From 5f0182e2e1c4da1f27d437f458be9bdc8ecade00 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 7 Mar 2016 15:52:50 -0500 Subject: refpolicy: Add support for the SYSTEMD build.conf option. refpolicy has introduced a new build.conf option, SYSTEMD=y, to enable rules specific to using systemd as the init system. In particular, without setting this option, rules for direct domain transitions from init_t to daemon domains are not included in the policy. Define a POLICY_SYSTEMD variable in the refpolicy common include file that can be set elsewhere to enable this support. Signed-off-by: Stephen Smalley Signed-off-by: Philip Tricca --- recipes-security/refpolicy/refpolicy_common.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 0b0b2fd..67d0426 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -35,6 +35,7 @@ POLICY_DISTRO ?= "redhat" POLICY_UBAC ?= "n" POLICY_UNK_PERMS ?= "allow" POLICY_DIRECT_INITRC ?= "n" +POLICY_SYSTEMD ?= "n" POLICY_MONOLITHIC ?= "n" POLICY_CUSTOM_BUILDOPT ?= "" POLICY_QUIET ?= "y" @@ -48,6 +49,7 @@ EXTRA_OEMAKE += "NAME=${POLICY_NAME} \ UBAC=${POLICY_UBAC} \ UNK_PERMS=${POLICY_UNK_PERMS} \ DIRECT_INITRC=${POLICY_DIRECT_INITRC} \ + SYSTEMD=${POLICY_SYSTEMD} \ MONOLITHIC=${POLICY_MONOLITHIC} \ CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \ QUIET=${POLICY_QUIET} \ -- cgit v1.2.3-54-g00ecf