diff --git a/.cvsignore b/.cvsignore
index 035b1bc..ddb2541 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -44,3 +44,4 @@ serefpolicy-2.2.16.tgz
serefpolicy-2.2.17.tgz
serefpolicy-2.2.18.tgz
serefpolicy-2.2.19.tgz
+serefpolicy-2.2.20.tgz
diff --git a/Makefile.devel b/Makefile.devel
index 00cefe2..a77a763 100644
--- a/Makefile.devel
+++ b/Makefile.devel
@@ -1,192 +1,17 @@
# installation paths
-SHAREDIR := $(PREFIX)/share/selinux
-HEADERDIR := $(SHAREDIR)/refpolicy/include
+SHAREDIR := /usr/share/selinux
+HEADERDIR := $(SHAREDIR)/devel/include
-include $(HEADERDIR)/build.conf
-
-# executables
-PREFIX := /usr
-BINDIR := $(PREFIX)/bin
-SBINDIR := $(PREFIX)/sbin
-CHECKMODULE := $(BINDIR)/checkmodule
-SEMODULE := $(SBINDIR)/semodule
-SEMOD_PKG := $(BINDIR)/semodule_package
-XMLLINT := $(BINDIR)/xmllint
-
-# helper tools
AWK ?= gawk
-INSTALL ?= install
-M4 ?= m4
-SED ?= sed
-EINFO ?= echo
-PYTHON ?= python
+NAME ?= $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)
-# set default build options if missing
-NAME ?= $(shell . /etc/selinux/config; echo $$SELINUXTYPE)
MLSENABLED := $(shell cat /selinux/mls)
ifeq ($(MLSENABLED),1)
MCSFLAG=-mcs
endif
TYPE ?= $(NAME)${MCSFLAG}
-DIRECT_INITRC ?= n
-POLY ?= n
-QUIET ?= y
-
-genxml := $(PYTHON) $(HEADERDIR)/support/segenxml.py
-
-docs = doc
-polxml = $(docs)/policy.xml
-xmldtd = $(HEADERDIR)/support/policy.dtd
-layerxml = metadata.xml
-
-globaltun = $(HEADERDIR)/global_tunables.xml
-globalbool = $(HEADERDIR)/global_booleans.xml
-
-# compile strict policy if requested.
-ifneq ($(findstring strict,$(TYPE)),)
- M4PARAM += -D strict_policy
-endif
-
-# compile targeted policy if requested.
-ifneq ($(findstring targeted,$(TYPE)),)
- M4PARAM += -D targeted_policy
-endif
-
-# enable MLS if requested.
-ifneq ($(findstring -mls,$(TYPE)),)
- M4PARAM += -D enable_mls
- CHECKPOLICY += -M
- CHECKMODULE += -M
-endif
-
-# enable MLS if MCS requested.
-ifneq ($(findstring -mcs,$(TYPE)),)
- M4PARAM += -D enable_mcs
- CHECKPOLICY += -M
- CHECKMODULE += -M
-endif
-
-# enable distribution-specific policy
-ifneq ($(DISTRO),)
- M4PARAM += -D distro_$(DISTRO)
-endif
-
-# enable polyinstantiation
-ifeq ($(POLY),y)
- M4PARAM += -D enable_polyinstantiation
-endif
-
-ifeq ($(DIRECT_INITRC),y)
- M4PARAM += -D direct_sysadm_daemon
-endif
-
-ifeq ($(QUIET),y)
- verbose := @
-endif
-
-M4PARAM += -D hide_broken_symptoms
-
-# policy headers
-m4support = $(wildcard $(HEADERDIR)/support/*.spt)
-all_layers = $(filter-out $(HEADERDIR)/support,$(shell find $(wildcard $(HEADERDIR)/*) -maxdepth 0 -type d))
-all_interfaces = $(foreach layer,$(all_layers),$(wildcard $(layer)/*.if))
-rolemap = $(HEADERDIR)/rolemap
-
-detected_layers = $(filter-out CVS tmp $(docs),$(shell find $(wildcard *) -maxdepth 0 -type d))
-3rd_party_mods = $(wildcard *.te)
-3rd_party_ifs = $(3rd_party_mods:.te=.if)
-detected_mods = $(3rd_party_mods) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.te))
-detected_ifs = $(3rd_party_ifs) $(foreach layer,$(detected_layers),$(wildcard $(layer)/*.if))
-all_packages = $(notdir $(detected_mods:.te=.pp))
-
-vpath %.te $(detected_layers)
-vpath %.if $(detected_layers)
-vpath %.fc $(detected_layers)
-
-# if there are modules in the current directory, add them into the third party layer
-ifneq "$(3rd_party_ifs)" ""
- genxml += -3 .
-endif
-
-########################################
-#
-# Functions
-#
-
-# parse-rolemap modulename,outputfile
-define parse-rolemap
- $(verbose) $(M4) $(M4PARAM) $(rolemap) | \
- $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
-endef
-
-# peruser-expansion modulename,outputfile
-define peruser-expansion
- $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
- $(call parse-rolemap,$1,$2)
- $(verbose) echo "')" >> $2
-endef
-
-.PHONY: clean all xml
-.SUFFIXES:
-.SUFFIXES: .pp
-
-########################################
-#
-# Main targets
-#
-
-all: $(all_packages)
-
-xml: $(polxml)
-
-########################################
-#
-# Build module packages
-#
-tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
- @$(EINFO) "Compliling $(NAME) $(basename $(@F)) module"
- @test -d tmp || mkdir -p tmp
- $(call peruser-expansion,$(basename $(@F)),$@.role)
- $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
- $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
-
-tmp/%.mod.fc: $(m4support) %.fc
- $(verbose) $(M4) $(M4PARAM) $^ > $@
-
-%.pp: tmp/%.mod tmp/%.mod.fc
- @echo "Creating $(NAME) $(@F) policy package"
- $(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
-
-tmp/all_interfaces.conf: $(m4support) $(all_interfaces) $(detected_ifs)
- @test -d tmp || mkdir -p tmp
- $(verbose) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
-
-
-########################################
-#
-# Documentation generation
-#
-# minimal dependencies here, because we don't want to rebuild
-# this and its dependents every time the dependencies
-# change. Also use all .if files here, rather then just the
-# enabled modules.
