poldiff_t(apol_policy_t *op, apol_policy_t *mp) {
+ poldiff_t *p;
+@@ -476,7 +476,7 @@
+ };
+
+ /* attribute diff */
+-typedef struct poldiff_attrib {} poldiff_attrib_t;
++typedef struct {} poldiff_attrib_t;
+ %extend poldiff_attrib_t {
+ poldiff_attrib_t () {
+ BEGIN_EXCEPTION
+@@ -521,7 +521,7 @@
+ %}
+
+ /* av rule diff */
+-typedef struct poldiff_avrule {} poldiff_avrule_t;
++typedef struct {} poldiff_avrule_t;
+ %extend poldiff_avrule_t {
+ poldiff_avrule_t() {
+ BEGIN_EXCEPTION
+@@ -629,7 +629,7 @@
+ %}
+
+ /* boolean diff */
+-typedef struct poldiff_bool {} poldiff_bool_t;
++typedef struct {} poldiff_bool_t;
+ %extend poldiff_bool_t {
+ poldiff_bool_t() {
+ BEGIN_EXCEPTION
+@@ -668,7 +668,7 @@
+ %}
+
+ /* category diff */
+-typedef struct poldiff_cat {} poldiff_cat_t;
++typedef struct {} poldiff_cat_t;
+ %extend poldiff_cat_t {
+ poldiff_cat_t() {
+ BEGIN_EXCEPTION
+@@ -707,7 +707,7 @@
+ %}
+
+ /* class diff */
+-typedef struct poldiff_class {} poldiff_class_t;
++typedef struct {} poldiff_class_t;
+ %extend poldiff_class_t {
+ poldiff_class_t() {
+ BEGIN_EXCEPTION
+@@ -752,7 +752,7 @@
+ %}
+
+ /* common diff */
+-typedef struct poldiff_common {} poldiff_common_t;
++typedef struct {} poldiff_common_t;
+ %extend poldiff_common_t {
+ poldiff_common_t() {
+ BEGIN_EXCEPTION
+@@ -797,7 +797,7 @@
+ %}
+
+ /* level diff */
+-typedef struct poldiff_level {} poldiff_level_t;
++typedef struct {} poldiff_level_t;
+ %extend poldiff_level_t {
+ poldiff_level_t() {
+ BEGIN_EXCEPTION
+@@ -857,7 +857,7 @@
+ %}
+
+ /* range diff */
+-typedef struct poldiff_range {} poldiff_range_t;
++typedef struct {} poldiff_range_t;
+ %extend poldiff_range_t {
+ poldiff_range_t() {
+ BEGIN_EXCEPTION
+@@ -908,7 +908,7 @@
+ %}
+
+ /* range_transition rule diff */
+-typedef struct poldiff_range_trans {} poldiff_range_trans_t;
++typedef struct {} poldiff_range_trans_t;
+ %extend poldiff_range_trans_t {
+ poldiff_range_trans_t() {
+ BEGIN_EXCEPTION
+@@ -956,7 +956,7 @@
+ %}
+
+ /* role allow rule diff */
+-typedef struct poldiff_role_allow {} poldiff_role_allow_t;
++typedef struct {} poldiff_role_allow_t;
+ %extend poldiff_role_allow_t {
+ poldiff_role_allow_t() {
+ BEGIN_EXCEPTION
+@@ -1004,7 +1004,7 @@
+ %}
+
+ /* role_transition rule diff */
+-typedef struct poldiff_role_trans {} poldiff_role_trans_t;
++typedef struct {} poldiff_role_trans_t;
+ %extend poldiff_role_trans_t {
+ poldiff_role_trans_t() {
+ BEGIN_EXCEPTION
+@@ -1052,7 +1052,7 @@
+ %}
+
+ /* role diff */
+-typedef struct poldiff_role {} poldiff_role_t;
++typedef struct {} poldiff_role_t;
+ %extend poldiff_role_t {
+ poldiff_role_t() {
+ BEGIN_EXCEPTION
+@@ -1097,7 +1097,7 @@
+ %}
+
+ /* te rule diff */
+-typedef struct poldiff_terule {} poldiff_terule_t;
++typedef struct {} poldiff_terule_t;
+ %extend poldiff_terule_t {
+ poldiff_terule_t() {
+ BEGIN_EXCEPTION
+@@ -1178,7 +1178,7 @@
+ %}
+
+ /* type diff */
+-typedef struct poldiff_type {} poldiff_type_t;
++typedef struct {} poldiff_type_t;
+ %extend poldiff_type_t {
+ poldiff_type_t() {
+ BEGIN_EXCEPTION
+@@ -1223,7 +1223,7 @@
+ %}
+
+ /* user diff */
+-typedef struct poldiff_user {} poldiff_user_t;
++typedef struct {} poldiff_user_t;
+ %extend poldiff_user_t {
+ poldiff_user_t() {
+ BEGIN_EXCEPTION
+@@ -1280,7 +1280,7 @@
+ %}
+
+ /* type remap */
+-typedef struct poldiff_type_remap_entry {} poldiff_type_remap_entry_t;
++typedef struct {} poldiff_type_remap_entry_t;
+ %extend poldiff_type_remap_entry_t {
+ poldiff_type_remap_entry_t() {
+ BEGIN_EXCEPTION
+--- a/libseaudit/swig/seaudit.i 2007-10-31 16:03:33.000000000 -0500
++++ b/libseaudit/swig/seaudit.i 2012-08-29 08:11:39.000000000 -0500
+@@ -240,7 +240,7 @@
+ %{
+ typedef struct tm tm_t;
+ %}
+-typedef struct tm {
++typedef struct {
+ int tm_sec; /* seconds */
+ int tm_min; /* minutes */
+ int tm_hour; /* hours */
+@@ -278,7 +278,7 @@
+ SEAUDIT_LOG_TYPE_SYSLOG,
+ SEAUDIT_LOG_TYPE_AUDITD
+ } seaudit_log_type_e;
+-typedef struct seaudit_log {} seaudit_log_t;
++typedef struct {} seaudit_log_t;
+ %extend seaudit_log_t {
+ seaudit_log_t() {
+ seaudit_log_t *slog;
+@@ -355,7 +355,7 @@
+ SEAUDIT_MESSAGE_TYPE_AVC,
+ SEAUDIT_MESSAGE_TYPE_LOAD
+ } seaudit_message_type_e;
+-typedef struct seaudit_message {} seaudit_message_t;
++typedef struct {} seaudit_message_t;
+ %extend seaudit_message_t {
+ seaudit_message_t() {
+ BEGIN_EXCEPTION
+@@ -427,7 +427,7 @@
+ %}
+
+ /* seaudit load message */
+-typedef struct seaudit_load_message {} seaudit_load_message_t;
++typedef struct {} seaudit_load_message_t;
+ %extend seaudit_load_message_t {
+ seaudit_load_message_t() {
+ BEGIN_EXCEPTION
+@@ -448,7 +448,7 @@
+ %}
+
+ /* seaudit bool message */
+-typedef struct seaudit_bool_message {} seaudit_bool_message_t;
++typedef struct {} seaudit_bool_message_t;
+ %extend seaudit_bool_message_t {
+ seaudit_bool_message_t(void *msg) {
+ BEGIN_EXCEPTION
+@@ -475,7 +475,7 @@
+ SEAUDIT_AVC_DENIED,
+ SEAUDIT_AVC_GRANTED
+ } seaudit_avc_message_type_e;
+-typedef struct seaudit_avc_message {} seaudit_avc_message_t;
++typedef struct {} seaudit_avc_message_t;
+ %extend seaudit_avc_message_t {
+ seaudit_avc_message_t() {
+ BEGIN_EXCEPTION
+@@ -606,7 +606,7 @@
+ SEAUDIT_FILTER_DATE_MATCH_AFTER,
+ SEAUDIT_FILTER_DATE_MATCH_BETWEEN
+ } seaudit_filter_date_match_e;
+-typedef struct seaudit_filter {} seaudit_filter_t;
++typedef struct {} seaudit_filter_t;
+ %extend seaudit_filter_t {
+ seaudit_filter_t(char *name = NULL) {
+ seaudit_filter_t *sf = NULL;
+@@ -1012,7 +1012,7 @@
+ %}
+
+ /* seaudit sort */
+-typedef struct seaudit_sort {} seaudit_sort_t;
++typedef struct {} seaudit_sort_t;
+ %extend seaudit_sort_t {
+ seaudit_sort_t() {
+ BEGIN_EXCEPTION
+@@ -1101,17 +1101,17 @@
+ %typemap(in) seaudit_filter_t *filter {
+ void *x = NULL;
+ Py_IncRef($input);
+- SWIG_ConvertPtr($input, &x,SWIGTYPE_p_seaudit_filter, 0 | 0 );
++ SWIG_ConvertPtr($input, &x,SWIGTYPE_p_seaudit_filter_t, 0 | 0 );
+ $1 = (seaudit_filter_t*)x;
+ }
+ %typemap(in) seaudit_sort_t *ssort {
+ void *x = NULL;
+ Py_IncRef($input);
+- SWIG_ConvertPtr($input, &x,SWIGTYPE_p_seaudit_sort, 0 | 0 );
++ SWIG_ConvertPtr($input, &x,SWIGTYPE_p_seaudit_sort_t, 0 | 0 );
+ $1 = (seaudit_sort_t*)x;
+ }
+ #endif
+-typedef struct seaudit_model {} seaudit_model_t;
++typedef struct {} seaudit_model_t;
+ %extend seaudit_model_t {
+ seaudit_model_t(char *name = NULL, seaudit_log_t *slog = NULL) {
+ seaudit_model_t *smod;
+@@ -1309,7 +1309,7 @@
+ SEAUDIT_REPORT_FORMAT_TEXT,
+ SEAUDIT_REPORT_FORMAT_HTML
+ } seaudit_report_format_e;
+-typedef struct seaudit_report {} seaudit_report_t;
++typedef struct {} seaudit_report_t;
+ %extend seaudit_report_t {
+ seaudit_report_t(seaudit_model_t *m) {
+ seaudit_report_t *sr;
diff --git a/package/setools/setools.mk b/package/setools/setools.mk
new file mode 100644
index 0000000..faa519f
--- /dev/null
+++ b/package/setools/setools.mk
@@ -0,0 +1,91 @@
+#############################################################
+#
+# setools
+#
+#############################################################
+SETOOLS_VERSION = 3.3.8
+SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
+SETOOLS_SITE = http://oss.tresys.com/projects/setools/chrome/site/dists/setools-$(SETOOLS_VERSION)/
+
+##############################
+# Target Section
+##############################
+SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2
+
+SETOOLS_INSTALL_STAGING = YES
+SETOOLS_INSTALL_TARGET = YES
+
+SETOOLS_AUTORECONF = YES
+SETOOLS_AUTORECONF_OPT = -i -s
+
+# Notes: Need "disable-selinux-check" so the configure does not check to see if host has
+# selinux enabled.
+SETOOLS_CONF_OPT = \
+ --disable-debug \
+ --disable-gui \
+ --disable-bwidget-check \
+ --disable-selinux-check \
+ --disable-swig-java \
+ --disable-swig-python \
+ --disable-swig-tcl \
+ --with-sepol-devel="$(STAGING_DIR)/usr" \
+ --with-selinux-devel="$(STAGING_DIR)/usr" \
+
+ifeq ($(BR2_PACKAGE_SETOOLS_PYTHON_BINDINGS),y)
+ SETOOLS_DEPENDENCIES += python host-python host-swig
+ SETOOLS_CONF_ENV += am_cv_pathless_PYTHON=python \
+ ac_cv_path_PYTHON=$(HOST_DIR)/usr/bin/python \
+ am_cv_python_version=$(PYTHON_VERSION) \
+ am_cv_python_platform=linux2 \
+ am_cv_python_pythondir=$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages \
+ am_cv_python_pyexecdir=$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages \
+ am_cv_python_includes=-I$(STAGING_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)
+ SETOOLS_CONF_OPT += \
+ --enable-swig-python \
+ PYTHON_CPPFLAGS="-I$(STAGING_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)" \
+ PYTHON_LDFLAGS="-L$(STAGING_DIR)/usr/lib/" \
+ PYTHON_SITE_PKG="$(STAGING_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages" \
+ PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil -lpython$(PYTHON_VERSION_MAJOR)"
+endif
+
+##############################
+# Host Section
+##############################
+HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite host-libxml2 host-bzip2
+
+HOST_SETOOLS_AUTORECONF = YES
+HOST_SETOOLS_AUTORECONF_OPT = -i -s
+
+# Notes: Need "disable-selinux-check" so the configure does not check to see if host has
+# selinux enabled.
+HOST_SETOOLS_CONF_OPT = \
+ --disable-debug \
+ --disable-gui \
+ --disable-bwidget-check \
+ --disable-selinux-check \
+ --disable-swig-java \
+ --disable-swig-python \
+ --disable-swig-tcl \
+ --with-sepol-devel="$(HOST_DIR)/usr" \
+ --with-selinux-devel="$(HOST_DIR)/usr" \
+
+ifeq ($(BR2_PACKAGE_SETOOLS_PYTHON_BINDINGS),y)
+ HOST_SETOOLS_DEPENDENCIES += host-python host-swig
+ HOST_SETOOLS_CONF_ENV += \
+ am_cv_pathless_PYTHON=python \
+ ac_cv_path_PYTHON=$(HOST_DIR)/usr/bin/python \
+ am_cv_python_version=$(PYTHON_VERSION) \
+ am_cv_python_platform=linux2 \
+ am_cv_python_pythondir=$(HOST_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages \
+ am_cv_python_pyexecdir=$(HOST_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages \
+ am_cv_python_includes=-I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)
+ HOST_SETOOLS_CONF_OPT += \
+ --enable-swig-python \
+ PYTHON_CPPFLAGS="-I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)" \
+ PYTHON_LDFLAGS="-L$(HOST_DIR)/usr/lib/" \
+ PYTHON_SITE_PKG="$(HOST_DIR)/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages" \
+ PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil -lpython$(PYTHON_VERSION_MAJOR)"
+endif
+
+$(eval $(autotools-package))
+$(eval $(host-autotools-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 08/17] libcgroup: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (6 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 07/17] setools: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 09/17] policycoreutils: " Clayton Shotwell
` (9 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/libcgroup/Config.in | 4 ++++
package/libcgroup/libcgroup.mk | 22 ++++++++++++++++++++++
3 files changed, 27 insertions(+), 0 deletions(-)
create mode 100644 package/libcgroup/Config.in
create mode 100644 package/libcgroup/libcgroup.mk
diff --git a/package/Config.in b/package/Config.in
index 9e59b90..72e1fde 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -629,6 +629,7 @@ source "package/libatomic_ops/Config.in"
source "package/libbsd/Config.in"
source "package/libcap/Config.in"
source "package/libcap-ng/Config.in"
+source "package/libcgroup/Config.in"
source "package/libdaemon/Config.in"
source "package/libelf/Config.in"
source "package/libevent/Config.in"
diff --git a/package/libcgroup/Config.in b/package/libcgroup/Config.in
new file mode 100644
index 0000000..17d2db2
--- /dev/null
+++ b/package/libcgroup/Config.in
@@ -0,0 +1,4 @@
+config BR2_PACKAGE_LIBCGROUP
+ bool "libcgroup"
+ help
+ libcgroup is a library that abstracts the control group file system in Linux.
diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
new file mode 100644
index 0000000..965f8c1
--- /dev/null
+++ b/package/libcgroup/libcgroup.mk
@@ -0,0 +1,22 @@
+#############################################################
+#
+# libcgroup
+#
+#############################################################
+LIBCGROUP_VERSION = 0.38
+LIBCGROUP_SOURCE = libcgroup-$(LIBCGROUP_VERSION).tar.bz2
+LIBCGROUP_SITE = http://sourceforge.net/projects/libcg/files/latest/download
+LIBCGROUP_LICENSE = LGPLv2.0
+LIBCGROUP_LICENSE_FILES =
+LIBCGROUP_DEPENDENCIES = linux-pam
+
+LIBCGROUP_INSTALL_STAGING = YES
+LIBCGROUP_INSTALL_TARGET = YES
+
+# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h large file support.
+# see https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
+# This same issue is in policycoreutils
+LIBCGROUP_CONF_ENV = CXXFLAGS+="-U_FILE_OFFSET_BITS" \
+ CFLAGS+="-U_FILE_OFFSET_BITS"
+
+$(eval $(autotools-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 09/17] policycoreutils: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (7 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 08/17] libcgroup: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 10/17] python-pyxml: " Clayton Shotwell
` (8 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/policycoreutils/Config.in | 64 ++++
package/policycoreutils/S15restorecond | 85 +++++
.../policycoreutils-crossCompileFixes.patch | 328 ++++++++++++++++++++
package/policycoreutils/policycoreutils.mk | 200 ++++++++++++
5 files changed, 678 insertions(+), 0 deletions(-)
create mode 100644 package/policycoreutils/Config.in
create mode 100755 package/policycoreutils/S15restorecond
create mode 100644 package/policycoreutils/policycoreutils-crossCompileFixes.patch
create mode 100644 package/policycoreutils/policycoreutils.mk
diff --git a/package/Config.in b/package/Config.in
index 72e1fde..2400f15 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -903,6 +903,7 @@ source "package/checkpolicy/Config.in"
source "package/libsepol/Config.in"
source "package/libselinux/Config.in"
source "package/libsemanage/Config.in"
+source "package/policycoreutils/Config.in"
source "package/sepolgen/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in
new file mode 100644
index 0000000..9df86b8
--- /dev/null
+++ b/package/policycoreutils/Config.in
@@ -0,0 +1,64 @@
+config BR2_PACKAGE_POLICYCOREUTILS
+ bool "policycoreutils"
+ help
+ Policycoreutils is a collection of policy utilities (originally
+ the "core" set of utilities needed to use SELinux, although it
+ has grown a bit over time), which have different dependencies.
+ sestatus, secon, run_init, and newrole only use libselinux.
+ load_policy and setfiles only use libselinux and libsepol.
+ semodule and semanage use libsemanage (and thus bring in
+ dependencies on libsepol and libselinux as well). setsebool
+ uses libselinux to make non-persistent boolean changes (via
+ the kernel interface) and uses libsemanage to make persistent
+ boolean changes.
+
+ The base package will install the following utilities:
+ load_policy
+ newrole
+ restorecond
+ run_init
+ secon
+ semodule
+ semodule_deps
+ semodule_expand
+ semodule_link
+ semodule_package
+ sepolgen-ifgen
+ sestatus
+ setfiles
+ setsebool
+
+ http://selinuxproject.org/page/Main_Page
+
+if BR2_PACKAGE_POLICYCOREUTILS
+
+config BR2_PACKAGE_POLICYCOREUTILS_POLICY_DEBUGGING
+ bool "Policy Debugging Utilities"
+ select BR2_PACKAGE_LIBSELINUX_PYTHON_BINDINGS
+ select BR2_PACKAGE_SEPOLGEN
+ help
+ Enable policy debugging packages to be built. These are being included
+ separately because of dependencies.
+ audit2allow
+ audit2why
+ semanage
+ sepolicy
+ scripts
+
+config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
+ bool "restorecond Utility"
+ help
+ Enable restorecond to be built
+
+config BR2_PACKAGE_POLICYCOREUTILS_MCSTRANS
+ bool "mcstrans Utility"
+ help
+ Enable mcstrans to be built
+
+config BR2_PACKAGE_POLICYCOREUTILS_SANDBOX
+ bool "sandbox Utility"
+ select BR2_PACKAGE_POLICYCOREUTILS_POLICY_DEBUGGING
+ help
+ Enable sandbox to be built
+
+endif
diff --git a/package/policycoreutils/S15restorecond b/package/policycoreutils/S15restorecond
new file mode 100755
index 0000000..e408281
--- /dev/null
+++ b/package/policycoreutils/S15restorecond
@@ -0,0 +1,85 @@
+#!/bin/sh
+#
+# restorecond: Daemon used to maintain path file context
+#
+# description: restorecond uses inotify to look for creation of new files \
+# listed in the /etc/selinux/restorecond.conf file, and restores the \
+# correct security context.
+#
+# processname: /usr/sbin/restorecond
+# config: /etc/selinux/restorecond.conf
+# pidfile: /var/run/restorecond.pid
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+
+[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0 || exit 4
+
+test -x /usr/sbin/restorecond || exit 5
+test -f /etc/selinux/restorecond.conf || exit 6
+
+RETVAL=0
+
+start()
+{
+ echo -n $"Starting restorecond: "
+ unset HOME MAIL USER USERNAME
+ /usr/sbin/restorecond
+ RETVAL=$?
+ touch /var/lock/subsys/restorecond
+ echo
+ return $RETVAL
+}
+
+stop()
+{
+ echo -n $"Shutting down restorecond: "
+ killproc restorecond
+ RETVAL=$?
+ rm -f /var/lock/subsys/restorecond
+ echo
+ return $RETVAL
+}
+
+restart()
+{
+ stop
+ start
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status restorecond
+ RETVAL=$?
+ ;;
+ force-reload|restart|reload)
+ restart
+ ;;
+ condrestart)
+ [ -e /var/lock/subsys/restorecond ] && restart || :
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
+ RETVAL=3
+esac
+
+exit $RETVAL
diff --git a/package/policycoreutils/policycoreutils-crossCompileFixes.patch b/package/policycoreutils/policycoreutils-crossCompileFixes.patch
new file mode 100644
index 0000000..9502069
--- /dev/null
+++ b/package/policycoreutils/policycoreutils-crossCompileFixes.patch
@@ -0,0 +1,328 @@
+diff -urN a/audit2allow/Makefile b/audit2allow/Makefile
+--- a/audit2allow/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/audit2allow/Makefile 2013-08-23 09:16:21.282917254 -0500
+@@ -3,7 +3,7 @@
+ BINDIR ?= $(PREFIX)/bin
+ LIBDIR ?= $(PREFIX)/lib
+ MANDIR ?= $(PREFIX)/share/man
+-LOCALEDIR ?= /usr/share/locale
++LOCALEDIR ?= $(DESTDIR)/usr/share/locale
+
+ all: ;
+
+diff -urN a/load_policy/Makefile b/load_policy/Makefile
+--- a/load_policy/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/load_policy/Makefile 2013-08-23 09:16:21.282917254 -0500
+@@ -3,7 +3,7 @@
+ SBINDIR ?= $(DESTDIR)/sbin
+ USRSBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+-LOCALEDIR ?= /usr/share/locale
++LOCALEDIR ?= $(DESTDIR)/usr/share/locale
+
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+diff -urN a/Makefile b/Makefile
+--- a/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/Makefile 2013-08-23 09:16:21.292985286 -0500
+@@ -1,8 +1,8 @@
+ SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui
+
+-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
++INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
+
+-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
++ifeq (${INOTIFYH}, $(DESTDIR)/usr/include/sys/inotify.h)
+ SUBDIRS += restorecond
+ endif
+
+diff -urN a/mcstrans/src/Makefile b/mcstrans/src/Makefile
+--- a/mcstrans/src/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/mcstrans/src/Makefile 2013-08-23 09:41:18.782916946 -0500
+@@ -1,22 +1,8 @@
+-ARCH = $(shell uname -i)
+-ifeq "$(ARCH)" "x86_64"
+- # In case of 64 bit system, use these lines
+- LIBDIR=/usr/lib64
+-else
+-ifeq "$(ARCH)" "i686"
+- # In case of 32 bit system, use these lines
+- LIBDIR=/usr/lib
+-else
+-ifeq "$(ARCH)" "i386"
+- # In case of 32 bit system, use these lines
+- LIBDIR=/usr/lib
+-endif
+-endif
+-endif
+ # Installation directories.
+ PREFIX ?= $(DESTDIR)/usr
+-SBINDIR ?= $(DESTDIR)/sbin
+-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
++LIBDIR ?= $(PREFIX)/lib
++SBINDIR ?= $(PREFIX)/sbin
++INITDIR ?= $(DESTDIR)/etc/init.d
+
+ PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
+ PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
+@@ -40,5 +26,5 @@
+ install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
+
+ clean:
+- -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~ \#*
++ -rm -f $(PROG) $(PROG_OBJS) *.o *~ \#*
+
+diff -urN a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
+--- a/mcstrans/utils/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/mcstrans/utils/Makefile 2013-08-23 09:16:21.292985286 -0500
+@@ -1,24 +1,8 @@
+ # Installation directories.
