* ANN: SELinux userspace 2.7-rc1 release
@ 2017-06-09 17:18 Stephen Smalley
2017-06-09 17:31 ` Stephen Smalley
` (3 more replies)
0 siblings, 4 replies; 24+ messages in thread
From: Stephen Smalley @ 2017-06-09 17:18 UTC (permalink / raw)
To: selinux
A release candidate for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Below are some notes on this release for packagers and users of the
SELinux userspace. A git shortlog will follow in a separate email. If
you see (or encounter) other changes that you think are important to
call out for packagers and users in the final release announcement, let
us know. Also, since we have removed the older manually maintained
ChangeLog files, let us know whether you would like to see a full
ChangeLog (generated via git log) and/or shortlog for the entire
release or by individual component added to the release (and if so,
whether this ought to go into the tar files themselves or can be
separate on the download page).
1) This will be the first release with the split up policycoreutils
(see https://www.mail-archive.com/selinux@tycho.nsa.gov/msg02914.html
and the rest of that thread). If there are any final desired changes
to the structure, naming, etc, now is the last opportunity to get it
fixed before we make a final release with the new structure/naming.
Fedora already packages many of these components separately, although
not always with the same organization and naming scheme. Note that a
number of these components are not necessary for basic use of SELinux
and likely should not be installed by default, e.g. selinux-dbus,
selinux-gui, mcstrans, restorecond, selinux-sandbox.
2) libsepol now has binary module support for ioctl xperms rules
(module version 18), making it possible to use allowxperm rules in
modularly built refpolicy-based policies. Previously, ioctl xperms
rules were only supported in monolithic policy and in CIL modules.
This change means that refpolicy and/or policies derived from it can
begin to leverage ioctl whitelisting, which has already been leveraged
for some time in Android policies, which do not rely on binary modules.
3) This release introduces support for Infiniband object labeling,
including support for kernel policy version 31 and module version 19,
policy.conf and CIL language support, and semanage support. It appears
that the corresponding kernel support will land in Linux v4.13.
4) This release introduces support for building policies with the
extended_socket_class and cgroup_seclabel policy capabilities enabled.
The extended_socket_class policy capability allows distinctions to be
made in policy among socket address families that were previously
mapped to the generic socket class (e.g. bluetooth, nfc, and many other
socket address families that previously did not have their own distinct
security class) as well as for SCTP and ICMP/ping sockets that were
previously mapped to the rawip_socket class. This policy capability is
supported by Linux v4.11 and later. refpolicy master already includes
the class/permission definitions for this capability but does not yet
enable the capability by default (and further allow rules will be
necessary to allow access to the new socket classes; review all allow
rules on socket and rawip_socket and see whether they should be
duplicated for the new classes but do not blindly allow access to them
all). AOSP master policy also includes the class/permission
definitions for this policy capability and enables the capability by
default, and will likewise need corresponding allow rules added when
kernels >= 4.11 are used. The cgroup_seclabel policy capability allows
userspace to set labels on cgroup/cgroup2 files, enabling fine-grained
labeling of cgroup files by userspace. This policy capability is also
supported by Linux v4.11 and later. This capability is not yet defined
in any policy. Note that enabling this capability will break current
Android userspace/policy and requires introducing appropriate
file_contexts definitions for cgroup files (or a change to the Android
init program's handling of them) in order to avoid mislabeling them.
5) checkpolicy now supports for generating CIL or policy.conf from a
kernel binary policy. Sample usage is checkpolicy -M -C -b policy.N -o
policy.cil and checkpolicy -M -F -b policy.N -o policy.conf. There is
also now a secil2conf program that can generate policy.conf from CIL,
e.g. secil2conf -o policy.conf policy.cil.
6) Attribute generation and expansion has changed in several ways in
order to address kernel runtime performance issues that occur when
types have many attributes assigned to them while ensuring preservation
of attributes where desired. Binary module to CIL conversion now
ensures that duplicate attributes are not generated for the same type
set. secilc now supports -G and -X options to force expansion of
automatically generated attributes (-G) and/or attributes that have
fewer than a specified number of types (-X number). secilc will also
now more aggressively expand attributes based on whether they will
actually be used by the kernel, are needed for debugging denials by
audit2allow/why, or are needed for neverallow checking of binary
policies (in Android). New statements are supported in policy.conf
(expandattribute) and in CIL (expandtypeattribute) to support
specifying in source policy that specific attributes should always be
expanded or never be expanded in order to override the default
behaviors in checkpolicy and secilc.
7) checkpolicy/checkmodule now treats it as an error if a type is
declared as an attribute or vice versa in a require block. Such
mismatches between declarations and require statements are an error in
policy and should be corrected in policy; refpolicy master should
already be fixed.
8) A change to libsepol-internal data structures breaks the build of
setools4. This is fixed by setools4 commit
743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch. The
change was to align the libsepol structures with the kernel in order to
allow direct comparison of libsepol-generated policy files against
/sys/fs/selinux/policy after normalizing them through checkpolicy.
9) audit2why now understands type bounds failures and reports them as
such, although it does not yet provide detailed reporting. Detailed
bounds violation reporting can be obtained already by enabling expand-
check=1 in semanage.conf or by running semodule_expand (without -a) at
policy validation time.
10) libsemanage now saves the linked policy and skips re-linking
whenever possible. This significantly improves the performance and
memory overhead of semanage commands that do not affect policy modules
(setting booleans and adding, deleting, or modifying local context
mappings). Previously, libsemanage only skipped re-linking when setting
booleans as a special case, but this was found to have a bug that could
yield duplicate object context entries (e.g. portcon) in policy. That
optimization was therefore reverted and replaced with this one, which
both fixes the bug and generalizes the optimization beyond just setting
booleans. The change does bring an associated storage cost, primarily
storing an extra copy of the kernel policy file (if a concern, this
could be made optional but it seems well worth it). The first semanage
or setsebool -P command run with the new libsemanage will not
demonstrate any improvement due to needing to generate the linked
policy for the first time, but subsequent commands will leverage the
saved linked policy.
^ permalink raw reply [flat|nested] 24+ messages in thread* Re: ANN: SELinux userspace 2.7-rc1 release 2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley @ 2017-06-09 17:31 ` Stephen Smalley 2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley ` (2 subsequent siblings) 3 siblings, 0 replies; 24+ messages in thread From: Stephen Smalley @ 2017-06-09 17:31 UTC (permalink / raw) To: selinux On Fri, 2017-06-09 at 13:18 -0400, Stephen Smalley wrote: > A release candidate for the SELinux userspace is now available at: > https://github.com/SELinuxProject/selinux/wiki/Releases git shortlog output for this release. Alan Jenkins (24): policycoreutils, python: Fix bad manpage formatting in "SEE ALSO" restorecon manpage: link back to fixfiles policycoreutils: let output of `fixfiles` be redirected (as normal) policycoreutils: fixfiles should handle path arguments more robustly policycoreutils: fixfiles: handle unexpected spaces in command policycoreutils/setfiles: stdout messages don't need program prefix policycoreutils/setfiles: don't scramble stdout and stderr together policycoreutils: fixfiles: remove useless use of cat Revert "policycoreutils: let output of `fixfiles` be redirected (as normal)" policycoreutils: fixfiles: remove (broken) redundant code policycoreutils: fixfiles: clarify exclude_dirs() policycoreutils: fixfiles: fix logging about R/O filesystems policycoreutils: fixfiles: move logit call outside of redirected function policycoreutils: fixfiles: deprecate -l option policycoreutils: fixfiles: tidy up usage(), manpage synopsis policycoreutils: fixfiles: remove two unused variables policycoreutils: fixfiles: syntax error policycoreutils: fixfiles: usage errors are fatal policycoreutils: fixfiles: if restorecon aborts, we should too policycoreutils: fixfiles: refactor into the `set -u` dialect policycoreutils: fixfiles: un-document `-R -a` option policycoreutils: fixfiles: remove bad modes of "relabel" command policycoreutils: fixfiles: don't ignore `-F` when run in `-C` mode policycoreutils: fixfiles: use a consistent order for options to restorecon Bernhard M. Wiedemann (1): sort input files Christian Göttsche (2): libselinux: add security_get_checkreqprot sestatus: show checkreqprot status Colin Walters (1): config: Don't finalize mount state in selinux_set_policy_root() Dan Walsh (5): policycoreutils/sepolicy: Add documentation for MCS separated domains sepolicy: Add manpages for typealiased types sepolicy: Move svirt man page out of libvirt into its own Fix up generation of application policy sepolicy: We should be creating _exec interfaces when we create the domtrans interface Daniel Jurgens (10): checkpolicy: Add support for ibpkeycon labels libsepol: Add ibpkey ocontext handling libsepol: Add Infiniband Pkey handling to CIL checkpolicy: Add support for ibendportcon labels libsepol: Add ibendport ocontext handling libsepol: Add IB end port handling to CIL semanage: Update semanage to allow runtime labeling of Infiniband Pkeys semanage: Update semanage to allow runtime labeling of ibendports semanage: Update man pages for infiniband semanage: Fix manpage author for ibpkey and ibendport pages. Gary Tierney (1): libsepol/cil: remove avrules with no affected types Guido Trentalancia (2): libselinux: Fix unitialized variable compiler warnings libsemanage: Fix unitialized variable compiler warnings James Carter (42): libsepol/cil: Check for improper category range libsepol/cil: Use empty list for category expression evaluated as empty libsepol/cil: Use an empty list to represent an unknown permission libsepol/cil: Check if identifier is NULL when verifying name libsepol/cil: Check that permission is not an empty list libsepol/cil: Verify alias in aliasactual statement is really an alias libsepol/cil: Verify neither child nor parent in a bounds is an attribute Updated libsepol ChangeLog. Updated libsepol ChangeLog. libsepol/cil: Exit with an error for an unknown map permission Updated libsepol ChangeLog. libsepol/cil: Add ability to write policy.conf file from CIL AST secilc: Add secil2conf which creates a policy.conf from CIL policy libsepol: Fix neverallow checking to also check the other types when self is included in a target type set. checkpolicy: Create common function for type declares and requires checkpolicy: Create common function for role declares and requires checkpolicy: Create common function for user declares and requires checkpolicy: Cleanup error messages checkpolicy: Move common require and declare code into new function checkpolicy: Improve check for identifier flavor mismatch libsepol: Return +1 when declaration is followed by a require checkpolicy: Remove uneeded return check in require_symbol() checkpolicy: Make print_error_msg() static policycoreutils/semodule: fix -Wwrite-strings warnings libsepol/cil: Destroy cil_tree_node stacks when finished resolving AST libsepol/cil: Move initialization of bitmap in __cil_permx_to_bitmap() checkpolicy: Fix minor memory leak in checkpolicy libsepol/cil: Allow hexadecimal numbers in Xen context rules libsepol: Update module_to_cil to output hexadecimal for Xen rules libsepol/cil: Use hexadecimal numbers when writing Xen rules libsepol/cil: Add hexadecimal support for Xen ioportcon statements libsepol: Add ability to convert binary policy to CIL libsepol: Add ability to convert binary policy to