Support semanage.mods
Aimee OS variants can now supply a `semange.mods` file in their configuration directories. This file contains SELinux customizations, in the format produced by `semanage export`. Variants can use this mechanism to set SELinux booleans, change user/login mappings, and other SELinux policy customization. At build time, the base `selinux.mods` file in the source directory is combined with the variant's file, if it exists, and the resultant customizations are applied in a single transaction.
This commit is contained in:
8
Makefile
8
Makefile
@@ -39,6 +39,11 @@ $(O)/.built: \
|
||||
./build.sh
|
||||
touch $(O)/.built
|
||||
|
||||
$(O)/semanage.mods: \
|
||||
semanage.mods \
|
||||
$(wildcard $(CONFIGDIR)/semanage.mods)
|
||||
cat $^ > $@
|
||||
|
||||
$(O)/.ready: \
|
||||
build-rootfs.sh \
|
||||
install.packages \
|
||||
@@ -46,11 +51,12 @@ $(O)/.ready: \
|
||||
$(CONFIGDIR)/installonly.packages \
|
||||
$(CONFIGDIR)/busybox.symlinks \
|
||||
$(O)/linux/arch/arm64/boot/Image.gz \
|
||||
$(O)/semanage.mods \
|
||||
$(shell find overlay -type f) \
|
||||
$(shell find $(CONFIGDIR)/overlay -type f 2>/dev/null) \
|
||||
$(O)/.host-tools \
|
||||
$(O)/.built
|
||||
./build-rootfs.sh
|
||||
./build-rootfs.sh "$(O)"
|
||||
touch $(O)/.ready
|
||||
|
||||
$(O)/squashfs.exclude: \
|
||||
|
||||
Reference in New Issue
Block a user