+ PREFIX ?= $(DESTDIR)/usr
++LIBDIR ?= $(PREFIX)/lib
+ BINDIR ?= $(PREFIX)/sbin
+
+-ARCH = $(shell uname -i)
+-ifeq "$(ARCH)" "x86_64"
+- # In case of 64 bit system, use these lines
+- LIBDIR=/usr/lib64
+-else
+-ifeq "$(ARCH)" "i686"
+- # In case of 32 bit system, use these lines
+- LIBDIR=/usr/lib
+-else
+-ifeq "$(ARCH)" "i386"
+- # In case of 32 bit system, use these lines
+- LIBDIR=/usr/lib
+-endif
+-endif
+-endif
+-
+-
+ CFLAGS ?= -Wall
+ override CFLAGS += -I../src -D_GNU_SOURCE
+ LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a
+diff -urN a/newrole/Makefile b/newrole/Makefile
+--- a/newrole/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/newrole/Makefile 2013-08-23 09:16:21.292985286 -0500
+@@ -3,9 +3,9 @@
+ BINDIR ?= $(PREFIX)/bin
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+-LOCALEDIR = /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++LOCALEDIR = $(DESTDIR)/usr/share/locale
++PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+ # Enable capabilities to permit newrole to generate audit records.
+ # This will make newrole a setuid root program.
+ # The capabilities used are: CAP_AUDIT_WRITE.
+@@ -24,7 +24,7 @@
+ EXTRA_OBJS =
+ override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h)
+ override CFLAGS += -DUSE_PAM
+ EXTRA_OBJS += hashtab.o
+ LDLIBS += -lpam -lpam_misc
+@@ -32,7 +32,7 @@
+ override CFLAGS += -D_XOPEN_SOURCE=500
+ LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), $(DESTDIR)/usr/include/libaudit.h)
+ override CFLAGS += -DUSE_AUDIT
+ LDLIBS += -laudit
+ endif
+@@ -66,7 +66,7 @@
+ test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
+ install -m $(MODE) newrole $(BINDIR)
+ install -m 644 newrole.1 $(MANDIR)/man1/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h)
+ test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ ifeq ($(LSPP_PRIV),y)
+ install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+diff -urN a/restorecond/Makefile b/restorecond/Makefile
+--- a/restorecond/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/restorecond/Makefile 2013-08-23 09:16:21.292985286 -0500
+@@ -2,24 +2,29 @@
+ PREFIX ?= $(DESTDIR)/usr
+ SBINDIR ?= $(PREFIX)/sbin
+ LIBDIR ?= $(PREFIX)/lib
+-MANDIR = $(PREFIX)/share/man
++MANDIR ?= $(PREFIX)/share/man
+ AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
+ DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
+
+ autostart_DATA = sealertauto.desktop
+-INITDIR = $(DESTDIR)/etc/rc.d/init.d
++INITDIR = $(DESTDIR)/etc/init.d
+ SELINUXDIR = $(DESTDIR)/etc/selinux
+
+-DBUSFLAGS = -DHAVE_DBUS -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include
++DBUSFLAGS = -DHAVE_DBUS -I$(PREFIX)/include/dbus-1.0 -I$(PREFIX)/lib64/dbus-1.0/include \
++ -I$(PREFIX)/lib/dbus-1.0/include
+ DBUSLIB = -ldbus-glib-1 -ldbus-1
+
+ CFLAGS ?= -g -Werror -Wall -W
+-override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include
++override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I$(PREFIX)/include/glib-2.0 \
++ -I$(PREFIX)/lib64/glib-2.0/include -I$(PREFIX)/lib/glib-2.0/include
+
+ LDLIBS += -lselinux $(DBUSLIB) -lglib-2.0 -L$(LIBDIR)
+
+ all: restorecond
+
++%.o: %.c
++ $(CC) $(CFLAGS) -c -o $@ $<
++
+ restorecond.o utmpwatcher.o stringslist.o user.o watch.o: restorecond.h
+
+ restorecond: ../setfiles/restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o
+diff -urN a/run_init/Makefile b/run_init/Makefile
+--- a/run_init/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/run_init/Makefile 2013-08-23 09:16:21.292985286 -0500
+@@ -4,21 +4,21 @@
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+-LOCALEDIR ?= /usr/share/locale
+-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++LOCALEDIR ?= $(DESTDIR)/usr/share/locale
++PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -L$(PREFIX)/lib
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h)
+ override CFLAGS += -DUSE_PAM
+ LDLIBS += -lpam -lpam_misc
+ else
+ override CFLAGS += -D_XOPEN_SOURCE=500
+ LDLIBS += -lcrypt
+ endif
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), $(DESTDIR)/usr/include/libaudit.h)
+ override CFLAGS += -DUSE_AUDIT
+ LDLIBS += -laudit
+ endif
+@@ -38,7 +38,7 @@
+ install -m 755 open_init_pty $(SBINDIR)
+ install -m 644 run_init.8 $(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(MANDIR)/man8/
+-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h)
+ install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ endif
+
+diff -urN a/semodule/Makefile b/semodule/Makefile
+--- a/semodule/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/semodule/Makefile 2013-08-23 09:16:21.302924109 -0500
+@@ -2,7 +2,7 @@
+ PREFIX ?= $(DESTDIR)/usr
+ INCLUDEDIR ?= $(PREFIX)/include
+ SBINDIR ?= $(PREFIX)/sbin
+-MANDIR = $(PREFIX)/share/man
++MANDIR ?= $(PREFIX)/share/man
+ LIBDIR ?= $(PREFIX)/lib
+
+ CFLAGS ?= -Werror -Wall -W
+diff -urN a/sepolicy/Makefile b/sepolicy/Makefile
+--- a/sepolicy/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/sepolicy/Makefile 2013-08-23 09:16:21.302924109 -0500
+@@ -5,25 +5,32 @@
+ BINDIR ?= $(PREFIX)/bin
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+-LOCALEDIR ?= /usr/share/locale
++LOCALEDIR ?= $(DESTDIR)/usr/share/locale
+ PYTHON ?= /usr/bin/python
+ BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/
+ SHAREDIR ?= $(PREFIX)/share/sandbox
+-override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared
++override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared
+
+ BASHCOMPLETIONS=sepolicy-bash-completion.sh
+
++PYTHON_ARGS = LDSHARED="$(CC) -shared" \
++ CROSS_COMPILING=yes \
++ _python_sysroot=$(DESTDIR) \
++ _python_srcdir=$(PYTHON_SRC) \
++ _python_prefix=/usr \
++ _python_exec_prefix=/usr
++
+ all: python-build
+
+ python-build: info.c search.c common.h policy.h policy.c
+- $(PYTHON) setup.py build
++ $(PYTHON_ARGS) $(PYTHON) setup.py build
+
+ clean:
+ $(PYTHON) setup.py clean
+ -rm -rf build *~ \#* *pyc .#*
+
+ install:
+- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++ $(PYTHON_ARGS) $(PYTHON) setup.py install --prefix=$(PREFIX)
+ [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
+ install -m 755 sepolicy.py $(BINDIR)/sepolicy
+ -mkdir -p $(MANDIR)/man8
+diff -urN a/sestatus/Makefile b/sestatus/Makefile
+--- a/sestatus/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/sestatus/Makefile 2013-08-23 09:16:21.302924109 -0500
+@@ -1,11 +1,11 @@
+ # Installation directories.
+ PREFIX ?= $(DESTDIR)/usr
+ SBINDIR ?= $(PREFIX)/sbin
+-MANDIR = $(PREFIX)/share/man
++MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= $(DESTDIR)/etc
+ LIBDIR ?= $(PREFIX)/lib
+
+-CFLAGS = -Werror -Wall -W
++CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
+ LDLIBS = -lselinux -L$(LIBDIR)
+
+diff -urN a/setfiles/Makefile b/setfiles/Makefile
+--- a/setfiles/Makefile 2013-02-05 19:43:22.000000000 -0600
++++ b/setfiles/Makefile 2013-08-23 09:16:21.302924109 -0500
+@@ -1,24 +1,27 @@
+ # Installation directories.
+ PREFIX ?= $(DESTDIR)/usr
+ SBINDIR ?= $(DESTDIR)/sbin
+-MANDIR = $(PREFIX)/share/man
++MANDIR ?= $(PREFIX)/share/man
+ LIBDIR ?= $(PREFIX)/lib
+-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+
+-PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
+-ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
++PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk '{ print $$3 }')
++ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk '{ print $$3 }')
+
+-CFLAGS = -g -Werror -Wall -W
++CFLAGS ?= -g -Werror -Wall -W
+ override CFLAGS += -I$(PREFIX)/include
+ LDLIBS = -lselinux -lsepol -L$(LIBDIR)
+
+-ifeq ($(AUDITH), /usr/include/libaudit.h)
++ifeq ($(AUDITH), $(DESTDIR)/usr/include/libaudit.h)
+ override CFLAGS += -DUSE_AUDIT
+ LDLIBS += -laudit
+ endif
+
+ all: setfiles restorecon man
+
++%.o: %.c
++ $(CC) $(CFLAGS) -c -o $@ $<
++
+ setfiles: setfiles.o restore.o
+
+ restorecon: setfiles
diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
new file mode 100644
index 0000000..7311b5a
--- /dev/null
+++ b/package/policycoreutils/policycoreutils.mk
@@ -0,0 +1,200 @@
+#############################################################
+#
+# policycoreutils
+#
+#############################################################
+POLICYCOREUTILS_VERSION = 2.1.14
+POLICYCOREUTILS_SOURCE = policycoreutils-$(POLICYCOREUTILS_VERSION).tar.gz
+POLICYCOREUTILS_SITE = http://userspace.selinuxproject.org/releases/20130423/
+POLICYCOREUTILS_LICENSE = GPLv2
+POLICYCOREUTILS_LICENSE_FILES = COPYING
+
+##############################
+# Target Section
+##############################
+POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng dbus-glib libglib2 linux-pam audit
+# Both audit and linux-pam are required by the LSPP_PRIV=y option below
+
+POLICYCOREUTILS_INSTALL_STAGING = NO
+POLICYCOREUTILS_INSTALL_TARGET = YES
+
+define POLICYCOREUTILS_INSTALL_TARGET_PAM_CONFS
+ $(INSTALL) -D -m 0644 $(@D)/newrole/newrole-lspp.pamd $(TARGET_DIR)/etc/pam.d/newrole
+ $(INSTALL) -D -m 0644 $(@D)/run_init/run_init.pamd $(TARGET_DIR)/etc/pam.d/run_init
+endef
+
+#
+# Policy Debugging build commands
+#
+ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_POLICY_DEBUGGING),y)
+
+POLICYCOREUTILS_DEPENDENCIES += python host-python sepolgen setools
+
+POLICYCOREUTILS_DEBUGGING_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
+ PYTHON="$(HOST_DIR)/usr/bin/python" \
+ PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
+ PYTHON_SRC="$(BUILD_DIR)/python$(PYTHON_VERSION)"
+
+define POLICYCOREUTILS_DEBUGGING_BUILD_CMDS
+ $(MAKE) -C $(@D)/audit2allow $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/audit2why $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/scripts $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/semanage $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/sepolicy $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+endef
+
+define POLICYCOREUTILS_DEBUGGING_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D)/audit2allow $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/audit2why $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/scripts $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/semanage $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/sepolicy $(POLICYCOREUTILS_DEBUGGING_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+endef
+endif
+
+#
+# restorecond build commands
+#
+ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
+
+POLICYCOREUTILS_RESTORECOND_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
+
+define POLICYCOREUTILS_RESTORECOND_BUILD_CMDS
+ $(MAKE) -C $(@D)/restorecond $(POLICYCOREUTILS_RESTORECOND_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+endef
+
+define POLICYCOREUTILS_RESTORECOND_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D)/restorecond $(POLICYCOREUTILS_RESTORECOND_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+ rm $(TARGET_DIR)/etc/init.d/restorecond
+ $(INSTALL) -m 0755 package/policycoreutils/S15restorecond $(TARGET_DIR)/etc/init.d/
+endef
+endif
+
+#
+# mctrans build commands
+#
+ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_MCSTRANS),y)
+
+POLICYCOREUTILS_DEPENDENCIES += pcre libcap
+
+POLICYCOREUTILS_MCSTRANS_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
+
+define POLICYCOREUTILS_MCSTRANS_BUILD_CMDS
+ $(MAKE) -C $(@D)/mcstrans $(POLICYCOREUTILS_MCSTRANS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+endef
+
+define POLICYCOREUTILS_MCSTRANS_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D)/mcstrans $(POLICYCOREUTILS_MCSTRANS_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+endef
+endif
+
+#
+# sandbox build commands
+#
+ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_SANDBOX),y)
+
+POLICYCOREUTILS_DEPENDENCIES += libcgroup
+
+POLICYCOREUTILS_SANDBOX_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS)
+
+define POLICYCOREUTILS_SANDBOX_BUILD_CMDS
+ $(MAKE) -C $(@D)/sandbox $(POLICYCOREUTILS_SANDBOX_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+endef
+
+define POLICYCOREUTILS_SANDBOX_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D)/sandbox $(POLICYCOREUTILS_SANDBOX_MAKE_CMDS) DESTDIR="$(TARGET_DIR)" install
+endef
+endif
+
+# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h large file support.
+# see https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
+POLICYCOREUTILS_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) CFLAGS+="-U_FILE_OFFSET_BITS" LSPP_PRIV=y
+
+BaseApps = load_policy newrole restorecond run_init secon semodule semodule_deps semodule_expand \
+ semodule_link semodule_package sestatus setfiles setsebool
+
+define POLICYCOREUTILS_BUILD_CMDS
+ $(MAKE) -C $(@D)/load_policy $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/newrole $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/restorecond $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/run_init $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/secon $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/semodule $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/semodule_deps $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/semodule_expand $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/semodule_link $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/semodule_package $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/sepolgen-ifgen $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/sestatus $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/setfiles $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(MAKE) -C $(@D)/setsebool $(POLICYCOREUTILS_MAKE_CMDS) DESTDIR="$(STAGING_DIR)" all
+ $(POLICYCOREUTILS_DEBUGGING_BUILD_CMDS)
+ $(POLICYCOREUTILS_RESTORECOND_BUILD_CMDS)
+ $(POLICYCOREUTILS_MCSTRANS_BUILD_CMDS)
+ $(POLICYCOREUTILS_SANDBOX_BUILD_CMDS)
+endef
+
+define POLICYCOREUTILS_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D)/load_policy DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/newrole DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/restorecond DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/run_init DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/secon DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/semodule DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/semodule_deps DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/semodule_expand DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/semodule_link DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/semodule_package DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/sepolgen-ifgen DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/sestatus DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/setfiles DESTDIR="$(TARGET_DIR)" install
+ $(MAKE) -C $(@D)/setsebool DESTDIR="$(TARGET_DIR)" install
+ $(POLICYCOREUTILS_INSTALL_TARGET_PAM_CONFS)
+ $(POLICYCOREUTILS_DEBUGGING_INSTALL_TARGET_CMDS)
+ $(POLICYCOREUTILS_RESTORECOND_INSTALL_TARGET_CMDS)
+ $(POLICYCOREUTILS_MCSTRANS_INSTALL_TARGET_CMDS)
+ $(POLICYCOREUTILS_SANDBOX_INSTALL_TARGET_CMDS)
+endef
+
+define POLICYCOREUTILS_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean DESTDIR=$(STAGING_DIR)
+ $(MAKE) -C $(@D)/mcstrans clean DESTDIR=$(STAGING_DIR)
+ $(MAKE) -C $(@D)/restorecond clean DESTDIR=$(STAGING_DIR)
+endef
+
+##############################
+# Host Section
+##############################
+HOST_POLICYCOREUTILS_DEPENDENCIES = host-libsemanage
+
+# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h large file support.
+# see https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
+HOST_POLICYCOREUTILS_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) CFLAGS+="-U_FILE_OFFSET_BITS" LSPP_PRIV=y
+
+# Note: We are only building the programs required by the refpolicy build
+define HOST_POLICYCOREUTILS_BUILD_CMDS
+ $(MAKE) -C $(@D)/semodule $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_package $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_link $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_expand $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_deps $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/load_policy $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/setfiles $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_POLICYCOREUTILS_INSTALL_CMDS
+ $(MAKE) -C $(@D)/semodule install $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_package install $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_link install $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_expand install $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/semodule_deps install $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/load_policy install $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+ $(MAKE) -C $(@D)/setfiles install $(HOST_POLICYCOREUTILS_MAKE_CMDS) DESTDIR=$(HOST_DIR)
+endef
+
+define HOST_POLICYCOREUTILS_CLEAN_CMDS
+ $(MAKE) -C $(@D) clean DESTDIR=$(HOST_DIR)
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 10/17] python-pyxml: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (8 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 09/17] policycoreutils: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 11/17] refpolicy: " Clayton Shotwell
` (7 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/python-pyxml/Config.in | 11 ++++++
package/python-pyxml/python-xml.mk | 64 ++++++++++++++++++++++++++++++++++++
3 files changed, 76 insertions(+), 0 deletions(-)
create mode 100644 package/python-pyxml/Config.in
create mode 100644 package/python-pyxml/python-xml.mk
diff --git a/package/Config.in b/package/Config.in
index 2400f15..3760261 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -371,6 +371,7 @@ source "package/python-protobuf/Config.in"
source "package/python-pygame/Config.in"
source "package/python-pyparsing/Config.in"
source "package/python-pyro/Config.in"
+source "package/python-pyxml/Config.in"
source "package/python-serial/Config.in"
source "package/python-setuptools/Config.in"
source "package/python-thrift/Config.in"
diff --git a/package/python-pyxml/Config.in b/package/python-pyxml/Config.in
new file mode 100644
index 0000000..420f3ad
--- /dev/null
+++ b/package/python-pyxml/Config.in
@@ -0,0 +1,11 @@
+config BR2_PACKAGE_PYTHON_PYXML
+ bool "python-pyxml"
+ depends on BR2_PACKAGE_PYTHON
+ help
+ This is the Python XML package. The distribution contains a
+ validating XML parser, an implementation of the SAX and DOM
+ programming interfaces, an interface to the Expat parser (and the
+ Expat parser itself), and a C helper module that can speed up
+ xmllib.py by a factor of 5. There's even documentation!
+
+ http://pyxml.sourceforge.net/topics/index.html
diff --git a/package/python-pyxml/python-xml.mk b/package/python-pyxml/python-xml.mk
new file mode 100644
index 0000000..d14f429
--- /dev/null
+++ b/package/python-pyxml/python-xml.mk
@@ -0,0 +1,64 @@
+#############################################################
+#
+# python-pyxml
+#
+#############################################################
+
+PYTHON_PYXML_VERSION = 0.8.4
+PYTHON_PYXML_SOURCE = PyXML-$(PYTHON_PYXML_VERSION).tar.gz
+PYTHON_PYXML_SITE = http://sourceforge.net/projects/pyxml/files/pyxml/0.8.4/PyXML-0.8.4.tar.gz/download
+PYTHON_PYXML_LICENSE = BSD-3c
+PYTHON_PYXML_LICENSE_FILES = LICENSE
+
+##############################
+# Target Section
+##############################
+PYTHON_PYXML_DEPENDENCIES = host-python python expat
+PYTHON_PYXML_INSTALL_STAGING = NO
+PYTHON_PYXML_INSTALL_TARGET = YES
+
+define PYTHON_PYXML_BUILD_CMDS
+ (cd $(@D); \
+ CC="$(TARGET_CC)" \
+ CFLAGS="$(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include" \
+ LDSHARED="$(TARGET_CC) -shared" \
+ LDFLAGS="$(TARGET_LDFLAGS) -L$(STAGING_DIR)/lib -L$(STAGING_DIR)/usr/lib" \
+ $(HOST_DIR)/usr/bin/python setup.py build_ext \
+ --include-dirs=$(STAGING_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR) \
+ --with-libexpat=$(STAGING_DIR)/usr \
+ )
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py build)
+endef
+
+define PYTHON_PYXML_CLEAN_CMDS
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py clean -a)
+endef
+
+define PYTHON_PYXML_INSTALL_STAGING_CMDS
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py install --prefix=$(STAGING_DIR)/usr)
+endef
+
+define PYTHON_PYXML_INSTALL_TARGET_CMDS
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py install --prefix=$(TARGET_DIR)/usr)
+endef
+
+##############################
+# Host Section
+##############################
+HOST_PYTHON_PYXML_DEPENDENCIES = host-python
+
+define HOST_PYTHON_PYXML_BUILD_CMDS
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py build_ext --with-libexpat=$(HOST_DIR)/usr)
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py build)
+endef
+
+define HOST_PYTHON_PYXML_CLEAN_CMDS
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py clean)
+endef
+
+define HOST_PYTHON_PYXML_INSTALL_CMDS
+ (cd $(@D); $(HOST_DIR)/usr/bin/python setup.py install --prefix=$(HOST_DIR)/usr)
+endef
+
+$(eval $(generic-package))
+$(eval $(host-generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 11/17] refpolicy: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (9 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 10/17] python-pyxml: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 12/17] python-pyparsing: Add host build option Clayton Shotwell
` (6 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/refpolicy/Config.in | 87 ++
package/refpolicy/S12selinux | 134 +++
package/refpolicy/config | 10 +
.../refpolicy-001-gentoo_hardened_fixes.patch | 1250 ++++++++++++++++++++
package/refpolicy/refpolicy.mk | 84 ++
6 files changed, 1566 insertions(+), 0 deletions(-)
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/S12selinux
create mode 100755 package/refpolicy/config
create mode 100644 package/refpolicy/refpolicy-001-gentoo_hardened_fixes.patch
create mode 100644 package/refpolicy/refpolicy.mk
diff --git a/package/Config.in b/package/Config.in
index 3760261..560e38e 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -905,6 +905,7 @@ source "package/libsepol/Config.in"
source "package/libselinux/Config.in"
source "package/libsemanage/Config.in"
source "package/policycoreutils/Config.in"
+source "package/refpolicy/Config.in"
source "package/sepolgen/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..b013f54
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,87 @@
+config BR2_PACKAGE_REFPOLICY
+ bool "refpolicy"
+ help
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis
+ for creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish
+ many additional goals.
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_PATCH_FOLDER
+ string "Build specific refpolicy patches folder"
+ depends on BR2_PACKAGE_REFPOLICY
+ default ""
+ help
+ A path to a folder containing board specific
+ configuration patch files. These will get applied
+ after the patches in the package folder.
+
+choice
+ prompt "SELinux policy type"
+ default BR2_PACKAGE_REFPOLICY_TYPE_STANDARD
+
+ config BR2_PACKAGE_REFPOLICY_TYPE_STANDARD
+ bool "Standard"
+ help
+ Standard SELinux policy
+
+ config BR2_PACKAGE_REFPOLICY_TYPE_MCS
+ bool "MCS"
+ help
+ SELinux policy with multi-catagory support
+
+ config BR2_PACKAGE_REFPOLICY_TYPE_MLS
+ bool "MLS"
+ help
+ SELinux policy with multi-catagory and multi-level support
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_TYPE
+ string
+ default "standard" if BR2_PACKAGE_REFPOLICY_TYPE_STANDARD
+ default "mcs" if BR2_PACKAGE_REFPOLICY_TYPE_MCS
+ default "mls" if BR2_PACKAGE_REFPOLICY_TYPE_MLS
+
+choice
+ prompt "SELinux Policy Distribution"
+ default BR2_PACKAGE_REFPOLICY_DIST_REDHAT
+
+ config BR2_PACKAGE_REFPOLICY_DIST_REDHAT
+ bool "redhat"
+
+ config BR2_PACKAGE_REFPOLICY_DIST_GENTOO
+ bool "gentoo"
+
+ config BR2_PACKAGE_REFPOLICY_DIST_DEBIAN
+ bool "debian"
+
+ config BR2_PACKAGE_REFPOLICY_DIST_SUSE
+ bool "suse"
+
+ config BR2_PACKAGE_REFPOLICY_DIST_REDHAT14
+ bool "redhat 14"
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_DIST
+ string
+ default "redhat" if BR2_PACKAGE_REFPOLICY_DIST_REDHAT
+ default "gentoo" if BR2_PACKAGE_REFPOLICY_DIST_GENTOO
+ default "debian" if BR2_PACKAGE_REFPOLICY_DIST_DEBIAN
+ default "suse" if BR2_PACKAGE_REFPOLICY_DIST_SUSE
+ default "rhel14" if BR2_PACKAGE_REFPOLICY_DIST_REDHAT14
+
+config BR2_PACKAGE_REFPOLICY_MONOLITHIC
+ bool "Build a monolithic SELinux policy"
+ help
+ Select Y to build a monolithic SELinux policy otherwise
+ a modular policy will be built. Note, this is suggested
+ for embedded systems.
+
+config BR2_PACKAGE_REFPOLICY_NAME
+ string "Name for the SELinux policy"
+ default "refpolicy"
+
+endif
diff --git a/package/refpolicy/S12selinux b/package/refpolicy/S12selinux
new file mode 100644
index 0000000..24aec7a
--- /dev/null
+++ b/package/refpolicy/S12selinux
@@ -0,0 +1,134 @@
+#!/bin/sh
+################################################################################
+#
+# This file labels the security contexts of memory based filesystems such as
+# /dev/ and checks for auto relabel request if '/.autorelabel' file exists.