policy.conf file checkpolicy: Add options to convert binary policy to CIL or a policy.conf libsepol: In module_to_cil create one attribute for each unique set libsepol/cil: Add ability to expand some attributes in binary policy secilc: Add options to control the expansion of attributes libsepol/cil: Remove uneeded null checks of unused parameters libsepol: Clean up scope handling libsepol: Fix module_to_cil's handling of type aliases libsepol/cil: Fix bug in cil_reset_ibpkeycon() libsepol: Expand attributes with TYPE_FLAGS_EXPAND_ATTR_TRUE set Jason Zaman (13): libsepol: Add symver with explicit version to build with ld.gold mcstrans: Fix Werror=shadow errors mcstrans: take LIBDIR from args, dont guess Add stub make test targets to new subdirs mcstrans: Add utils gitignore restorecond: Add gitignore policycoreutils: honour LINGUAS variable libselinux: get pcre CFLAGS/LDFLAGS from pkg-config libselinux: PCRE_LDFLAGS is actually LDLIBS Makefiles: drop -L/-I to system paths restorecond: get pcre cflags/libs from pkg-config Add includes for DESTDIR only in root Makefile policycoreutils: make audit and pam support configurable Jeff Vander Stoep (1): Add attribute expansion options Karl MacMillan (1): libsepol compilation fixes for macOS. Kyle Walker (1): seobject: Handle python error returns correctly Laurent Bigonville (8): libselinux: Add clean-pywrap and clean-rubywrap targets libselinux: Allow overriding libsepol.a location during build policycoreutils: Use "new" sepolicy icon in .desktop file for sepolicy gui Revert "libselinux: support new python3 functions" Sandbox: Use next() over the sepolicy.info() result policycoreutils: Make sepolicy work with python3 policycoreutils: Force GTK3.0 for sepolicy gui policycoreutils: Use GObject introspection binding instead of python-gobject in selinux_server.py Lokesh Mandvekar (1): libselinux: selinux_restorecon.3 man page typo fix Luis Ressel (1): policycoreutils/load_policy: Drop is_selinux_enabled() check Mike Frysinger (2): selinux(8): fix display of man page references man: standardize spacing with pointers in prototypes Miroslav Grepl (2): sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin Fix typo in executable.py template. Nick Kralevich (5): label_file.h: actually use the results of compat_validate enabled.c: Remove stdio_ext.h header procattr.c: Use __ANDROID__ instead of ANDROID policy_define.c: don't free memory returned from queue_head() libselinux: add O_CLOEXEC Nicolas Iooss (130): policycoreutils: restorecond: use pkg-config to find dbus-glib-1 files policycoreutils: semodule_package: do not fail with an empty fc file libselinux: remove rpm_execcon from SWIG wrappers libsemanage: remove ruby_semanage.so with "make clean" libselinux, libsemanage: remove *swig_python_exception.i if its creation failed libsemanage: semanage_seuser_key_create: copy name libselinux,libsemanage: use Ruby to define RUBYINC libselinux,libsemanage: link Ruby wrapper with -lruby libsemanage: query for python site-packages dir directly libselinux,libsemanage: link Python wrapper with Python secilc: do not build secilc man page if it is up to date libselinux,libsemanage: fall back to gcc in exception.sh libselinux, libsemanage: swig: use SWIG_fail when an error occurs libsemanage: use a macro prefixed with SEMANAGE to protect dso.h libsepol: replace an assert with an error message libsepol: test for ebitmap_read() negative return value libsepol: make parsing symbol table headers more robust sandbox: make test not fail on systems without SELinux mcstrans: fix global "make install" libselinux: audit2why: remove unused module_state structure libselinux, libsemanage: use Python-specific .so extension libsepol: do not call a NULL function in additive_scopes_to_cil() libsepol: do not crash when a symbol does not exist libsepol: do not crash when block->branch_list is NULL libsepol: make scope_index_destroy() more robust libsepol: fix unknown magic section number error message libsepol: do not modify p->p_roles.nprim in role_set_expand libsepol: do not check decl->symtab[i].nprim libsepol: ebitmap: reject loading bitmaps with incorrect high bit libsepol: check decl_id bounds before using it libsepol: detect duplicated symbol IDs mcstrans/utils: make "make all" use $DESTDIR libsepol/tests: use LDFLAGS when linking checkpolicy: remove -lfl from LDLIBS libsepol,libsemanage: write file name in flex output libsemanage/tests: make "make test" fail when a CUnit test fails libsemanage/tests: make tests standalone libsemanage/tests: test more cases of semanage_split*() libsemanage: simplify string utilities functions libsemanage: add semanage_str_replace() utility function libsemanage: genhomedircon: drop ustr dependency libsemanage: remove ustr library from Makefiles, README and pkg-config libselinux/utils: do not create an empty /sbin directory libsepol/tests: fix -Wsometimes-uninitialized clang warnings libsepol/tests: fix some memory leaks checkpolicy: free id in define_port_context() checkpolicy: fix memory leaks in genfscon statements parsing checkpolicy: do not leak queue elements in queue_destroy() checkpolicy: free id where it was leaked libsemanage: genhomedircon: remove duplicated test condition libsemanage: increment the right index variable in for loop checkpolicy: fix memory usage in define_bool_tunable() libsepol: make capability index an unsigned int libselinux: include errno.h instead of sys/errno.h checkpolicy: always include ctypes.h mcstransd: fix and reorder includes libsemanage: genhomedircon: consider SEMANAGE_FCONTEXT_DIR in fcontext_matches() semanage, sepolicy: make tests not fail on systems without SELinux Re-link programs after libsepol.a is updated libsepol: use constant keys in hashtab functions libsepol: verify the right variable after calling calloc() libsepol: remove useless assignments libselinux: always free catalog in db_init() libselinux: fix argument order in get_default_context_with_rolelevel() doc checkpolicy: always free id in define_type() checkpolicy: fix memory leaks in define_filename_trans() checkpolicy: add a missing free(id) in define_roleattribute() checkpolicy: do not leak memory when a class is not found in an avrule libsepol: fix -Wwrite-strings warnings libsemanage: make lang_ext parameter const in semanage_direct_write_langext() policycoreutils/hll/pp: fix -Wwrite-strings warnings mcstrans: fix -Wwrite-strings warnings semodule_deps: hide -Wwrite-strings warnings libsepol/tests: fix -Wwrite-strings warnings libsemanage/tests: fix -Wwrite-strings warnings libsepol/cil: fix type confusion in cil_copy_ast Introduce Travis-CI tests libsepol/cil: use __cil_ordered_lists_destroy() to free unordered_classorder_lists libsepol/cil: free the first operand if the second one is invalid libsepol/cil: do not leak left-hand side of an invalid constraint libsepol/cil: free bitmaps in cil_level_equals() libselinux, libsemanage: make PYPREFIX computation more robust semodule_package: do not leak memory when using -u or -s libsepol/cil: do not dereference args before checking it was not null libsemanage: never call memcpy with a NULL value libsemanage/tests: include libsepol headers from $DESTDIR mcstrans: do not dereference color_str if it is NULL libselinux: initialize temp value in SWIG wrapper to prevent freeing garbage restorecond: add noreturn attribute to exitApp() checkpolicy: add noreturn attribute to usage() secilc: add noreturn attribute to usage() mcstrans: add noreturn attribute to usage() semodule-utils: add noreturn attribute to usage() policycoreutils: add noreturn attribute to usage() libsepol/cil: make reporting conflicting type transitions work libsepol/cil: avoid freeing uninitialized values checkpolicy: dereference rangehead after checking it was not NULL libsepol/cil: do not dereference a NULL pointer when calloc() fails libsepol: do not dereference a NULL pointer when stack_init() fails libsepol: make process_boolean() fail on invalid lines libsepol: constify sepol_genbools()'s boolpath parameter libsepol: fix use-after-free in sepol_user_clone() libsemanage: do not close uninitialized file descriptors libsemanage: do not dereference a NULL pointer when calloc() fails libsemanage: genhomedircon: fix possible double-free libselinux: do not dereference a NULL pointer when calloc() fails libsemanage: drop checks on semanage_module_info_destroy() value libselinux: make process_boolean() fail on invalid lines libselinux: ensure that 4 columns are read from /proc/mounts libsepol: refuse to load policies with no block libsepol: do not wrap integers when checking bound libsepol: do not free attr_name twice libsepol: do not leak memory when an error occurs libsepol: correct spelling errors in module_to_cil.c comments libsepol: cil: check cil_fill_list return value libselinux: avoid calling strcmp() on a NULL pointer libselinux: getsebool: always free names policycoreutils: newrole: do not free pw strings twice policycoreutils: newrole: always initialize pw fields libselinux/utils: add noreturn attribute to selinux_check_access's usage libsepol: silence false-positive -Wwrite-strings warning libsepol/cil: do not use an uninitialized value in __cil_fqn_qualify_blocks libselinux: close the subs file if fstat failed libselinux: rework selabel_subs_init() to avoid use-after-free libselinux: propagate selabel_subs_init() errors libsepol: remove unused attribute on a used argument libsepol: propagate calloc() failure libsepol: use the number of elements in calloc first argument libsepol: make role_list_destroy() do nothing when role_list is NULL libsepol: do not use handle when it is marked unused Nikola Forró (1): mcstrans: fix typo in mcstransd.8 man page Petr Lautrbach (18): libselinux: Generate SWIG wrappers for selinux_restorecon() libselinux: Rewrite restorecon() python method sepolicy: Fix spelling mistakes in commands in generated manpages policycoreutils/sepolicy: boolean.png is in help/ sepolicy: Adapt to new the semodule list output sepolicy: Don't return filter(), use [ ] notation instead sepolicy: Simplify policy types detection sepolicy/generate.py: Fix string formatting policycoreutils/sepolicy: Define our own cmp() dbus: Use text streams in selinux_server.py sepolicy: setools.*Query wants a list in ruletype sepolicy: Fix several issues in 'sepolicy manpage -a' sepolicy: info() should provide attributes for a TYPE sepolicy/gui: Update text strings to use better gettext templates libsepol/utils: Fix build without system sepol.h Fix recently introduced TabError's sepolicy/interface: Use relative python 3 imports sepolicy: Fix sorting of port_strings in python 3 Richard Haines (4): setfiles: Fix setfiles progress indicator libselinux: Add permissive= entry to avc audit log libselinux: Add selinux_check_access utility libselinux: Remove util/selinux_restorecon.c Sandeep Patil (1): libselinux: replace all malloc + memset by calloc in android label backend. Stephen Smalley (91): Fix release script scripts/release: cleanups libsemanage: genhomedircon: only set MLS level if MLS is enabled Updated libsemanage ChangeLog Updated libselinux and libsepol ChangeLogs Updated policycoreutils ChangeLog Updated libselinux ChangeLog Updated libselinux ChangeLog. Updated libselinux ChangeLog Updated policycoreutils ChangeLog Updated libsepol ChangeLog Updated libselinux ChangeLog libselinux: avc_internal.c: allow building with clang Updated libselinux ChangeLog libsemanage: fix kernel pathname in semanage_verify_kernel() Updated ChangeLogs Updated policycoreutils ChangeLog Updated libselinux ChangeLog Updated libselinux and libsemanage ChangeLogs Updated policycoreutils ChangeLog Updated policycoreutils ChangeLog libsepol: sepol_{bool|iface|user}_key_create: copy name Updated libsepol ChangeLog libsepol: fix checkpolicy dontaudit compiler bug Updated libsepol ChangeLog libselinux: fix subdir build and usage of cmdline CFLAGS Updated libselinux ChangeLog Updated libsemanage ChangeLog Updated libsepol ChangeLog Updated policycoreutils ChangeLog Updated libselinux and libsemanage ChangeLogs Updated secilc ChangeLog Updated libselinux and libsemanage ChangeLog libsepol: cil_lexer: make warnings non-fatal for building Updated libsepol ChangeLog Updated libsemanage ChangeLog Updated libsepol ChangeLog Updated libsepol ChangeLog Move policycoreutils/gui to gui. Move policycoreutils/mcstrans to mcstrans. Move policycoreutils/restorecond to restorecond. Move policycoreutils/sandbox to sandbox. Move policycoreutils/sepolicy dbus service files to dbus. Move policycoreutils/{sepolicy,audit2allow,semanage,scripts/chcat*} and sepolgen to python. Move policycoreutils/semodule_{deps,expand,link} to semodule-utils. Make it easy to omit optional components. Build mcstrans. mcstrans: Add .gitignore file mcstrans: Add a relabel target. Move sepolicy desktop and png files to gui. Move