Revision eb34a92f
Added by Lukas Zapletal about 8 years ago
| .gitignore | ||
|---|---|---|
|
pkg/
|
||
|
tmp/
|
||
|
local-tmp/
|
||
|
*.pp
|
||
|
*.pp.bz2
|
||
|
*.pp*
|
||
|
*.pod
|
||
|
*.8
|
||
|
foreman-proxy-selinux-enable
|
||
| Makefile | ||
|---|---|---|
|
.PHONY: clean remote-load
|
||
|
.PHONY: clean remote-load load reload
|
||
|
|
||
|
INSTPREFIX=
|
||
|
VARIANT=targeted
|
||
| ... | ... | |
|
TMPDIR=local-tmp-foreman
|
||
|
|
||
|
ifndef DISTRO
|
||
|
$(error Set the DISTRO variable e.g. rhel7 or fedora21)
|
||
|
$(error *** Set the DISTRO variable e.g. rhel7 or fedora21 ***)
|
||
|
endif
|
||
|
|
||
|
ifneq ("$(wildcard /usr/share/selinux/devel/include/*/docker.if)","")
|
||
|
export M4PARAM += -D has_docker
|
||
|
else
|
||
|
ifneq ($(DISTRO),rhel6)
|
||
|
$(error *** Interface docker.if not present, cannot continue ***)
|
||
|
endif
|
||
|
endif
|
||
|
|
||
|
all: policies all-data
|
||
|
|
||
|
load: \
|
||
|
foreman.pp.load.tmp \
|
||
|
foreman-proxy.pp.load.tmp
|
||
|
|
||
|
policies: \
|
||
|
foreman.pp.bz2 \
|
||
|
foreman-proxy.pp.bz2
|
||
| ... | ... | |
|
bash $< "foreman-proxy" > $@
|
||
|
|
||
|
%.pp: %.te
|
||
|
-mkdir ${TMPDIR} || rm -rf ${TMPDIR}/*
|
||
|
cp $< ${<:.te=.fc} $< ${<:.te=.if} ${TMPDIR}/
|
||
|
-rm -rf ${TMPDIR} 2>/dev/null
|
||
|
-mkdir ${TMPDIR} 2>/dev/null
|
||
|
cp $< ${<:.te=.fc} ${<:.te=.if} ${TMPDIR}/
|
||
|
sed -i 's/@@VERSION@@/${VERSION}/' ${TMPDIR}/*.te
|
||
|
make -C ${TMPDIR} -f /usr/share/selinux/devel/Makefile NAME=${VARIANT} DISTRO=$(DISTRO)
|
||
|
$(MAKE) -C ${TMPDIR} -f /usr/share/selinux/devel/Makefile NAME=${VARIANT} DISTRO=$(DISTRO)
|
||
|
mv ${TMPDIR}/$@ .
|
||
|
|
||
|
%.pp.load.tmp: %.pp
|
||
|
$(info ************ LOADING MODULE $< ************)
|
||
|
semodule -i $<
|
||
|
touch $@
|
||
|
|
||
|
reload: clean load
|
||
|
|
||
|
%.pp.bz2: %.pp
|
||
|
bzip2 -c9 ${@:.bz2=} > $@
|
||
|
|
||
| ... | ... | |
|
remote-load:
|
||
|
ifdef HOST
|
||
|
-rsync -qrav . --delete -e ssh --exclude .git ${HOST}:${TMPDIR}/
|
||
|
ssh ${HOST} 'cd ${TMPDIR} && sed -i s/@@VERSION@@/${VERSION}/ *.te && make -f /usr/share/selinux/devel/Makefile load DISTRO=${DISTRO}'
|
||
|
ssh ${HOST} 'cd ${TMPDIR} && sed -i s/@@VERSION@@/${VERSION}/ *.te && make reload DISTRO=${DISTRO}'
|
||
|
else
|
||
|
$(error You need to define your remote ssh hostname as HOST)
|
||
|
endif
|
||
|
|
||
|
clean:
|
||
|
rm -rf *.pp *.pp.bz2 tmp/ local-tmp/ *.8 foreman-*-selinux-enable foreman-*-selinux-disable
|
||
|
rm -rf *.pp* *.pp.bz2 tmp/ local-tmp/ *.8 foreman-*-selinux-enable foreman-*-selinux-disable
|
||
| foreman.te | ||
|---|---|---|
|
|
||
|
policy_module(foreman, @@VERSION@@)
|
||
|
|
||
|
#######################################
|
||
|
#
|
||
|
# Definitions
|
||
|
#
|
||
|
# This defines set of special (unused) types which are used for easier detection
|
||
|
# what definitions the policy was compiled with. Use seinfo -tTYPE to find
|
||
|
# particular flag.
|
||
|
#
|
||
|
|
||
|
ifdef(`has_docker', `
|
||
|
type foreman_has_docker_defined_t;
|
||
|
')
|
||
|
|
||
|
#######################################
|
||
|
#
|
||
|
# Declarations
|
||
| ... | ... | |
|
|
||
|
optional_policy(`
|
||
|
tunable_policy(`passenger_can_connect_docker_unix',`
|
||
|
ifndef(`distro_rhel6', `
|
||
|
ifdef(`has_docker', `
|
||
|
docker_stream_connect(passenger_t)
|
||
|
')
|
||
|
')
|
||
Also available in: Unified diff
fixes #13502 - introduced has_docker definition
We fail hard when docker is not present because it was part of core policy
and was moved to separate package in RHEL 7.2. We might change this to a
warning in future major release of RHEL.