Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile2
-rw-r--r--Rules.modular5
-rw-r--r--Rules.monolithic10
-rw-r--r--build.conf2
4 files changed, 5 insertions, 14 deletions
diff --git a/Makefile b/Makefile
index 7e5bf4be..70b213a8 100644
--- a/Makefile
+++ b/Makefile
@@ -209,7 +209,7 @@ endif
NAME ?= $(TYPE)
# default unknown permissions setting
-#UNK_PERMS ?= deny
+UNK_PERMS ?= deny
ifeq ($(DIRECT_INITRC),y)
M4PARAM += -D direct_sysadm_daemon
diff --git a/Rules.modular b/Rules.modular
index b2d2ac43..c3c914a0 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -94,12 +94,9 @@ $(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers
@test -d $(builddir) || mkdir -p $(builddir)
$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
-ifneq "$(UNK_PERMS)" ""
-$(base_mod): CHECKMODULE += -U $(UNK_PERMS)
-endif
$(base_mod): $(base_conf)
@echo "Compiling $(NAME) base module"
- $(verbose) $(CHECKMODULE) $^ -o $@
+ $(verbose) $(CHECKMODULE) -U $(UNK_PERMS) $^ -o $@
$(tmpdir)/seusers: $(seusers)
@mkdir -p $(tmpdir)
diff --git a/Rules.monolithic b/Rules.monolithic
index b8d180e1..6505550d 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -63,9 +63,6 @@ resetlabels: $(fcpath)
#
# Build a binary policy locally
#
-ifneq "$(UNK_PERMS)" ""
-$(polver): CHECKPOLICY += -U $(UNK_PERMS)
-endif
$(polver): $(policy_conf)
@echo "Compiling $(NAME) $(polver)"
ifneq ($(pv),$(kv))
@@ -73,15 +70,12 @@ ifneq ($(pv),$(kv))
@echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?"
@echo
endif
- $(verbose) $(CHECKPOLICY) $^ -o $@
+ $(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@
########################################
#
# Install a binary policy
#
-ifneq "$(UNK_PERMS)" ""
-$(loadpath): CHECKPOLICY += -U $(UNK_PERMS)
-endif
$(loadpath): $(policy_conf)
@echo "Compiling and installing $(NAME) $(loadpath)"
ifneq ($(pv),$(kv))
@@ -90,7 +84,7 @@ ifneq ($(pv),$(kv))
@echo
endif
@$(INSTALL) -d -m 0755 $(@D)
- $(verbose) $(CHECKPOLICY) $^ -o $@
+ $(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@
########################################
#
diff --git a/build.conf b/build.conf
index 5a521c46..0fffc2a4 100644
--- a/build.conf
+++ b/build.conf
@@ -35,7 +35,7 @@ NAME = refpolicy
# can either be allowed, denied, or the policy loading
# can be rejected.
# allow, deny, and reject are current options.
-#UNK_PERMS = deny
+UNK_PERMS = deny
# Direct admin init
# Setting this will allow sysadm to directly