policycoreutils/sepolgen-ifgen into python/audit2allow. mcstrans: fix clang warnings Update release script for the new structure. Fix release script for packages that need prefixes. Add VERSION files for new components Move policycoreutils/semodule_package to semodule-utils. restorecond: break source dependency on policycoreutils/setfiles Fix release script Add COPYING files for new subdirs. semodule-utils: Drop -lselinux from Makefiles. Drop ChangeLog files mcstrans: Fix signed/unsigned warnings libselinux: normalize enforce values from the kernel checkpolicy: treat -self as an error libsepol: do not write object_r types to policy file libsepol,checkpolicy: convert rangetrans and filenametrans to hashtabs libsepol: do not #include <sys/cdefs.h> libselinux: avcstat: Clean up redundant condition libsepol: sepol_av_to_string: clear static buffer libsepol,libselinux,audit2allow: teach audit2why about type bounds failures libsepol: Define extended_socket_class policy capability libselinux: selinux_restorecon: only log no default label warning if recursive libselinux: selinux_restorecon: only log no default label warning for caller-supplied pathname policycoreutils/setfiles: set up a logging callback for libselinux libselinux: disable filespec hash table stats on non-debug builds policycoreutils: remove deprecated -o option from fixfiles verify libsepol: Define cgroup_seclabel policy capability python/semanage: fix export of fcontext socket entries libsepol: do not seg fault on sepol_*_key_free(NULL) libsemanage: revert "Skip policy module re-link when only setting booleans." libsemanage: Save linked policy, skip re-link when possible libselinux: Fix CFLAGS definition checkpolicy,libsepol: drop unnecessary usage of s6_addr32 libsepol,checkpolicy: add binary module support for xperms python/semanage: print is a function in python3 libsepol,libsemanage,libselinux: Fix fallthrough warnings from gcc 7 libsemanage: Fix snprintf warnings from gcc 7 libsepol: Fix alloc-size-larger-than warning from gcc 7 libselinux: fix selabel_lookup*() double slash bug libselinux: always unmount selinuxfs for SELINUX=disabled Update VERSION files for 2.7-rc1 release. Steve Lawrence (4): libsepol: fix pp module to cil nodecon statement libsepol/cil: fix aliasactual resolution errors libsepol/cil: better error message with duplicate aliases + support aliases to aliases libsepol/cil: fix error check in new cil_resolve_name Thomas Petazzoni (1): libselinux/src/regex.c: support old compilers for the endian check Tom Cherry (1): procattr.c: Use __BIONIC__ instead of __ANDROID__ Ville Skyttä (1): Python 3.6 invalid escape sequence deprecation fixes Vit Mojzis (13): policycoreutils/gui: fix system-config-selinux editing features policycoreutils/sepolicy/gui: fix current selinux state radiobutton python/sepolicy/sepolicy/gui: Fix getting python lib path python/semanage/semanage: Unify argument handling python: Fix some typos python/sepolicy/sepolicy/gui: Reflect sepolicy changes into gui python/sepolicy/sepolicy: Cleanup of gui code python/sepolicy/sepolicy: optimise sepolicy gui loading policycoreutils/setfiles: Mention customizable types in restorecon man page policycoreutils/restorecond: Decrease loglevel of termination message policycoreutils/hll/pp: Fix pp crash when processing base module sepolgen: strip non-printable characters when parsing audit messages python/sepolicy: fix obtaining domain name in HTMLManPages William Roberts (15): libsepol/cil: disable symver on Mac builds libsepol: build on mac libselinux: fix mac build warning when ANDROID_HOST=y libselinux: fix required alignment for sha1.c on mac libselinux/utils: add noreturn to sefcontext_compile libselinux: support ANDROID_HOST=1 on Mac libselinux: DISABLE_BOOL move to include headers libselinux: add booleans.c to ANDROID_HOST=y recipe libselinux: fix compiler flags for linux + clang libselinux/utils: fix all the noreturn errors Revert "libsepol: fix checkpolicy dontaudit compiler bug" libsepol: fix checkpolicy dontaudit compiler bug policydb.h: use AVTAB macros to avoid duplications expand_avrule_helper: cleanup expand_terule_helper: cleanups cgzones (1): fix semanage fcontext help message dcashman (2): libsepol: cil: cil_strpool: Allow multiple strpool users. libsepol: cil: remove double-free. stephensmalley (1): Merge pull request #35 from cgzones/semanage_fcontext_description vmojzis (1): libselinux: fix pointer handling in realpath_not_final ^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc2 release 2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley 2017-06-09 17:31 ` Stephen Smalley @ 2017-06-16 16:55 ` Stephen Smalley 2017-06-18 7:32 ` Jason Zaman 2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley 2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley 3 siblings, 1 reply; 24+ messages in thread From: Stephen Smalley @ 2017-06-16 16:55 UTC (permalink / raw) To: selinux A second release candidate for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases Please give it a test and let us know if there are any issues. Changes from the -rc1 release: James Carter (2): libsepol: Fix neverallow bug when checking conditional policy libsepol/cil: Fix bugs when writing policy.conf rules Nicolas Iooss (1): libsepol: destroy the expanded level when mls_semantic_level_expand() fails Richard Haines (2): libsepol/cil: ibendportcon fails to resolve in CIL policy secilc: Update test policy and documentation for Infiniband Stephen Smalley (1): Update VERSION files for 2.7-rc2 release. Vit Mojzis (1): policycoreutils/fixfiles: do not dereference link files in tmp ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley @ 2017-06-18 7:32 ` Jason Zaman 2017-06-18 7:46 ` Jason Zaman 2017-06-19 17:06 ` Stephen Smalley 0 siblings, 2 replies; 24+ messages in thread From: Jason Zaman @ 2017-06-18 7:32 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux There is a bug that needs to be fixed before the final release: https://bugs.gentoo.org/show_bug.cgi?id=621762 I think the fix is just add override in utils/Makefile to the LDLIBS and LDFLAGS bits. I'm not sure I'll have time to get around to testing it so just wanted to let you know before the final release. -- Jason On Fri, Jun 16, 2017 at 12:55:09PM -0400, Stephen Smalley wrote: > A second release candidate for the SELinux userspace is now available > at: > https://github.com/SELinuxProject/selinux/wiki/Releases > > Please give it a test and let us know if there are any issues. > > Changes from the -rc1 release: > > James Carter (2): > libsepol: Fix neverallow bug when checking conditional policy > libsepol/cil: Fix bugs when writing policy.conf rules > > Nicolas Iooss (1): > libsepol: destroy the expanded level when > mls_semantic_level_expand() fails > > Richard Haines (2): > libsepol/cil: ibendportcon fails to resolve in CIL policy > secilc: Update test policy and documentation for Infiniband > > Stephen Smalley (1): > Update VERSION files for 2.7-rc2 release. > > Vit Mojzis (1): > policycoreutils/fixfiles: do not dereference link files in tmp ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-18 7:32 ` Jason Zaman @ 2017-06-18 7:46 ` Jason Zaman 2017-06-20 10:54 ` Petr Lautrbach 2017-06-19 17:06 ` Stephen Smalley 1 sibling, 1 reply; 24+ messages in thread From: Jason Zaman @ 2017-06-18 7:46 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: > There is a bug that needs to be fixed before the final release: > https://bugs.gentoo.org/show_bug.cgi?id=621762 > > I think the fix is just add override in utils/Makefile to the LDLIBS and > LDFLAGS bits. I'm not sure I'll have time to get around to testing > it so just wanted to let you know before the final release. Yep, thats the fix, I sent a patch. https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/libselinux-9999.ebuild#n58 The gentoo ebuild overrides LDFLAGS on the commandline which is why the override was required. When i first tried to repro manually i just exported LDFLAGS and couldnt repro. once i read the docs on override it was pretty obvious. > -- Jason > > On Fri, Jun 16, 2017 at 12:55:09PM -0400, Stephen Smalley wrote: > > A second release candidate for the SELinux userspace is now available > > at: > > https://github.com/SELinuxProject/selinux/wiki/Releases > > > > Please give it a test and let us know if there are any issues. > > > > Changes from the -rc1 release: > > > > James Carter (2): > > libsepol: Fix neverallow bug when checking conditional policy > > libsepol/cil: Fix bugs when writing policy.conf rules > > > > Nicolas Iooss (1): > > libsepol: destroy the expanded level when > > mls_semantic_level_expand() fails > > > > Richard Haines (2): > > libsepol/cil: ibendportcon fails to resolve in CIL policy > > secilc: Update test policy and documentation for Infiniband > > > > Stephen Smalley (1): > > Update VERSION files for 2.7-rc2 release. > > > > Vit Mojzis (1): > > policycoreutils/fixfiles: do not dereference link files in tmp ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-18 7:46 ` Jason Zaman @ 2017-06-20 10:54 ` Petr Lautrbach 2017-06-20 12:14 ` Stephen Smalley 0 siblings, 1 reply; 24+ messages in thread From: Petr Lautrbach @ 2017-06-20 10:54 UTC (permalink / raw) To: selinux On 06/18/2017 09:46 AM, Jason Zaman wrote: > On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: >> There is a bug that needs to be fixed before the final release: >> https://bugs.gentoo.org/show_bug.cgi?id=621762 >> >> I think the fix is just add override in utils/Makefile to the LDLIBS and >> LDFLAGS bits. I'm not sure I'll have time to get around to testing >> it so just wanted to let you know before the final release. > > Yep, thats the fix, I sent a patch. > https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/libselinux-9999.ebuild#n58 > The gentoo ebuild overrides LDFLAGS on the commandline which is why the > override was required. When i first tried to repro manually i just > exported LDFLAGS and couldnt repro. once i read the docs on override it > was pretty obvious. A similar patch is needed almost for every other part when you try to build everything from git first and then install it. In order to that I need to apply a patch [1] and do the following steps: ln -s ../../cil/include/cil libsepol/include/sepol/cil make \ CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \ LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" make -C libselinux \ CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \ LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" \ PYTHON=%{__python} pywrap make \ DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \ CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \ SHLIBDIR="%{buildroot}/%{_lib}" \ BINDIR="%{buildroot}%{_bindir}" \ SBINDIR="%{buildroot}%{_sbindir}" \ PYTHON=%{__python} \ install install-pywrap [1] https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch Using this I preserve rpath problems pointing to DESTDIR and rpm can simply use everything from DESTDIR for / Petr >> -- Jason >> >> On Fri, Jun 16, 2017 at 12:55:09PM -0400, Stephen Smalley wrote: >>> A second release candidate for the SELinux userspace is now available >>> at: >>> https://github.com/SELinuxProject/selinux/wiki/Releases >>> >>> Please give it a test and let us know if there are any issues. >>> >>> Changes from the -rc1 release: >>> >>> James Carter (2): >>> libsepol: Fix neverallow bug when checking conditional policy >>> libsepol/cil: Fix bugs when writing policy.conf rules >>> >>> Nicolas Iooss (1): >>> libsepol: destroy the expanded level when >>> mls_semantic_level_expand() fails >>> >>> Richard Haines (2): >>> libsepol/cil: ibendportcon fails to resolve in CIL policy >>> secilc: Update test policy and documentation for Infiniband >>> >>> Stephen Smalley (1): >>> Update VERSION files for 2.7-rc2 release. >>> >>> Vit Mojzis (1): >>> policycoreutils/fixfiles: do not dereference link files in tmp ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-20 10:54 ` Petr Lautrbach @ 2017-06-20 12:14 ` Stephen Smalley 2017-06-20 13:28 ` Petr Lautrbach 0 siblings, 1 reply; 24+ messages in thread From: Stephen Smalley @ 2017-06-20 12:14 UTC (permalink / raw) To: Petr Lautrbach, selinux On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: > On 06/18/2017 09:46 AM, Jason Zaman wrote: > > On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: > > > There is a bug that needs to be fixed before the final release: > > > https://bugs.gentoo.org/show_bug.cgi?id=621762 > > > > > > I think the fix is just add override in utils/Makefile to the > > > LDLIBS and > > > LDFLAGS bits. I'm not sure I'll have time to get around to > > > testing > > > it so just wanted to let you know before the final release. > > > > Yep, thats the fix, I sent a patch. > > https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/ > > libselinux-9999.ebuild#n58 > > The gentoo ebuild overrides LDFLAGS on the commandline which is why > > the > > override was required. When i first tried to repro manually i just > > exported LDFLAGS and couldnt repro. once i read the docs on > > override it > > was pretty obvious. > > A similar patch is needed almost for every other part when you try > to > build everything from git first and then install it. > > In order to that I need to apply a patch [1] and do the following > steps: > > ln -s ../../cil/include/cil libsepol/include/sepol/cil > > make \ > CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \ > LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" > > make -C libselinux \ > CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \ > LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" \ > PYTHON=%{__python} pywrap > > make \ > DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \ > CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \ > SHLIBDIR="%{buildroot}/%{_lib}" \ > BINDIR="%{buildroot}%{_bindir}" \ > SBINDIR="%{buildroot}%{_sbindir}" \ > PYTHON=%{__python} \ > install install-pywrap > > > [1] > https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build > -without-install.patch > > Using this I preserve rpath problems pointing to DESTDIR and rpm can > simply use everything from DESTDIR for / That seems very onerous for packagers. So, are you advocating for reverting fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the patch cited above for upstream instead? ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-20 12:14 ` Stephen Smalley @ 2017-06-20 13:28 ` Petr Lautrbach 2017-06-20 13:31 ` Petr Lautrbach 2017-06-20 14:22 ` Jason Zaman 0 siblings, 2 replies; 24+ messages in thread From: Petr Lautrbach @ 2017-06-20 13:28 UTC (permalink / raw) To: Stephen Smalley, selinux On 06/20/2017 02:14 PM, Stephen Smalley wrote: > On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: >> On 06/18/2017 09:46 AM, Jason Zaman wrote: >>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: >>>> There is a bug that needs to be fixed before the final release: >>>> https://bugs.gentoo.org/show_bug.cgi?id=621762 >>>> >>>> I think the fix is just add override in utils/Makefile to the >>>> LDLIBS and >>>> LDFLAGS bits. I'm not sure I'll have time to get around to >>>> testing >>>> it so just wanted to let you know before the final release. >>> >>> Yep, thats the fix, I sent a patch. >>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/ >>> libselinux-9999.ebuild#n58 >>> The gentoo ebuild overrides LDFLAGS on the commandline which is why >>> the >>> override was required. When i first tried to repro manually i just >>> exported LDFLAGS and couldnt repro. once i read the docs on >>> override it >>> was pretty obvious. >> >> A similar patch is needed almost for every other part when you try >> to >> build everything from git first and then install it. >> >> In order to that I need to apply a patch [1] and do the following >> steps: ... >> >> [1] >> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build >> -without-install.patch >> >> Using this I preserve rpath problems pointing to DESTDIR and rpm can >> simply use everything from DESTDIR for / > > That seems very onerous for packagers. > So, are you advocating for reverting > fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the > patch cited above for upstream instead? > Actually it seems that fcb5d5cc7 didn't break this use case. At the moment, we still build SELinux tools and libraries from tar balls in Fedora so it's not affected. But since some of directories were split I decided to build snapshot SELinux rpms [2] from one selinux src rpm which uses the whole git snapshot. For my use case, I'd rather see the [1] patch upstream if it's acceptable solution. I'll rebase it against latest HEAD and sent it for review. [2] https://gitlab.com/bachradsusi/selinux-rpm Petr ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-20 13:28 ` Petr Lautrbach @ 2017-06-20 13:31 ` Petr Lautrbach 2017-06-20 14:22 ` Jason Zaman 1 sibling, 0 replies; 24+ messages in thread From: Petr Lautrbach @ 2017-06-20 13:31 UTC (permalink / raw) To: Stephen Smalley, selinux On 06/20/2017 03:28 PM, Petr Lautrbach wrote: > On 06/20/2017 02:14 PM, Stephen Smalley wrote: >> On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: >>> On 06/18/2017 09:46 AM, Jason Zaman wrote: >>>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: >>>>> There is a bug that needs to be fixed before the final release: >>>>> https://bugs.gentoo.org/show_bug.cgi?id=621762 >>>>> >>>>> I think the fix is just add override in utils/Makefile to the >>>>> LDLIBS and >>>>> LDFLAGS bits. I'm not sure I'll have time to get around to >>>>> testing >>>>> it so just wanted to let you know before the final release. >>>> >>>> Yep, thats the fix, I sent a patch. >>>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/ >>>> libselinux-9999.ebuild#n58 >>>> The gentoo ebuild overrides LDFLAGS on the commandline which is why >>>> the >>>> override was required. When i first tried to repro manually i just >>>> exported LDFLAGS and couldnt repro. once i read the docs on >>>> override it >>>> was pretty obvious. >>> >>> A similar patch is needed almost for every other part when you try >>> to >>> build everything from git first and then install it. >>> >>> In order to that I need to apply a patch [1] and do the following >>> steps: > ... >>> >>> [1] >>> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build >>> -without-install.patch >>> >>> Using this I preserve rpath problems pointing to DESTDIR and rpm can >>> simply use everything from DESTDIR for / >> >> That seems very onerous for packagers. >> So, are you advocating for reverting >> fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the >> patch cited above for upstream instead? >> > > Actually it seems that fcb5d5cc7 didn't break this use case. I mean it was broken even before this change according to my testing. cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -I../include -I/usr/include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -c -o load_policy.o load_policy.c load_policy.c:15:10: fatal error: sepol/sepol.h: No such file or directory #include <sepol/sepol.h> ^~~~~~~~~~~~~~~ > > At the moment, we still build SELinux tools and libraries from tar balls > in Fedora so it's not affected. But since some of directories were split > I decided to build snapshot SELinux rpms [2] from one selinux src rpm > which uses the whole git snapshot. > > For my use case, I'd rather see the [1] patch upstream if it's > acceptable solution. I'll rebase it against latest HEAD and sent it for > review. > > [2] https://gitlab.com/bachradsusi/selinux-rpm > > Petr ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-20 13:28 ` Petr Lautrbach 2017-06-20 13:31 ` Petr Lautrbach @ 2017-06-20 14:22 ` Jason Zaman 2017-06-21 17:58 ` Petr Lautrbach 1 sibling, 1 reply; 24+ messages in thread From: Jason Zaman @ 2017-06-20 14:22 UTC (permalink / raw) To: Petr Lautrbach; +Cc: Stephen Smalley, selinux On Tue, Jun 20, 2017 at 03:28:44PM +0200, Petr Lautrbach wrote: > On 06/20/2017 02:14 PM, Stephen Smalley wrote: > > On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: > >> On 06/18/2017 09:46 AM, Jason Zaman wrote: > >>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: > >>>> There is a bug that needs to be fixed before the final release: > >>>> https://bugs.gentoo.org/show_bug.cgi?id=621762 > >>>> > >>>> I think the fix is just add override in utils/Makefile to the > >>>> LDLIBS and > >>>> LDFLAGS bits. I'm not sure I'll have time to get around to > >>>> testing > >>>> it so just wanted to let you know before the final release. > >>> > >>> Yep, thats the fix, I sent a patch. > >>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/ > >>> libselinux-9999.ebuild#n58 > >>> The gentoo ebuild overrides LDFLAGS on the commandline which is why > >>> the > >>> override was required. When i first tried to repro manually i just > >>> exported LDFLAGS and couldnt repro. once i read the docs on > >>> override it > >>> was pretty obvious. > >> > >> A similar patch is needed almost for every other part when you try > >> to > >> build everything from git first and then install it. > >> > >> In order to that I need to apply a patch [1] and do the following > >> steps: > ... > >> > >> [1] > >> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build > >> -without-install.patch > >> > >> Using this I preserve rpath problems pointing to DESTDIR and rpm can > >> simply use everything from DESTDIR for / > > > > That seems very onerous for packagers. > > So, are you advocating for reverting > > fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the > > patch cited above for upstream instead? > > > > Actually it seems that fcb5d5cc7 didn't break this use case. > > At the moment, we still build SELinux tools and libraries from tar balls > in Fedora so it's not affected. But since some of directories were split > I decided to build snapshot SELinux rpms [2] from one selinux src rpm > which uses the whole git snapshot. Ooohh.. okay i was about to ask i thought fedora packaged everything separately. and didnt get why things were refering to libsepol and libselinux in the same build script. In gentoo they're all separate no matter if its git or a release, the only thing we change is if we have to cd into a subdir with version number or without. the repo doesnt build very well unless you've installed the earlier deps before building the later ones. you'll probably have a better time if the builds are split out again or if you build and install each one separately There are a bunch of issues with the patch tho, it moves -L around to the wrong places. -L should be before the objects and -l after Also, https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch#L288 that check echos out a y above, so replacing it there will always be false which is probably wrong. I changed it because in gentoo we dont do automagic dependencies so it needs a good way to en/disable manually but the default was unchanged to check if the system has the header. But the bits in the patch with override are probably right. I'll check through all the Makefiles and see where needs overriding and send a patch tmrr. -- Jason > For my use case, I'd rather see the [1] patch upstream if it's > acceptable solution. I'll rebase it against latest HEAD and sent it for > review. > > [2] https://gitlab.com/bachradsusi/selinux-rpm > > Petr ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-20 14:22 ` Jason Zaman @ 2017-06-21 17:58 ` Petr Lautrbach 0 siblings, 0 replies; 24+ messages in thread From: Petr Lautrbach @ 2017-06-21 17:58 UTC (permalink / raw) To: Jason Zaman; +Cc: Stephen Smalley, selinux On 06/20/2017 04:22 PM, Jason Zaman wrote: > On Tue, Jun 20, 2017 at 03:28:44PM +0200, Petr Lautrbach wrote: >> On 06/20/2017 02:14 PM, Stephen Smalley wrote: >>> On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: >>>> On 06/18/2017 09:46 AM, Jason Zaman wrote: >>>>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: >>>>>> There is a bug that needs to be fixed before the final release: >>>>>> https://bugs.gentoo.org/show_bug.cgi?id=621762 >>>>>> >>>>>> I think the fix is just add override in utils/Makefile to the >>>>>> LDLIBS and >>>>>> LDFLAGS bits. I'm not sure I'll have time to get around to >>>>>> testing >>>>>> it so just wanted to let you know before the final release. >>>>> >>>>> Yep, thats the fix, I sent a patch. >>>>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/ >>>>> libselinux-9999.ebuild#n58 >>>>> The gentoo ebuild overrides LDFLAGS on the commandline which is why >>>>> the >>>>> override was required. When i first tried to repro manually i just >>>>> exported LDFLAGS and couldnt repro. once i read the docs on >>>>> override it >>>>> was pretty obvious. >>>> >>>> A similar patch is needed almost for every other part when you try >>>> to >>>> build everything from git first and then install it. >>>> >>>> In order to that I need to apply a patch [1] and do the following >>>> steps: >> ... >>>> >>>> [1] >>>> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build >>>> -without-install.patch >>>> >>>> Using this I preserve rpath problems pointing to DESTDIR and rpm can >>>> simply use everything from DESTDIR for / >>> >>> That seems very onerous for packagers. >>> So, are you advocating for reverting >>> fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the >>> patch cited above for upstream instead? >>> >> >> Actually it seems that fcb5d5cc7 didn't break this use case. >> >> At the moment, we still build SELinux tools and libraries from tar balls >> in Fedora so it's not affected. But since some of directories were split >> I decided to build snapshot SELinux rpms [2] from one selinux src rpm >> which uses the whole git