diff --git a/refpolicy/Makefile b/refpolicy/Makefile index b7d13b8..e2bebb5 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -204,7 +204,7 @@ $(MODDIR)/kernel/corenetwork.if: $(MODDIR)/kernel/corenetwork.if.m4 $(MODDIR)/ke @echo "#" >> $@ $(QUIET) cat $(MODDIR)/kernel/corenetwork.if.in >> $@ $(QUIET) egrep "^[[:blank:]]*network_(interface|node|port)\(.*\)" $(@:.if=.te).in \ - | m4 -D monolithic_policy $(M4PARAM) $(M4SUPPORT) $(MODDIR)/kernel/corenetwork.if.m4 - \ + | m4 -D self_contained_policy $(M4PARAM) $(M4SUPPORT) $(MODDIR)/kernel/corenetwork.if.m4 - \ | sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/kernel/corenetwork.te.in @@ -212,7 +212,7 @@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/ke @echo "# This is a generated file! Instead of modifying this file, the" >> $@ @echo "# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@ @echo "#" >> $@ - $(QUIET) m4 -D monolithic_policy $(M4PARAM) $(M4SUPPORT) $^ \ + $(QUIET) m4 -D self_contained_policy $(M4PARAM) $(M4SUPPORT) $^ \ | sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@ ######################################## @@ -261,7 +261,7 @@ $(USERPATH)/system.users: $(USER_FILES) tmp/generated_definitions.conf @echo "# This file is replaced on reinstalls of this policy." >> tmp/system.users @echo "# Please edit local.users to make local changes." >> tmp/system.users @echo "#" >> tmp/system.users - $(QUIET) m4 -D monolithic_policy $(M4PARAM) tmp/generated_definitions.conf $(USER_FILES) | \ + $(QUIET) m4 -D self_contained_policy $(M4PARAM) tmp/generated_definitions.conf $(USER_FILES) | \ egrep -v "^[[:space:]]*($$|#)" >> tmp/system.users $(QUIET) install -m 644 tmp/system.users $@ diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular index d8debf5..5a09de9 100644 --- a/refpolicy/Rules.modular +++ b/refpolicy/Rules.modular @@ -61,7 +61,7 @@ tmp/base.mod: base.conf base.conf: $(BASE_SECTIONS) @echo "Creating $(NAME) base module policy.conf" # checkpolicy can use the #line directives provided by -s for error reporting: - $(QUIET) m4 -D monolithic_policy $(M4PARAM) -s $^ > tmp/$@.tmp + $(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp $(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@ # the ordering of these ocontexts matters: $(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic index 7153e1e..ac7fede 100644 --- a/refpolicy/Rules.monolithic +++ b/refpolicy/Rules.monolithic @@ -78,7 +78,7 @@ reload tmp/load: $(LOADPATH) $(FCPATH) policy.conf: $(POLICY_SECTIONS) @echo "Creating $(NAME) policy.conf" # checkpolicy can use the #line directives provided by -s for error reporting: - $(QUIET) m4 -D monolithic_policy $(M4PARAM) -s $^ > tmp/$@.tmp + $(QUIET) m4 -D self_contained_policy $(M4PARAM) -s $^ > tmp/$@.tmp $(QUIET) sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < tmp/$@.tmp > $@ # the ordering of these ocontexts matters: $(QUIET) grep ^portcon tmp/$@.tmp >> $@ || true diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te index 0c5d65e..00da42c 100644 --- a/refpolicy/policy/modules/system/locallogin.te +++ b/refpolicy/policy/modules/system/locallogin.te @@ -262,10 +262,8 @@ userdom_search_staff_home_dir(sulogin_t) userdom_search_sysadm_home_dir(sulogin_t) # suse and debian do not use pam with sulogin... -ifdef(`monolithic_policy',` - ifdef(`distro_suse', `define(`sulogin_no_pam')') - ifdef(`distro_debian', `define(`sulogin_no_pam')') -') +ifdef(`distro_suse', `define(`sulogin_no_pam')') +ifdef(`distro_debian', `define(`sulogin_no_pam')') ifdef(`sulogin_no_pam', ` allow sulogin_t self:capability sys_tty_config; diff --git a/refpolicy/policy/support/loadable_module.spt b/refpolicy/policy/support/loadable_module.spt index 787957e..244acc0 100644 --- a/refpolicy/policy/support/loadable_module.spt +++ b/refpolicy/policy/support/loadable_module.spt @@ -9,7 +9,7 @@ # For adding the module statement # define(`policy_module',` - ifdef(`monolithic_policy',`',` + ifdef(`self_contained_policy',`',` module $1 $2; require { all_kernel_class_perms } @@ -21,7 +21,7 @@ define(`policy_module',` # For use in interfaces, to optionally insert a require block # define(`gen_require',` - ifdef(`monolithic_policy',`',` + ifdef(`self_contained_policy',`',` define(`in_gen_require_block') require { $1 @@ -83,7 +83,7 @@ define(`policy_call_depth',0) # Optional policy handling # define(`optional_policy',` - ifdef(`monolithic_policy',` + ifdef(`self_contained_policy',` ifdef(`$1',`$2',`$3') ',` optional { @@ -110,18 +110,18 @@ define(`dflt_or_overr',`ifdef(`$1',$1,$2)') # define(`gen_tunable',` ifdef(`in_gen_require_block',` - ifdef(`monolithic_policy',` + ifdef(`self_contained_policy',` bool $1; ',` # loadable module tunable - # declaration will go here + # require will go here # instead of bool when # loadable modules support # tunables bool $1; ') ',` - ifdef(`monolithic_policy',` + ifdef(`self_contained_policy',` bool $1 dflt_or_overr(`$1'_conf,$2); ',` # loadable module tunable @@ -139,7 +139,7 @@ define(`gen_tunable',` # Tunable policy handling # define(`tunable_policy',` - ifdef(`monolithic_policy',` + ifdef(`self_contained_policy',` if (`$1') { $2 } else {