1# Installation directories. 2PREFIX ?= $(DESTDIR)/usr 3BINDIR ?= $(PREFIX)/bin 4MANDIR ?= $(PREFIX)/share/man 5ETCDIR ?= $(DESTDIR)/etc 6LOCALEDIR = /usr/share/locale 7PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) 8AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) 9# Enable capabilities to permit newrole to generate audit records. 10# This will make newrole a setuid root program. 11# The capabilities used are: CAP_AUDIT_WRITE. 12AUDIT_LOG_PRIV ?= n 13# Enable capabilities to permit newrole to utilitize the pam_namespace module. 14# This will make newrole a setuid root program. 15# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and 16# CAP_DAC_OVERRIDE. 17NAMESPACE_PRIV ?= n 18# If LSPP_PRIV is y, then newrole will be made into setuid root program. 19# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y. 20LSPP_PRIV ?= n 21VERSION = $(shell cat ../VERSION) 22 23CFLAGS ?= -Werror -Wall -W 24EXTRA_OBJS = 25override CFLAGS += -DVERSION=\"$(VERSION)\" -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" 26LDLIBS += -lselinux 27ifeq ($(PAMH), y) 28 override CFLAGS += -DUSE_PAM 29 EXTRA_OBJS += hashtab.o 30 LDLIBS += -lpam -lpam_misc 31else 32 override CFLAGS += -D_XOPEN_SOURCE=500 33 LDLIBS += -lcrypt 34endif 35ifeq ($(AUDITH), y) 36 override CFLAGS += -DUSE_AUDIT 37 LDLIBS += -laudit 38endif 39ifeq ($(LSPP_PRIV),y) 40 override AUDIT_LOG_PRIV=y 41 override NAMESPACE_PRIV=y 42endif 43ifeq ($(AUDIT_LOG_PRIV),y) 44 override CFLAGS += -DAUDIT_LOG_PRIV 45 IS_SUID=y 46endif 47ifeq ($(NAMESPACE_PRIV),y) 48 override CFLAGS += -DNAMESPACE_PRIV 49 IS_SUID=y 50endif 51ifeq ($(IS_SUID),y) 52 MODE := 4555 53 LDLIBS += -lcap-ng 54else 55 MODE := 0555 56endif 57 58all: newrole 59 60newrole: newrole.o $(EXTRA_OBJS) 61 $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) 62 63install: all 64 test -d $(BINDIR) || install -m 755 -d $(BINDIR) 65 test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d 66 test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 67 install -m $(MODE) newrole $(BINDIR) 68 install -m 644 newrole.1 $(MANDIR)/man1/ 69ifeq ($(PAMH), y) 70 test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d 71ifeq ($(LSPP_PRIV),y) 72 install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole 73else 74 install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole 75endif 76endif 77 78clean: 79 rm -f newrole *.o 80 81indent: 82 ../../scripts/Lindent $(wildcard *.[ch]) 83 84relabel: install 85 /sbin/restorecon $(BINDIR)/newrole 86