snapshot. > > Ooohh.. okay i was about to ask i thought fedora packaged everything > separately. and didnt get why things were refering to libsepol and > libselinux in the same build script. > > In gentoo they're all separate no matter if its git or a release, the > only thing we change is if we have to cd into a subdir with version > number or without. > > the repo doesnt build very well unless you've installed the earlier deps > before building the later ones. you'll probably have a better time if > the builds are split out again or if you build and install each one > separately It seems to be only working solution right now. But it's the most complicated in regards of Fedora build systems koji and COPR. Packages are built using mock and non-root user - a build process can't install files to /. So one need to build libsepol package first, push it to the buildroot so that it's installed during build of other packages, build libselinux, push it to the buildroot, ... This quite a long and complicated process even in COPR. > There are a bunch of issues with the patch tho, it moves -L around to > the wrong places. -L should be before the objects and -l after > > Also, https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch#L288 > that check echos out a y above, so replacing it there will always be > false which is probably wrong. I changed it because in gentoo we dont > do automagic dependencies so it needs a good way to en/disable manually > but the default was unchanged to check if the system has the header. Thanks for the comment. I'll take a look at it. > > But the bits in the patch with override are probably right. I'll check > through all the Makefiles and see where needs overriding and send a > patch tmrr. > > -- Jason > >> For my use case, I'd rather see the [1] patch upstream if it's >> acceptable solution. I'll rebase it against latest HEAD and sent it for >> review. >> >> [2] https://gitlab.com/bachradsusi/selinux-rpm >> >> Petr ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-18 7:32 ` Jason Zaman 2017-06-18 7:46 ` Jason Zaman @ 2017-06-19 17:06 ` Stephen Smalley 2017-06-20 4:55 ` Jason Zaman 1 sibling, 1 reply; 24+ messages in thread From: Stephen Smalley @ 2017-06-19 17:06 UTC (permalink / raw) To: Jason Zaman; +Cc: selinux On Sun, 2017-06-18 at 15:32 +0800, Jason Zaman wrote: > There is a bug that needs to be fixed before the final release: > https://bugs.gentoo.org/show_bug.cgi?id=621762 > > I think the fix is just add override in utils/Makefile to the LDLIBS > and > LDFLAGS bits. I'm not sure I'll have time to get around to testing > it so just wanted to let you know before the final release. I wondering if we should actually revert fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, at least wrt removal of -L/- I. This seems to have broken usage of DESTDIR (except from top-level, via 9a7763e18604c4649ff67ea6d43a730f90311592, which doesn't help people using the individual tar balls. And it seems like many package recipes are relying on make DESTDIR= to work as expected. ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release 2017-06-19 17:06 ` Stephen Smalley @ 2017-06-20 4:55 ` Jason Zaman 2017-06-21 18:04 ` [PATCH] Use DESTDIR only in install targets Petr Lautrbach 0 siblings, 1 reply; 24+ messages in thread From: Jason Zaman @ 2017-06-20 4:55 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux On Mon, Jun 19, 2017 at 01:06:10PM -0400, Stephen Smalley wrote: > On Sun, 2017-06-18 at 15:32 +0800, Jason Zaman wrote: > > There is a bug that needs to be fixed before the final release: > > https://bugs.gentoo.org/show_bug.cgi?id=621762 > > > > I think the fix is just add override in utils/Makefile to the LDLIBS > > and > > LDFLAGS bits. I'm not sure I'll have time to get around to testing > > it so just wanted to let you know before the final release. > > I wondering if we should actually revert > fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, at least wrt removal of -L/- > I. This seems to have broken usage of DESTDIR (except from top-level, > via 9a7763e18604c4649ff67ea6d43a730f90311592, which doesn't help people > using the individual tar balls. And it seems like many package recipes > are relying on make DESTDIR= to work as expected. Thats the thing tho, DESTDIR is not supposed to affect compilation at all. it should only affect where things are installed to. lots of other things get confused if that changes. DESTDIR is for when rpm or portage or whatever want to keep track of all the files installed by a package before merging into the real / so it can uninstall them all. If you want to do like a prefix install into /home/bin or whatever then i think the variable is SYSROOT or something like that. building should technically be done something like: passing DESTDIR when you do the actual compilation bits isnt right. # portage or rpm's building thing or whatever do this automatically export CC CFLAGS LDLFAGS etc make all make DESTDIR="/wherever" install cd /wherever/ tar cf libselinux.tar ./ https://www.gnu.org/prep/standards/html_node/DESTDIR.html "DESTDIR should be supported only in the install* and uninstall* targets, as those are the only targets where it is useful." -- Jason ^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH] Use DESTDIR only in install targets 2017-06-20 4:55 ` Jason Zaman @ 2017-06-21 18:04 ` Petr Lautrbach 2017-06-21 19:51 ` Stephen Smalley 0 siblings, 1 reply; 24+ messages in thread From: Petr Lautrbach @ 2017-06-21 18:04 UTC (permalink / raw) To: selinux https://www.gnu.org/prep/standards/html_node/DESTDIR.html DESTDIR should be supported only in the install* and uninstall* targets, as those are the only targets where it is useful. Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- checkpolicy/Makefile | 20 +++++++-------- checkpolicy/test/Makefile | 6 ++--- gui/Makefile | 44 ++++++++++++++++---------------- libselinux/include/Makefile | 6 ++--- libselinux/src/Makefile | 38 +++++++++++++-------------- libselinux/utils/Makefile | 6 ++--- libsemanage/include/Makefile | 6 ++--- libsemanage/src/Makefile | 32 +++++++++++------------ libsemanage/tests/Makefile | 2 +- libsemanage/utils/Makefile | 6 ++--- libsepol/include/Makefile | 14 +++++----- libsepol/src/Makefile | 20 +++++++-------- libsepol/utils/Makefile | 6 ++--- mcstrans/man/Makefile | 6 ++--- mcstrans/src/Makefile | 22 ++++++++-------- mcstrans/utils/Makefile | 8 +++--- policycoreutils/hll/pp/Makefile | 6 ++--- policycoreutils/load_policy/Makefile | 14 +++++----- policycoreutils/man/Makefile | 6 ++--- policycoreutils/newrole/Makefile | 22 ++++++++-------- policycoreutils/run_init/Makefile | 20 +++++++-------- policycoreutils/scripts/Makefile | 12 ++++----- policycoreutils/secon/Makefile | 10 ++++---- policycoreutils/semodule/Makefile | 14 +++++----- policycoreutils/sestatus/Makefile | 20 +++++++-------- policycoreutils/setfiles/Makefile | 22 ++++++++-------- policycoreutils/setsebool/Makefile | 16 ++++++------ python/audit2allow/Makefile | 20 +++++++-------- python/chcat/Makefile | 10 ++++---- python/semanage/Makefile | 22 ++++++++-------- python/sepolgen/src/sepolgen/Makefile | 6 ++--- python/sepolgen/src/share/Makefile | 8 +++--- python/sepolicy/Makefile | 18 ++++++------- restorecond/Makefile | 44 ++++++++++++++++---------------- sandbox/Makefile | 32 +++++++++++------------ secilc/Makefile | 14 +++++----- semodule-utils/semodule_deps/Makefile | 12 ++++----- semodule-utils/semodule_expand/Makefile | 10 ++++---- semodule-utils/semodule_link/Makefile | 12 ++++----- semodule-utils/semodule_package/Makefile | 14 +++++----- 40 files changed, 313 insertions(+), 313 deletions(-) diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile index 68e11f2a..e4f4fa19 100644 --- a/checkpolicy/Makefile +++ b/checkpolicy/Makefile @@ -1,7 +1,7 @@ # # Makefile for building the checkpolicy program # -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man LIBDIR ?= $(PREFIX)/lib @@ -26,9 +26,9 @@ GENERATED=lex.yy.c y.tab.c y.tab.h all: $(TARGETS) $(MAKE) -C test -checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA) +checkpolicy: $(CHECKPOLOBJS) $(DESTDIR)$(LIBSEPOLA) -checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) +checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA) %.o: %.c $(CC) $(CFLAGS) -o $@ -c $< @@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c $(LEX) policy_scan.l install: all - -mkdir -p $(BINDIR) - -mkdir -p $(MANDIR)/man8 - install -m 755 $(TARGETS) $(BINDIR) - install -m 644 checkpolicy.8 $(MANDIR)/man8 - install -m 644 checkmodule.8 $(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(BINDIR) + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) + install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 + install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 relabel: install - /sbin/restorecon $(BINDIR)/checkpolicy - /sbin/restorecon $(BINDIR)/checkmodule + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule clean: -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile index 59fa4460..c9a8d4c5 100644 --- a/checkpolicy/test/Makefile +++ b/checkpolicy/test/Makefile @@ -1,7 +1,7 @@ # # Makefile for building the dispol program # -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin LIBDIR ?= $(PREFIX)/lib INCLUDEDIR ?= $(PREFIX)/include @@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe all: dispol dismod -dispol: dispol.o $(LIBSEPOLA) +dispol: dispol.o $(DESTDIR)$(LIBSEPOLA) -dismod: dismod.o $(LIBSEPOLA) +dismod: dismod.o $(DESTDIR)$(LIBSEPOLA) clean: -rm -f dispol dismod *.o diff --git a/gui/Makefile b/gui/Makefile index 4fc2c1a1..52c3cab2 100644 --- a/gui/Makefile +++ b/gui/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= ${DESTDIR}/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin SHAREDIR ?= $(PREFIX)/share/system-config-selinux DATADIR ?= $(PREFIX)/share @@ -24,29 +24,29 @@ usersPage.py all: $(TARGETS) system-config-selinux.py polgengui.py install: all - -mkdir -p $(MANDIR)/man8 - -mkdir -p $(SHAREDIR) - -mkdir -p $(BINDIR) - -mkdir -p $(DATADIR)/pixmaps - -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps - -mkdir -p $(DATADIR)/polkit-1/actions/ - install -m 755 system-config-selinux.py $(SHAREDIR) - install -m 755 system-config-selinux $(BINDIR) - install -m 755 polgengui.py $(SHAREDIR) - install -m 644 $(TARGETS) $(SHAREDIR) - install -m 644 system-config-selinux.8 $(MANDIR)/man8 - install -m 644 selinux-polgengui.8 $(MANDIR)/man8 - install -m 644 system-config-selinux.png $(DATADIR)/pixmaps - install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps - install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux - install -m 644 *.desktop $(DATADIR)/system-config-selinux - -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps - install -m 644 sepolicy_256.png $(DATADIR)/pixmaps/sepolicy.png + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(SHAREDIR) + -mkdir -p $(DESTDIR)$(BINDIR) + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps + -mkdir -p $(DESTDIR)$(SYSCONFDIR) + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ + install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR) + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) + install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) + install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8 + install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8 + install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps + install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps + install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux + -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps + install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png for i in 16 22 32 48 256; do \ - mkdir -p $(DESTDIR) $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ - install -m 644 sepolicy_$${i}.png $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ + mkdir -p $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ + install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ done - install -m 644 org.selinux.config.policy $(DATADIR)/polkit-1/actions/ + install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ clean: indent: diff --git a/libselinux/include/Makefile b/libselinux/include/Makefile index 757a6c9c..c1d3fa15 100644 --- a/libselinux/include/Makefile +++ b/libselinux/include/Makefile @@ -1,12 +1,12 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCDIR ?= $(PREFIX)/include/selinux all: install: all - test -d $(INCDIR) || install -m 755 -d $(INCDIR) - install -m 644 $(wildcard selinux/*.h) $(INCDIR) + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) + install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR) relabel: diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 4306dd0e..6d65b682 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) PKG_CONFIG ?