+# The 'stop' argument drops the security mode to 'permissive'.
+#
+# This script is a heavily stripped down and modified version of the one use
+# in CentOS 6.2
+#
+################################################################################
+
+failed()
+{
+ echo $1
+ exit 1
+}
+
+setup_selinux() {
+ # Get SELinux config env vars
+ . /etc/selinux/config || failed "Failed to source the SELinux config"
+
+ # Create required directories
+ mkdir -p /etc/selinux/${SELINUXTYPE}/policy/ ||
+ failed "Failed to create the policy folder"
+ mkdir -p /etc/selinux/${SELINUXTYPE}/modules/active/modules || \
+ failed "Failed to create the modules folder"
+ if [ ! -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local ]
+ then
+ touch /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local || \
+ failed "Failed to create the file_contexts.local file"
+ fi
+
+ # Install modules
+ semodule -v -s ${SELINUXTYPE} -b /usr/share/selinux/${SELINUXTYPE}/base.pp \
+ -i $(ls /usr/share/selinux/${SELINUXTYPE}/*.pp | grep -v base) || \
+ failed "Failed to install the base policy"
+
+ # Load the policy to activate it
+ load_policy -i || failed "Failed to load the SELinux policy"
+}
+
+relabel_selinux() {
+ # if /sbin/init is not labeled correctly this process is running in the
+ # wrong context, so a reboot will be required after relabel
+ AUTORELABEL=
+
+ # Get SELinux config env vars
+ . /etc/selinux/config || failed "Failed to source the SELinux config"
+
+ # Switch to Permissive mode
+ echo "0" > /selinux/enforce || failed "Failed to disable enforcing mode"
+
+ echo
+ echo "*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
+ echo "*** Relabeling could take a very long time, depending on file"
+ echo "*** system size and speed of hard drives."
+
+ # Relabel mount points
+ restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) \
+ >/dev/null 2>&1 || failed "Failed to relabel the mount points"
+
+ # Relabel file system
+ echo "Relabeling file systems"
+ restorecon -R -F / || failed "Failed to relabel the file system"
+
+ # Remove label
+ rm -f /.autorelabel || failed "Failed to remove the autorelabel flag"
+
+ # Reboot to activate relabeled file system
+ echo "Automatic reboot in progress."
+ reboot -f
+}
+
+start() {
+ echo -n "Initializing SELinux: "
+
+ # Check to see if the default policy has been installed
+ if [ "`sestatus | grep "SELinux status" | grep enabled`" == "" ]; then
+ setup_selinux
+ fi
+
+ # Check SELinux status
+ SELINUX_STATE=
+ if [ -e "/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
+ if [ -r "/selinux/enforce" ] ; then
+ SELINUX_STATE=$(cat "/selinux/enforce")
+ else
+ # assume enforcing if you can't read it
+ SELINUX_STATE=1
+ fi
+ fi
+
+ # Context Label /dev/
+ if [ -n "$SELINUX_STATE" -a -x /sbin/restorecon ] && fgrep " /dev " /proc/mounts >/dev/null 2>&1 ; then
+ /sbin/restorecon -R -F /dev 2>/dev/null
+ fi
+
+ # Context Label tmpfs mounts
+ if [ -n "$SELINUX_STATE" -a -x /sbin/restorecon ]; then
+ /sbin/restorecon -R -F $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// && $3 =="tmpfs" { print $2 }' /etc/fstab) >/dev/null 2>&1
+ fi
+
+ # Clean up SELinux labels
+ if [ -n "$SELINUX_STATE" -a -x /sbin/restorecon ]; then
+ restorecon -F /etc/mtab /etc/ld.so.cache /etc/resolv.conf >/dev/null 2>&1
+ fi
+
+ # Check for filesystem relabel request
+ if [ -f /.autorelabel ] ; then
+ relabel_selinux
+ fi
+
+ echo "OK"
+}
+stop() {
+ # There is nothing to do
+ echo "OK"
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ *)
+ echo "Usage: $0 {start|stop}"
+ exit 1
+ ;;
+esac
+
+exit $?
diff --git a/package/refpolicy/config b/package/refpolicy/config
new file mode 100755
index 0000000..c482b3f
--- /dev/null
+++ b/package/refpolicy/config
@@ -0,0 +1,10 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=permissive
+# SELINUXTYPE= can take one of these two values:
+# targeted - Targeted processes are protected,
+# mls - Multi Level Security protection.
+SELINUXTYPE=refpolicy
diff --git a/package/refpolicy/refpolicy-001-gentoo_hardened_fixes.patch b/package/refpolicy/refpolicy-001-gentoo_hardened_fixes.patch
new file mode 100644
index 0000000..c1c398f
--- /dev/null
+++ b/package/refpolicy/refpolicy-001-gentoo_hardened_fixes.patch
@@ -0,0 +1,1250 @@
+From: Dominick Grift <dominick.grift@gmail.com>
+Date: Fri, 16 Aug 2013 07:07:37 +0000 (+0200)
+Subject: Fix monolithic built
+X-Git-Url: http://git.overlays.gentoo.org/gitweb/?p=proj%2Fhardened-refpolicy.git;a=commitdiff_plain;h=86500de7
+
+Fix monolithic built
+
+Make unconfined_cronjob_t declaration mandatory, because else monolithic
+built fails due to duplicate declaration
+
+Deprecate kerberos_keytab_template:
+
+Keytab type declarations have to be mandatory, because else monolithic
+built fails due to out-of-scope
+
+This keytab solution does not make sense in its current implementation,
+as many corresponding file context specs are missing, and there are no
+type transtion rules
+
+Replaced two deprecated interface calls
+
+Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
+---
+
+diff --git a/policy/modules/contrib/apache.if b/policy/modules/contrib/apache.if
+index a1d1131..655cbe1 100644
+--- a/policy/modules/contrib/apache.if
++++ b/policy/modules/contrib/apache.if
+@@ -1203,9 +1203,9 @@ interface(`apache_admin',`
+ attribute httpd_script_domains, httpd_htaccess_type;
+ type httpd_t, httpd_config_t, httpd_log_t;
+ type httpd_modules_t, httpd_lock_t, httpd_helper_t;
+- type httpd_var_run_t, httpd_keytab_t, httpd_passwd_t;
++ type httpd_var_run_t, httpd_passwd_t, httpd_suexec_t;
+ type httpd_suexec_tmp_t, httpd_tmp_t, httpd_rotatelogs_t;
+- type httpd_initrc_exec_t, httpd_suexec_t;
++ type httpd_initrc_exec_t, httpd_keytab_t;
+ ')
+
+ allow $1 { httpd_script_domains httpd_t httpd_helper_t }:process { ptrace signal_perms };
+@@ -1222,7 +1222,7 @@ interface(`apache_admin',`
+ miscfiles_manage_public_files($1)
+
+ files_search_etc($1)
+- admin_pattern($1, { httpd_config_t httpd_keytab_t })
++ admin_pattern($1, { httpd_keytab_t httpd_config_t })
+
+ logging_search_logs($1)
+ admin_pattern($1, httpd_log_t)
+diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
+index 0da7cc3..99bb9b5 100644
+--- a/policy/modules/contrib/apache.te
++++ b/policy/modules/contrib/apache.te
+@@ -1,4 +1,4 @@
+-policy_module(apache, 2.7.0)
++policy_module(apache, 2.7.1)
+
+ ########################################
+ #
+@@ -283,6 +283,9 @@ role httpd_helper_roles types httpd_helper_t;
+ type httpd_initrc_exec_t;
+ init_script_file(httpd_initrc_exec_t)
+
++type httpd_keytab_t;
++files_type(httpd_keytab_t)
++
+ type httpd_lock_t;
+ files_lock_file(httpd_lock_t)
+
+@@ -391,6 +394,8 @@ allow httpd_t httpd_config_t:dir list_dir_perms;
+ read_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
+ read_lnk_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
+
++allow httpd_t httpd_keytab_t:file read_file_perms;
++
+ allow httpd_t httpd_lock_t:file manage_file_perms;
+ files_lock_filetrans(httpd_t, httpd_lock_t, file)
+
+@@ -781,10 +786,11 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(httpd, httpd_t)
+ kerberos_manage_host_rcache(httpd_t)
++ kerberos_read_keytab(httpd_t)
+ kerberos_tmp_filetrans_host_rcache(httpd_t, file, "HTTP_23")
+ kerberos_tmp_filetrans_host_rcache(httpd_t, file, "HTTP_48")
++ kerberos_use(httpd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/automount.if b/policy/modules/contrib/automount.if
+index 089430a..f24e369 100644
+--- a/policy/modules/contrib/automount.if
++++ b/policy/modules/contrib/automount.if
+@@ -153,6 +153,7 @@ interface(`automount_admin',`
+ gen_require(`
+ type automount_t, automount_lock_t, automount_tmp_t;
+ type automount_var_run_t, automount_initrc_exec_t;
++ type automount_keytab_t;
+ ')
+
+ allow $1 automount_t:process { ptrace signal_perms };
+@@ -163,6 +164,9 @@ interface(`automount_admin',`
+ role_transition $2 automount_initrc_exec_t system_r;
+ allow $2 system_r;
+
++ files_list_etc($1)
++ admin_pattern($1, automount_keytab_t)
++
+ files_list_var($1)
+ admin_pattern($1, automount_lock_t)
+
+diff --git a/policy/modules/contrib/automount.te b/policy/modules/contrib/automount.te
+index d4e58ea..27d2f40 100644
+--- a/policy/modules/contrib/automount.te
++++ b/policy/modules/contrib/automount.te
+@@ -1,4 +1,4 @@
+-policy_module(automount, 1.14.0)
++policy_module(automount, 1.14.1)
+
+ ########################################
+ #
+@@ -12,8 +12,8 @@ init_daemon_domain(automount_t, automount_exec_t)
+ type automount_initrc_exec_t;
+ init_script_file(automount_initrc_exec_t)
+
+-type automount_var_run_t;
+-files_pid_file(automount_var_run_t)
++type automount_keytab_t;
++files_type(automount_keytab_t)
+
+ type automount_lock_t;
+ files_lock_file(automount_lock_t)
+@@ -22,6 +22,9 @@ type automount_tmp_t;
+ files_tmp_file(automount_tmp_t)
+ files_mountpoint(automount_tmp_t)
+
++type automount_var_run_t;
++files_pid_file(automount_var_run_t)
++
+ ########################################
+ #
+ # Local policy
+@@ -36,6 +39,8 @@ allow automount_t self:rawip_socket create_socket_perms;
+
+ can_exec(automount_t, automount_exec_t)
+
++allow automount_t automount_keytab_t:file read_file_perms;
++
+ allow automount_t automount_lock_t:file manage_file_perms;
+ files_lock_filetrans(automount_t, automount_lock_t, file)
+
+@@ -143,8 +148,9 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(automount, automount_t)
+ kerberos_read_config(automount_t)
++ kerberos_read_keytab(automount_t)
++ kerberos_use(automount_t)
+ kerberos_dontaudit_write_config(automount_t)
+ ')
+
+diff --git a/policy/modules/contrib/bind.if b/policy/modules/contrib/bind.if
+index 866a1e2..531a8f2 100644
+--- a/policy/modules/contrib/bind.if
++++ b/policy/modules/contrib/bind.if
+@@ -364,6 +364,7 @@ interface(`bind_admin',`
+ type named_t, named_tmp_t, named_log_t;
+ type named_cache_t, named_zone_t, named_initrc_exec_t;
+ type dnssec_t, ndc_t, named_conf_t, named_var_run_t;
++ type named_keytab_t;
+ ')
+
+ allow $1 { named_t ndc_t }:process { ptrace signal_perms };
+@@ -381,7 +382,7 @@ interface(`bind_admin',`
+ admin_pattern($1, named_log_t)
+
+ files_list_etc($1)
+- admin_pattern($1, named_conf_t)
++ admin_pattern($1, { named_keytab_t named_conf_t })
+
+ files_list_var($1)
+ admin_pattern($1, { dnssec_t named_cache_t named_zone_t })
+diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te
+index b01e493..1241123 100644
+--- a/policy/modules/contrib/bind.te
++++ b/policy/modules/contrib/bind.te
+@@ -1,4 +1,4 @@
+-policy_module(bind, 1.13.0)
++policy_module(bind, 1.13.1)
+
+ ########################################
+ #
+@@ -44,6 +44,9 @@ files_type(named_cache_t)
+ type named_initrc_exec_t;
+ init_script_file(named_initrc_exec_t)
+
++type named_keytab_t;
++files_type(named_keytab_t)
++
+ type named_log_t;
+ logging_log_file(named_log_t)
+
+@@ -84,7 +87,7 @@ read_lnk_files_pattern(named_t, named_conf_t, named_conf_t)
+ manage_files_pattern(named_t, named_cache_t, named_cache_t)
+ manage_lnk_files_pattern(named_t, named_cache_t, named_cache_t)
+
+-can_exec(named_t, named_exec_t)
++allow named_t named_keytab_t:file read_file_perms;
+
+ append_files_pattern(named_t, named_log_t, named_log_t)
+ create_files_pattern(named_t, named_log_t, named_log_t)
+@@ -100,6 +103,8 @@ manage_files_pattern(named_t, named_var_run_t, named_var_run_t)
+ manage_sock_files_pattern(named_t, named_var_run_t, named_var_run_t)
+ files_pid_filetrans(named_t, named_var_run_t, { dir file sock_file })
+
++can_exec(named_t, named_exec_t)
++
+ allow named_t named_zone_t:dir list_dir_perms;
+ read_files_pattern(named_t, named_zone_t, named_zone_t)
+ read_lnk_files_pattern(named_t, named_zone_t, named_zone_t)
+@@ -182,7 +187,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(named, named_t)
++ kerberos_read_keytab(named_t)
++ kerberos_use(named_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
+index d865049..41bb279 100644
+--- a/policy/modules/contrib/cron.te
++++ b/policy/modules/contrib/cron.te
+@@ -1,4 +1,4 @@
+-policy_module(cron, 2.6.0)
++policy_module(cron, 2.6.1)
+
+ gen_require(`
+ class passwd rootok;
+@@ -701,22 +701,22 @@ optional_policy(`
+ # Unconfined local policy
+ #
+
+-optional_policy(`
+- type unconfined_cronjob_t;
+- domain_type(unconfined_cronjob_t)
+- domain_cron_exemption_target(unconfined_cronjob_t)
++type unconfined_cronjob_t;
++domain_type(unconfined_cronjob_t)
++domain_cron_exemption_target(unconfined_cronjob_t)
+
+- dontaudit crond_t unconfined_cronjob_t:process { noatsecure siginh rlimitinh };
++dontaudit crond_t unconfined_cronjob_t:process { noatsecure siginh rlimitinh };
+
+- unconfined_domain(unconfined_cronjob_t)
++tunable_policy(`cron_userdomain_transition',`
++ dontaudit crond_t unconfined_cronjob_t:process transition;
++ dontaudit crond_t unconfined_cronjob_t:fd use;
++ dontaudit crond_t unconfined_cronjob_t:key manage_key_perms;
++',`
++ allow crond_t unconfined_cronjob_t:process transition;
++ allow crond_t unconfined_cronjob_t:fd use;
++ allow crond_t unconfined_cronjob_t:key manage_key_perms;
++')
+
+- tunable_policy(`cron_userdomain_transition',`
+- dontaudit crond_t unconfined_cronjob_t:process transition;
+- dontaudit crond_t unconfined_cronjob_t:fd use;
+- dontaudit crond_t unconfined_cronjob_t:key manage_key_perms;
+- ',`
+- allow crond_t unconfined_cronjob_t:process transition;
+- allow crond_t unconfined_cronjob_t:fd use;
+- allow crond_t unconfined_cronjob_t:key manage_key_perms;
+- ')
++optional_policy(`
++ unconfined_domain(unconfined_cronjob_t)
+ ')
+diff --git a/policy/modules/contrib/cvs.if b/policy/modules/contrib/cvs.if
+index 9fa7ffb..64775fd 100644
+--- a/policy/modules/contrib/cvs.if
++++ b/policy/modules/contrib/cvs.if
+@@ -59,7 +59,7 @@ interface(`cvs_exec',`
+ interface(`cvs_admin',`
+ gen_require(`
+ type cvs_t, cvs_tmp_t, cvs_initrc_exec_t;
+- type cvs_data_t, cvs_var_run_t;
++ type cvs_data_t, cvs_var_run_t, cvs_keytab_t;
+ ')
+
+ allow $1 cvs_t:process { ptrace signal_perms };
+@@ -70,6 +70,9 @@ interface(`cvs_admin',`
+ role_transition $2 cvs_initrc_exec_t system_r;
+ allow $2 system_r;
+
++ files_search_etc($1)
++ admin_pattern($1, cvs_keytab_t)
++
+ files_list_tmp($1)
+ admin_pattern($1, cvs_tmp_t)
+
+diff --git a/policy/modules/contrib/cvs.te b/policy/modules/contrib/cvs.te
+index 6c544e5..17df324 100644
+--- a/policy/modules/contrib/cvs.te
++++ b/policy/modules/contrib/cvs.te
+@@ -1,4 +1,4 @@
+-policy_module(cvs, 1.10.0)
++policy_module(cvs, 1.10.1)
+
+ ########################################
+ #
+@@ -24,6 +24,9 @@ files_type(cvs_data_t)
+ type cvs_initrc_exec_t;
+ init_script_file(cvs_initrc_exec_t)
+
++type cvs_keytab_t;
++files_type(cvs_keytab_t)
++
+ type cvs_tmp_t;
+ files_tmp_file(cvs_tmp_t)
+
+@@ -44,6 +47,8 @@ manage_dirs_pattern(cvs_t, cvs_data_t, cvs_data_t)
+ manage_files_pattern(cvs_t, cvs_data_t, cvs_data_t)
+ manage_lnk_files_pattern(cvs_t, cvs_data_t, cvs_data_t)
+
++allow cvs_t cvs_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(cvs_t, cvs_tmp_t, cvs_tmp_t)
+ manage_files_pattern(cvs_t, cvs_tmp_t, cvs_tmp_t)
+ files_tmp_filetrans(cvs_t, cvs_tmp_t, { dir file })
+@@ -87,8 +92,9 @@ tunable_policy(`allow_cvs_read_shadow',`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(cvs, cvs_t)
+ kerberos_read_config(cvs_t)
++ kerberos_read_keytab(cvs_t)
++ kerberos_use(cvs_t)
+ kerberos_dontaudit_write_config(cvs_t)
+ ')
+
+diff --git a/policy/modules/contrib/cyrus.if b/policy/modules/contrib/cyrus.if
+index 6508280..83bfda6 100644
+--- a/policy/modules/contrib/cyrus.if
++++ b/policy/modules/contrib/cyrus.if
+@@ -61,6 +61,7 @@ interface(`cyrus_admin',`
+ gen_require(`
+ type cyrus_t, cyrus_tmp_t, cyrus_var_lib_t;
+ type cyrus_var_run_t, cyrus_initrc_exec_t;
++ type cyrus_keytab_t;
+ ')
+
+ allow $1 cyrus_t:process { ptrace signal_perms };
+@@ -71,6 +72,9 @@ interface(`cyrus_admin',`
+ role_transition $2 cyrus_initrc_exec_t system_r;
+ allow $2 system_r;
+
++ files_list_etc($1)
++ admin_pattern($1, cyrus_keytab_t)
++
+ files_list_tmp($1)
+ admin_pattern($1, cyrus_tmp_t)
+
+diff --git a/policy/modules/contrib/cyrus.te b/policy/modules/contrib/cyrus.te
+index 0cef3ef..4283f2d 100644
+--- a/policy/modules/contrib/cyrus.te
++++ b/policy/modules/contrib/cyrus.te
+@@ -1,4 +1,4 @@
+-policy_module(cyrus, 1.13.0)
++policy_module(cyrus, 1.13.1)
+
+ ########################################
+ #
+@@ -12,6 +12,9 @@ init_daemon_domain(cyrus_t, cyrus_exec_t)
+ type cyrus_initrc_exec_t;
+ init_script_file(cyrus_initrc_exec_t)
+
++type cyrus_keytab_t;
++files_type(cyrus_keytab_t)
++
+ type cyrus_tmp_t;
+ files_tmp_file(cyrus_tmp_t)
+
+@@ -41,6 +44,8 @@ allow cyrus_t self:unix_dgram_socket sendto;
+ allow cyrus_t self:unix_stream_socket { accept connectto listen };
+ allow cyrus_t self:tcp_socket { accept listen };
+
++allow cyrus_t cyrus_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(cyrus_t, cyrus_tmp_t, cyrus_tmp_t)
+ manage_files_pattern(cyrus_t, cyrus_tmp_t, cyrus_tmp_t)
+ files_tmp_filetrans(cyrus_t, cyrus_tmp_t, { dir file })
+@@ -116,7 +121,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(cyrus, cyrus_t)
++ kerberos_read_keytab(cyrus_t)
++ kerberos_use(cyrus_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/dovecot.if b/policy/modules/contrib/dovecot.if
+index dbcac59..d5badb7 100644
+--- a/policy/modules/contrib/dovecot.if
++++ b/policy/modules/contrib/dovecot.if
+@@ -143,6 +143,7 @@ interface(`dovecot_admin',`
+ type dovecot_spool_t, dovecot_var_lib_t, dovecot_initrc_exec_t;
+ type dovecot_var_run_t, dovecot_cert_t, dovecot_passwd_t;
+ type dovecot_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t;
++ type dovecot_keytab_t;
+ ')
+
+ allow $1 dovecot_t:process { ptrace signal_perms };
+@@ -154,7 +155,7 @@ interface(`dovecot_admin',`
+ allow $2 system_r;
+
+ files_list_etc($1)
+- admin_pattern($1, dovecot_etc_t)
++ admin_pattern($1, { dovecot_keytab_t dovecot_etc_t })
+
+ logging_list_logs($1)
+ admin_pattern($1, dovecot_var_log_t)
+diff --git a/policy/modules/contrib/dovecot.te b/policy/modules/contrib/dovecot.te
+index 3a6e733..0aabc7e 100644
+--- a/policy/modules/contrib/dovecot.te
++++ b/policy/modules/contrib/dovecot.te
+@@ -1,4 +1,4 @@
+-policy_module(dovecot, 1.16.0)
++policy_module(dovecot, 1.16.1)
+
+ ########################################
+ #
+@@ -38,6 +38,9 @@ files_config_file(dovecot_etc_t)
+ type dovecot_initrc_exec_t;
+ init_script_file(dovecot_initrc_exec_t)
+
++type dovecot_keytab_t;
++files_type(dovecot_keytab_t)
++
+ type dovecot_passwd_t;
+ files_type(dovecot_passwd_t)
+
+@@ -99,6 +102,8 @@ allow dovecot_t dovecot_cert_t:dir list_dir_perms;
+ allow dovecot_t dovecot_cert_t:file read_file_perms;
+ allow dovecot_t dovecot_cert_t:lnk_file read_lnk_file_perms;
+
++allow dovecot_t dovecot_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
+ manage_files_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
+ files_tmp_filetrans(dovecot_t, dovecot_tmp_t, { file dir })
+@@ -182,9 +187,10 @@ tunable_policy(`use_samba_home_dirs',`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(dovecot, dovecot_t)
+ kerberos_manage_host_rcache(dovecot_t)
++ kerberos_read_keytab(dovecot_t)
+ kerberos_tmp_filetrans_host_rcache(dovecot_t, file, "imap_0")
++ kerberos_use(dovecot_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/exim.if b/policy/modules/contrib/exim.if
+index 6041113..94a8269 100644
+--- a/policy/modules/contrib/exim.if
++++ b/policy/modules/contrib/exim.if
+@@ -244,6 +244,7 @@ interface(`exim_admin',`
+ gen_require(`
+ type exim_t, exim_spool_t, exim_log_t;
+ type exim_var_run_t, exim_initrc_exec_t, exim_tmp_t;
++ type exim_keytab_t;
+ ')
+
+ allow $1 exim_t:process { ptrace signal_perms };
+@@ -254,6 +255,9 @@ interface(`exim_admin',`
+ role_transition $2 exim_initrc_exec_t system_r;
+ allow $2 system_r;
+
++ files_search_etc($1)
++ admin_pattern($1, exim_keytab_t)
++
+ files_search_spool($1)
+ admin_pattern($1, exim_spool_t)
+
+diff --git a/policy/modules/contrib/exim.te b/policy/modules/contrib/exim.te
+index c9c04ee..7e8cf42 100644
+--- a/policy/modules/contrib/exim.te
++++ b/policy/modules/contrib/exim.te
+@@ -1,4 +1,4 @@
+-policy_module(exim, 1.6.0)
++policy_module(exim, 1.6.1)
+
+ ########################################
+ #
+@@ -45,6 +45,9 @@ mta_agent_executable(exim_exec_t)
+ type exim_initrc_exec_t;
+ init_script_file(exim_initrc_exec_t)
+
++type exim_keytab_t;
++files_type(exim_keytab_t)
++
+ type exim_log_t;
+ logging_log_file(exim_log_t)
+
+@@ -68,6 +71,8 @@ allow exim_t self:fifo_file rw_fifo_file_perms;
+ allow exim_t self:unix_stream_socket { accept listen };
+ allow exim_t self:tcp_socket { accept listen };
+
++allow exim_t exim_keytab_t:file read_file_perms;
++
+ append_files_pattern(exim_t, exim_log_t, exim_log_t)
+ create_files_pattern(exim_t, exim_log_t, exim_log_t)
+ setattr_files_pattern(exim_t, exim_log_t, exim_log_t)
+@@ -188,7 +193,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(exim, exim_t)
++ kerberos_read_keytab(exim_t)
++ kerberos_use(exim_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
+index d062080..4498143 100644
+--- a/policy/modules/contrib/ftp.if
++++ b/policy/modules/contrib/ftp.if
+@@ -176,6 +176,7 @@ interface(`ftp_admin',`
+ type ftpd_etc_t, ftpd_lock_t, sftpd_t;
+ type ftpd_var_run_t, xferlog_t, anon_sftpd_t;
+ type ftpd_initrc_exec_t, ftpdctl_tmp_t;
++ type ftpd_keytab_t;
+ ')
+
+ allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd }:process { ptrace signal_perms };
+@@ -192,7 +193,7 @@ interface(`ftp_admin',`
+ admin_pattern($1, { ftpd_tmp_t ftpdctl_tmp_t })
+
+ files_list_etc($1)
+- admin_pattern($1, ftpd_etc_t)
++ admin_pattern($1, { ftpd_etc_t ftpd_keytab_t })
+
+ files_list_var($1)
+ admin_pattern($1, ftpd_lock_t)
+diff --git a/policy/modules/contrib/ftp.te b/policy/modules/contrib/ftp.te
+index 544c512..36838c2 100644
+--- a/policy/modules/contrib/ftp.te
++++ b/policy/modules/contrib/ftp.te
+@@ -1,4 +1,4 @@
+-policy_module(ftp, 1.15.0)
++policy_module(ftp, 1.15.1)
+
+ ########################################
+ #
+@@ -124,6 +124,9 @@ files_config_file(ftpd_etc_t)
+ type ftpd_initrc_exec_t;
+ init_script_file(ftpd_initrc_exec_t)
+
++type ftpd_keytab_t;
++files_type(ftpd_keytab_t)
++
+ type ftpd_lock_t;
+ files_lock_file(ftpd_lock_t)
+
+@@ -176,6 +179,8 @@ allow ftpd_t self:key manage_key_perms;
+
+ allow ftpd_t ftpd_etc_t:file read_file_perms;
+
++allow ftpd_t ftpd_keytab_t:file read_file_perms;
++
+ allow ftpd_t ftpd_lock_t:file manage_file_perms;
+ files_lock_filetrans(ftpd_t, ftpd_lock_t, file)
+
+@@ -359,8 +364,9 @@ optional_policy(`
+ optional_policy(`
+ selinux_validate_context(ftpd_t)
+
+- kerberos_keytab_template(ftpd, ftpd_t)
++ kerberos_read_keytab(ftpd_t)
+ kerberos_tmp_filetrans_host_rcache(ftpd_t, file, "host_0")
++ kerberos_use(ftpd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/kerberos.if b/policy/modules/contrib/kerberos.if
+index f9de9fc..f6c00d8 100644
+--- a/policy/modules/contrib/kerberos.if
++++ b/policy/modules/contrib/kerberos.if
+@@ -354,22 +354,7 @@ interface(`kerberos_etc_filetrans_keytab',`
+ ## </param>
+ #
+ template(`kerberos_keytab_template',`
+-
+- ########################################
+- #
+- # Declarations
+- #
+-
+- type $1_keytab_t;
+- files_type($1_keytab_t)
+-
+- ########################################
+- #
+- # Policy
+- #
+-
+- allow $2 $1_keytab_t:file read_file_perms;
+-
++ refpolicywarn(`$0($*) has been deprecated.')
