[libvirt PATCH 06/13] selinux: don't hardcode policy include files directory
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
meson_options.txt | 1 +
scripts/selinux-compile-policy.py | 15 +++++++--------
src/security/selinux/mcs/meson.build | 3 ++-
src/security/selinux/meson.build | 2 ++
src/security/selinux/mls/meson.build | 3 ++-
5 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/meson_options.txt b/meson_options.txt
index 859ed36b8f..7287cf1222 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -39,6 +39,7 @@ option('sanlock', type: 'feature', value:
'auto', description: 'sanlock support'
option('sasl', type: 'feature', value: 'auto', description:
'sasl support')
option('selinux', type: 'feature', value: 'auto', description:
'selinux support')
option('selinux_mount', type: 'string', value: '', description:
'set SELinux mount point')
+option('selinux_policy_includes', type: 'string', value:
'/usr/share/selinux/devel/include', description: 'SELinux policy include
directory')
option('udev', type: 'feature', value: 'auto', description:
'udev support')
option('wireshark_dissector', type: 'feature', value: 'auto',
description: 'wireshark support')
option('wireshark_plugindir', type: 'string', value: '',
description: 'wireshark plugins directory for use when installing wireshark
plugin')
diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-policy.py
index 31b9113a5d..3890b4e55a 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -24,9 +24,10 @@ import sys
import os
import glob
-if len(sys.argv) != 9:
+if len(sys.argv) != 10:
print("Usage: {} <policy>.te <policy>.if <policy>.fc
<output>.pp "
- "<tmpdir> <type (mls/mcs)> <checkmodpath>
<semodpath>"
+ "<tmpdir> <type (mls/mcs)> <checkmodpath>
<semodpath> "
+ "<policyincludepath>"
.format(sys.argv[0]), file=sys.stderr)
exit(os.EX_USAGE)
@@ -43,14 +44,12 @@ else:
checkmod_path = sys.argv[7]
semod_path = sys.argv[8]
+policy_includes = sys.argv[9]
-SHAREDIR = "/usr/share/selinux"
-HEADERDIR = os.path.join(SHAREDIR, "devel/include")
-
-m4support = sorted(glob.glob("{}/support/*.spt".format(HEADERDIR)))
-header_layers = glob.glob("{}/*/".format(HEADERDIR))
+m4support = sorted(glob.glob("{}/support/*.spt".format(policy_includes)))
+header_layers = glob.glob("{}/*/".format(policy_includes))
header_layers = sorted([x for x in header_layers
- if os.path.join(HEADERDIR, "support") not in x])
+ if os.path.join(policy_includes, "support") not in x])
header_interfaces = []
for layer in header_layers:
diff --git a/src/security/selinux/mcs/meson.build b/src/security/selinux/mcs/meson.build
index 0f2edc2b76..9ecfe976db 100644
--- a/src/security/selinux/mcs/meson.build
+++ b/src/security/selinux/mcs/meson.build
@@ -10,7 +10,8 @@ virt_pp = custom_target('virt.pp',
input : selinux_sources,
command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
'selinux/mcs/tmp', 'mcs',
- checkmod_prog, semod_prog],
+ checkmod_prog, semod_prog,
+ selinux_policy_includes],
install : false)
bzip = custom_target('virt.pp.bz2',
diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.build
index bd9abc9a33..dda8730141 100644
--- a/src/security/selinux/meson.build
+++ b/src/security/selinux/meson.build
@@ -2,6 +2,8 @@ semod_prog = find_program('semodule_package')
checkmod_prog = find_program('checkmodule')
bzip2_prog = find_program('bzip2')
+selinux_policy_includes = get_option('selinux_policy_includes')
+
install_data('virt.if', install_dir :
'share/selinux/devel/include/distributed')
subdir('mcs')
diff --git a/src/security/selinux/mls/meson.build b/src/security/selinux/mls/meson.build
index 2c866c548c..ef72a5f5ec 100644
--- a/src/security/selinux/mls/meson.build
+++ b/src/security/selinux/mls/meson.build
@@ -10,7 +10,8 @@ virt_pp_mls = custom_target('virt.pp',
input : selinux_sources,
command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
'selinux/mls/tmp', 'mls',
- checkmod_prog, semod_prog],
+ checkmod_prog, semod_prog,
+ selinux_policy_includes],
install : false)
bzip_mls = custom_target('virt.pp.bz2',
--
2.31.1