# Installation directories. PREFIX ?= $(DESTDIR)/usr BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man ETCDIR ?= $(DESTDIR)/etc LOCALEDIR = /usr/share/locale PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) # Enable capabilities to permit newrole to generate audit records. # This will make newrole a setuid root program. # The capabilities used are: CAP_AUDIT_WRITE. AUDIT_LOG_PRIV ?= n # Enable capabilities to permit newrole to utilitize the pam_namespace module. # This will make newrole a setuid root program. # The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and # CAP_DAC_OVERRIDE. NAMESPACE_PRIV ?= n # If LSPP_PRIV is y, then newrole will be made into setuid root program. # Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y. LSPP_PRIV ?= n VERSION = $(shell cat ../VERSION) CFLAGS ?= -Werror -Wall -W EXTRA_OBJS = override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" LDLIBS += -lselinux -L$(PREFIX)/lib ifeq ($(PAMH), /usr/include/security/pam_appl.h) override CFLAGS += -DUSE_PAM EXTRA_OBJS += hashtab.o LDLIBS += -lpam -lpam_misc else override CFLAGS += -D_XOPEN_SOURCE=500 LDLIBS += -lcrypt endif ifeq ($(AUDITH), /usr/include/libaudit.h) override CFLAGS += -DUSE_AUDIT LDLIBS += -laudit endif ifeq ($(LSPP_PRIV),y) override AUDIT_LOG_PRIV=y override NAMESPACE_PRIV=y endif ifeq ($(AUDIT_LOG_PRIV),y) override CFLAGS += -DAUDIT_LOG_PRIV IS_SUID=y endif ifeq ($(NAMESPACE_PRIV),y) override CFLAGS += -DNAMESPACE_PRIV IS_SUID=y endif ifeq ($(IS_SUID),y) MODE := 4555 LDLIBS += -lcap-ng else MODE := 0555 endif all: newrole newrole: newrole.o $(EXTRA_OBJS) $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) install: all test -d $(BINDIR) || install -m 755 -d $(BINDIR) test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 install -m $(MODE) newrole $(BINDIR) install -m 644 newrole.1 $(MANDIR)/man1/ ifeq ($(PAMH), /usr/include/security/pam_appl.h) test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d ifeq ($(LSPP_PRIV),y) install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole else install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole endif endif clean: rm -f newrole *.o indent: ../../scripts/Lindent $(wildcard *.[ch]) relabel: install /sbin/restorecon $(BINDIR)/newrole