Integrate SELinux policy into build system

Hook up the new policy to autoconf and automake. Signed-off-by: Christian Heimes <[email protected]> Reviewed-By: Christian Heimes <[email protected]>
progier389 · Mar 5, 2020 · 9288901 · 9288901
1 parent 5b573bb
commit 9288901
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -182,3 +182,7 @@ ipatests/i18n.py
 ipatests/ipa-run-tests
 ipatests/ipa-test-config
 ipatests/ipa-test-task
+
+selinux/tmp
+selinux/*.pp
+selinux/*.pp.bz2
diff --git a/Makefile.am b/Makefile.am
@@ -4,7 +4,7 @@ ACLOCAL_AMFLAGS = -I m4
 
 if ENABLE_SERVER
     IPASERVER_SUBDIRS = ipaserver
-    SERVER_SUBDIRS = daemons init install
+    SERVER_SUBDIRS = daemons init install selinux
 endif
 
 if WITH_IPATESTS

diff --git a/configure.ac b/configure.ac
@@ -578,6 +578,7 @@ AC_CONFIG_FILES([
     pypi/ipatests/Makefile
     po/Makefile.in
     po/Makefile.hack
+    selinux/Makefile
     util/Makefile
 ])
 

diff --git a/freeipa.spec.in b/freeipa.spec.in
@@ -367,7 +367,7 @@ Requires: sssd-dbus >= %{sssd_version}
 # This ensures that the *-selinux package and all it’s dependencies are not pulled
 # into containers and other systems that do not use SELinux
 Requires:       (%{name}-selinux if selinux-policy-%{selinuxtype})
-%endif # if with_selinux
+%endif
 
 Provides: %{alt_name}-server = %{version}
 Conflicts: %{alt_name}-server
@@ -870,11 +870,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/cron.d
 # ONLY_CLIENT
 %endif
 
-%if 0%{?with_selinux}
-install -D -m 0644 selinux/%{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
-# with_selinux
-%endif
-
 %clean
 rm -rf %{buildroot}
 

diff --git a/selinux/Makefile.am b/selinux/Makefile.am
@@ -0,0 +1,35 @@
+SELINUXTYPE = targeted
+NULL =
+
+if BUILD_SELINUX_POLICY
+MODULE = ipa.pp.bz2
+MODULE_IF = ipa.if
+else
+MODULE =
+MODULE_IF =
+endif
+
+dist_noinst_DATA =	\
+	ipa.fc			\
+	ipa.if			\
+	ipa.te			\
+	$(NULL)
+
+# selinuxincludedir = $(datarootdir)/selinux/devel/include/contrib
+# nodist_selinuxinclude_DATA = \
+#	$(MODULE_IF)			\
+#	$(NULL)
+
+selinuxpolicydir = $(datarootdir)/selinux/packages/$(SELINUXTYPE)
+nodist_selinuxpolicy_DATA =	\
+	$(MODULE)				\
+	$(NULL)
+
+%.pp.bz2: %.pp
+	bzip2 -f -9 $^
+
+%.pp: %.te %.fc %.if
+	make -f $(selinux_makefile) $@
+
+clean-local:
+	rm -f *~  *.tc *.pp *.pp.bz2
diff --git a/server.m4 b/server.m4
@@ -168,3 +168,15 @@ AC_ARG_WITH([systemdtmpfilesdir],
         [systemdtmpfilesdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=tmpfilesdir systemd)])
 AC_SUBST([systemdtmpfilesdir])
 
+dnl ---------------------------------------------------------------------------
+dnl - Check for SELinux policy devel
+dnl ---------------------------------------------------------------------------
+
+selinux_makefile=/usr/share/selinux/devel/Makefile
+AC_SUBST([selinux_makefile])
+
+AC_CHECK_FILE([$selinux_makefile],
+              [build_selinux=yes],
+              [build_selinux=no])
+
+AM_CONDITIONAL(BUILD_SELINUX_POLICY, test x$build_selinux = xyes)