= pkg-config # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib -SHLIBDIR ?= $(DESTDIR)/lib +SHLIBDIR ?= /lib INCLUDEDIR ?= $(PREFIX)/include PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])') RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -lruby"') -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') LIBBASE ?= $(shell basename $(LIBDIR)) LIBSEPOLA ?= $(LIBDIR)/libsepol.a @@ -156,7 +156,7 @@ selinuxswig_python_exception.i: ../include/selinux/selinux.h $(AUDIT2WHYLOBJ): audit2why.c $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $< -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) +$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA) $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(PYLIBS) %.o: %.c policy.h @@ -177,26 +177,26 @@ swigify: $(SWIGIF) $(SWIG) $< install: all - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) - install -m 644 $(LIBA) $(LIBDIR) - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) - install -m 755 $(LIBSO) $(SHLIBDIR) - test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) install-pywrap: pywrap - test -d $(PYSITEDIR)/selinux || install -m 755 -d $(PYSITEDIR)/selinux - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT) - install -m 755 $(AUDIT2WHYSO) $(PYSITEDIR)/selinux/audit2why$(PYCEXT) - install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py + test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYSITEDIR)/selinux + install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT) + install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT) + install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py install-rubywrap: rubywrap - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) + install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/selinux.so relabel: - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) clean-pywrap: -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO) diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile index 843b0e7c..882a6787 100644 --- a/libselinux/utils/Makefile +++ b/libselinux/utils/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib SBINDIR ?= $(PREFIX)/sbin INCLUDEDIR ?= $(PREFIX)/include @@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o ../src/regex.o all: $(TARGETS) install: all - -mkdir -p $(SBINDIR) - install -m 755 $(TARGETS) $(SBINDIR) + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) clean: rm -f $(TARGETS) *.o *~ diff --git a/libsemanage/include/Makefile b/libsemanage/include/Makefile index b660660e..6e44a28a 100644 --- a/libsemanage/include/Makefile +++ b/libsemanage/include/Makefile @@ -1,12 +1,12 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCDIR ?= $(PREFIX)/include/semanage all: install: all - test -d $(INCDIR) || install -m 755 -d $(INCDIR) - install -m 644 $(wildcard semanage/*.h) $(INCDIR) + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) + install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR) indent: ../../scripts/Lindent $(wildcard semanage/*.h) diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile index f01385c5..8c0b4557 100644 --- a/libsemanage/src/Makefile +++ b/libsemanage/src/Makefile @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) PKG_CONFIG ?= pkg-config # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib -SHLIBDIR ?= $(DESTDIR)/lib +SHLIBDIR ?= /lib INCLUDEDIR ?= $(PREFIX)/include PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])') PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])') RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -lruby"') -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') LIBBASE=$(shell basename $(LIBDIR)) @@ -136,26 +136,26 @@ swigify: $(SWIGIF) $(SWIG) $< install: all - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) - install -m 644 $(LIBA) $(LIBDIR) - install -m 755 $(LIBSO) $(LIBDIR) - test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION) - cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET) + cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET) install-pywrap: pywrap - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR) - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT) - install -m 644 semanage.py $(PYSITEDIR) + test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d $(DESTDIR)$(PYSITEDIR) + install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT) + install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR) install-rubywrap: rubywrap - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) + install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/semanage.so relabel: - /sbin/restorecon $(LIBDIR)/$(LIBSO) + /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO) clean: -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-parse.h conf-scan.c *.o *.lo *~ diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile index 2ef8d30d..8103cf8f 100644 --- a/libsemanage/tests/Makefile +++ b/libsemanage/tests/Makefile @@ -1,4 +1,4 @@ -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib # Add your test source files here: diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile index 725f0eec..5b8fbb6b 100644 --- a/libsemanage/utils/Makefile +++ b/libsemanage/utils/Makefile @@ -1,13 +1,13 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBEXECDIR ?= $(PREFIX)/libexec SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/ all: install: all - -mkdir -p $(SELINUXEXECDIR) - install -m 755 semanage_migrate_store $(SELINUXEXECDIR) + -mkdir -p $(DESTDIR)$(SELINUXEXECDIR) + install -m 755 semanage_migrate_store $(DESTDIR)$(SELINUXEXECDIR) clean: diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile index 56b7a114..49f817ce 100644 --- a/libsepol/include/Makefile +++ b/libsepol/include/Makefile @@ -1,17 +1,17 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCDIR ?= $(PREFIX)/include/sepol CILDIR ?= ../cil all: install: all - test -d $(INCDIR) || install -m 755 -d $(INCDIR) - test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil - install -m 644 $(wildcard sepol/*.h) $(INCDIR) - install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR) + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR) + install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil indent: ../../scripts/Lindent $(wildcard sepol/*.h) diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile index 819d261b..4c7e23fa 100644 --- a/libsepol/src/Makefile +++ b/libsepol/src/Makefile @@ -1,8 +1,8 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include LIBDIR ?= $(PREFIX)/lib -SHLIBDIR ?= $(DESTDIR)/lib +SHLIBDIR ?= $(PREFIX)/lib RANLIB ?= ranlib LIBBASE ?= $(shell basename $(LIBDIR)) CILDIR ?= ../cil @@ -80,16 +80,16 @@ endif $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< install: all - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) - install -m 644 $(LIBA) $(LIBDIR) - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) - install -m 755 $(LIBSO) $(SHLIBDIR) - test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) relabel: - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) clean: -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED) diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile index fba1d8a0..31932c11 100644 --- a/libsepol/utils/Makefile +++ b/libsepol/utils/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin CFLAGS ?= -Wall -Werror @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) all: $(TARGETS) install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) clean: -rm -f $(TARGETS) *.o diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile index 8e971192..dbd87f49 100644 --- a/mcstrans/man/Makefile +++ b/mcstrans/man/Makefile @@ -1,11 +1,11 @@ # Installation directories. -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 +MAN8DIR ?= /usr/share/man/man8 all: install: all - mkdir -p $(MAN8DIR) - install -m 644 man8/*.8 $(MAN8DIR) + mkdir -p $(DESTDIR)$(MAN8DIR) + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) clean: -rm -f *~ \#* diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile index 709e1e02..be54e349 100644 --- a/mcstrans/src/Makefile +++ b/mcstrans/src/Makefile @@ -1,9 +1,9 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib -SBINDIR ?= $(DESTDIR)/sbin -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd +SBINDIR ?= /sbin +INITDIR ?= /etc/rc.d/init.d +SYSTEMDDIR ?= /usr/lib/systemd PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC)) @@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 all: $(PROG) $(PROG): $(PROG_OBJS) - $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a + $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(DESTDIR)$(LIBDIR)/libsepol.a %.o: %.c $(CC) $(CFLAGS) -fPIE -c -o $@ $< install: all - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) - install -m 755 $(PROG) $(SBINDIR) - test -d $(INITDIR) || install -m 755 -d $(INITDIR) - install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT) - test -d $(SYSTEMDDIR)/system || install -m 755 -d $(SYSTEMDDIR)/system - install -m 644 mcstrans.service $(SYSTEMDDIR)/system/ + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR) + install -m 755 $(PROG) $(DESTDIR)$(SBINDIR) + test -d $(DESTDIR)$(INITDIR) || install -m 755 -d $(DESTDIR)$(INITDIR) + install -m 755 $(INITSCRIPT).init $(DESTDIR)$(INITDIR)/$(INITSCRIPT) + test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d $(DESTDIR)$(SYSTEMDDIR)/system + install -m 644 mcstrans.service $(DESTDIR)$(SYSTEMDDIR)/system/ clean: -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~ \#* diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile index 4d3cbfcb..1364cece 100644 --- a/mcstrans/utils/Makefile +++ b/mcstrans/utils/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib SBINDIR ?= $(PREFIX)/sbin LIBSEPOLA ?= $(LIBDIR)/libsepol.a @@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) all: $(TARGETS) -$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA) +$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(DESTDIR)$(LIBSEPOLA) install: all - -mkdir -p $(SBINDIR) - install -m 755 $(TARGETS) $(SBINDIR) + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) test: ./mlstrans-test-runner.py ../test/*.test diff --git a/policycoreutils/hll/pp/Makefile b/policycoreutils/hll/pp/Makefile index 3401dcc9..ed70c449 100644 --- a/policycoreutils/hll/pp/Makefile +++ b/policycoreutils/hll/pp/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include MANDIR = $(PREFIX)/share/man LIBDIR ?= $(PREFIX)/lib @@ -21,8 +21,8 @@ pp: $(PP_OBJS) $(CC) $(CFLAGS) -c -o $@ $^ install: all - -mkdir -p $(HLLDIR) - install -m 755 pp $(HLLDIR) + -mkdir -p $(DESTDIR)$(HLLDIR) + install -m 755 pp $(DESTDIR)$(HLLDIR) relabel: diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile index b85833c2..00f59aba 100644 --- a/policycoreutils/load_policy/Makefile +++ b/policycoreutils/load_policy/Makefile @@ -1,6 +1,6 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -SBINDIR ?= $(DESTDIR)/sbin +PREFIX ?= /usr +SBINDIR ?= /sbin MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale @@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) all: $(TARGETS) install: all - -mkdir -p $(SBINDIR) - install -m 755 $(TARGETS) $(SBINDIR) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 load_policy.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 + install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/ clean: -rm -f $(TARGETS) *.o @@ -25,4 +25,4 @@ indent: ../../scripts/Lindent $(wildcard *.[ch]) relabel: - /sbin/restorecon $(SBINDIR)/load_policy + /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy diff --git a/policycoreutils/man/Makefile b/policycoreutils/man/Makefile index 0d91cd46..ae3d27b6 100644 --- a/policycoreutils/man/Makefile +++ b/policycoreutils/man/Makefile @@ -1,12 +1,12 @@ # Installation directories. -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 +MAN5DIR ?= /usr/share/man/man5 all: clean: install: all - mkdir -p $(MAN5DIR) - install -m 644 man5/*.5 $(MAN5DIR) + mkdir -p $(DESTDIR)$(MAN5DIR) + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) relabel: diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile index 196af926..e687b6ab 100644 --- a/policycoreutils/newrole/Makefile +++ b/policycoreutils/newrole/Makefile @@ -1,8 +1,8 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man -ETCDIR ?= $(DESTDIR)/etc +ETCDIR ?= /etc LOCALEDIR = /usr/share/locale PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) @@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS) $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) install: all - test -d $(BINDIR) || install -m 755 -d $(BINDIR) - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 - install -m $(MODE) newrole $(BINDIR) - install -m 644 newrole.1 $(MANDIR)/man1/ + test -d $(DESTDIR)$(BINDIR) || install -m 755 -d $(DESTDIR)$(BINDIR) + test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1 + install -m $(MODE) newrole $(DESTDIR)$(BINDIR) + install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/ ifeq ($(PAMH), y) - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d + test -d $(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d ifeq ($(LSPP_PRIV),y) - install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole + install -m 644 newrole-lspp.