mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/Makefile

106 lines
4.2 KiB
Makefile
Raw Normal View History

Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
# ------------------------------------------------------------------
#
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
# Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2010 Canonical Ltd.
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, contact Novell, Inc.
#
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
# ------------------------------------------------------------------
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
# Makefile for LSM-based AppArmor profiles
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
NAME=apparmor-profiles
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
ALL: local
Update svn:keywords properties. Fix makefile to find new common/ location.
2006-04-12 20:35:41 +00:00
COMMONDIR=../common/
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
Convert the rest of the packages to symlinking in the common directory so that 'make dist' will work.
2006-11-04 21:34:47 +00:00
include common/Make.rules
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
COMMONDIR_EXISTS=$(strip $(shell [ -d ${COMMONDIR} ] && echo true))
ifeq ($(COMMONDIR_EXISTS), true)
Convert the rest of the packages to symlinking in the common directory so that 'make dist' will work.
2006-11-04 21:34:47 +00:00
common/Make.rules: $(COMMONDIR)/Make.rules
ln -sf $(COMMONDIR) .
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
endif
DESTDIR=/
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
PROFILES_DEST=${DESTDIR}/etc/apparmor.d
EXTRAS_DEST=${DESTDIR}/etc/apparmor/profiles/extras/
PROFILES_SOURCE=./apparmor.d
EXTRAS_SOURCE=./apparmor/profiles/extras/
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
SUBDIRS_MUST_BE_SKIPPED=${PROFILES_SOURCE}/abstractions ${PROFILES_SOURCE}/apache2.d ${PROFILES_SOURCE}/program-chunks ${PROFILES_SOURCE}/tunables ${PROFILES_SOURCE}/local
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
PROFILES_TO_COPY=$(filter-out ${SUBDIRS_MUST_BE_SKIPPED}, $(wildcard ${PROFILES_SOURCE}/*))
Fix up the profiles make install target for the tunables/multiarch.d/ change.
2011-03-23 16:10:33 -07:00
TUNABLES_TO_COPY=$(filter-out ${PROFILES_SOURCE}/tunables/home.d ${PROFILES_SOURCE}/tunables/multiarch.d, $(wildcard ${PROFILES_SOURCE}/tunables/*))
adjust profiles/Makefile for abstractions/ubuntu-browsers.d
2010-08-10 16:42:00 -05:00
ABSTRACTIONS_TO_COPY=$(filter-out ${PROFILES_SOURCE}/abstractions/ubuntu-browsers.d, $(wildcard ${PROFILES_SOURCE}/abstractions/*))
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
local:
for profile in ${PROFILES_TO_COPY}; do \
fn=$$(basename $$profile); \
echo "# Site-specific additions and overrides for '$$fn'" > ${PROFILES_SOURCE}/local/$$fn; \
done; \
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
.PHONY: install
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
install: local
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
install -m 755 -d ${PROFILES_DEST}
install -m 755 -d ${PROFILES_DEST}/abstractions \
merge profiles from Ubuntu, including change_hat apache2 template
2009-11-11 11:42:30 -08:00
${PROFILES_DEST}/apache2.d \
create the directory /etc/apparmor.d/disable which is required by aa-disable Acked-by: John Johansen <john.johansen@canonical.com>
2011-10-20 00:23:19 +02:00
${PROFILES_DEST}/disable \
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
${PROFILES_DEST}/program-chunks \
add local site configuration for HOMEDIRS tunable - add commented profiles/apparmor.d/tunables/home.d/site.local - profiles/apparmor.d/tunables/home: include tunables/home.d - profiles/Makefile: adjust for home.d sub-directory and install site.local
2010-01-05 15:58:43 -06:00
${PROFILES_DEST}/tunables \
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
${PROFILES_DEST}/tunables/home.d \
Create /etc/apparmor.d/tunables/multiarch.d directory in profiles/Makefile (otherwise it's created as a file, which is wrong) Acked-by: John Johansen <john.johansen@canonical.com>
2012-01-03 23:41:07 +01:00
${PROFILES_DEST}/tunables/multiarch.d \
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
${PROFILES_DEST}/local
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
install -m 644 ${PROFILES_TO_COPY} ${PROFILES_DEST}
adjust profiles/Makefile for abstractions/ubuntu-browsers.d
2010-08-10 16:42:00 -05:00
install -m 644 ${ABSTRACTIONS_TO_COPY} ${PROFILES_DEST}/abstractions
install -m 755 -d ${PROFILES_DEST}/abstractions/ubuntu-browsers.d
install -m 644 ${PROFILES_SOURCE}/abstractions/ubuntu-browsers.d/* ${PROFILES_DEST}/abstractions/ubuntu-browsers.d
merge profiles from Ubuntu, including change_hat apache2 template
2009-11-11 11:42:30 -08:00
install -m 644 ${PROFILES_SOURCE}/apache2.d/* ${PROFILES_DEST}/apache2.d
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
install -m 644 ${PROFILES_SOURCE}/program-chunks/* ${PROFILES_DEST}/program-chunks
add local site configuration for HOMEDIRS tunable - add commented profiles/apparmor.d/tunables/home.d/site.local - profiles/apparmor.d/tunables/home: include tunables/home.d - profiles/Makefile: adjust for home.d sub-directory and install site.local
2010-01-05 15:58:43 -06:00
install -m 644 ${TUNABLES_TO_COPY} ${PROFILES_DEST}/tunables
install -m 644 ${PROFILES_SOURCE}/tunables/home.d/* ${PROFILES_DEST}/tunables/home.d
Fix up the profiles make install target for the tunables/multiarch.d/ change.
2011-03-23 16:10:33 -07:00
install -m 644 ${PROFILES_SOURCE}/tunables/multiarch.d/* ${PROFILES_DEST}/tunables/multiarch.d
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
install -m 755 -d ${EXTRAS_DEST}
install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST}
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
install -m 644 ${PROFILES_SOURCE}/local/* ${PROFILES_DEST}/local
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
profiles/Makefile: use LOCAL_ADDITIONS using filter-out in clean target, which is much cleaner.
2010-08-05 16:00:23 -05:00
LOCAL_ADDITIONS=$(filter-out ${PROFILES_SOURCE}/local/README, $(wildcard ${PROFILES_SOURCE}/local/*))
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
.PHONY: clean
clean:
profiles/Makefile: use LOCAL_ADDITIONS using filter-out in clean target, which is much cleaner.
2010-08-05 16:00:23 -05:00
-rm -f $(NAME)-$(VERSION)*.tar.gz Make.rules ${LOCAL_ADDITIONS}
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
ifndef VERBOSE
Q=@
else
Q=
endif
ifndef PARSER
# use system parser
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
PARSER=../parser/apparmor_parser
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
endif
ifndef LOGPROF
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
# use ../utils logprof
LOGPROF=perl -I../utils/ ../utils/aa-logprof
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
endif
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
IGNORE_FILES=${EXTRAS_SOURCE}/README
CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS_MUST_BE_SKIPPED}, $(wildcard ${PROFILES_SOURCE}/*) $(wildcard ${EXTRAS_SOURCE}/*))
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
.PHONY: check
check:
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
@echo "*** Checking profiles from ${PROFILES_SOURCE} and ${EXTRAS_SOURCE} against apparmor_parser"
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
$(Q)for profile in ${CHECK_PROFILES} ; do \
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
${PARSER} -S -b ${PWD}/apparmor.d $${profile} > /dev/null || exit 1; \
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
done
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
@echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
$(Q)${LOGPROF} -d ${PROFILES_SOURCE} -f /dev/null || exit 1
Reference in a new issue Copy permalink