| # Installation directories. |
| PREFIX ?= $(DESTDIR)/usr |
| BINDIR ?= $(PREFIX)/bin |
| MANDIR ?= $(PREFIX)/share/man |
| ETCDIR ?= $(DESTDIR)/etc |
| LOCALEDIR = /usr/share/locale |
| PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) |
| AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) |
| # Enable capabilities to permit newrole to generate audit records. |
| # This will make newrole a setuid root program. |
| # The capabilities used are: CAP_AUDIT_WRITE. |
| AUDIT_LOG_PRIV ?= n |
| # Enable capabilities to permit newrole to utilitize the pam_namespace module. |
| # This will make newrole a setuid root program. |
| # The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and |
| # CAP_DAC_OVERRIDE. |
| NAMESPACE_PRIV ?= n |
| # If LSPP_PRIV is y, then newrole will be made into setuid root program. |
| # Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y. |
| LSPP_PRIV ?= n |
| VERSION = $(shell cat ../VERSION) |
| |
| CFLAGS ?= -Werror -Wall -W |
| EXTRA_OBJS = |
| override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" |
| LDLIBS += -lselinux -L$(PREFIX)/lib |
| ifeq ($(PAMH), /usr/include/security/pam_appl.h) |
| override CFLAGS += -DUSE_PAM |
| EXTRA_OBJS += hashtab.o |
| LDLIBS += -lpam -lpam_misc |
| else |
| override CFLAGS += -D_XOPEN_SOURCE=500 |
| LDLIBS += -lcrypt |
| endif |
| ifeq ($(AUDITH), /usr/include/libaudit.h) |
| override CFLAGS += -DUSE_AUDIT |
| LDLIBS += -laudit |
| endif |
| ifeq ($(LSPP_PRIV),y) |
| override AUDIT_LOG_PRIV=y |
| override NAMESPACE_PRIV=y |
| endif |
| ifeq ($(AUDIT_LOG_PRIV),y) |
| override CFLAGS += -DAUDIT_LOG_PRIV |
| IS_SUID=y |
| endif |
| ifeq ($(NAMESPACE_PRIV),y) |
| override CFLAGS += -DNAMESPACE_PRIV |
| IS_SUID=y |
| endif |
| ifeq ($(IS_SUID),y) |
| MODE := 4555 |
| LDLIBS += -lcap-ng |
| else |
| MODE := 0555 |
| endif |
| |
| all: newrole |
| |
| newrole: newrole.o $(EXTRA_OBJS) |
| $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) |
| |
| install: all |
| test -d $(BINDIR) || install -m 755 -d $(BINDIR) |
| test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d |
| test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 |
| install -m $(MODE) newrole $(BINDIR) |
| install -m 644 newrole.1 $(MANDIR)/man1/ |
| ifeq ($(PAMH), /usr/include/security/pam_appl.h) |
| test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d |
| ifeq ($(LSPP_PRIV),y) |
| install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole |
| else |
| install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole |
| endif |
| endif |
| |
| clean: |
| rm -f newrole *.o |
| |
| indent: |
| ../../scripts/Lindent $(wildcard *.[ch]) |
| |
| relabel: install |
| /sbin/restorecon $(BINDIR)/newrole |