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole else - install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole + install -m 644 newrole.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole endif endif @@ -82,4 +82,4 @@ indent: ../../scripts/Lindent $(wildcard *.[ch]) relabel: install - /sbin/restorecon $(BINDIR)/newrole + /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile index 921f0b07..8d8eb704 100644 --- a/policycoreutils/run_init/Makefile +++ b/policycoreutils/run_init/Makefile @@ -1,9 +1,9 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man -ETCDIR ?= $(DESTDIR)/etc +ETCDIR ?= /etc LOCALEDIR ?= /usr/share/locale PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) @@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c install: all - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 755 run_init $(SBINDIR) - install -m 755 open_init_pty $(SBINDIR) - install -m 644 run_init.8 $(MANDIR)/man8/ - install -m 644 open_init_pty.8 $(MANDIR)/man8/ + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR) + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 + install -m 755 run_init $(DESTDIR)$(SBINDIR) + install -m 755 open_init_pty $(DESTDIR)$(SBINDIR) + install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/ + install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/ ifeq ($(PAMH), y) - install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init + install -m 644 run_init.pamd $(DESTDIR)$(ETCDIR)/pam.d/run_init endif clean: @@ -49,4 +49,4 @@ indent: ../../scripts/Lindent $(wildcard *.[ch]) relabel: install - /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty + /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init $(DESTDIR)$(SBINDIR)/open_init_pty diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile index d9e86ffe..a988144b 100644 --- a/policycoreutils/scripts/Makefile +++ b/policycoreutils/scripts/Makefile @@ -1,6 +1,6 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -SBINDIR ?= $(DESTDIR)/sbin +PREFIX ?= /usr +SBINDIR ?= /sbin MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= $(PREFIX)/share/locale @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale all: fixfiles install: all - -mkdir -p $(SBINDIR) - install -m 755 fixfiles $(SBINDIR) - -mkdir -p $(MANDIR)/man8 - install -m 644 fixfiles.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 fixfiles $(DESTDIR)$(SBINDIR) + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/ clean: diff --git a/policycoreutils/secon/Makefile b/policycoreutils/secon/Makefile index 8e491d74..c03f0d7d 100644 --- a/policycoreutils/secon/Makefile +++ b/policycoreutils/secon/Makefile @@ -1,5 +1,5 @@ # secon tool - command-line context -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man @@ -18,13 +18,13 @@ secon: secon.o install-nogui: install install: all - install -m 755 secon $(BINDIR); + install -m 755 secon $(DESTDIR)$(BINDIR); - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 - install -m 644 secon.1 $(MANDIR)/man1 + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1 + install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1 relabel: - /sbin/restorecon $(BINDIR)/secon + /sbin/restorecon $(DESTDIR)$(BINDIR)/secon clean: rm -f *.o core* secon *~ *.bak diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile index fffb43ac..7c257bf5 100644 --- a/policycoreutils/semodule/Makefile +++ b/policycoreutils/semodule/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include SBINDIR ?= $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man @@ -17,12 +17,12 @@ genhomedircon: ln -sf semodule genhomedircon install: all - -mkdir -p $(SBINDIR) - install -m 755 semodule $(SBINDIR) - (cd $(SBINDIR); ln -sf semodule genhomedircon) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 semodule.8 $(MANDIR)/man8/ - install -m 644 genhomedircon.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 semodule $(DESTDIR)$(SBINDIR) + (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon) + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 + install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/ + install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/ relabel: diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile index 41ca6832..130b764b 100644 --- a/policycoreutils/sestatus/Makefile +++ b/policycoreutils/sestatus/Makefile @@ -1,8 +1,8 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man -ETCDIR ?= $(DESTDIR)/etc +ETCDIR ?= /etc LIBDIR ?= $(PREFIX)/lib CFLAGS ?= -Werror -Wall -W @@ -14,14 +14,14 @@ all: sestatus sestatus: sestatus.o install: all - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 - [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5 - -mkdir -p $(SBINDIR) - install -m 755 sestatus $(SBINDIR) - install -m 644 sestatus.8 $(MANDIR)/man8 - install -m 644 sestatus.conf.5 $(MANDIR)/man5 - -mkdir -p $(ETCDIR) - install -m 644 sestatus.conf $(ETCDIR) + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5 + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 sestatus $(DESTDIR)$(SBINDIR) + install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8 + install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5 + -mkdir -p $(DESTDIR)$(ETCDIR) + install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR) clean: rm -f sestatus *.o diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile index c08e2dd1..4e56698f 100644 --- a/policycoreutils/setfiles/Makefile +++ b/policycoreutils/setfiles/Makefile @@ -1,6 +1,6 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -SBINDIR ?= $(DESTDIR)/sbin +PREFIX ?= /usr +SBINDIR ?= /sbin MANDIR = $(PREFIX)/share/man LIBDIR ?= $(PREFIX)/lib AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) @@ -29,14 +29,14 @@ man: @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man install: all - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 - -mkdir -p $(SBINDIR) - install -m 755 setfiles $(SBINDIR) - (cd $(SBINDIR) && ln -sf setfiles restorecon) - install -m 755 restorecon_xattr $(SBINDIR) - install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8 - install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8 - install -m 644 restorecon_xattr.8 $(MANDIR)/man8/restorecon_xattr.8 + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 setfiles $(DESTDIR)$(SBINDIR) + (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon) + install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR) + install -m 644 setfiles.8.man $(DESTDIR)$(MANDIR)/man8/setfiles.8 + install -m 644 restorecon.8 $(DESTDIR)$(MANDIR)/man8/restorecon.8 + install -m 644 restorecon_xattr.8 $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8 clean: rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man @@ -45,4 +45,4 @@ indent: ../../scripts/Lindent $(wildcard *.[ch]) relabel: install - $(SBINDIR)/restorecon $(SBINDIR)/setfiles $(SBINDIR)/restorecon_xattr + $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles $(DESTDIR)$(SBINDIR)/restorecon_xattr diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile index bc254dab..f3379be9 100644 --- a/policycoreutils/setsebool/Makefile +++ b/policycoreutils/setsebool/Makefile @@ -1,10 +1,10 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include SBINDIR ?= $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man LIBDIR ?= $(PREFIX)/lib -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions CFLAGS ?= -Werror -Wall -W override LDLIBS += -lsepol -lselinux -lsemanage @@ -17,12 +17,12 @@ all: setsebool setsebool: $(SETSEBOOL_OBJS) install: all - -mkdir -p $(SBINDIR) - install -m 755 setsebool $(SBINDIR) - -mkdir -p $(MANDIR)/man8 - install -m 644 setsebool.8 $(MANDIR)/man8/ - -mkdir -p $(BASHCOMPLETIONDIR) - install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/setsebool + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 setsebool $(DESTDIR)$(SBINDIR) + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) + install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool relabel: diff --git a/python/audit2allow/Makefile b/python/audit2allow/Makefile index 8db8075f..02526fa7 100644 --- a/python/audit2allow/Makefile +++ b/python/audit2allow/Makefile @@ -1,7 +1,7 @@ PYTHON ?= python # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin LIBDIR ?= $(PREFIX)/lib MANDIR ?= $(PREFIX)/share/man @@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W all: audit2why sepolgen-ifgen-attr-helper -sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(LIBSEPOLA) +sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(DESTDIR)$(LIBSEPOLA) audit2why: ln -sf audit2allow audit2why @@ -22,14 +22,14 @@ test: all @$(PYTHON) test_audit2allow.py -v install: all - -mkdir -p $(BINDIR) - install -m 755 audit2allow $(BINDIR) - (cd $(BINDIR); ln -sf audit2allow audit2why) - install -m 755 sepolgen-ifgen-attr-helper $(BINDIR) - install -m 755 sepolgen-ifgen $(BINDIR) - -mkdir -p $(MANDIR)/man1 - install -m 644 audit2allow.1 $(MANDIR)/man1/ - install -m 644 audit2why.1 $(MANDIR)/man1/ + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 audit2allow $(DESTDIR)$(BINDIR) + (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why) + install -m 755 sepolgen-ifgen-attr-helper $(DESTDIR)$(BINDIR) + install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR) + -mkdir -p $(DESTDIR)$(MANDIR)/man1 + install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/ + install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/ clean: rm -f *~ *.o sepolgen-ifgen-attr-helper diff --git a/python/chcat/Makefile b/python/chcat/Makefile index 0fd12d6d..890033e2 100644 --- a/python/chcat/Makefile +++ b/python/chcat/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= $(PREFIX)/share/locale @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale all: chcat install: all - -mkdir -p $(BINDIR) - install -m 755 chcat $(BINDIR) - -mkdir -p $(MANDIR)/man8 - install -m 644 chcat.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 chcat $(DESTDIR)$(BINDIR) + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/ clean: diff --git a/python/semanage/Makefile b/python/semanage/Makefile index 60c36a3a..bd02e9e9 100644 --- a/python/semanage/Makefile +++ b/python/semanage/Makefile @@ -1,29 +1,29 @@ PYTHON ?= python # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib SBINDIR ?= $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])') PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions TARGETS=semanage -BASHCOMPLETIONS=semanage-bash-completion.sh +BASHCOMPLETIONS=semanage-bash-completion.sh all: $(TARGETS) install: all - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 - -mkdir -p $(SBINDIR) - install -m 755 semanage $(SBINDIR) - install -m 644 *.8 $(MANDIR)/man8 - test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages - install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages - -mkdir -p $(BASHCOMPLETIONDIR) - install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 semanage $(DESTDIR)$(SBINDIR) + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 + test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages + install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site-packages + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) + install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage test: @$(PYTHON) test-semanage.py -a diff --git a/python/sepolgen/src/sepolgen/Makefile b/python/sepolgen/src/sepolgen/Makefile index d3aa7715..12ef0827 100644 --- a/python/sepolgen/src/sepolgen/Makefile +++ b/python/sepolgen/src/sepolgen/Makefile @@ -1,12 +1,12 @@ PYTHON ?= python PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))") -PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen +PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen all: install: all - -mkdir -p $(PACKAGEDIR) - install -m 644 *.py $(PACKAGEDIR) + -mkdir -p $(DESTDIR)$(PACKAGEDIR) + install -m 644 *.py $(DESTDIR)$(PACKAGEDIR) clean: rm -f parser.out parsetab.py diff --git a/python/sepolgen/src/share/Makefile b/python/sepolgen/src/share/Makefile index abf5e451..1a7133cb 100644 --- a/python/sepolgen/src/share/Makefile +++ b/python/sepolgen/src/share/Makefile @@ -1,10 +1,10 @@ -SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen +SHAREDIR ?= /var/lib/sepolgen all: install: all - -mkdir -p $(SHAREDIR) - install -m 644 perm_map $(SHAREDIR) + -mkdir -p $(DESTDIR)$(SHAREDIR) + install -m 644 perm_map $(DESTDIR)$(SHAREDIR) clean: - rm -f *~ \ No newline at end of file + rm -f *~ diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile index 5a56e6c8..c75dce73 100644 --- a/python/sepolicy/Makefile +++ b/python/sepolicy/Makefile @@ -1,13 +1,13 @@ PYTHON ?