+ kerberos_read_keytab($2)
+ kerberos_use($2)
+ ')
+diff --git a/policy/modules/contrib/ldap.if b/policy/modules/contrib/ldap.if
+index de2508e..7f09b4a 100644
+--- a/policy/modules/contrib/ldap.if
++++ b/policy/modules/contrib/ldap.if
+@@ -116,7 +116,7 @@ interface(`ldap_admin',`
+ type slapd_t, slapd_tmp_t, slapd_replog_t;
+ type slapd_lock_t, slapd_etc_t, slapd_var_run_t;
+ type slapd_initrc_exec_t, slapd_log_t, slapd_cert_t;
+- type slapd_db_t;
++ type slapd_db_t, slapd_keytab_t;
+ ')
+
+ allow $1 slapd_t:process { ptrace signal_perms };
+@@ -128,7 +128,7 @@ interface(`ldap_admin',`
+ allow $2 system_r;
+
+ files_list_etc($1)
+- admin_pattern($1, { slapd_etc_t slapd_db_t slapd_cert_t })
++ admin_pattern($1, { slapd_etc_t slapd_db_t slapd_cert_t slapd_keytab_t })
+
+ files_list_locks($1)
+ admin_pattern($1, slapd_lock_t)
+diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te
+index 71b00f8..131dc88 100644
+--- a/policy/modules/contrib/ldap.te
++++ b/policy/modules/contrib/ldap.te
+@@ -1,4 +1,4 @@
+-policy_module(ldap, 1.11.0)
++policy_module(ldap, 1.11.1)
+
+ ########################################
+ #
+@@ -21,6 +21,9 @@ files_config_file(slapd_etc_t)
+ type slapd_initrc_exec_t;
+ init_script_file(slapd_initrc_exec_t)
+
++type slapd_keytab_t;
++files_type(slapd_keytab_t)
++
+ type slapd_lock_t;
+ files_lock_file(slapd_lock_t)
+
+@@ -60,6 +63,8 @@ manage_lnk_files_pattern(slapd_t, slapd_db_t, slapd_db_t)
+
+ allow slapd_t slapd_etc_t:file read_file_perms;
+
++allow slapd_t slapd_keytab_t:file read_file_perms;
++
+ allow slapd_t slapd_lock_t:file manage_file_perms;
+ files_lock_filetrans(slapd_t, slapd_lock_t, file)
+
+@@ -131,11 +136,12 @@ ifdef(`distro_gentoo',`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(slapd, slapd_t)
+ kerberos_manage_host_rcache(slapd_t)
++ kerberos_read_keytab(slapd_t)
+ kerberos_tmp_filetrans_host_rcache(slapd_t, file, "ldapmap1_0")
+ kerberos_tmp_filetrans_host_rcache(slapd_t, file, "ldap_487")
+ kerberos_tmp_filetrans_host_rcache(slapd_t, file, "ldap_55")
++ kerberos_use(slapd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/postfix.if b/policy/modules/contrib/postfix.if
+index 6e26d71..8e7d1e7 100644
+--- a/policy/modules/contrib/postfix.if
++++ b/policy/modules/contrib/postfix.if
+@@ -714,6 +714,7 @@ interface(`postfix_admin',`
+ type postfix_initrc_exec_t, postfix_prng_t, postfix_etc_t;
+ type postfix_data_t, postfix_var_run_t, postfix_public_t;
+ type postfix_private_t, postfix_map_tmp_t, postfix_exec_t;
++ type postfix_keytab_t;
+ ')
+
+ allow $1 postfix_domain:process { ptrace signal_perms };
+@@ -725,7 +726,7 @@ interface(`postfix_admin',`
+ allow $2 system_r;
+
+ files_search_etc($1)
+- admin_pattern($1, { postfix_prng_t postfix_etc_t postfix_exec_t })
++ admin_pattern($1, { postfix_prng_t postfix_etc_t postfix_exec_t postfix_keytab_t })
+
+ files_search_spool($1)
+ admin_pattern($1, { postfix_public_t postfix_private_t postfix_spool_type })
+diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
+index 0cb7938..dd7259f 100644
+--- a/policy/modules/contrib/postfix.te
++++ b/policy/modules/contrib/postfix.te
+@@ -1,4 +1,4 @@
+-policy_module(postfix, 1.15.0)
++policy_module(postfix, 1.15.1)
+
+ ########################################
+ #
+@@ -36,6 +36,9 @@ files_config_file(postfix_etc_t)
+ type postfix_exec_t;
+ application_executable_file(postfix_exec_t)
+
++type postfix_keytab_t;
++files_type(postfix_keytab_t)
++
+ postfix_server_domain_template(local)
+ mta_mailserver_delivery(postfix_local_t)
+
+@@ -209,6 +212,8 @@ allow postfix_master_t postfix_etc_t:file rw_file_perms;
+ allow postfix_master_t postfix_data_t:dir manage_dir_perms;
+ allow postfix_master_t postfix_data_t:file manage_file_perms;
+
++allow postfix_master_t postfix_keytab_t:file read_file_perms;
++
+ allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
+
+ allow postfix_master_t { postfix_postdrop_exec_t postfix_postqueue_exec_t }:file getattr_file_perms;
+@@ -314,7 +319,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(postfix, postfix_t)
++ kerberos_read_keytab(postfix_master_t)
++ kerberos_use(postfix_master_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/procmail.te b/policy/modules/contrib/procmail.te
+index fbbc398..cc426e6 100644
+--- a/policy/modules/contrib/procmail.te
++++ b/policy/modules/contrib/procmail.te
+@@ -1,4 +1,4 @@
+-policy_module(procmail, 1.13.0)
++policy_module(procmail, 1.13.1)
+
+ ########################################
+ #
+@@ -122,7 +122,7 @@ optional_policy(`
+ postfix_read_spool_files(procmail_t)
+ postfix_read_local_state(procmail_t)
+ postfix_read_master_state(procmail_t)
+- postfix_rw_master_pipes(procmail_t)
++ postfix_rw_inherited_master_pipes(procmail_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/qmail.te b/policy/modules/contrib/qmail.te
+index 83cccf9..8742944 100644
+--- a/policy/modules/contrib/qmail.te
++++ b/policy/modules/contrib/qmail.te
+@@ -1,4 +1,4 @@
+-policy_module(qmail, 1.6.0)
++policy_module(qmail, 1.6.1)
+
+ ########################################
+ #
+@@ -42,6 +42,9 @@ qmail_child_domain_template(qmail_send, qmail_start_t)
+ qmail_child_domain_template(qmail_smtpd, qmail_tcp_env_t)
+ qmail_child_domain_template(qmail_splogger, qmail_start_t)
+
++type qmail_keytab_t;
++files_type(qmail_keytab_t)
++
+ type qmail_spool_t;
+ files_type(qmail_spool_t)
+
+@@ -241,6 +244,8 @@ allow qmail_smtpd_t self:process signal_perms;
+ allow qmail_smtpd_t self:fifo_file write_fifo_file_perms;
+ allow qmail_smtpd_t self:tcp_socket create_socket_perms;
+
++allow qmail_smtpd_t qmail_keytab_t:file read_file_perms;
++
+ allow qmail_smtpd_t qmail_queue_exec_t:file read_file_perms;
+
+ dev_read_rand(qmail_smtpd_t)
+@@ -253,7 +258,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(qmail, qmail_smtpd_t)
++ kerberos_read_keytab(qmail_smtpd_t)
++ kerberos_use(qmail_smtpd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/rlogin.te b/policy/modules/contrib/rlogin.te
+index 20696cc..5916f81 100644
+--- a/policy/modules/contrib/rlogin.te
++++ b/policy/modules/contrib/rlogin.te
+@@ -1,4 +1,4 @@
+-policy_module(rlogin, 1.11.0)
++policy_module(rlogin, 1.11.1)
+
+ ########################################
+ #
+@@ -16,6 +16,9 @@ term_login_pty(rlogind_devpts_t)
+ type rlogind_home_t;
+ userdom_user_home_content(rlogind_home_t)
+
++type rlogind_keytab_t;
++files_type(rlogind_keytab_t)
++
+ type rlogind_tmp_t;
+ files_tmp_file(rlogind_tmp_t)
+
+@@ -37,6 +40,8 @@ term_create_pty(rlogind_t, rlogind_devpts_t)
+
+ allow rlogind_t rlogind_home_t:file read_file_perms;
+
++allow rlogind_t rlogind_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(rlogind_t, rlogind_tmp_t, rlogind_tmp_t)
+ manage_files_pattern(rlogind_t, rlogind_tmp_t, rlogind_tmp_t)
+ files_tmp_filetrans(rlogind_t, rlogind_tmp_t, { dir file })
+@@ -98,9 +103,10 @@ tunable_policy(`use_samba_home_dirs',`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(rlogind, rlogind_t)
++ kerberos_read_keytab(rlogind_t)
+ kerberos_tmp_filetrans_host_rcache(rlogind_t, file, "host_0")
+ kerberos_manage_host_rcache(rlogind_t)
++ kerberos_use(rlogind_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/rpc.if b/policy/modules/contrib/rpc.if
+index 07f5eb0..157afd9 100644
+--- a/policy/modules/contrib/rpc.if
++++ b/policy/modules/contrib/rpc.if
+@@ -394,7 +394,7 @@ interface(`rpc_admin',`
+ attribute rpc_domain;
+ type nfsd_initrc_exec_t, rpcd_initrc_exec_t, exports_t;
+ type var_lib_nfs_t, rpcd_var_run_t, gssd_tmp_t;
+- type nfsd_ro_t, nfsd_rw_t;
++ type nfsd_ro_t, nfsd_rw_t, gssd_keytab_t;
+ ')
+
+ allow $1 rpc_domain:process { ptrace signal_perms };
+@@ -406,7 +406,7 @@ interface(`rpc_admin',`
+ allow $2 system_r;
+
+ files_list_etc($1)
+- admin_pattern($1, exports_t)
++ admin_pattern($1, { gssd_keytab_t exports_t })
+
+ files_list_var_lib($1)
+ admin_pattern($1, var_lib_nfs_t)
+diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
+index 1e6b44d..a8de8bd 100644
+--- a/policy/modules/contrib/rpc.te
++++ b/policy/modules/contrib/rpc.te
+@@ -1,4 +1,4 @@
+-policy_module(rpc, 1.15.0)
++policy_module(rpc, 1.15.1)
+
+ ########################################
+ #
+@@ -30,6 +30,9 @@ files_config_file(exports_t)
+
+ rpc_domain_template(gssd)
+
++type gssd_keytab_t;
++files_type(gssd_keytab_t)
++
+ type gssd_tmp_t;
+ files_tmp_file(gssd_tmp_t)
+
+@@ -271,6 +274,8 @@ allow gssd_t self:capability { dac_override dac_read_search setuid sys_nice };
+ allow gssd_t self:process { getsched setsched };
+ allow gssd_t self:fifo_file rw_fifo_file_perms;
+
++allow gssd_t gssd_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
+ manage_files_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
+ files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
+@@ -309,9 +314,10 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(gssd, gssd_t)
+ kerberos_manage_host_rcache(gssd_t)
++ kerberos_read_keytab(gssd_t)
+ kerberos_tmp_filetrans_host_rcache(gssd_t, file, "nfs_0")
++ kerberos_use(gssd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/rshd.te b/policy/modules/contrib/rshd.te
+index 575e3e3..864e089 100644
+--- a/policy/modules/contrib/rshd.te
++++ b/policy/modules/contrib/rshd.te
+@@ -1,4 +1,4 @@
+-policy_module(rshd, 1.8.0)
++policy_module(rshd, 1.8.1)
+
+ ########################################
+ #
+@@ -10,6 +10,9 @@ type rshd_exec_t;
+ auth_login_pgm_domain(rshd_t)
+ inetd_tcp_service_domain(rshd_t, rshd_exec_t)
+
++type rshd_keytab_t;
++files_type(rshd_keytab_t)
++
+ ########################################
+ #
+ # Local policy
+@@ -20,6 +23,8 @@ allow rshd_t self:process { signal_perms setsched setpgid setexec };
+ allow rshd_t self:fifo_file rw_fifo_file_perms;
+ allow rshd_t self:tcp_socket create_stream_socket_perms;
+
++allow rshd_t rshd_keytab_t:file read_file_perms;
++
+ kernel_read_kernel_sysctls(rshd_t)
+
+ corenet_all_recvfrom_unlabeled(rshd_t)
+@@ -54,9 +59,10 @@ tunable_policy(`use_samba_home_dirs',`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(rshd, rshd_t)
+ kerberos_manage_host_rcache(rshd_t)
++ kerberos_read_keytab(rshd_t)
+ kerberos_tmp_filetrans_host_rcache(rshd_t, file, "host_0")
++ kerberos_use(rshd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/samba.if b/policy/modules/contrib/samba.if
+index aee75af..50d07fb 100644
+--- a/policy/modules/contrib/samba.if
++++ b/policy/modules/contrib/samba.if
+@@ -689,6 +689,7 @@ interface(`samba_admin',`
+ type samba_etc_t, samba_share_t, samba_initrc_exec_t;
+ type swat_var_run_t, swat_tmp_t, winbind_log_t;
+ type winbind_var_run_t, winbind_tmp_t;
++ type smbd_keytab_t;
+ ')
+
+ allow $1 { nmbd_t smbd_t }:process { ptrace signal_perms };
+@@ -700,7 +701,7 @@ interface(`samba_admin',`
+ allow $2 system_r;
+
+ files_list_etc($1)
+- admin_pattern($1, samba_etc_t)
++ admin_pattern($1, { samba_etc_t smbd_keytab_t })
+
+ logging_list_logs($1)
+ admin_pattern($1, { samba_log_t winbind_log_t })
+diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
+index 54b89a6..98daaef 100644
+--- a/policy/modules/contrib/samba.te
++++ b/policy/modules/contrib/samba.te
+@@ -1,4 +1,4 @@
+-policy_module(samba, 1.16.0)
++policy_module(samba, 1.16.1)
+
+ #################################
+ #
+@@ -142,6 +142,9 @@ type smbd_t;
+ type smbd_exec_t;
+ init_daemon_domain(smbd_t, smbd_exec_t)
+
++type smbd_keytab_t;
++files_type(smbd_keytab_t)
++
+ type smbd_tmp_t;
+ files_tmp_file(smbd_tmp_t)
+
+@@ -271,6 +274,8 @@ allow smbd_t { swat_t winbind_t smbcontrol_t nmbd_t }:process { signal signull }
+
+ allow smbd_t samba_etc_t:file { rw_file_perms setattr_file_perms };
+
++allow smbd_t smbd_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(smbd_t, samba_log_t, samba_log_t)
+ append_files_pattern(smbd_t, samba_log_t, samba_log_t)
+ create_files_pattern(smbd_t, samba_log_t, samba_log_t)
+@@ -468,8 +473,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
++ kerberos_read_keytab(smbd_t)
+ kerberos_use(smbd_t)
+- kerberos_keytab_template(smbd, smbd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/sasl.if b/policy/modules/contrib/sasl.if
+index b2f388a..8c3c151 100644
+--- a/policy/modules/contrib/sasl.if
++++ b/policy/modules/contrib/sasl.if
+@@ -39,6 +39,7 @@ interface(`sasl_connect',`
+ interface(`sasl_admin',`
+ gen_require(`
+ type saslauthd_t, saslauthd_var_run_t, saslauthd_initrc_exec_t;
++ type saslauthd_keytab_t;
+ ')
+
+ allow $1 saslauthd_t:process { ptrace signal_perms };
+@@ -49,6 +50,9 @@ interface(`sasl_admin',`
+ role_transition $2 saslauthd_initrc_exec_t system_r;
+ allow $2 system_r;
+
++ files_list_etc($1)
++ admin_pattern($1, saslauthd_keytab_t)
++
+ files_list_pids($1)
+ admin_pattern($1, saslauthd_var_run_t)
+ ')
+diff --git a/policy/modules/contrib/sasl.te b/policy/modules/contrib/sasl.te
+index 20ebffb..6c3bc20 100644
+--- a/policy/modules/contrib/sasl.te
++++ b/policy/modules/contrib/sasl.te
+@@ -1,4 +1,4 @@
+-policy_module(sasl, 1.15.0)
++policy_module(sasl, 1.15.1)
+
+ ########################################
+ #
+@@ -20,6 +20,9 @@ init_daemon_domain(saslauthd_t, saslauthd_exec_t)
+ type saslauthd_initrc_exec_t;
+ init_script_file(saslauthd_initrc_exec_t)
+
++type saslauthd_keytab_t;
++files_type(saslauthd_keytab_t)
++
+ type saslauthd_var_run_t;
+ files_pid_file(saslauthd_var_run_t)
+
+@@ -34,6 +37,8 @@ allow saslauthd_t self:process { setsched signal_perms };
+ allow saslauthd_t self:fifo_file rw_fifo_file_perms;
+ allow saslauthd_t self:unix_stream_socket { accept listen };
+
++allow saslauthd_t saslauthd_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
+ manage_files_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
+ manage_sock_files_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
+@@ -92,9 +97,10 @@ tunable_policy(`allow_saslauthd_read_shadow',`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(saslauthd, saslauthd_t)
++ kerberos_read_keytab(saslauthd_t)
+ kerberos_manage_host_rcache(saslauthd_t)
+ kerberos_tmp_filetrans_host_rcache(saslauthd_t, file, "host_0")
++ kerberos_use(saslauthd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/sendmail.if b/policy/modules/contrib/sendmail.if
+index 88e753f..35ad2a7 100644
+--- a/policy/modules/contrib/sendmail.if
++++ b/policy/modules/contrib/sendmail.if
+@@ -354,6 +354,7 @@ interface(`sendmail_admin',`
+ gen_require(`
+ type sendmail_t, sendmail_initrc_exec_t, sendmail_log_t;
+ type sendmail_tmp_t, sendmail_var_run_t, unconfined_sendmail_t;
++ type sendmail_keytab_t;
+ ')
+
+ allow $1 { unconfined_sendmail_t sendmail_t }:process { ptrace signal_perms };
+@@ -363,6 +364,9 @@ interface(`sendmail_admin',`
+ domain_system_change_exemption($1)
+ role_transition $2 sendmail_initrc_exec_t system_r;
+
++ files_list_etc($1)
++ admin_pattern($1, sendmail_keytab_t)
++
+ logging_list_logs($1)
+ admin_pattern($1, sendmail_log_t)
+
+diff --git a/policy/modules/contrib/sendmail.te b/policy/modules/contrib/sendmail.te
+index 320db21..12700b4 100644
+--- a/policy/modules/contrib/sendmail.te
++++ b/policy/modules/contrib/sendmail.te
+@@ -1,4 +1,4 @@
+-policy_module(sendmail, 1.12.0)
++policy_module(sendmail, 1.12.1)
+
+ ########################################
+ #
+@@ -13,6 +13,9 @@ roleattribute system_r sendmail_unconfined_roles;
+ type sendmail_initrc_exec_t;
+ init_script_file(sendmail_initrc_exec_t)
+
++type sendmail_keytab_t;
++files_type(sendmail_keytab_t)
++
+ type sendmail_log_t;
+ logging_log_file(sendmail_log_t)
+
+@@ -43,6 +46,8 @@ allow sendmail_t self:fifo_file rw_fifo_file_perms;
+ allow sendmail_t self:unix_stream_socket { accept listen };
+ allow sendmail_t self:tcp_socket { accept listen };
+
++allow sendmail_t sendmail_keytab_t:file read_file_perms;
++
+ allow sendmail_t sendmail_log_t:dir setattr_dir_perms;
+ append_files_pattern(sendmail_t, sendmail_log_t, sendmail_log_t)
+ create_files_pattern(sendmail_t, sendmail_log_t, sendmail_log_t)
+@@ -154,7 +159,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(sendmail, sendmail_t)
++ kerberos_read_keytab(sendmail_t)
++ kerberos_use(sendmail_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/spamassassin.te b/policy/modules/contrib/spamassassin.te
+index 02fba54..cc58e35 100644
+--- a/policy/modules/contrib/spamassassin.te
++++ b/policy/modules/contrib/spamassassin.te
+@@ -1,4 +1,4 @@
+-policy_module(spamassassin, 2.6.0)
++policy_module(spamassassin, 2.6.1)
+
+ ########################################
+ #
+@@ -262,7 +262,7 @@ optional_policy(`
+ postfix_domtrans_postdrop(spamc_t)
+ postfix_search_spool(spamc_t)
+ postfix_rw_local_pipes(spamc_t)
+- postfix_rw_master_pipes(spamc_t)
++ postfix_rw_inherited_master_pipes(spamc_t)
+ ')
+
+ ########################################
+diff --git a/policy/modules/contrib/telnet.te b/policy/modules/contrib/telnet.te
+index b9e2061..bcef8b5 100644
+--- a/policy/modules/contrib/telnet.te
++++ b/policy/modules/contrib/telnet.te
+@@ -1,4 +1,4 @@
+-policy_module(telnet, 1.11.0)
++policy_module(telnet, 1.11.1)
+
+ ########################################
+ #
+@@ -12,6 +12,9 @@ inetd_service_domain(telnetd_t, telnetd_exec_t)
+ type telnetd_devpts_t;
+ term_login_pty(telnetd_devpts_t)
+
++type telnetd_keytab_t;
++files_type(telnetd_keytab_t)
++
+ type telnetd_tmp_t;
+ files_tmp_file(telnetd_tmp_t)
+
+@@ -30,6 +33,8 @@ allow telnetd_t self:fifo_file rw_fifo_file_perms;
+ allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms };
+ term_create_pty(telnetd_t, telnetd_devpts_t)
+
++allow telnetd_t telnetd_keytab_t:file read_file_perms;
++
+ manage_dirs_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
+ manage_files_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
+ files_tmp_filetrans(telnetd_t, telnetd_tmp_t, { file dir })
+@@ -85,9 +90,10 @@ tunable_policy(`use_samba_home_dirs',`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(telnetd, telnetd_t)
++ kerberos_read_keytab(telnetd_t)
+ kerberos_tmp_filetrans_host_rcache(telnetd_t, file, "host_0")
+ kerberos_manage_host_rcache(telnetd_t)
++ kerberos_use(telnetd_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/contrib/virt.if b/policy/modules/contrib/virt.if
+index e30a42e..c8bc302 100644
+--- a/policy/modules/contrib/virt.if
++++ b/policy/modules/contrib/virt.if
+@@ -1148,7 +1148,7 @@ interface(`virt_admin',`
+ type virt_bridgehelper_t, virt_qmf_t, virt_var_lib_t;
+ type virt_var_run_t, virt_tmp_t, virt_log_t;
+ type virt_lock_t, svirt_var_run_t, virt_etc_rw_t;
+- type virt_etc_t, svirt_cache_t;
++ type virt_etc_t, svirt_cache_t, virtd_keytab_t;
+ ')
+
+ allow $1 { virt_domain svirt_lxc_domain virtd_t }:process { ptrace signal_perms };
+@@ -1168,7 +1168,7 @@ interface(`virt_admin',`
+ admin_pattern($1, { virt_tmp_type virt_tmp_t })
+
+ files_search_etc($1)
+- admin_pattern($1, { virt_etc_t virt_etc_rw_t })
++ admin_pattern($1, { virt_etc_t virt_etc_rw_t virtd_keytab_t })
+
+ logging_search_logs($1)
+ admin_pattern($1, virt_log_t)
+diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
+index 9230f0d..f2916f7 100644
+--- a/policy/modules/contrib/virt.te
++++ b/policy/modules/contrib/virt.te
+@@ -1,4 +1,4 @@
+-policy_module(virt, 1.7.0)
++policy_module(virt, 1.7.1)
+
+ ########################################
+ #
+@@ -142,6 +142,9 @@ domain_subj_id_change_exemption(virtd_t)
+ type virtd_initrc_exec_t;
+ init_script_file(virtd_initrc_exec_t)
+
++type virtd_keytab_t;
++files_type(virtd_keytab_t)
++
+ ifdef(`enable_mcs',`
+ init_ranged_daemon_domain(virtd_t, virtd_exec_t, s0 - mcs_systemhigh)
+ ')
+@@ -438,6 +441,8 @@ manage_dirs_pattern(virtd_t, virt_content_t, virt_content_t)
+ manage_files_pattern(virtd_t, virt_content_t, virt_content_t)
+ filetrans_pattern(virtd_t, virt_home_t, virt_content_t, dir, "isos")
+
++allow virtd_t virtd_keytab_t:file read_file_perms;
++
+ allow virtd_t svirt_var_run_t:file relabel_file_perms;
+ manage_dirs_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t)
+ manage_files_pattern(virtd_t, svirt_var_run_t, svirt_var_run_t)
+@@ -700,7 +705,8 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- kerberos_keytab_template(virtd, virtd_t)
++ kerberos_read_keytab(virtd_t)
++ kerberos_use(virtd_t)
+ ')
+
+ optional_policy(`
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..4908a7a
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,84 @@
+#############################################################
+#
+# refpolicy
+#
+#############################################################
+REFPOLICY_VERSION = 2.20130424
+REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
+REFPOLICY_SITE = http://oss.tresys.com/files/refpolicy/
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE=$(MAKE1)
+
+REFPOLICY_DEPENDENCIES = host-m4 host-checkpolicy host-policycoreutils host-setools \
+ host-python-pyxml policycoreutils
+
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_INSTALL_TARGET = YES
+
+define REFPOLICY_BUILD_SPECIFIC_PATCH_CMDS
+ @echo "Applying board specific patches"
+ $(ifneq $(BR2_PACKAGE_REFPOLICY_PATCH_FOLDER) "", \
+ toolchain/patch-kernel.sh $(@D) $(call qstrip,$(BR2_PACKAGE_REFPOLICY_PATCH_FOLDER)) \
+ refpolicy-\*.patch)
+endef
+
+REFPOLICY_POST_PATCH_HOOKS += REFPOLICY_BUILD_SPECIFIC_PATCH_CMDS
+
+# Pointing to the host compiled SELinux applications while using the target cross
+# compiler. Note, the TEST_TOOLCHAIN option will also set the LD_LIBRARY_PATH at run time.
