commit: f920d4616e262d68762efb6f842afed0448beda0
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Tue Mar 22 17:21:23 2022 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Mar 31 02:40:53 2022 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f920d461
Rules.modular: add pure-load target
Add a target for modular polices to load all built modules while
simultaneously removing all non Reference Policy ones. This will remove
dropped Reference Policy modules and user installed ones.
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
Rules.modular | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/Rules.modular b/Rules.modular
index 63a10e7f..f7ee2c11 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -58,6 +58,17 @@ load: $(instpkg) $(appfiles)
@$(INSTALL) -d -m 0755 $(policypath) $(dir $(fcpath))
$(verbose) $(SEMODULE) -s $(NAME) -i $(modpkgdir)/$(notdir $(base_pkg))
$(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod))
+########################################
+#
+# Load all configured modules and remove foreign ones
+#
+pure-load: $(instpkg) $(appfiles)
+# make sure two directories exist since they are not
+# created by semanage
+ @echo "Loading configured modules."
+ @$(INSTALL) -d -m 0755 $(policypath) $(dir $(fcpath))
+ $(verbose) $(SEMODULE) -s $(NAME) -i $(modpkgdir)/$(notdir $(base_pkg))
$(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod)) $(foreach omod,$(filter-out
base $(notdir $(mod_mods:.te=)),$(shell $(SEMODULE) -l)),-r $(omod))
+
########################################
#
# Install policy packages
@@ -226,4 +237,4 @@ clean:
$(verbose) rm -f $(net_contexts) $(net_contexts_nft)
$(verbose) rm -fR $(tmpdir)
-.PHONY: default all policy base modules install load clean validate
+.PHONY: default all policy base modules install load pure-load clean validate