-$(polxml): $(detected_ifs) $(foreach dir,$(all_layers),$(dir)/$(layerxml))
- @echo "Creating $@"
- @mkdir -p doc
- $(verbose) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
- $(verbose) echo '<!DOCTYPE policy SYSTEM "$(xmldtd)">' >> $@
- $(verbose) $(genxml) -m $(layerxml) --tunables-xml $(globaltun) --booleans-xml $(globalbool) $(all_layers) $(detected_layers) >> $@
- $(verbose) if test -x $(XMLLINT) && test -f $(xmldtd); then \
- $(XMLLINT) --noout --dtdvalid $(xmldtd) $@ ;\
- fi
+include $(HEADERDIR)/Makefile
-########################################
-#
-# Clean the environment
-#
-clean:
- rm -fR tmp
- rm -f *.pp
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e0d377d..d365acc 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -8,14 +8,15 @@
%define CHECKPOLICYVER 1.29.4-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.19
-Release: 3
+Version: 2.2.20
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
patch: policy-20060207.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
+Source3: Makefile.devel
Source4: setrans-targeted.conf
Source5: modules-mls.conf
Source6: booleans-mls.conf
@@ -37,7 +38,11 @@ SELinux Base package
%files
%{_mandir}/man8/*
-%doc /usr/share/doc/%{name}-%{version}
+%doc %{_usr}/share/doc/%{name}-%{version}
+%dir %{_usr}/share/selinux
+%dir %{_sysconfdir}/selinux
+%ghost %config(noreplace) %{_sysconfdir}/selinux/config
+%ghost %{_sysconfdir}/sysconfig/selinux
%define setupCmds() \
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} bare \
@@ -60,8 +65,6 @@ make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic}
make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} base.pp \
install -m0644 base.pp ${RPM_BUILD_ROOT}%{_usr}/share/selinux/%1/enableaudit.pp \
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/booleans \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config \
-touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/selinux \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/seusers \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
@@ -72,12 +75,8 @@ install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf ${RPM_BUILD_ROOT}%{_sysconfdir}
%define fileList() \
%defattr(-,root,root) \
-%dir %{_usr}/share/selinux \
%dir %{_usr}/share/selinux/%1 \
%{_usr}/share/selinux/%1/*.pp \
-%dir %{_sysconfdir}/selinux \
-%ghost %config(noreplace) %{_sysconfdir}/selinux/config \
-%ghost %{_sysconfdir}/sysconfig/selinux \
%dir %{_sysconfdir}/selinux/%1 \
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
%ghost %{_sysconfdir}/selinux/%1/seusers \
@@ -139,6 +138,11 @@ SELinux Reference Policy - modular.
%{__rm} -fR $RPM_BUILD_ROOT
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -m 644 man/man8/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
+mkdir -p %{_usr}/share/selinux
+touch $RPM_BUILD_ROOT%{_sysconfdir}/selinux/config
+touch $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/selinux
# Build targeted policy
# Commented out because only targeted ref policy currently builds
@@ -157,10 +161,10 @@ make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{m
# Install devel
make clean
-make
-make DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} install-headers install-docs
-install -m 755 ${RPM_SOURCE_DIR}/policygentool ${RPM_BUILD_ROOT}/usr/share/selinux/refpolicy/
-install -m 755 doc/Makefile.example ${RPM_BUILD_ROOT}/usr/share/selinux/refpolicy/Makefile
+make NAME=devel TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=$RPM_BUILD_ROOT PKGNAME=%{name}-%{version} install-headers install-docs
+install -m 755 ${RPM_SOURCE_DIR}/policygentool ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/
+install -m 755 ${RPM_SOURCE_DIR}/Makefile.devel ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/Makefile
+install -m 755 ${RPM_SOURCE_DIR}/Makefile.devel ${RPM_BUILD_ROOT}%{_usr}/share/doc/%{name}-%{version}/Makefile.example
%clean
@@ -284,15 +288,15 @@ SELinux Reference policy development files
%files devel
%defattr(-,root,root)
-%dir %{_usr}/share/selinux/refpolicy
-%dir %{_usr}/share/selinux/refpolicy/include
-%{_usr}/share/selinux/refpolicy/include/*
-%{_usr}/share/selinux/refpolicy/Makefile
-%{_usr}/share/selinux/refpolicy/policygentool
+%dir %{_usr}/share/selinux/devel
+%dir %{_usr}/share/selinux/devel/include
+%{_usr}/share/selinux/devel/include/*
+%{_usr}/share/selinux/devel/Makefile
+%{_usr}/share/selinux/devel/policygentool
%changelog
-* Wed Feb 22 2006 Dan Walsh <dwalsh@redhat.com> 2.2.19-3
+* Wed Feb 22 2006 Dan Walsh <dwalsh@redhat.com> 2.2.20-1
- Fix load_policy to work on MLS
- Fix cron_rw_system_pipes for postfix_postdrop_t
- Allow audotmount to run showmount
diff --git a/sources b/sources
index 20280dd..1aa1e1a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-9799c5001a35b5b3857b3c58931ab515 serefpolicy-2.2.19.tgz
+16bf45c49cbe78b2c977cffc88884de2 serefpolicy-2.2.20.tgz