diff options
author | James Morris <jmorris@namei.org> | 2006-05-24 16:11:58 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2006-05-24 16:11:58 +0000 |
commit | c81a3f32cc0877784fb287beb5e862c74e5435eb (patch) | |
tree | 8295ad578bd34ef4546133d61973b0999cf21850 | |
parent | 2452bafd9810e8560717f10af8e26f8a3ac4f4cf (diff) |
secmark: Add libselinux support
This patch adds the infrastructure for linking iptables against
libselinux, for use with the SECMARK target. This is enabled
by setting DO_SELINUX=1 in the build environment.
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | Makefile | 14 | ||||
-rw-r--r-- | Rules.make | 11 | ||||
-rw-r--r-- | extensions/Makefile | 15 |
3 files changed, 36 insertions, 4 deletions
@@ -31,6 +31,11 @@ ifeq ($(shell [ -f /usr/include/netinet/ip6.h ] && echo YES), YES) DO_IPV6:=1 endif +# Enable linking to libselinux via enviornment 'DO_SELINUX=1' +ifndef DO_SELINUX +DO_SELINUX=0 +endif + COPT_FLAGS:=-O2 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG @@ -93,17 +98,24 @@ endif ifndef NO_SHARED_LIBS DEPFILES = $(SHARED_LIBS:%.so=%.d) +DEPFILES += $(SHARED_SE_LIBS:%.so=%.d) SH_CFLAGS:=$(CFLAGS) -fPIC STATIC_LIBS = STATIC6_LIBS = LDFLAGS = -rdynamic LDLIBS = -ldl -lnsl +ifeq ($(DO_SELINUX), 1) +LDLIBS += -lselinux +endif else DEPFILES = $(EXT_OBJS:%.o=%.d) STATIC_LIBS = extensions/libext.a STATIC6_LIBS = extensions/libext6.a LDFLAGS = -static -LDLIBS = +LDLIBS = +ifeq ($(DO_SELINUX), 1) +LDLIBS += -lselinux +endif endif .PHONY: default @@ -1,12 +1,12 @@ #! /usr/bin/make -all: $(SHARED_LIBS) $(EXTRAS) +all: $(SHARED_LIBS) $(SHARED_SE_LIBS) $(EXTRAS) experimental: $(EXTRAS_EXP) # Have to handle extensions which no longer exist. clean: $(EXTRA_CLEANS) - rm -f $(SHARED_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o) + rm -f $(SHARED_LIBS) $(SHARED_SE_LIBS) $(EXTRAS) $(EXTRAS_EXP) $(SHARED_LIBS:%.so=%_sh.o) $(SHARED_SE_LIBS:%.so=%_sh.o) rm -f extensions/initext.c extensions/initext6.c @find . -name '*.[ao]' -o -name '*.so' | xargs rm -f @@ -33,6 +33,13 @@ $(SHARED_LIBS:%.so=%.d): %.d: %.c $(SHARED_LIBS): %.so : %_sh.o $(LD) -shared $(EXT_LDFLAGS) -o $@ $< +$(SHARED_SE_LIBS:%.so=%.d): %.d: %.c + @-$(CC) -M -MG $(CFLAGS) $< | \ + sed -e 's@^.*\.o:@$*.d $*_sh.o:@' > $@ + +$(SHARED_SE_LIBS): %.so : %_sh.o + $(LD) -shared $(EXT_LDFLAGS) -o $@ $< $(LDLIBS) + %_sh.o : %.c $(CC) $(SH_CFLAGS) -o $@ -c $< diff --git a/extensions/Makefile b/extensions/Makefile index af051f85..c8c9f90e 100644 --- a/extensions/Makefile +++ b/extensions/Makefile @@ -8,6 +8,11 @@ PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE +ifeq ($(DO_SELINUX), 1) +PF_EXT_SE_SLIB:= +PF6_EXT_SE_SLIB:= +endif + # Optionals PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) @@ -43,26 +48,34 @@ OPTIONALS+=$(patsubst %,IPv6:%,$(PF6_EXT_SLIB_OPTS)) ifndef NO_SHARED_LIBS SHARED_LIBS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).so) +SHARED_SE_LIBS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) +EXTRA_INSTALLS+=$(foreach T, $(PF_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libipt_$(T).so) ifeq ($(DO_IPV6), 1) SHARED_LIBS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).so) +SHARED_SE_LIBS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).so) EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) +EXTRA_INSTALLS+=$(foreach T, $(PF6_EXT_SE_SLIB), $(DESTDIR)$(LIBDIR)/iptables/libip6t_$(T).so) endif else # NO_SHARED_LIBS EXT_OBJS+=$(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).o) +EXT_OBJS+=$(foreach T,$(PF_EXT_SE_SLIB),extensions/libipt_$(T).o) EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T)) +EXT_FUNC+=$(foreach T,$(PF_EXT_SE_SLIB),ipt_$(T)) EXT_OBJS+= extensions/initext.o ifeq ($(DO_IPV6), 1) EXT6_OBJS+=$(foreach T,$(PF6_EXT_SLIB),extensions/libip6t_$(T).o) +EXT6_OBJS+=$(foreach T,$(PF6_EXT_SE_SLIB),extensions/libip6t_$(T).o) EXT6_FUNC+=$(foreach T,$(PF6_EXT_SLIB),ip6t_$(T)) +EXT6_FUNC+=$(foreach T,$(PF6_EXT_SE_SLIB),ip6t_$(T)) EXT6_OBJS+= extensions/initext6.o endif # DO_IPV6 endif # NO_SHARED_LIBS ifndef TOPLEVEL_INCLUDED local: - cd .. && $(MAKE) $(SHARED_LIBS) + cd .. && $(MAKE) $(SHARED_LIBS) $(SHARED_SE_LIBS) endif ifdef NO_SHARED_LIBS |