+REFPOLICY_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
+ TEST_TOOLCHAIN="$(HOST_DIR)" \
+ PYTHON="$(HOST_DIR)/usr/bin/python" M4="$(HOST_DIR)/usr/bin/m4"
+
+define REFPOLICY_CONFIGURE_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) bare $(REFPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+ sed -i "/TYPE/c\TYPE = $(BR2_PACKAGE_REFPOLICY_TYPE)" $(@D)/build.conf
+ sed -i "/NAME/c\NAME = $(BR2_PACKAGE_REFPOLICY_NAME)" $(@D)/build.conf
+ sed -i "/DISTRO/c\DISTRO = $(BR2_PACKAGE_REFPOLICY_DIST)" $(@D)/build.conf
+ sed -i "/MONOLITHIC/c\MONOLITHIC = $(BR2_PACKAGE_REFPOLICY_MONOLITHIC)" $(@D)/build.conf
+ $(REFPOLICY_MAKE) -C $(@D) conf $(REFPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_BUILD_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) $(REFPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_CLEAN_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) clean $(REFPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install-src install-headers install-docs \
+ $(REFPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install $(REFPOLICY_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
+ $(INSTALL) -m 0755 package/refpolicy/config $(TARGET_DIR)/etc/selinux/
+ sed -i "/^SELINUXTYPE/c\SELINUXTYPE=$(BR2_PACKAGE_REFPOLICY_NAME)" $(TARGET_DIR)/etc/selinux/config
+ $(INSTALL) -m 0755 package/refpolicy/S12selinux $(TARGET_DIR)/etc/init.d/
+endef
+
+define REFPOLICY_POLICY_COMPILE
+ $(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/selinux/$(BR2_PACKAGE_REFPOLICY_NAME)/policy
+ $(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/selinux/$(BR2_PACKAGE_REFPOLICY_NAME)/modules/active/modules
+ if [ ! -f $(TARGET_DIR)/etc/selinux/$(BR2_PACKAGE_REFPOLICY_NAME)/contexts/files/file_contexts.local ]; \
+ then \
+ touch $(TARGET_DIR)/etc/selinux/$(BR2_PACKAGE_REFPOLICY_NAME)/contexts/files/file_contexts.local; \
+ fi
+ # Currently, semodule is unabled to compile the policy during the build so the modules must
+ # be compiled into the policy during the first boot. This is done by the S12selinux startup
+ # script.
+ #( export PATH=$(TARGET_PATH); \
+ # $(HOST_DIR)/usr/sbin/semodule -v -n -p $(TARGET_DIR) -s $(BR2_PACKAGE_REFPOLICY_NAME) \
+ # -b $(@D)/base.pp -i $(shell ls $(@D)/*.pp | grep -v base); \
+ #)
+endef
+ifeq ($(BR2_PACKAGE_REFPOLICY_MONOLITHIC),)
+ REFPOLICY_POST_INSTALL_TARGET_HOOKS += REFPOLICY_POLICY_COMPILE
+endif
+
+$(eval $(generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 12/17] python-pyparsing: Add host build option
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (10 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 11/17] refpolicy: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 13/17] audit: new package Clayton Shotwell
` (5 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/python-pyparsing/python-pyparsing.mk | 47 ++++++++++++++++++-------
1 files changed, 34 insertions(+), 13 deletions(-)
diff --git a/package/python-pyparsing/python-pyparsing.mk b/package/python-pyparsing/python-pyparsing.mk
index 7814ce3..b6ba40d 100644
--- a/package/python-pyparsing/python-pyparsing.mk
+++ b/package/python-pyparsing/python-pyparsing.mk
@@ -14,25 +14,46 @@ PYTHON_PYPARSING_DEPENDENCIES = python
# Shamelessly vampirised from python-pygame ;-)
define PYTHON_PYPARSING_BUILD_CMDS
- (cd $(@D); \
- CC="$(TARGET_CC)" \
- CFLAGS="$(TARGET_CFLAGS)" \
- LDSHARED="$(TARGET_CROSS)gcc -shared" \
- CROSS_COMPILING=yes \
- _python_sysroot=$(STAGING_DIR) \
- _python_srcdir=$(BUILD_DIR)/python$(PYTHON_VERSION) \
- _python_prefix=/usr \
- _python_exec_prefix=/usr \
- $(HOST_DIR)/usr/bin/python setup.py build \
+ (cd $(@D); \
+ CC="$(TARGET_CC)" \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ LDSHARED="$(TARGET_CROSS)gcc -shared" \
+ CROSS_COMPILING=yes \
+ _python_sysroot=$(STAGING_DIR) \
+ _python_srcdir=$(BUILD_DIR)/python$(PYTHON_VERSION) \
+ _python_prefix=/usr \
+ _python_exec_prefix=/usr \
+ $(HOST_DIR)/usr/bin/python setup.py build \
)
endef
# Shamelessly vampirised from python-pygame ;-)
define PYTHON_PYPARSING_INSTALL_TARGET_CMDS
- (cd $(@D); \
- $(HOST_DIR)/usr/bin/python setup.py install \
- --prefix=$(TARGET_DIR)/usr \
+ (cd $(@D); \
+ $(HOST_DIR)/usr/bin/python setup.py install \
+ --prefix=$(TARGET_DIR)/usr \
+ )
+endef
+
+HOST_PYTHON_PYPARSING_DEPENDENCIES = host-python
+
+define HOST_PYTHON_PYPARSING_BUILD_CMDS
+ (cd $(@D); \
+ _python_sysroot=$(HOST_DIR) \
+ _python_srcdir=$(BUILD_DIR)/host-python$(PYTHON_VERSION) \
+ _python_prefix=/usr \
+ _python_exec_prefix=/usr \
+ $(HOST_DIR)/usr/bin/python setup.py build \
+ )
+endef
+
+define HOST_PYTHON_PYPARSING_INSTALL_CMDS
+ (cd $(@D); \
+ $(HOST_DIR)/usr/bin/python setup.py install \
+ --prefix=$(HOST_DIR)/usr \
)
endef
$(eval $(generic-package))
+$(eval $(host-generic-package))
+
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 13/17] audit: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (11 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 12/17] python-pyparsing: Add host build option Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 14/17] shadow: " Clayton Shotwell
` (4 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 1 +
package/audit/Config.in | 26 +
package/audit/S14auditd | 172 +++
| 1388 ++++++++++++++++++++
package/audit/audit-2.3.1-remove-zos-plugin.patch | 31 +
package/audit/audit.mk | 61 +
6 files changed, 1679 insertions(+), 0 deletions(-)
create mode 100644 package/audit/Config.in
create mode 100755 package/audit/S14auditd
create mode 100644 package/audit/audit-2.3.1-crossCompileHeaderCreationFix.patch
create mode 100644 package/audit/audit-2.3.1-remove-zos-plugin.patch
create mode 100644 package/audit/audit.mk
diff --git a/package/Config.in b/package/Config.in
index 560e38e..a032e5e 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -913,6 +913,7 @@ endmenu
menu "System tools"
source "package/acl/Config.in"
source "package/attr/Config.in"
+source "package/audit/Config.in"
if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
source "package/bootutils/Config.in"
endif
diff --git a/package/audit/Config.in b/package/audit/Config.in
new file mode 100644
index 0000000..8c7b318
--- /dev/null
+++ b/package/audit/Config.in
@@ -0,0 +1,26 @@
+config BR2_PACKAGE_AUDIT
+ bool "audit"
+ help
+ The audit package contains the user space utilities for
+ storing and searching the audit records generate by
+ the audit subsystem in the Linux 2.6 kernel
+
+ Note: The z/OS remote plugin is disabled in this package
+
+ http://people.redhat.com/sgrubb/audit/
+
+if BR2_PACKAGE_AUDIT
+
+config BR2_PACKAGE_AUDIT_PYTHON_BINDINGS
+ select BR2_PACKAGE_PYTHON
+ bool "python bindings"
+ help
+ enable building python bindings
+
+config BR2_PACKAGE_AUDIT_LIBCAP_NG
+ select BR2_PACKAGE_LIBCAP_NG
+ bool "libcap-ng support"
+ help
+ Add Libcap-ng support
+
+endif
diff --git a/package/audit/S14auditd b/package/audit/S14auditd
new file mode 100755
index 0000000..74a6249
--- /dev/null
+++ b/package/audit/S14auditd
@@ -0,0 +1,172 @@
+#!/bin/bash
+#
+# auditd This starts and stops auditd
+#
+# description: This starts the Linux Auditing System Daemon, \
+# which collects security related events in a dedicated \
+# audit log. If this daemon is turned off, audit events \
+# will be sent to syslog.
+#
+# processname: /sbin/auditd
+# config: /etc/sysconfig/auditd
+# config: /etc/audit/auditd.conf
+# pidfile: /var/run/auditd.pid
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+#
+prog="auditd"
+
+# Check that we are root ... so non-root users stop here
+test $EUID=0 || exit 4
+
+# Check config
+test -f /etc/sysconfig/auditd && . /etc/sysconfig/auditd
+
+RETVAL=0
+LOCK=/var/lock/subsys/auditd
+
+start(){
+ echo -n "Initializing $prog: "
+
+ if [ ! -e $LOCK ]; then
+ test -x /sbin/auditd || exit 5
+ test -f /etc/audit/auditd.conf || exit 6
+
+ # Create dir to store log files in if one doesn't exist
+ test -d /var/log/audit || mkdir -p /var/log/audit && /sbin/restorecon /var/log/audit
+
+ # Run audit daemon executable
+ $prog
+ RETVAL=$?
+ if test $RETVAL = 0 ; then
+ test -d /var/lock/subsys || mkdir -p /var/lock/subsys
+ touch $LOCK
+ # Load the default rules
+ test -f /etc/audit/audit.rules && /sbin/auditctl -R /etc/audit/audit.rules >/dev/null
+ echo "OK"
+ else
+ echo "FAILED: auditd failed to start"
+ fi
+ else
+ echo "FAILED: auditd already started, stop first"
+ RETVAL=1
+ fi
+ return $RETVAL
+}
+
+stop(){
+ echo -n "Uninitializing $prog: "
+ if [ -e $LOCK ]; then
+ killall -TERM $prog
+ RETVAL=$?
+ if [ $RETVAL ]; then
+ rm -f $LOCK
+ # Remove watches so shutdown works cleanly
+ if test x"$AUDITD_CLEAN_STOP" != "x" ; then
+ if test "`echo $AUDITD_CLEAN_STOP | tr 'NO' 'no'`" != "no"
+ then
+ /sbin/auditctl -D >/dev/null
+ fi
+ fi
+ if test x"$AUDITD_STOP_DISABLE" != "x" ; then
+ if test "`echo $AUDITD_STOP_DISABLE | tr 'NO' 'no'`" != "no"
+ then
+ /sbin/auditctl -e 0 >/dev/null
+ fi
+ fi
+ echo "OK"
+ else
+ echo "FAILED: auditd not stopped"
+ fi
+ else
+ echo "FAILED: auditd not started"
+ RETVAL=1
+ fi
+ return $RETVAL
+}
+
+reload(){
+ echo -n "Reloading auditd configuration: "
+ if [ -e $LOCK ]; then
+ test -f /etc/audit/auditd.conf || exit 6
+ echo -n "Reloading configuration: "
+ killall -HUP $prog
+ RETVAL=$?
+ if [ $RETVAL ]; then
+ echo "OK"
+ else
+ echo "FAILED"
+ fi
+ else
+ echo "FAILED: auditd not started"
+ RETVAL=1
+ fi
+ return $RETVAL
+}
+
+rotate(){
+ echo -n "Rotating auditd logs: "
+ if [ -e $LOCK ]; then
+ killall -USR1 $prog
+ RETVAL=$?
+ if [ $RETVAL ]; then
+ echo "OK"
+ else
+ echo "FAILED"
+ fi
+ else
+ echo "FAILED: auditd not started"
+ RETVAL=1
+ fi
+ return $RETVAL
+}
+
+restart(){
+ test -f /etc/audit/auditd.conf || exit 6
+ stop
+ start
+ return $RETVAL
+}
+
+condrestart(){
+ [ -e $LOCK ] && restart
+ return 0
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ reload
+ ;;
+ rotate)
+ rotate
+ ;;
+ resume)
+ resume
+ ;;
+ condrestart)
+ condrestart
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|condrestart|reload|rotate}"
+ RETVAL=3
+ ;;
+esac
+
+exit $RETVAL
--git a/package/audit/audit-2.3.1-crossCompileHeaderCreationFix.patch b/package/audit/audit-2.3.1-crossCompileHeaderCreationFix.patch
new file mode 100644
index 0000000..7e3b6ed
--- /dev/null
+++ b/package/audit/audit-2.3.1-crossCompileHeaderCreationFix.patch
@@ -0,0 +1,1388 @@
+diff -urN a/configure.ac b/configure.ac
+--- a/configure.ac 2013-07-29 16:37:01.000000000 -0500
++++ b/configure.ac 2013-08-21 13:29:55.760585744 -0500
+@@ -51,6 +51,8 @@
+ AC_PROG_CC
+ AC_PROG_INSTALL
+ AC_PROG_AWK
++AM_PATH_PYTHON(2.7)
++AC_PYTHON_MODULE(pyparsing, 1)
+
+ echo .
+ echo Checking for header files
+@@ -89,8 +91,7 @@
+ AC_MSG_RESULT(no)
+ else
+ AC_MSG_RESULT(testing)
+-AM_PATH_PYTHON
+-if test -f /usr/include/python${am_cv_python_version}/Python.h ; then
++if test x$ax_python_header != x ; then
+ python_found="yes"
+ AC_MSG_NOTICE(Python bindings will be built)
+ else
+diff -urN /dev/null b/m4/ax_python_module.m4
+--- /dev/null 2013-06-19 11:25:31.230442052 -0500
++++ b/m4/ax_python_module.m4 2013-08-21 12:43:56.829882655 -0500
+@@ -0,0 +1,49 @@
++# ===========================================================================
++# http://www.gnu.org/software/autoconf-archive/ax_python_module.html
++# ===========================================================================
++#
++# SYNOPSIS
++#
++# AX_PYTHON_MODULE(modname[, fatal])
++#
++# DESCRIPTION
++#
++# Checks for Python module.
++#
++# If fatal is non-empty then absence of a module will trigger an error.
++#
++# LICENSE
++#
++# Copyright (c) 2008 Andrew Collier
++#
++# Copying and distribution of this file, with or without modification, are
++# permitted in any medium without royalty provided the copyright notice
++# and this notice are preserved. This file is offered as-is, without any
++# warranty.
