mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 08:51:50 -06:00
cfec51819b
This policy should really be provided by dogtag. We don't want to grant read/write access to everything dogtag can handle so we change the context to cert_t instead. But we have to let dogtag read/write that too hence this policy. To top it off we can't load this policy unless dogtag is also loaded so we insert it in the IPA installer
30 lines
864 B
Makefile
30 lines
864 B
Makefile
SUBDIRS = ipa_kpasswd ipa_httpd ipa_dogtag
|
|
POLICY_MAKEFILE = /usr/share/selinux/devel/Makefile
|
|
POLICY_DIR = $(DESTDIR)/usr/share/selinux/targeted
|
|
|
|
all:
|
|
if [ ! -e $(POLICY_MAKEFILE) ]; then echo "You need to install the SELinux development tools (selinux-policy-devel)" && exit 1; fi
|
|
|
|
@for subdir in $(SUBDIRS); do \
|
|
(cd $$subdir && $(MAKE) -f $(POLICY_MAKEFILE) $@) || exit 1; \
|
|
done
|
|
|
|
clean:
|
|
@for subdir in $(SUBDIRS); do \
|
|
(cd $$subdir && $(MAKE) -f $(POLICY_MAKEFILE) $@) || exit 1; \
|
|
done
|
|
|
|
distclean: clean
|
|
rm -f ipa-server-selinux.spec
|
|
|
|
maintainer-clean: distclean
|
|
|
|
install: all
|
|
install -d $(POLICY_DIR)
|
|
install -m 644 ipa_kpasswd/ipa_kpasswd.pp $(POLICY_DIR)
|
|
install -m 644 ipa_httpd/ipa_httpd.pp $(POLICY_DIR)
|
|
install -m 644 ipa_dogtag/ipa_dogtag.pp $(POLICY_DIR)
|
|
|
|
load:
|
|
/usr/sbin/semodule -i ipa_kpasswd/ipa_kpasswd.pp ipa_httpd/ipa_httpd.pp
|