diff --git a/refpolicy/Makefile b/refpolicy/Makefile index ae36111..a629d18 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -90,6 +90,7 @@ FCSORT := $(TMPDIR)/fc_sort SETBOOLS := $(AWK) -f $(SUPPORT)/set_bools_tuns.awk get_type_attr_decl := $(SED) -r -f $(SUPPORT)/get_type_attr_decl.sed comment_move_decl := $(SED) -r -f $(SUPPORT)/comment_move_decl.sed +gennetfilter := $(PYTHON) $(SUPPORT)/gennetfilter.py # use our own genhomedircon to make sure we have a known usable one, # so policycoreutils updates are not required (RHEL4) genhomedircon := $(PYTHON) $(SUPPORT)/genhomedircon @@ -158,6 +159,7 @@ ifneq ($(findstring -mls,$(TYPE)),) M4PARAM += -D enable_mls CHECKPOLICY += -M CHECKMODULE += -M + gennetfilter += -m endif # enable MLS if MCS requested. @@ -165,6 +167,7 @@ ifneq ($(findstring -mcs,$(TYPE)),) M4PARAM += -D enable_mcs CHECKPOLICY += -M CHECKMODULE += -M + gennetfilter += -c endif # enable distribution-specific policy @@ -231,6 +234,7 @@ SEUSERS := $(APPCONF)/seusers APPDIR := $(CONTEXTPATH) APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(CONTEXTPATH)/files/media CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media +net_contexts := $(BUILDDIR)net_contexts ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d)) ifdef LOCAL_ROOT @@ -342,6 +346,14 @@ $(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/ke ######################################## # +# Network packet labeling +# +$(net_contexts): $(MODDIR)/kernel/corenetwork.te.in + @echo "Creating netfilter network labeling rules" + $(verbose) $(gennetfilter) $^ > $@ + +######################################## +# # Create config files # conf: $(MOD_CONF) $(BOOLEANS) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC) diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular index d877c36..370e08b 100644 --- a/refpolicy/Rules.modular +++ b/refpolicy/Rules.modular @@ -231,6 +231,7 @@ clean: rm -f $(BASE_CONF) rm -f $(BASE_FC) rm -f $(BUILDDIR)*.pp + rm -f $(net_contexts) rm -fR $(TMPDIR) .PHONY: default all policy base modules install load clean validate diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic index c597a00..972516a 100644 --- a/refpolicy/Rules.monolithic +++ b/refpolicy/Rules.monolithic @@ -236,6 +236,7 @@ clean: rm -f $(POLVER) rm -f $(FC) rm -f $(HOMEDIR_TEMPLATE) + rm -f $(net_contexts) rm -f *.res rm -fR $(TMPDIR)