++
++#serial 6
++
++AU_ALIAS([AC_PYTHON_MODULE], [AX_PYTHON_MODULE])
++AC_DEFUN([AX_PYTHON_MODULE],[
++ if test -z $PYTHON;
++ then
++ PYTHON="python"
++ fi
++ PYTHON_NAME=`basename $PYTHON`
++ AC_MSG_CHECKING($PYTHON_NAME module: $1)
++ $PYTHON -c "import $1" 2>/dev/null
++ if test $? -eq 0;
++ then
++ AC_MSG_RESULT(yes)
++ eval AS_TR_CPP(HAVE_PYMOD_$1)=yes
++ else
++ AC_MSG_RESULT(no)
++ eval AS_TR_CPP(HAVE_PYMOD_$1)=no
++ #
++ if test -n "$2"
++ then
++ AC_MSG_ERROR(failed to find required module $1)
++ exit 1
++ fi
++ fi
++])
+diff -urN a/auparse/Makefile.am b/auparse/Makefile.am
+--- a/auparse/Makefile.am 2013-07-29 16:37:01.000000000 -0500
++++ b/auparse/Makefile.am 2013-08-19 14:37:31.230510790 -0500
+@@ -52,8 +52,8 @@
+ rlimittabs.h recvtabs.h schedtabs.h seccomptabs.h \
+ seektabs.h shm_modetabs.h signaltabs.h sockoptnametabs.h \
+ socktabs.h sockleveltabs.h socktypetabs.h \
+- tcpoptnametabs.h typetabs.h umounttabs.h
+-noinst_PROGRAMS = gen_accesstabs_h gen_captabs_h gen_clock_h \
++ tcpoptnametabs.h typetabs.h umounttabs.h \
++ gen_accesstabs_h gen_captabs_h gen_clock_h \
+ gen_clone-flagtabs_h \
+ gen_epoll_ctls_h gen_famtabs_h \
+ gen_fcntl-cmdtabs_h gen_flagtabs_h \
+@@ -69,187 +69,184 @@
+ gen_socktypetabs_h gen_tcpoptnametabs_h gen_typetabs_h \
+ gen_umounttabs_h
+
+-gen_accesstabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h accesstab.h
+-gen_accesstabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="accesstab.h"'
++gen_accesstabs_h: ../lib/gen_tables.c ../lib/gen_tables.h accesstab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"accesstab.h\" -E -o $@ ../lib/gen_tables.c
+ accesstabs.h: gen_accesstabs_h Makefile
+- ./gen_accesstabs_h --i2s-transtab access > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab access gen_accesstabs_h $@
+
+-gen_captabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h captab.h
+-gen_captabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="captab.h"'
++gen_captabs_h: ../lib/gen_tables.c ../lib/gen_tables.h captab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"captab.h\" -E -o $@ ../lib/gen_tables.c
+ captabs.h: gen_captabs_h Makefile
+- ./gen_captabs_h --i2s cap > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s cap gen_captabs_h $@
+
+-gen_clock_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h clocktab.h
+-gen_clock_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="clocktab.h"'
++gen_clock_h: ../lib/gen_tables.c ../lib/gen_tables.h clocktab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"clocktab.h\" -E -o $@ ../lib/gen_tables.c
+ clocktabs.h: gen_clock_h Makefile
+- ./gen_clock_h --i2s clock > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s clock gen_clock_h $@
+
+-gen_clone_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \
+- clone-flagtab.h
+-gen_clone_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="clone-flagtab.h"'
++gen_clone-flagtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h clone-flagtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"clone-flagtab.h\" -E -o $@ ../lib/gen_tables.c
+ clone-flagtabs.h: gen_clone-flagtabs_h Makefile
+- ./gen_clone-flagtabs_h --i2s-transtab clone_flag > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab clone_flag gen_clone-flagtabs_h $@
+
+-gen_epoll_ctls_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h epoll_ctl.h
+-gen_epoll_ctls_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="epoll_ctl.h"'
++gen_epoll_ctls_h: ../lib/gen_tables.c ../lib/gen_tables.h epoll_ctl.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"epoll_ctl.h\" -E -o $@ ../lib/gen_tables.c
+ epoll_ctls.h: gen_epoll_ctls_h Makefile
+- ./gen_epoll_ctls_h --i2s epoll_ctl > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s epoll_ctl gen_epoll_ctls_h $@
+
+-gen_famtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h famtab.h
+-gen_famtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="famtab.h"'
++gen_famtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h famtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"famtab.h\" -E -o $@ ../lib/gen_tables.c
+ famtabs.h: gen_famtabs_h Makefile
+- ./gen_famtabs_h --i2s fam > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s fam gen_famtabs_h $@
+
+-gen_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h flagtab.h
+ # ../auparse/ is used to avoid using ../lib/flagtab.h
+-gen_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="../auparse/flagtab.h"'
++gen_flagtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h ../auparse/flagtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"../auparse/flagtab.h\" -E -o $@ ../lib/gen_tables.c
+ flagtabs.h: gen_flagtabs_h Makefile
+- ./gen_flagtabs_h --i2s-transtab flag > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab flag gen_flagtabs_h $@
+
+-gen_fcntl_cmdtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \
+- fcntl-cmdtab.h
+-gen_fcntl_cmdtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="fcntl-cmdtab.h"'
++gen_fcntl-cmdtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h fcntl-cmdtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"fcntl-cmdtab.h\" -E -o $@ ../lib/gen_tables.c
+ fcntl-cmdtabs.h: gen_fcntl-cmdtabs_h Makefile
+- ./gen_fcntl-cmdtabs_h --i2s fcntl > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s fcntl gen_fcntl-cmdtabs_h $@
+
+-gen_icmptypetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h icmptypetab.h
+-gen_icmptypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="icmptypetab.h"'
++gen_icmptypetabs_h: ../lib/gen_tables.c ../lib/gen_tables.h icmptypetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"icmptypetab.h\" -E -o $@ ../lib/gen_tables.c
+ icmptypetabs.h: gen_icmptypetabs_h Makefile
+- ./gen_icmptypetabs_h --i2s icmptype > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s icmptype gen_icmptypetabs_h $@
+
+-gen_ipctabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ipctab.h
+-gen_ipctabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ipctab.h"'
++gen_ipctabs_h: ../lib/gen_tables.c ../lib/gen_tables.h ipctab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ipctab.h\" -E -o $@ ../lib/gen_tables.c
+ ipctabs.h: gen_ipctabs_h Makefile
+- ./gen_ipctabs_h --i2s ipc > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s ipc gen_ipctabs_h $@
+
+-gen_ipccmdtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ipccmdtab.h
+-gen_ipccmdtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ipccmdtab.h"'
++gen_ipccmdtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h ipccmdtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ipccmdtab.h\" -E -o $@ ../lib/gen_tables.c
+ ipccmdtabs.h: gen_ipccmdtabs_h Makefile
+- ./gen_ipccmdtabs_h --i2s-transtab ipccmd > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab ipccmd gen_ipccmdtabs_h $@
+
+-gen_ipoptnametabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ipoptnametab.h
+-gen_ipoptnametabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ipoptnametab.h"'
++gen_ipoptnametabs_h: ../lib/gen_tables.c ../lib/gen_tables.h ipoptnametab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ipoptnametab.h\" -E -o $@ ../lib/gen_tables.c
+ ipoptnametabs.h: gen_ipoptnametabs_h Makefile
+- ./gen_ipoptnametabs_h --i2s ipoptname > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s ipoptname gen_ipoptnametabs_h $@
+
+-gen_ip6optnametabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ip6optnametab.h
+-gen_ip6optnametabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ip6optnametab.h"'
++gen_ip6optnametabs_h: ../lib/gen_tables.c ../lib/gen_tables.h ip6optnametab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ip6optnametab.h\" -E -o $@ ../lib/gen_tables.c
+ ip6optnametabs.h: gen_ip6optnametabs_h Makefile
+- ./gen_ip6optnametabs_h --i2s ip6optname > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s ip6optname gen_ip6optnametabs_h $@
+
+-gen_mmaptabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h mmaptab.h
+-gen_mmaptabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="mmaptab.h"'
++gen_mmaptabs_h: ../lib/gen_tables.c ../lib/gen_tables.h mmaptab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"mmaptab.h\" -E -o $@ ../lib/gen_tables.c
+ mmaptabs.h: gen_mmaptabs_h Makefile
+- ./gen_mmaptabs_h --i2s-transtab mmap > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab mmap gen_mmaptabs_h $@
+
+-gen_mounttabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h mounttab.h
+-gen_mounttabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="mounttab.h"'
++gen_mounttabs_h: ../lib/gen_tables.c ../lib/gen_tables.h mounttab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"mounttab.h\" -E -o $@ ../lib/gen_tables.c
+ mounttabs.h: gen_mounttabs_h Makefile
+- ./gen_mounttabs_h --i2s-transtab mount > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab mount gen_mounttabs_h $@
+
+-gen_nfprototabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h nfprototab.h
+-gen_nfprototabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="nfprototab.h"'
++gen_nfprototabs_h: ../lib/gen_tables.c ../lib/gen_tables.h nfprototab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"nfprototab.h\" -E -o $@ ../lib/gen_tables.c
+ nfprototabs.h: gen_nfprototabs_h Makefile
+- ./gen_nfprototabs_h --i2s nfproto > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s nfproto gen_nfprototabs_h $@
+
+-gen_open_flagtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h \
+- open-flagtab.h
+-gen_open_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="open-flagtab.h"'
++gen_open-flagtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h open-flagtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"open-flagtab.h\" -E -o $@ ../lib/gen_tables.c
+ open-flagtabs.h: gen_open-flagtabs_h Makefile
+- ./gen_open-flagtabs_h --i2s-transtab open_flag > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab open_flag gen_open-flagtabs_h $@
+
+-gen_persontabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h persontab.h
+-gen_persontabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="persontab.h"'
++gen_persontabs_h: ../lib/gen_tables.c ../lib/gen_tables.h persontab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"persontab.h\" -E -o $@ ../lib/gen_tables.c
+ persontabs.h: gen_persontabs_h Makefile
+- ./gen_persontabs_h --i2s person > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s person gen_persontabs_h $@
+
+-gen_ptracetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h ptracetab.h
+-gen_ptracetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ptracetab.h"'
++gen_ptracetabs_h: ../lib/gen_tables.c ../lib/gen_tables.h ptracetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ptracetab.h\" -E -o $@ ../lib/gen_tables.c
+ ptracetabs.h: gen_ptracetabs_h Makefile
+- ./gen_ptracetabs_h --i2s ptrace > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s ptrace gen_ptracetabs_h $@
+
+-gen_prctl_opttabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h prctl-opt-tab.h
+-gen_prctl_opttabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="prctl-opt-tab.h"'
++gen_prctl_opttabs_h: ../lib/gen_tables.c ../lib/gen_tables.h prctl-opt-tab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"prctl-opt-tab.h\" -E -o $@ ../lib/gen_tables.c
+ prctl_opttabs.h: gen_prctl_opttabs_h Makefile
+- ./gen_prctl_opttabs_h --i2s prctl_opt > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s prctl_opt gen_prctl_opttabs_h $@
+
+-gen_pktoptnametabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h pktoptnametab.h
+-gen_pktoptnametabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="pktoptnametab.h"'
++gen_pktoptnametabs_h: ../lib/gen_tables.c ../lib/gen_tables.h pktoptnametab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"pktoptnametab.h\" -E -o $@ ../lib/gen_tables.c
+ pktoptnametabs.h: gen_pktoptnametabs_h Makefile
+- ./gen_pktoptnametabs_h --i2s pktoptname > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s pktoptname gen_pktoptnametabs_h $@
+
+-gen_prottabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h prottab.h
+-gen_prottabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="prottab.h"'
++gen_prottabs_h: ../lib/gen_tables.c ../lib/gen_tables.h prottab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"prottab.h\" -E -o $@ ../lib/gen_tables.c
+ prottabs.h: gen_prottabs_h Makefile
+- ./gen_prottabs_h --i2s-transtab prot > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab prot gen_prottabs_h $@
+
+-gen_recvtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h recvtab.h
+-gen_recvtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="recvtab.h"'
++gen_recvtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h recvtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"recvtab.h\" -E -o $@ ../lib/gen_tables.c
+ recvtabs.h: gen_recvtabs_h Makefile
+- ./gen_recvtabs_h --i2s-transtab recv > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab recv gen_recvtabs_h $@
+
+-gen_rlimit_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h rlimittab.h
+-gen_rlimit_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="rlimittab.h"'
++gen_rlimit_h: ../lib/gen_tables.c ../lib/gen_tables.h rlimittab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"rlimittab.h\" -E -o $@ ../lib/gen_tables.c
+ rlimittabs.h: gen_rlimit_h Makefile
+- ./gen_rlimit_h --i2s rlimit > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s rlimit gen_rlimit_h $@
+
+-gen_schedtabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h schedtab.h
+-gen_schedtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="schedtab.h"'
++gen_schedtabs_h: ../lib/gen_tables.c ../lib/gen_tables.h schedtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"schedtab.h\" -E -o $@ ../lib/gen_tables.c
+ schedtabs.h: gen_schedtabs_h Makefile
+- ./gen_schedtabs_h --i2s sched > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s sched gen_schedtabs_h $@
+
+-gen_seccomptabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h seccomptab.h
+-gen_seccomptabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="seccomptab.h"'
++gen_seccomptabs_h: ../lib/gen_tables.c ../lib/gen_tables.h seccomptab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"seccomptab.h\" -E -o $@ ../lib/gen_tables.c
+ seccomptabs.h: gen_seccomptabs_h Makefile
+- ./gen_seccomptabs_h --i2s seccomp > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s seccomp gen_seccomptabs_h $@
+
+-gen_seektabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h seektab.h
+-gen_seektabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="seektab.h"'
++gen_seektabs_h: ../lib/gen_tables.c ../lib/gen_tables.h seektab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"seektab.h\" -E -o $@ ../lib/gen_tables.c
+ seektabs.h: gen_seektabs_h Makefile
+- ./gen_seektabs_h --i2s seek > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s seek gen_seektabs_h $@
+
+-gen_shm_modetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h shm_modetab.h
+-gen_shm_modetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="shm_modetab.h"'
++gen_shm_modetabs_h: ../lib/gen_tables.c ../lib/gen_tables.h shm_modetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"shm_modetab.h\" -E -o $@ ../lib/gen_tables.c
+ shm_modetabs.h: gen_shm_modetabs_h Makefile
+- ./gen_shm_modetabs_h --i2s-transtab shm_mode > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab shm_mode gen_shm_modetabs_h $@
+
+-gen_signals_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h signaltab.h
+-gen_signals_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="signaltab.h"'
++gen_signals_h: ../lib/gen_tables.c ../lib/gen_tables.h signaltab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"signaltab.h\" -E -o $@ ../lib/gen_tables.c
+ signaltabs.h: gen_signals_h Makefile
+- ./gen_signals_h --i2s signal > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s signal gen_signals_h $@
+
+-gen_sockleveltabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h sockleveltab.h
+-gen_sockleveltabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="sockleveltab.h"'
++gen_sockleveltabs_h: ../lib/gen_tables.c ../lib/gen_tables.h sockleveltab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"sockleveltab.h\" -E -o $@ ../lib/gen_tables.c
+ sockleveltabs.h: gen_sockleveltabs_h Makefile
+- ./gen_sockleveltabs_h --i2s socklevel > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s socklevel gen_sockleveltabs_h $@
+
+-gen_sockoptnametabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h sockoptnametab.h
+-gen_sockoptnametabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="sockoptnametab.h"'
++gen_sockoptnametabs_h: ../lib/gen_tables.c ../lib/gen_tables.h sockoptnametab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"sockoptnametab.h\" -E -o $@ ../lib/gen_tables.c
+ sockoptnametabs.h: gen_sockoptnametabs_h Makefile
+- ./gen_sockoptnametabs_h --i2s sockoptname > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s sockoptname gen_sockoptnametabs_h $@
+
+-gen_socktabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h socktab.h
+-gen_socktabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="socktab.h"'
++gen_socktabs_h: ../lib/gen_tables.c ../lib/gen_tables.h socktab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"socktab.h\" -E -o $@ ../lib/gen_tables.c
+ socktabs.h: gen_socktabs_h Makefile
+- ./gen_socktabs_h --i2s sock > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s sock gen_socktabs_h $@
+
+-gen_socktypetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h socktypetab.h
+-gen_socktypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="socktypetab.h"'
++gen_socktypetabs_h: ../lib/gen_tables.c ../lib/gen_tables.h socktypetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"socktypetab.h\" -E -o $@ ../lib/gen_tables.c
+ socktypetabs.h: gen_socktypetabs_h Makefile
+- ./gen_socktypetabs_h --i2s sock_type > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s sock_type gen_socktypetabs_h $@
+
+-gen_tcpoptnametabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h tcpoptnametab.h
+-gen_tcpoptnametabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="tcpoptnametab.h"'
++gen_tcpoptnametabs_h: ../lib/gen_tables.c ../lib/gen_tables.h tcpoptnametab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"tcpoptnametab.h\" -E -o $@ ../lib/gen_tables.c
+ tcpoptnametabs.h: gen_tcpoptnametabs_h Makefile
+- ./gen_tcpoptnametabs_h --i2s tcpoptname > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s tcpoptname gen_tcpoptnametabs_h $@
+
+-gen_typetabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h typetab.h
+-gen_typetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="typetab.h"'
++gen_typetabs_h: ../lib/gen_tables.c ../lib/gen_tables.h typetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"typetab.h\" -E -o $@ ../lib/gen_tables.c
+ typetabs.h: gen_typetabs_h Makefile
+- ./gen_typetabs_h --s2i type > $@
++ $(PYTHON) ../lib/gen_tables.py --s2i type gen_typetabs_h $@
+
+-gen_umounttabs_h_SOURCES = ../lib/gen_tables.c ../lib/gen_tables.h umounttab.h
+-gen_umounttabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="umounttab.h"'
++gen_umounttabs_h: ../lib/gen_tables.c ../lib/gen_tables.h umounttab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"umounttab.h\" -E -o $@ ../lib/gen_tables.c
+ umounttabs.h: gen_umounttabs_h Makefile
+- ./gen_umounttabs_h --i2s-transtab umount > $@
++ $(PYTHON) ../lib/gen_tables.py --i2s-transtab umount gen_umounttabs_h $@
+
+diff -urN a/lib/gen_tables.c b/lib/gen_tables.c
+--- a/lib/gen_tables.c 2013-07-29 16:37:01.000000000 -0500
++++ b/lib/gen_tables.c 2013-08-19 10:09:03.060041420 -0500
+@@ -54,19 +54,6 @@
+ #define SHMGET 23
+ #define SHMCTL 24
+
+-
+-/* The ratio of table size to number of non-empty elements allowed for a
+- "direct" s2i table; if the ratio would be bigger, bsearch tables are used
+- instead.
+-
+- 2 looks like a lot at a first glance, but the bsearch tables need twice as
+- much space per element, so with the ratio equal to 2 the direct table uses
+- no more memory and is faster. */
+-#define DIRECT_THRESHOLD 2
+-
+-/* Allow more than one string defined for a single integer value */
+-static bool allow_duplicate_ints; /* = false; */
+-
+ struct value {
+ int val;
+ const char *s;
+@@ -83,335 +70,11 @@
+
+ #define NUM_VALUES (sizeof(values) / sizeof(*values))
+
+-/* Compare two "struct value" members by name. */
+-static int
+-cmp_value_strings(const void *xa, const void *xb)
+-{
+- const struct value *a, *b;
+-
+- a = xa;
+- b = xb;
+- return strcmp(a->s, b->s);
+-}
+-
+-/* Compare two "struct value" members by value. */
+-static int
+-cmp_value_vals(const void *xa, const void *xb)
+-{
+- const struct value *a, *b;
+-
+- a = xa;
+- b = xb;
+- if (a->val > b->val)
+- return 1;
+- if (a->val < b->val)
+- return -1;
+- /* Preserve the original order if there is an ambiguity, to always use
+- the first specified value. */
+- if (a->orig_index > b->orig_index)
+- return 1;
+- if (a->orig_index < b->orig_index)
+- return -1;
+- return 0;
+-}
+-
+-/* Compare two "struct value" members by orig_index. */
+-static int
+-cmp_value_orig_index(const void *xa, const void *xb)
+-{
+- const struct value *a, *b;
+-
+- a = xa;
+- b = xb;
+- if (a->orig_index > b->orig_index)
+- return 1;
+- if (a->orig_index < b->orig_index)
+- return -1;
+- return 0;
+-}
+-
+-/* Output the string table, initialize values[*]->s_offset. */
+-static void
+-output_strings(const char *prefix)
+-{
+- size_t i, offset;
+-
+- offset = 0;
+- for (i = 0; i < NUM_VALUES; i++) {
+- values[i].s_offset = offset;
+- offset += strlen(values[i].s) + 1;
+- }
+- printf("static const char %s_strings[] = \"", prefix);
+- assert(NUM_VALUES > 0);
+- for (i = 0; i < NUM_VALUES; i++) {
+- const char *c;
+-
+- if (i != 0 && i % 10 == 0)
+- fputs("\"\n"
+- "\t\"", stdout);
+- for (c = values[i].s; *c != '\0'; c++) {
+- assert(*c != '"' && *c != '\\'
+- && isprint((unsigned char)*c));
+- putc(*c, stdout);
+- }
+- if (i != NUM_VALUES - 1)
+- fputs("\\0", stdout);
+- }
+- fputs("\";\n", stdout);
+-}
+-
+-/* Output the string to integer mapping code.
+- Assume strings are all uppsercase or all lowercase if specified by
+- parameters; in that case, make the search case-insensitive.
+- values must be sorted by strings. */
+-static void
+-output_s2i(const char *prefix, bool uppercase, bool lowercase)
+-{
+- size_t i;
+-
+- for (i = 0; i < NUM_VALUES - 1; i++) {
+- assert(strcmp(values[i].s, values[i + 1].s) <= 0);
+- if (strcmp(values[i].s, values[i + 1].s) == 0) {
+- fprintf(stderr, "Duplicate value `%s': %d, %d\n",
+- values[i].s, values[i].val, values[i + 1].val);
+- abort();
+- }
+- }
+- printf("static const unsigned %s_s2i_s[] = {", prefix);
+- for (i = 0; i < NUM_VALUES; i++) {
+- if (i % 10 == 0)
+- fputs("\n\t", stdout);
+- assert(values[i].s_offset <= UINT_MAX);
+- printf("%zu,", values[i].s_offset);
+- }
+- printf("\n"
+- "};\n"
+- "static const int %s_s2i_i[] = {", prefix);
+- for (i = 0; i < NUM_VALUES; i++) {
+- if (i % 10 == 0)
+- fputs("\n\t", stdout);
+- printf("%d,", values[i].val);
+- }
+- fputs("\n"
+- "};\n", stdout);
+- assert(!(uppercase && lowercase));
+- if (uppercase) {
+- for (i = 0; i < NUM_VALUES; i++) {
+- const char *c;
+-
+- for (c = values[i].s; *c != '\0'; c++)
+- assert(isascii((unsigned char)*c)
+- && !GT_ISLOWER(*c));
+- }
+- } else if (lowercase) {
+- for (i = 0; i < NUM_VALUES; i++) {
+- const char *c;
+-
+- for (c = values[i].s; *c != '\0'; c++)
+- assert(isascii((unsigned char)*c)
+- && !GT_ISUPPER(*c));
+- }
+- }
+- if (uppercase || lowercase) {
+- printf("static int %s_s2i(const char *s, int *value) {\n"
+- "\tsize_t len, i;\n"
+- "\tlen = strlen(s);\n"
+- "\t{ char copy[len + 1];\n"
+- "\tfor (i = 0; i < len; i++) {\n"
+- "\t\tchar c = s[i];\n", prefix);
+- if (uppercase)
+- fputs("\t\tcopy[i] = GT_ISLOWER(c) ? c - 'a' + 'A' "
+- ": c;\n", stdout);
+- else
+- fputs("\t\tcopy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' "
+- ": c;\n", stdout);
+- printf("\t}\n"
+- "\tcopy[i] = 0;\n"
+- "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %zu, "
+- "copy, value);\n"
+- "\t}\n"
+- "}\n", prefix, prefix, prefix, NUM_VALUES);
+- } else
+- printf("static int %s_s2i(const char *s, int *value) {\n"
+- "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %zu, s, "
+- "value);\n"
+- "}\n", prefix, prefix, prefix, prefix, NUM_VALUES);
+-}
+-
+-/* Output the string to integer mapping table.
+- values must be sorted by strings. */
+-static void
+-output_i2s(const char *prefix)
+-{
+- struct value *unique_values;
+- int min_val, max_val;
+- size_t i, n;
+-
+- assert(NUM_VALUES > 0);
+- for (i = 0; i < NUM_VALUES - 1; i++) {
+- assert(values[i].val <= values[i + 1].val);
+- if (!allow_duplicate_ints
+- && values[i].val == values[i + 1].val) {
+- fprintf(stderr, "Duplicate value %d: `%s', `%s'\n",
+- values[i].val, values[i].s, values[i + 1].s);
+- abort();
+- }
+- }
+-
+- unique_values = malloc(NUM_VALUES * sizeof(*unique_values));
+- assert(unique_values != NULL);
+- n = 0;
+- for (i = 0; i < NUM_VALUES; i++) {
+- if (n == 0 || unique_values[n - 1].val != values[i].val) {
+- unique_values[n] = values[i];
+- n++;
+- }
+- }
+-
+- min_val = unique_values[0].val;
+- max_val = unique_values[n - 1].val;
+- if (((double)max_val - (double)min_val) / n <= DIRECT_THRESHOLD) {
+- int next_index;
+-
+- printf("static const unsigned %s_i2s_direct[] = {", prefix);
+- next_index = min_val;
+- i = 0;
+- for (;;) {
+- if ((next_index - min_val) % 10 == 0)
+- fputs("\n\t", stdout);
+- while (unique_values[i].val < next_index)
+- /* This can happen if (allow_duplicate_ints) */
+- i++;
+- if (unique_values[i].val == next_index) {
+- assert(unique_values[i].s_offset <= UINT_MAX);
+- printf("%zu,", unique_values[i].s_offset);
+- } else
+- fputs("-1u,", stdout);
+- if (next_index == max_val)
+- /* Done like this to avoid integer overflow */
+- break;
+- next_index++;
+- }
+- printf("\n"
+- "};\n"
+- "static const char *%s_i2s(int v) {\n"
+- "\treturn i2s_direct__(%s_strings, %s_i2s_direct, %d, "
+- "%d, v);\n"
+- "}\n", prefix, prefix, prefix, min_val, max_val);
+- } else {
+- printf("static const int %s_i2s_i[] = {", prefix);
+- for (i = 0; i < n; i++) {
+- if (i % 10 == 0)
+- fputs("\n\t", stdout);
+- printf("%d,", unique_values[i].val);
+- }
+- printf("\n"
+- "};\n"
+- "static const unsigned %s_i2s_s[] = {", prefix);
+- for (i = 0; i < n; i++) {
+- if (i % 10 == 0)
+- fputs("\n\t", stdout);
+- assert(unique_values[i].s_offset <= UINT_MAX);
+- printf("%zu,", unique_values[i].s_offset);
+- }
+- printf("\n"
+- "};\n"
+- "static const char *%s_i2s(int v) {\n"
+- "\treturn i2s_bsearch__(%s_strings, %s_i2s_i, %s_i2s_s, "
+- "%zu, v);\n"
+- "}\n", prefix, prefix, prefix, prefix, n);
+- }
+- free(unique_values);
+-}
+-
+-/* Output the string to integer mapping table as a transtab[].
+- values must be sorted in the desired order. */
+-static void
+-output_i2s_transtab(const char *prefix)
+-{
+- size_t i;
+- char *uc_prefix;
+-
+- printf("static const struct transtab %s_table[] = {", prefix);
+- for (i = 0; i < NUM_VALUES; i++) {
+- if (i % 10 == 0)
+- fputs("\n\t", stdout);
+- printf("{%d,%zu},", values[i].val, values[i].s_offset);
+- }
+- uc_prefix = strdup(prefix);
+- assert(uc_prefix != NULL);
+- for (i = 0; uc_prefix[i] != '\0'; i++)
+- uc_prefix[i] = toupper((unsigned char)uc_prefix[i]);
+- printf("\n"
+- "};\n"
+- "#define %s_NUM_ENTRIES "
+- "(sizeof(%s_table) / sizeof(*%s_table))\n", uc_prefix, prefix,
+- prefix);
+- free(uc_prefix);
+-}
+-
+ int
+ main(int argc, char **argv)
+ {
+- bool gen_i2s, gen_i2s_transtab, gen_s2i, uppercase, lowercase;
+- char *prefix;
+- size_t i;
+-
+ /* This is required by gen_tables.h */
+ assert(NUM_VALUES <= (SSIZE_MAX / 2 + 1));
+
+- /* To make sure GT_ISUPPER and GT_ISLOWER work. */
+- assert('Z' == 'A' + 25 && 'z' == 'a' + 25);
+- gen_i2s = false;
+- gen_i2s_transtab = false;
+- gen_s2i = false;
+- uppercase = false;
+- lowercase = false;
+- prefix = NULL;
+- assert (argc > 1);
+- for (i = 1; i < (size_t)argc; i++) {
+- if (strcmp(argv[i], "--i2s") == 0)
+- gen_i2s = true;
+- else if (strcmp(argv[i], "--i2s-transtab") == 0)
+- gen_i2s_transtab = true;
+- else if (strcmp(argv[i], "--s2i") == 0)
+- gen_s2i = true;
+- else if (strcmp(argv[i], "--uppercase") == 0)
+- uppercase = true;
+- else if (strcmp(argv[i], "--lowercase") == 0)
+- lowercase = true;
+- else if (strcmp(argv[i], "--duplicate-ints") == 0)
+- allow_duplicate_ints = true;
+- else {
+- assert(*argv[i] != '-');
+- assert(prefix == NULL);
+- prefix = argv[i];
+- }
+- }
+- assert(prefix != NULL);
+- assert(!(uppercase && lowercase));
+-
+- printf("/* This is a generated file, see Makefile.am for its "
+- "inputs. */\n");
+- for (i = 0; i < NUM_VALUES; i++)
+- values[i].orig_index = i;
+- qsort(values, NUM_VALUES, sizeof(*values), cmp_value_strings);
+- /* FIXME? if (gen_s2i), sort the strings in some other order
+- (e.g. "first 4 nodes in BFS of the bsearch tree first") to use the
+- cache better. */
+- /* FIXME? If the only thing generated is a transtab, keep the strings
+- in the original order to use the cache better. */
+- output_strings(prefix);
+- if (gen_s2i)
+- output_s2i(prefix, uppercase, lowercase);
+- if (gen_i2s) {
+- qsort(values, NUM_VALUES, sizeof(*values), cmp_value_vals);
+- output_i2s(prefix);
+- }
+- if (gen_i2s_transtab) {
+- qsort(values, NUM_VALUES, sizeof(*values),
+- cmp_value_orig_index);
+- output_i2s_transtab(prefix);
+- }
+ return EXIT_SUCCESS;
+ }
+diff -urN /dev/null b/lib/gen_tables.py
+--- /dev/null 2013-06-19 11:25:31.230442052 -0500
++++ b/lib/gen_tables.py 2013-08-19 14:27:55.639872141 -0500
+@@ -0,0 +1,458 @@
++#!/usr/bin/python
++################################################################################
++# Copyright 2013, Rockwell Collins. All rights reserved.
++#
++# This library is free software; you can redistribute it and/or
++# modify it under the terms of the GNU Lesser General Public
++# License as published by the Free Software Foundation; either
++# version 2.1 of the License, or (at your option) any later version.
++#
++# This library is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public
++# License along with this library; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++#
++# Authors:
++# Clayton Shotwell <clshotwe@rockwellcollins.com>
++#
++# Description:
++# Generator of lookup tables to replace the gen_tables.c method developed
++# Miloslav Trmac <mitr@redhat.com> to make audit package cross compilable.
++# The logic in this script mimics the logic in gen_tables.c before the last
++# modification.
++#
++# Usage: gen_tables.py [-h] [--i2s] [--i2s-transtab] [--s2i]
++# [--uppercase | --lowercase] [--duplicate-ints]
++# prefix header source output
++#
++# Generate tables header files.
++#
++# positional arguments:
++# prefix The prefix of the output file to use
++# header The header file to parse table values from
++# source The source of the preprocessor from the compiler
++# output The output header file
++#
++# optional arguments:
++# -h, --help show this help message and exit
++# --i2s Generate i2s tables
++# --i2s-transtab Generate transtab tables
++# --s2i Generate s2i tables
++# --uppercase All characters are uppercase
++# --lowercase All characters are lowercase
++# --duplicate-ints Allow duplicate integers
++
++import argparse
++import ctypes
++import os
++import re
++import sys
++from operator import attrgetter
++from pyparsing import Group, Word, Suppress, alphas, alphanums, nums, cppStyleComment, \
++ Optional, ZeroOrMore
++
++# Number of entries to print per line
++NUM_ENTIRES_IN_LINE = 10
++
++# Global table entries variable that is used everywhere
++ENTRIES = []
++
++# The ratio of table size to number of non-empty elements allowed for a
++# "direct" s2i table; if the ratio would be bigger, bsearch tables are used
++# instead.
++#
++# 2 looks like a lot at a first glance, but the bsearch tables need twice as
++# much space per element, so with the ratio equal to 2 the direct table uses
++# no more memory and is faster.
++DIRECT_THRESHOLD = 2
++
++# Set to True to enable some debug output
++DEBUG = False
++
++class Entry:
++ def __init__(self, new_s, val):
++ self.st = new_s
++ self.val = val
++ self.offset = 0
++ self.orig_index = 0
++
++ def set_position(self, offset):
++ self.offset = offset
++
++ def set_orig_index(self, orig_index):
++ self.orig_index = orig_index
++
++ def get_str(self):
++ return self.st
++
++ def __repr__(self):
++ return "<Entry st=%s val=%s>" % (self.st, self.val)
++
++ def __str__(self):
++ return "Entry of st=%s, val=%s, offset=%d, orig_index=%d" % \
++ (self.st, self.val, self.offset, self.orig_index)
++
++def output_strings(prefix, outfile):
++ try:
++ # Calculate the position each entry will be in the string
++ index = 0
++ for i in range(len(ENTRIES)):
++ ENTRIES[i].set_position(index)
++ # Increment the index by the length of the name plus 1 for the null
++ # character at the end.
++ index += len(ENTRIES[i].get_str()) + 1
++ # Write out the strings
++ outfile.write("static const char %s_strings[] = \"" % prefix)
++ for i in range(len(ENTRIES)):
++ if (i != 0) and (i % NUM_ENTIRES_IN_LINE == 0):
++ outfile.write('"\n\t"')
++ outfile.write(ENTRIES[i].get_str())
++ if (i != (len(ENTRIES) - 1)):
++ outfile.write('\\0')
++ outfile.write('";\n')
++ except:
++ # If an error is found, raise the exception so the main function can close
++ # and delete the outfile
++ exc_type, exc_obj, exc_tb = sys.exc_info()
++ fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
++ print("Unexpected error in output_strings:", exc_type, fname, exc_tb.tb_lineno)
++ raise
++
++def output_s2i(prefix, outfile, uppercase, lowercase):
++ try:
++ # Check for duplicate values
++ for i in range(len(ENTRIES) - 1):
++ assert (ENTRIES[i].get_str() <= ENTRIES[i + 1].get_str()), "Entries not in the correct order"
++ if (ENTRIES[i].get_str() == ENTRIES[i + 1].get_str()):
++ print("Duplicate value %s: %d, %d" % \
++ (ENTRIES[i].get_str(), ENTRIES[i].val, ENTRIES[i + 1].val))
++ raise
++
++ # Write out the index to value index values
++ outfile.write("static const unsigned %s_s2i_s[] = {" % prefix)
++ for i in range(len(ENTRIES)):
++ if (i % NUM_ENTIRES_IN_LINE == 0):
++ outfile.write('\n\t')
++ outfile.write("%i," % ENTRIES[i].offset)
++ outfile.write('\n};\n')
++
++ # Write out the string to value actual values
++ outfile.write("static const int %s_s2i_i[] = {" % prefix)
++ for i in range(len(ENTRIES)):
++ if (i % NUM_ENTIRES_IN_LINE == 0):
++ outfile.write('\n\t')
++ outfile.write("%i," % ENTRIES[i].val)
++ outfile.write('\n};\n')
++
++ # Verify the strings are all uppercase or lowercase depending on the arguments
++ # passed in
++ if uppercase:
++ for i in range(len(ENTRIES)):
++ assert (all(ord(c) < 128 for c in ENTRIES[i].get_str()) and \
++ ENTRIES[i].get_str().isupper()), "String %s is not uppercase" % ENTRIES[i].get_str()
++ if lowercase:
++ for i in range(len(ENTRIES)):
++ assert (all(ord(c) < 128 for c in ENTRIES[i].get_str()) and \
++ ENTRIES[i].get_str().islower()), "String %s is not lowercase" % ENTRIES[i].get_str()
++ if uppercase or lowercase:
++ outfile.write("static int %s_s2i(const char *s, int *value) {\n" \
++ "\tsize_t len, i;\n" \
++ "\tlen = strlen(s);\n" \
++ "\t{ char copy[len + 1];\n" \
++ "\tfor (i = 0; i < len; i++) {\n" \
++ "\t\tchar c = s[i];\n" % prefix)
++ if uppercase:
++ outfile.write("\t\tcopy[i] = GT_ISLOWER(c) ? c - 'a' + 'A' : c;\n")
++ else:
++ outfile.write("\t\tcopy[i] = GT_ISUPPER(c) ? c - 'A' + 'a' : c;\n")
++ outfile.write("\t}\n" \
++ "\tcopy[i] = 0;\n" \
++ "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %d, copy, value);\n" \
++ "\t}\n" \
++ "}\n" % (prefix, prefix, prefix, len(ENTRIES)))
++ else:
++ outfile.write("static int %s_s2i(const char *s, int *value) {\n" \
++ "\treturn s2i__(%s_strings, %s_s2i_s, %s_s2i_i, %d, s, value);\n" \
++ "}\n" % (prefix, prefix, prefix, prefix, len(ENTRIES)))
++ except:
++ # If an error is found, raise the exception so the main function can close
++ # and delete the outfile
++ exc_type, exc_obj, exc_tb = sys.exc_info()
++ fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
++ print("Unexpected error in output_s2i:", exc_type, fname, exc_tb.tb_lineno)
++ raise
++
++def output_i2s(prefix, outfile, allow_duplicate_ints):
++ try:
++ # Check for duplicate values
++ for i in range(len(ENTRIES) - 1):
++ assert (ENTRIES[i].val <= ENTRIES[i + 1].val), "Entries not in the correct order"
++ if (not allow_duplicate_ints) and (ENTRIES[i].val == ENTRIES[i + 1].val):
++ print("Duplicate value %d: %s, %s" % (ENTRIES[i].val, ENTRIES[i].get_str(), \
++ ENTRIES[i + 1].get_str()))
++ raise
++
++ # Find all of the unique values
++ unique_entries = []
++ for i in range(len(ENTRIES)):
++ # If the unique_entries is empty or the last unique_entries entry is different from the
++ # entry being compared, append the entry
++ if (len(unique_entries) == 0) or (unique_entries[-1].val != ENTRIES[i].val):
++ unique_entries.append(ENTRIES[i])
++
++ # Determine which mapping to use based on the treshold
++ max_val = unique_entries[-1].val
++ min_val = unique_entries[0].val
++ if ((float(max_val - min_val)/len(unique_entries)) <= DIRECT_THRESHOLD):
++ outfile.write("static const unsigned %s_i2s_direct[] = {" % prefix)
++ next_index = min_val
++ i = 0
++ while True:
++ if (((next_index - min_val) % 10) == 0):
++ outfile.write("\n\t")
++ while (unique_entries[i].val < next_index):
++ # This can happen if (allow_duplicate_ints)
++ i += 1
++ if (unique_entries[i].val == next_index):
++ assert(unique_entries[i].offset <= sys.maxint)
++ outfile.write("%i," % unique_entries[i].offset)
++ else:
++ outfile.write("-1u,")
++ if (next_index == max_val):
++ break
++ next_index += 1
++ outfile.write("\n};\nstatic const char *%s_i2s(int v) {\n" \
++ "\treturn i2s_direct__(%s_strings, %s_i2s_direct, %d, %d, v);\n" \
++ "}\n" % (prefix, prefix, prefix, min_val, max_val))
++ else:
++ outfile.write("static const int %s_i2s_i[] = {" % prefix)
++ for i in range(len(unique_entries)):
++ if (i % 10 == 0):
++ outfile.write("\n\t")
++ outfile.write("%i," % unique_entries[i].val)
++ outfile.write("\n};\nstatic const unsigned %s_i2s_s[] = {" % prefix)
++ for i in range(len(unique_entries)):
++ if (i % 10 == 0):
++ outfile.write("\n\t")
++ assert(unique_entries[i].offset <= sys.maxint)
++ outfile.write("%i," % unique_entries[i].offset)
++ outfile.write("\n };\n static const char *%s_i2s(int v) {\n" \
++ "\treturn i2s_bsearch__(%s_strings, %s_i2s_i, %s_i2s_s, %u, v);\n" \
++ "}\n" % (prefix, prefix, prefix, prefix, len(unique_entries)))
++ except:
++ # If an error is found, raise the exception so the main function can close
++ # and delete the outfile
++ exc_type, exc_obj, exc_tb = sys.exc_info()
++ fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
++ print("Unexpected error in output_i2s:", exc_type, fname, exc_tb.tb_lineno)
++ raise
++
++def output_i2s_transtab(prefix, outfile):
++ """
++ Output the string to integer mapping table as a transtab[].
++ values must be sorted in the desired order.
++ """
++ try:
++ outfile.write("static const struct transtab %s_table[] = {" % prefix)
++ for i in range(len(ENTRIES)):
++ if (i % NUM_ENTIRES_IN_LINE == 0):
++ outfile.write('\n\t')
++ outfile.write("{%i,%u}," % (ENTRIES[i].val, ENTRIES[i].offset))
++ outfile.write("\n};\n#define %s_NUM_ENTRIES (sizeof(%s_table) / sizeof(*%s_table))\n" % \
++ (prefix.upper(), prefix, prefix))
++ except:
++ # If an error is found, raise the exception so the main function can close
++ # and delete the outfile
++ exc_type, exc_obj, exc_tb = sys.exc_info()
++ fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
++ print("Unexpected error in output_i2s_transtab:", exc_type, fname, exc_tb.tb_lineno)
++ raise
++
++def lookup_enum(look_str, buf):
++ try:
++ # Pull all of the enums out of the preprocessor output out only once
++ # to help speed up all of the lookups
++ if not hasattr(lookup_enum, "enums"):
++ if DEBUG:
++ print("Pulling out the enums from the preprocessor output")
++ # Regex pattern to parse out the enums from the preprocessor output
++ enum_regex = "enum.*?{(?P<s>.*?)}"
++ lookup_enum.enums = re.findall(enum_regex, buf, flags=(re.M | re.S))
++
++ # find which enum contains the string we are looking for
++ for i in range(len(lookup_enum.enums)):
++ if look_str in lookup_enum.enums[i]:
++ # Determine the value of the variable in the enum
++ enum_string = "enum preproc { " + lookup_enum.enums[i] + " }"
++ enum_string = "".join([line.strip() for line in enum_string])
++ if DEBUG:
++ print("Found %s in %s" % (look_str, enum_string))
++
++ identifier = Word(alphas, alphanums+'_')
++ opt_value = Word(nums, nums+'x+<>/*')
++
++ enum_value = Group(identifier('name') + Optional(Suppress('=') + opt_value('value')))
++ enum_list = Group(enum_value + ZeroOrMore(Suppress(',') + enum_value))
++ enum = Suppress('enum') + identifier('enum') + Suppress('{') + enum_list('list') + \
++ Suppress('}')
++ enum.ignore(cppStyleComment)
++
++ for item, start, stop in enum.scanString(enum_string):
++ temp = 0
++ for entry in item.list:
++ if DEBUG:
++ print("Checking %s against %s" % (look_str, entry.name))
++ if entry.name == look_str:
++ if entry.value != '':
++ # Need to call eval becuase some enums have math in them
++ try:
++ value = eval(entry.value)
++ except:
++ print("Found invalid value %s" % entry.value)
++ else:
++ value = temp
++ if DEBUG:
++ print("Matched the enum name to value %d" % value)
++ return value
++ temp += 1
++ except:
++ exc_type, exc_obj, exc_tb = sys.exc_info()
++ fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
++ print("Unexpected error in output_i2s_transtab:", exc_type, fname, exc_tb.tb_lineno)
++ print("Unable to find enum value")
++ return None
++
++def evaluate_string(eval_str, buf):
++ if DEBUG:
++ print("Evaluating string %s" % eval_str)
++
++ # Regex expression for pulling apart the values in the preprocessor output
++ eval_regex = "(?P<val>\w+)"
++ # Since the string can be anything, it must be parsed into individual parts
++ # and evaluated separately to find any enum values
++ matches = re.findall(eval_regex, eval_str)
++ if len(matches) <= 0:
++ print("Could not find any matches")
++
++ local_s = eval_str
++ value = None
++ i = 0
++ for i in range(len(matches)):
++ try:
++ # If the current item is abled to evaled, there is nothing to do
++ val = eval(matches[i])
++ except:
++ try:
++ # Need to check to see if the last character is a "U" and remove it
++ # if this does not except, a valid number was found
++ if matches[i][-1] == 'U':
++ val = eval(matches[i][:-1])
++ local_s = local_s.replace(matches[i], "%d" % val)
++ else:
++ # Need to do a enum look up for anything that doesnt translate into a number
++ val = lookup_enum(matches[i], buf)
++ if val is not None:
++ local_s = local_s.replace(matches[i], "%d" % val)
++ except:
++ # This case will be hit if the "U" removal fails
++ val = lookup_enum(matches[i], buf)
++ if val is not None:
++ local_s = local_s.replace(matches[i], "%d" % val)
++ try:
++ # This will fail if all of the enums were not found rather
++ # than handling the failues in the above steps
++ # Also, need to convert to a signed 32 bit int for the output value
++ value = ctypes.c_int32(eval(local_s)).value
++ if DEBUG:
++ print("Found value %d for %s" % (value, matches[i]))
++ except:
++ print("Could not parse string %s" % local_s)
++
++ # Verify the mess above resulted in a number being found
++ if value is None:
++ print("Failed to find value for %s" % eval_str)
++ raise
++ return value
++
++def remove_output(outfile):
++ path = outfile.name
++ outfile.close()
++ os.remove(path)
++ sys.exit(1)
++
++def main():
++
++ # Setup the argument parser and parse the arguments given
++ parser = argparse.ArgumentParser(description='Generate tables header files.')
++ parser.add_argument('--i2s', dest='gen_i2s', action='store_true',
++ help='Generate i2s tables')
++ parser.add_argument('--i2s-transtab', dest='gen_i2s_transtab', action='store_true',
++ help='Generate transtab tables')
++ parser.add_argument('--s2i', dest='gen_s2i', action='store_true',
++ help='Generate s2i tables')
++ # Make sure uppercase and lowercase are mutually exclusive
++ group = parser.add_mutually_exclusive_group()
++ group.add_argument('--uppercase', dest='uppercase', action='store_true',
++ help='All characters are uppercase')
++ group.add_argument('--lowercase', dest='lowercase', action='store_true',
++ help='All characters are lowercase')
++ parser.add_argument('--duplicate-ints', dest='allow_duplicate_ints', action='store_true',
++ help='Allow duplicate integers')
++ parser.add_argument('prefix', help='The prefix of the output file to use')
++ parser.add_argument('source', type=argparse.FileType('r'),
++ help='The source of the preprocessor from the compiler')
++ parser.add_argument('output', type=argparse.FileType('w'),
++ help='The output header file')
++ args = parser.parse_args()
++
++ # Regex pattern to parse out the macro and string from the _S calls
++ source_regex = "{ \((?P<val>.*?)\), \(\"(?P<s>\S+)\"\), 0, 0 }"
++
++ # First parse the header file for all of the preprocessor source that need to
++ # be looked up
++ buf = args.source.read()
++ matches = re.findall(source_regex, buf, flags=re.MULTILINE)
++
++ # Check to make sure we have matches
++ if (len(matches) <= 0):
++ print("Failed to find valid source")
++ remove_output(args.output)
++ sys.exit(1)
++
++ try:
++ # Create all of the entry structures
++ global ENTRIES
++ for i in range(len(matches)):
++ ENTRIES.append(Entry(matches[i][1], evaluate_string(matches[i][0], buf)))
++ ENTRIES[i].set_orig_index(i)
++ if DEBUG:
++ print(ENTRIES[i])
++
++ # Sort the entries alphabetically
++ ENTRIES = sorted(ENTRIES, key=attrgetter('st'))
++ # Print out the output header
++ args.output.write("/* This is a generated file, see Makefile.am for its inputs. */\n")
++ output_strings(args.prefix, args.output)
++ if args.gen_s2i:
++ output_s2i(args.prefix, args.output, args.uppercase, args.lowercase)
++ if args.gen_i2s:
++ ENTRIES = sorted(ENTRIES, key=attrgetter('val'))
++ output_i2s(args.prefix, args.output, args.allow_duplicate_ints)
++ if args.gen_i2s_transtab:
++ ENTRIES = sorted(ENTRIES, key=attrgetter('orig_index'))
++ output_i2s_transtab(args.prefix, args.output)
++ except:
++ # On an error, close and remove the file before returning an error
++ print("Failed to write the output file correctly")
++ exc_type, exc_obj, exc_tb = sys.exc_info()
++ fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
++ print("Unexpected error:", exc_type, fname, exc_tb.tb_lineno)
++ remove_output(args.output)
++ sys.exit(1)
++
++if __name__ == '__main__':
++ main()
+diff -urN a/lib/Makefile.am b/lib/Makefile.am
+--- a/lib/Makefile.am 2013-07-29 16:37:01.000000000 -0500
++++ b/lib/Makefile.am 2013-08-19 14:39:58.280509378 -0500
+@@ -40,119 +40,109 @@
+ BUILT_SOURCES = actiontabs.h errtabs.h fieldtabs.h flagtabs.h \
+ ftypetabs.h i386_tables.h ia64_tables.h machinetabs.h \
+ msg_typetabs.h optabs.h ppc_tables.h s390_tables.h \
+- s390x_tables.h x86_64_tables.h
+-if USE_ALPHA
+-BUILT_SOURCES += alpha_tables.h
+-endif
+-if USE_ARMEB
+-BUILT_SOURCES += armeb_tables.h
+-endif
+-if USE_AARCH64
+-BUILT_SOURCES += aarch64_tables.h
+-endif
+-noinst_PROGRAMS = gen_actiontabs_h gen_errtabs_h gen_fieldtabs_h \
++ s390x_tables.h x86_64_tables.h \
++ gen_actiontabs_h gen_errtabs_h gen_fieldtabs_h \
+ gen_flagtabs_h gen_ftypetabs_h gen_i386_tables_h \
+ gen_ia64_tables_h gen_machinetabs_h gen_msg_typetabs_h \
+ gen_optabs_h gen_ppc_tables_h gen_s390_tables_h \
+- gen_s390x_tables_h gen_x86_64_tables_h
++ gen_s390x_tables_h gen_x86_64_tables_h
+ if USE_ALPHA
+-noinst_PROGRAMS += gen_alpha_tables_h
++BUILT_SOURCES += alpha_tables.h gen_alpha_tables_h
+ endif
+ if USE_ARMEB
+-noinst_PROGRAMS += gen_armeb_tables_h
++BUILT_SOURCES += armeb_tables.h gen_armeb_tables_h
+ endif
+ if USE_AARCH64
+-noinst_PROGRAMS += gen_aarch64_tables_h
++BUILT_SOURCES += aarch64_tables.h gen_aarch64_tables_h
+ endif
+-gen_actiontabs_h_SOURCES = gen_tables.c gen_tables.h actiontab.h
+-gen_actiontabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="actiontab.h"'
++
++gen_actiontabs_h: gen_tables.c gen_tables.h actiontab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"actiontab.h\" -E -o $@ gen_tables.c
+ actiontabs.h: gen_actiontabs_h Makefile
+- ./gen_actiontabs_h --lowercase --i2s --s2i action > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i action gen_actiontabs_h $@
+
+ if USE_ALPHA
+-gen_alpha_tables_h_SOURCES = gen_tables.c gen_tables.h alpha_table.h
+-gen_alpha_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="alpha_table.h"'
++gen_alpha_tables_h: gen_tables.c gen_tables.h alpha_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"alpha_table.h\" -E -o $@ gen_tables.c
+ alpha_tables.h: gen_alpha_tables_h Makefile
+- ./gen_alpha_tables_h --lowercase --i2s --s2i alpha_syscall > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i alpha_syscall gen_alpha_tables_h $@
+ endif
+
+ if USE_ARMEB
+-gen_armeb_tables_h_SOURCES = gen_tables.c gen_tables.h armeb_table.h
+-gen_armeb_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="armeb_table.h"'
+-armeb_tables.h: gen_armeb_tables_h Makefile
+- ./gen_armeb_tables_h --lowercase --i2s --s2i armeb_syscall > $@
++gen_armeb_tables_h: gen_tables.c gen_tables.h armeb_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"armeb_table.h\" -E -o $@ gen_tables.c
++armeb_tables.h: gen_armeb_tables_h Makefile
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i armeb_syscall gen_armeb_tables_h $@
+ endif
+
+ if USE_AARCH64
+-gen_aarch64_tables_h_SOURCES = gen_tables.c gen_tables.h aarch64_table.h
+-gen_aarch64_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="aarch64_table.h"'
++gen_aarch64_tables_h: gen_tables.c gen_tables.h aarch64_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"aarch64_table.h\" -E -o $@ gen_tables.c
+ aarch64_tables.h: gen_aarch64_tables_h Makefile
+- ./gen_aarch64_tables_h --lowercase --i2s --s2i aarch64_syscall > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i aarch64_syscall gen_aarch64_tables_h $@
+ endif
+
+-gen_errtabs_h_SOURCES = gen_tables.c gen_tables.h errtab.h
+-gen_errtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="errtab.h"'
++gen_errtabs_h: gen_tables.c gen_tables.h errtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"errtab.h\" -E -o $@ gen_tables.c
+ errtabs.h: gen_errtabs_h Makefile
+- ./gen_errtabs_h --duplicate-ints --uppercase --i2s --s2i err > $@
++ $(PYTHON) gen_tables.py --duplicate-ints --uppercase --i2s --s2i err gen_errtabs_h $@
+
+-gen_fieldtabs_h_SOURCES = gen_tables.c gen_tables.h fieldtab.h
+-gen_fieldtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="fieldtab.h"'
++gen_fieldtabs_h: gen_tables.c gen_tables.h fieldtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"fieldtab.h\" -E -o $@ gen_tables.c
+ fieldtabs.h: gen_fieldtabs_h Makefile
+- ./gen_fieldtabs_h --duplicate-ints --lowercase --i2s --s2i field > $@
++ $(PYTHON) gen_tables.py --duplicate-ints --lowercase --i2s --s2i field gen_fieldtabs_h $@
+
+-gen_flagtabs_h_SOURCES = gen_tables.c gen_tables.h flagtab.h
+-gen_flagtabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="flagtab.h"'
++gen_flagtabs_h: gen_tables.c gen_tables.h flagtab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"flagtab.h\" -E -o $@ gen_tables.c
+ flagtabs.h: gen_flagtabs_h Makefile
+- ./gen_flagtabs_h --lowercase --i2s --s2i flag > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i flag gen_flagtabs_h $@
+
+-gen_ftypetabs_h_SOURCES = gen_tables.c gen_tables.h ftypetab.h
+-gen_ftypetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ftypetab.h"'
++gen_ftypetabs_h: gen_tables.c gen_tables.h ftypetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ftypetab.h\" -E -o $@ gen_tables.c
+ ftypetabs.h: gen_ftypetabs_h Makefile
+- ./gen_ftypetabs_h --lowercase --i2s --s2i ftype > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i ftype gen_ftypetabs_h $@
+
+-gen_i386_tables_h_SOURCES = gen_tables.c gen_tables.h i386_table.h
+-gen_i386_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="i386_table.h"'
++gen_i386_tables_h: gen_tables.c gen_tables.h i386_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"i386_table.h\" -E -o $@ gen_tables.c
+ i386_tables.h: gen_i386_tables_h Makefile
+- ./gen_i386_tables_h --duplicate-ints --lowercase --i2s --s2i \
+- i386_syscall > $@
++ $(PYTHON) gen_tables.py --duplicate-ints --lowercase --i2s --s2i i386_syscall gen_i386_tables_h $@
+
+-gen_ia64_tables_h_SOURCES = gen_tables.c gen_tables.h ia64_table.h
+-gen_ia64_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ia64_table.h"'
++gen_ia64_tables_h: gen_tables.c gen_tables.h ia64_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ia64_table.h\" -E -o $@ gen_tables.c
+ ia64_tables.h: gen_ia64_tables_h Makefile
+- ./gen_ia64_tables_h --lowercase --i2s --s2i ia64_syscall > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i ia64_syscall gen_ia64_tables_h $@
+
+-gen_machinetabs_h_SOURCES = gen_tables.c gen_tables.h machinetab.h
+-gen_machinetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="machinetab.h"'
++gen_machinetabs_h: gen_tables.c gen_tables.h machinetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"machinetab.h\" -E -o $@ gen_tables.c
+ machinetabs.h: gen_machinetabs_h Makefile
+- ./gen_machinetabs_h --duplicate-ints --lowercase --i2s --s2i machine \
+- > $@
++ $(PYTHON) gen_tables.py --duplicate-ints --lowercase --i2s --s2i machine gen_machinetabs_h $@
+
+-gen_msg_typetabs_h_SOURCES = gen_tables.c gen_tables.h msg_typetab.h
+-gen_msg_typetabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="msg_typetab.h"'
++gen_msg_typetabs_h: gen_tables.c gen_tables.h msg_typetab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"msg_typetab.h\" -E -o $@ gen_tables.c
+ msg_typetabs.h: gen_msg_typetabs_h Makefile
+- ./gen_msg_typetabs_h --uppercase --i2s --s2i msg_type > $@
++ $(PYTHON) gen_tables.py --uppercase --i2s --s2i msg_type gen_msg_typetabs_h $@
+
+-gen_optabs_h_SOURCES = gen_tables.c gen_tables.h optab.h
+-gen_optabs_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="optab.h"'
++gen_optabs_h: gen_tables.c gen_tables.h optab.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"optab.h\" -E -o $@ gen_tables.c
+ optabs.h: gen_optabs_h Makefile
+- ./gen_optabs_h --i2s op > $@
++ $(PYTHON) gen_tables.py --i2s op gen_optabs_h $@
+
+-gen_ppc_tables_h_SOURCES = gen_tables.c gen_tables.h ppc_table.h
+-gen_ppc_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="ppc_table.h"'
++gen_ppc_tables_h: gen_tables.c gen_tables.h ppc_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"ppc_table.h\" -E -o $@ gen_tables.c
+ ppc_tables.h: gen_ppc_tables_h Makefile
+- ./gen_ppc_tables_h --lowercase --i2s --s2i ppc_syscall > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i ppc_syscall gen_ppc_tables_h $@
+
+-gen_s390_tables_h_SOURCES = gen_tables.c gen_tables.h s390_table.h
+-gen_s390_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="s390_table.h"'
++gen_s390_tables_h: gen_tables.c gen_tables.h s390_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"s390_table.h\" -E -o $@ gen_tables.c
+ s390_tables.h: gen_s390_tables_h Makefile
+- ./gen_s390_tables_h --lowercase --i2s --s2i s390_syscall > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i s390_syscall gen_s390_tables_h $@
+
+-gen_s390x_tables_h_SOURCES = gen_tables.c gen_tables.h s390x_table.h
+-gen_s390x_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="s390x_table.h"'
++gen_s390x_tables_h: gen_tables.c gen_tables.h s390x_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"s390x_table.h\" -E -o $@ gen_tables.c
+ s390x_tables.h: gen_s390x_tables_h Makefile
+- ./gen_s390x_tables_h --lowercase --i2s --s2i s390x_syscall > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i s390x_syscall gen_s390x_tables_h $@
+
+-gen_x86_64_tables_h_SOURCES = gen_tables.c gen_tables.h x86_64_table.h
+-gen_x86_64_tables_h_CFLAGS = $(AM_CFLAGS) '-DTABLE_H="x86_64_table.h"'
++gen_x86_64_tables_h: gen_tables.c gen_tables.h x86_64_table.h
++ $(CC) $(INCLUDES) $(AM_CFLAGS) $(CFLAGS) -DTABLE_H=\"x86_64_table.h\" -E -o $@ gen_tables.c
+ x86_64_tables.h: gen_x86_64_tables_h Makefile
+- ./gen_x86_64_tables_h --lowercase --i2s --s2i x86_64_syscall > $@
++ $(PYTHON) gen_tables.py --lowercase --i2s --s2i x86_64_syscall gen_x86_64_tables_h $@
diff --git a/package/audit/audit-2.3.1-remove-zos-plugin.patch b/package/audit/audit-2.3.1-remove-zos-plugin.patch
new file mode 100644
index 0000000..6c07402
--- /dev/null
+++ b/package/audit/audit-2.3.1-remove-zos-plugin.patch
@@ -0,0 +1,31 @@
+--- a/audisp/plugins/Makefile.am 2012-08-28 10:33:03.582396601 -0500
++++ b/audisp/plugins/Makefile.am 2012-08-28 10:33:14.162399662 -0500
+@@ -22,7 +22,7 @@
+
+ CONFIG_CLEAN_FILES = *.loT *.rej *.orig
+
+-SUBDIRS = builtins zos-remote remote
++SUBDIRS = builtins remote
+ #SUBDIRS = builtins zos-remote
+ if HAVE_PRELUDE
+ SUBDIRS += prelude
+--- a/audisp/plugins/Makefile.in 2012-08-28 10:33:03.592380390 -0500
++++ b/audisp/plugins/Makefile.in 2012-08-28 10:35:38.482397668 -0500
+@@ -84,7 +84,7 @@
+ distdir
+ ETAGS = etags
+ CTAGS = ctags
+-DIST_SUBDIRS = builtins zos-remote remote prelude
++DIST_SUBDIRS = builtins remote prelude
+ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ am__relativize = \
+ dir0=`pwd`; \
+@@ -242,7 +242,7 @@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ CONFIG_CLEAN_FILES = *.loT *.rej *.orig
+-SUBDIRS = builtins zos-remote remote $(am__append_1)
++SUBDIRS = builtins remote $(am__append_1)
+ all: all-recursive
+
+ .SUFFIXES:
diff --git a/package/audit/audit.mk b/package/audit/audit.mk
new file mode 100644
index 0000000..08f3100
--- /dev/null
+++ b/package/audit/audit.mk
@@ -0,0 +1,61 @@
+#############################################################
+#
+# audit
+#
+#############################################################
+
+AUDIT_VERSION:=2.3.2
+AUDIT_SOURCE:=audit-$(AUDIT_VERSION).tar.gz
+AUDIT_SITE:=http://people.redhat.com/sgrubb/audit/
+AUDIT_DEPENDENCIES = host-python-pyparsing
+AUDIT_LICENSE = GPLv2
+AUDIT_LICENSE_FILES = COPYING
+
+AUDIT_INSTALL_STAGING = YES
+AUDIT_INSTALL_TARGET = YES
+
+AUDIT_AUTORECONF = YES
+AUDIT_AUTORECONF_OPT = -i -s -I m4
+
+# Audit will be looking for applications to be in the root
+# /sbin folder rather than in /usr/sbin folder
+AUDIT_CONF_OPT += --sbindir=/sbin
+
+ifeq ($(BR2_PACKAGE_AUDIT_PYTHON_BINDINGS),y)
+ AUDIT_DEPENDENCIES += python
+ AUDIT_CONF_OPT += --with-python=yes
+else
+ AUDIT_CONF_OPT += --with-python=no
+endif
+
+ifeq ($(BR2_PACKAGE_AUDIT_LIBCAP_NG),y)
+ AUDIT_DEPENDENCIES += libcap-ng
+ AUDIT_CONF_OPT += --with-libcap-ng=yes
+else
+ AUDIT_CONF_OPT += --with-libcap-ng=no
+endif
+
+ifeq ($(BR2_armeb),y)
+ AUDIT_CONF_OPT += --with-armeb
+endif
+ifeq ($(BR2_arm),y)
+ AUDIT_CONF_OPT += --with-armeb
+endif
+ifeq ($(BR2_aarch64),y)
+ AUDIT_CONF_OPT += --with-aarch64
+endif
+
+ifeq ($(BR2_PREFER_STATIC_LIB),y)
+ AUDIT_CONF_OPT += --enable-shared=no
+else
+ AUDIT_CONF_OPT += --enable-static=no
+endif
+
+define AUDIT_REPLACE_STARTUP_SCRIPT
+ $(INSTALL) -m 755 package/audit/S14auditd $(TARGET_DIR)/etc/init.d/
+ rm -rf $(TARGET_DIR)/etc/rc.d/
+endef
+
+AUDIT_POST_INSTALL_TARGET_HOOKS += AUDIT_REPLACE_STARTUP_SCRIPT
+
+$(eval $(autotools-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 14/17] shadow: new package
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (12 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 13/17] audit: new package Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 15/17] pcre: Add host build support Clayton Shotwell
` (3 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/Config.in | 3 ++
package/shadow/Config.in | 13 +++++++++++
package/shadow/shadow.mk | 53 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 69 insertions(+), 0 deletions(-)
create mode 100644 package/shadow/Config.in
create mode 100644 package/shadow/shadow.mk
diff --git a/package/Config.in b/package/Config.in
index a032e5e..1e44e54 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -891,6 +891,9 @@ source "package/lockfile-progs/Config.in"
source "package/logrotate/Config.in"
source "package/logsurfer/Config.in"
source "package/screen/Config.in"
+if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
+source "package/shadow/Config.in"
+endif
source "package/sudo/Config.in"
if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
source "package/time/Config.in"
diff --git a/package/shadow/Config.in b/package/shadow/Config.in
new file mode 100644
index 0000000..5692ac6
--- /dev/null
+++ b/package/shadow/Config.in
@@ -0,0 +1,13 @@
+config BR2_PACKAGE_SHADOW
+ bool "shadow"
+ help
+ The shadow-utils package includes the necessary programs for
+ converting UNIX password files to the shadow password format, plus
+ programs for managing user and group accounts. The pwconv command
+ converts passwords to the shadow password format. The pwunconv command
+ unconverts shadow passwords and generates an npasswd file (a standard
+ UNIX password file). The pwck command checks the integrity of password
+ and shadow files. The lastlog command prints out the last login times
+ for all users. The useradd, userdel, and usermod commands are used for
+ managing user accounts. The groupadd, groupdel, and groupmod commands
+ are used for managing group accounts.
diff --git a/package/shadow/shadow.mk b/package/shadow/shadow.mk
new file mode 100644
index 0000000..2ad66ec
--- /dev/null
+++ b/package/shadow/shadow.mk
@@ -0,0 +1,53 @@
+################################################################################
+#
+# shadow
+#
+################################################################################
+SHADOW_VERSION = 4.1.5.1
+SHADOW_SOURCE = shadow-$(SHADOW_VERSION).tar.bz2
+SHADOW_SITE = http://pkg-shadow.alioth.debian.org/releases/
+SHADOW_LICENSE = BSD
+SHADOW_LICENSE_FILES = COPYING
+SHADOW_DEPENDENCIES = acl attr busybox
+
+SHADOW_INSTALL_STAGING = NO
+SHADOW_INSTALL_TARGET = YES
+
+SHADOW_CONF_OPT = --disable-nls
+
+# Shadow configuration to support SE Linux audit
+ifeq ($(BR2_PACKAGE_AUDIT),y)
+SHADOW_DEPENDENCIES += audit
+SHADOW_CONF_OPT += --with-audit=yes
+endif
+
+# Shawdow with linux-pam support
+ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
+SHADOW_DEPENDENCIES += linux-pam
+SHADOW_CONF_OPT += --with-libpam=yes
+endif
+
+# Shadow with selinux support
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+SHADOW_DEPENDENCIES += libselinux libsemanage
+SHADOW_CONF_OPT += --with-selinux=yes
+endif
+
+define SHADOW_MAN_CLEANUP
+ rm -rf $(TARGET_DIR)/usr/share/man
+endef
+
+# Comment out all config entries that conflict with using PAM
+define SHADOW_LOGIN_CONFIGURATION
+ for FUNCTION in FAIL_DELAY FAILLOG_ENAB LASTLOG_ENAB MAIL_CHECK_ENAB \
+ OBSCURE_CHECKS_ENAB PORTTIME_CHECKS_ENAB QUOTAS_ENAB CONSOLE MOTD_FILE \
+ FTMP_FILE NOLOGINS_FILE ENV_HZ PASS_MIN_LEN SU_WHEEL_ONLY CRACKLIB_DICTPATH \
+ PASS_CHANGE_TRIES PASS_ALWAYS_WARN CHFN_AUTH ENCRYPT_METHOD ENVIRON_FILE ; \
+ do \
+ sed -i "s/^$${FUNCTION}/# &/" $(TARGET_DIR)/etc/login.defs ; \
+ done
+endef
+
+SHADOW_POST_INSTALL_TARGET_HOOKS += SHADOW_MAN_CLEANUP SHADOW_LOGIN_CONFIGURATION
+
+$(eval $(autotools-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 15/17] pcre: Add host build support
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (13 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 14/17] shadow: " Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 16/17] bzip2: Add host build shared library installation Clayton Shotwell
` (2 subsequent siblings)
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/pcre/pcre.mk | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/package/pcre/pcre.mk b/package/pcre/pcre.mk
index bf86a3d..1b59dbc 100644
--- a/package/pcre/pcre.mk
+++ b/package/pcre/pcre.mk
@@ -21,3 +21,4 @@ PCRE_CONF_OPT += $(if $(BR2_PACKAGE_PCRE_16),--enable-pcre16,--disable-pcre16)
PCRE_CONF_OPT += $(if $(BR2_PACKAGE_PCRE_32),--enable-pcre32,--disable-pcre32)
$(eval $(autotools-package))
+$(eval $(host-autotools-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 16/17] bzip2: Add host build shared library installation
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (14 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 15/17] pcre: Add host build support Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 17/17] sqlite: Add host build support Clayton Shotwell
2013-09-06 17:49 ` [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Thomas Petazzoni
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/bzip2/bzip2.mk | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/package/bzip2/bzip2.mk b/package/bzip2/bzip2.mk
index 45d5108..5876837 100644
--- a/package/bzip2/bzip2.mk
+++ b/package/bzip2/bzip2.mk
@@ -71,6 +71,8 @@ endef
define HOST_BZIP2_INSTALL_CMDS
$(HOST_MAKE_ENV) \
$(MAKE) PREFIX=$(HOST_DIR)/usr -C $(@D) install
+ $(HOST_MAKE_ENV) $(MAKE) \
+ -f Makefile-libbz2_so PREFIX=$(HOST_DIR)/usr -C $(@D) install
endef
$(eval $(generic-package))
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 17/17] sqlite: Add host build support
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (15 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 16/17] bzip2: Add host build shared library installation Clayton Shotwell
@ 2013-09-04 23:09 ` Clayton Shotwell
2013-09-06 17:49 ` [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Thomas Petazzoni
17 siblings, 0 replies; 34+ messages in thread
From: Clayton Shotwell @ 2013-09-04 23:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Clayton Shotwell <clshotwe@rockwellcollins.com>
---
package/sqlite/sqlite.mk | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/package/sqlite/sqlite.mk b/package/sqlite/sqlite.mk
index d474619..4d93172 100644
--- a/package/sqlite/sqlite.mk
+++ b/package/sqlite/sqlite.mk
@@ -68,3 +68,4 @@ define SQLITE_UNINSTALL_STAGING_CMDS
endef
$(eval $(autotools-package))
+$(eval $(host-autotools-package))
\ No newline at end of file
--
1.7.1
^ permalink raw reply related [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 00/17] SELinux Buildroot Additions
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
` (16 preceding siblings ...)
2013-09-04 23:09 ` [Buildroot] [PATCH 17/17] sqlite: Add host build support Clayton Shotwell
@ 2013-09-06 17:49 ` Thomas Petazzoni
2013-09-06 18:07 ` Ryan Barnett
17 siblings, 1 reply; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-06 17:49 UTC (permalink / raw)
To: buildroot
Dear Clayton Shotwell,
On Wed, 4 Sep 2013 18:09:39 -0500, Clayton Shotwell wrote:
> Submitting an initial patch set to add SELinux support to Buildroot.
> This patch set adds packages required for an SELinux system along with
> the packages needed to build them.
Thanks Clayton for these patches. They are definitely interesting, but
as you've seen they are also quite big and therefore will take a bit of
time to review and get merged.
In order to ease the review process, would it be possible to get a
short introduction to SELinux, and especially what tools are needed on
the host, what tools are needed on the target? I'm especially
interested in understanding why/if we need all this Python stuff on the
target.
So essentially, having an overview of the patch series would be nice:
what the various packages are doing (you can skip the basic stuff like
ustr), and how they "interact" with each other.
Thanks a lot again for this contribution!
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 34+ messages in thread* [Buildroot] [PATCH 00/17] SELinux Buildroot Additions
2013-09-06 17:49 ` [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Thomas Petazzoni
@ 2013-09-06 18:07 ` Ryan Barnett
2013-09-07 10:44 ` Thomas Petazzoni
0 siblings, 1 reply; 34+ messages in thread
From: Ryan Barnett @ 2013-09-06 18:07 UTC (permalink / raw)
To: buildroot
Thomas,
Clayton and I have been going back and forth on how best to do this, as
the next set of patch that we want to release provides information on
SELinux.
You had provided feedback to Clayton on options for providing this
information
and I think it was agreed upon that the manual will be the best place for
this.
Is this correct?
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on 09/06/2013
12:49:03 PM:
> Dear Clayton Shotwell,
>
> On Wed, 4 Sep 2013 18:09:39 -0500, Clayton Shotwell wrote:
> > Submitting an initial patch set to add SELinux support to Buildroot.
> > This patch set adds packages required for an SELinux system along with
> > the packages needed to build them.
>
> Thanks Clayton for these patches. They are definitely interesting, but
> as you've seen they are also quite big and therefore will take a bit of
> time to review and get merged.
>
> In order to ease the review process, would it be possible to get a
> short introduction to SELinux, and especially what tools are needed on
> the host, what tools are needed on the target? I'm especially
> interested in understanding why/if we need all this Python stuff on the
> target.
I believe the best way to answer to questions above about is add to the
manual.
As this way that we won't have to necessarily duplicate work (and
motivates us
to create the documentation). So hopefully by the middle of the week next
week
we can submit some documentation.
Where would you like this documentation placed? Also how does one go about
adding
to the manual (I can't seem to find anything in the manual)? Or do we want
to place
this information on the buildroot wiki?
>
> So essentially, having an overview of the patch series would be nice:
> what the various packages are doing (you can skip the basic stuff like
> ustr), and how they "interact" with each other.
>
> Thanks a lot again for this contribution!
Ryan J Barnett / Software Engineer / Platform SW
MS 137-157, 855 35th St NE, Cedar Rapids, IA, 52498-3161, US
Phone: 319-263-3880 / VPN: 263-3880
rjbarnet at rockwellcollins.com
www.rockwellcollins.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130906/6b51d6f2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2004 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130906/6b51d6f2/attachment-0001.gif>
^ permalink raw reply [flat|nested] 34+ messages in thread
* [Buildroot] [PATCH 00/17] SELinux Buildroot Additions
2013-09-06 18:07 ` Ryan Barnett
@ 2013-09-07 10:44 ` Thomas Petazzoni
0 siblings, 0 replies; 34+ messages in thread
From: Thomas Petazzoni @ 2013-09-07 10:44 UTC (permalink / raw)
To: buildroot
Dear Ryan Barnett,
On Fri, 6 Sep 2013 13:07:44 -0500, Ryan Barnett wrote:
> Clayton and I have been going back and forth on how best to do this, as
> the next set of patch that we want to release provides information on
> SELinux.
> You had provided feedback to Clayton on options for providing this
> information
> and I think it was agreed upon that the manual will be the best place for
> this.
> Is this correct?
This is correct.
> > In order to ease the review process, would it be possible to get a
> > short introduction to SELinux, and especially what tools are needed on
> > the host, what tools are needed on the target? I'm especially
> > interested in understanding why/if we need all this Python stuff on the
> > target.
>
> I believe the best way to answer to questions above about is add to the
> manual.
> As this way that we won't have to necessarily duplicate work (and
> motivates us
> to create the documentation). So hopefully by the middle of the week next
> week
> we can submit some documentation.
That would be good. However, I am not sure the questions I am asking
here match exactly what should be in the documentation. In the
documentation, we should explain how a Buildroot user can enable
SELinux support and make use of it on the target. While my questions
certainly overlap some of this, I believe we also need a few more
details of the internals to roughly understand what the different
packages are doing.
> Where would you like this documentation placed? Also how does one go about
> adding
> to the manual (I can't seem to find anything in the manual)? Or do we want
> to place
> this information on the buildroot wiki?
I believe the manual is a better place than the Buildroot Wiki. For
now, we've usually stored this kind of additional informations in the
"Details on Buildroot configuration" section. So something like:
diff --git a/docs/manual/configure.txt b/docs/manual/configure.txt
index 56b0469..0fc66c9 100644
--- a/docs/manual/configure.txt
+++ b/docs/manual/configure.txt
@@ -430,3 +430,8 @@ can be chosen from +System configuration+, +Init system+:
The solution recommended by Buildroot developers is to use the
*Busybox init* as it is sufficient for most embedded
systems. *systemd* can be used for more complex situations.
+
+SELinux support
+~~~~~~~~~~~~~~~
+
+Here put some details about the SELinux support.
Thanks,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply related [flat|nested] 34+ messages in thread