= python # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr LIBDIR ?= $(PREFIX)/lib BINDIR ?= $(PREFIX)/bin DATADIR ?= $(PREFIX)/share MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions SHAREDIR ?= $(PREFIX)/share/sandbox CFLAGS ?= -Wall -Werror -Wextra -W override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared @@ -31,12 +31,12 @@ test: install: $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` - [ -d $(BINDIR) ] || mkdir -p $(BINDIR) - install -m 755 sepolicy.py $(BINDIR)/sepolicy - (cd $(BINDIR); ln -sf sepolicy sepolgen) - -mkdir -p $(MANDIR)/man8 - install -m 644 *.8 $(MANDIR)/man8 - -mkdir -p $(BASHCOMPLETIONDIR) - install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/sepolicy + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy + (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) + install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy relabel: diff --git a/restorecond/Makefile b/restorecond/Makefile index ada94aeb..a9a57b48 100644 --- a/restorecond/Makefile +++ b/restorecond/Makefile @@ -1,17 +1,17 @@ PKG_CONFIG ?= pkg-config # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr SBINDIR ?= $(PREFIX)/sbin LIBDIR ?= $(PREFIX)/lib MANDIR = $(PREFIX)/share/man -AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart -DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd +AUTOSTARTDIR = /etc/xdg/autostart +DBUSSERVICEDIR = /usr/share/dbus-1/services +SYSTEMDDIR ?= /usr/lib/systemd autostart_DATA = sealertauto.desktop -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d -SELINUXDIR = $(DESTDIR)/etc/selinux +INITDIR ?= /etc/rc.d/init.d +SELINUXDIR = /etc/selinux DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1) DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1) @@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) install: all - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 - -mkdir -p $(SBINDIR) - install -m 755 restorecond $(SBINDIR) - install -m 644 restorecond.8 $(MANDIR)/man8 - -mkdir -p $(INITDIR) - install -m 755 restorecond.init $(INITDIR)/restorecond - -mkdir -p $(SELINUXDIR) - install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf - install -m 644 restorecond_user.conf $(SELINUXDIR)/restorecond_user.conf - -mkdir -p $(AUTOSTARTDIR) - install -m 644 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop - -mkdir -p $(DBUSSERVICEDIR) - install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service - -mkdir -p $(SYSTEMDDIR)/system - install -m 644 restorecond.service $(SYSTEMDDIR)/system/ + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 755 restorecond $(DESTDIR)$(SBINDIR) + install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(INITDIR) + install -m 755 restorecond.init $(DESTDIR)$(INITDIR)/restorecond + -mkdir -p $(DESTDIR)$(SELINUXDIR) + install -m 644 restorecond.conf $(DESTDIR)$(SELINUXDIR)/restorecond.conf + install -m 644 restorecond_user.conf $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf + -mkdir -p $(DESTDIR)$(AUTOSTARTDIR) + install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop + -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR) + install -m 600 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service + -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system + install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/ relabel: install - /sbin/restorecon $(SBINDIR)/restorecond + /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond clean: -rm -f restorecond *.o *~ diff --git a/sandbox/Makefile b/sandbox/Makefile index 05c3d658..9c78041c 100644 --- a/sandbox/Makefile +++ b/sandbox/Makefile @@ -1,8 +1,8 @@ PYTHON ?= python # Installation directories. -PREFIX ?= $(DESTDIR)/usr -SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig +PREFIX ?= /usr +SYSCONFDIR ?= /etc/sysconfig LIBDIR ?= $(PREFIX)/lib BINDIR ?= $(PREFIX)/bin SBINDIR ?= $(PREFIX)/sbin @@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start seunshare: $(SEUNSHARE_OBJS) install: all - -mkdir -p $(BINDIR) - install -m 755 sandbox $(BINDIR) - -mkdir -p $(MANDIR)/man8 - install -m 644 sandbox.8 $(MANDIR)/man8/ - install -m 644 seunshare.8 $(MANDIR)/man8/ - -mkdir -p $(MANDIR)/man5 - install -m 644 sandbox.5 $(MANDIR)/man5/ - -mkdir -p $(SBINDIR) - install -m 4755 seunshare $(SBINDIR)/ - -mkdir -p $(SHAREDIR) - install -m 755 sandboxX.sh $(SHAREDIR) - install -m 755 start $(SHAREDIR) - -mkdir -p $(SYSCONFDIR) - install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 sandbox $(DESTDIR)$(BINDIR) + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/ + install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(MANDIR)/man5 + install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/ + -mkdir -p $(DESTDIR)$(SBINDIR) + install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/ + -mkdir -p $(DESTDIR)$(SHAREDIR) + install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR) + install -m 755 start $(DESTDIR)$(SHAREDIR) + -mkdir -p $(DESTDIR)$(SYSCONFDIR) + install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox test: @$(PYTHON) test_sandbox.py -v diff --git a/secilc/Makefile b/secilc/Makefile index 1cac53e4..597b4a27 100644 --- a/secilc/Makefile +++ b/secilc/Makefile @@ -1,4 +1,4 @@ -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man LIBDIR ?= $(PREFIX)/lib @@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml $(XMLTO) man $(SECIL2CONF_MANPAGE).xml install: all man - -mkdir -p $(BINDIR) - -mkdir -p $(MANDIR)/man8 - install -m 755 $(SECILC) $(BINDIR) - install -m 755 $(SECIL2CONF) $(BINDIR) - install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8 - install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8 + -mkdir -p $(DESTDIR)$(BINDIR) + -mkdir -p $(DESTDIR)$(MANDIR)/man8 + install -m 755 $(SECILC) $(DESTDIR)$(BINDIR) + install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR) + install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8 + install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8 doc: $(MAKE) -C docs diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-utils/semodule_deps/Makefile index 328a5030..7b106781 100644 --- a/semodule-utils/semodule_deps/Makefile +++ b/semodule-utils/semodule_deps/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include BINDIR ?= $(PREFIX)/bin LIBDIR ?= $(PREFIX)/lib @@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W all: semodule_deps -semodule_deps: semodule_deps.o $(LIBSEPOLA) +semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA) install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_deps $(BINDIR) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 semodule_deps.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 semodule_deps $(DESTDIR)$(BINDIR) + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 + install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/ relabel: diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-utils/semodule_expand/Makefile index 072f2137..58d2d3cb 100644 --- a/semodule-utils/semodule_expand/Makefile +++ b/semodule-utils/semodule_expand/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include BINDIR ?= $(PREFIX)/bin LIBDIR ?= $(PREFIX)/lib @@ -13,10 +13,10 @@ all: semodule_expand semodule_expand: semodule_expand.o install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_expand $(BINDIR) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 semodule_expand.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 semodule_expand $(DESTDIR)$(BINDIR) + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 + install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/ relabel: diff --git a/semodule-utils/semodule_link/Makefile b/semodule-utils/semodule_link/Makefile index cc4687bd..178bea30 100644 --- a/semodule-utils/semodule_link/Makefile +++ b/semodule-utils/semodule_link/Makefile @@ -1,6 +1,6 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr -INCLUDEDIR ?= $(PREFIX)/include +PREFIX ?= /usr +INCLUDEDIR ?= /include BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man LIBDIR ?= $(PREFIX)/lib @@ -13,10 +13,10 @@ all: semodule_link semodule_link: semodule_link.o install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_link $(BINDIR) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 semodule_link.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 semodule_link $(DESTDIR)$(BINDIR) + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(PREFIX)$(MANDIR)/man8 + install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/ relabel: diff --git a/semodule-utils/semodule_package/Makefile b/semodule-utils/semodule_package/Makefile index 96dd7c4f..37bd0d4b 100644 --- a/semodule-utils/semodule_package/Makefile +++ b/semodule-utils/semodule_package/Makefile @@ -1,5 +1,5 @@ # Installation directories. -PREFIX ?= $(DESTDIR)/usr +PREFIX ?= /usr INCLUDEDIR ?= $(PREFIX)/include BINDIR ?= $(PREFIX)/bin LIBDIR ?= $(PREFIX)/lib @@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage semodule_package: semodule_package.o install: all - -mkdir -p $(BINDIR) - install -m 755 semodule_package $(BINDIR) - install -m 755 semodule_unpackage $(BINDIR) - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 semodule_package.8 $(MANDIR)/man8/ - install -m 644 semodule_unpackage.8 $(MANDIR)/man8/ + -mkdir -p $(DESTDIR)$(BINDIR) + install -m 755 semodule_package $(DESTDIR)$(BINDIR) + install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR) + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 + install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/ + install -m 644 semodule_unpackage.8 $(DESTDIR)$(MANDIR)/man8/ relabel: -- 2.13.0 ^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH] Use DESTDIR only in install targets 2017-06-21 18:04 ` [PATCH] Use DESTDIR only in install targets Petr Lautrbach @ 2017-06-21 19:51 ` Stephen Smalley 2017-06-22 16:25 ` Petr Lautrbach 0 siblings, 1 reply; 24+ messages in thread From: Stephen Smalley @ 2017-06-21 19:51 UTC (permalink / raw) To: Petr Lautrbach, selinux On Wed, 2017-06-21 at 20:04 +0200, Petr Lautrbach wrote: > https://www.gnu.org/prep/standards/html_node/DESTDIR.html > DESTDIR should be supported only in the install* and uninstall* > targets, as those are the only targets where it is useful. If you run make with DESTDIR= set before and after this change, and compare both the output of make and the resulting directories, you'll see there are some unexpected differences (I noted the ones I saw below, but there may be more). Also, as I note below, this does not fully remove all usage of DESTDIR outside of install targets (I think it is reasonable to use it in relabel targets too, but we're still using it elsewhere). Lastly, there was trailing whitespace. > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> > --- > checkpolicy/Makefile | 20 +++++++-------- > checkpolicy/test/Makefile | 6 ++--- > gui/Makefile | 44 ++++++++++++++++---- > ------------ > libselinux/include/Makefile | 6 ++--- > libselinux/src/Makefile | 38 +++++++++++++--------- > ----- > libselinux/utils/Makefile | 6 ++--- > libsemanage/include/Makefile | 6 ++--- > libsemanage/src/Makefile | 32 +++++++++++----------- > - > libsemanage/tests/Makefile | 2 +- > libsemanage/utils/Makefile | 6 ++--- > libsepol/include/Makefile | 14 +++++----- > libsepol/src/Makefile | 20 +++++++-------- > libsepol/utils/Makefile | 6 ++--- > mcstrans/man/Makefile | 6 ++--- > mcstrans/src/Makefile | 22 ++++++++-------- > mcstrans/utils/Makefile | 8 +++--- > policycoreutils/hll/pp/Makefile | 6 ++--- > policycoreutils/load_policy/Makefile | 14 +++++----- > policycoreutils/man/Makefile | 6 ++--- > policycoreutils/newrole/Makefile | 22 ++++++++-------- > policycoreutils/run_init/Makefile | 20 +++++++-------- > policycoreutils/scripts/Makefile | 12 ++++----- > policycoreutils/secon/Makefile | 10 ++++---- > policycoreutils/semodule/Makefile | 14 +++++----- > policycoreutils/sestatus/Makefile | 20 +++++++-------- > policycoreutils/setfiles/Makefile | 22 ++++++++-------- > policycoreutils/setsebool/Makefile | 16 ++++++------ > python/audit2allow/Makefile | 20 +++++++-------- > python/chcat/Makefile | 10 ++++---- > python/semanage/Makefile | 22 ++++++++-------- > python/sepolgen/src/sepolgen/Makefile | 6 ++--- > python/sepolgen/src/share/Makefile | 8 +++--- > python/sepolicy/Makefile | 18 ++++++------- > restorecond/Makefile | 44 ++++++++++++++++---- > ------------ > sandbox/Makefile | 32 +++++++++++----------- > - > secilc/Makefile | 14 +++++----- > semodule-utils/semodule_deps/Makefile | 12 ++++----- > semodule-utils/semodule_expand/Makefile | 10 ++++---- > semodule-utils/semodule_link/Makefile | 12 ++++----- > semodule-utils/semodule_package/Makefile | 14 +++++----- > 40 files changed, 313 insertions(+), 313 deletions(-) > > diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile > index 68e11f2a..e4f4fa19 100644 > --- a/checkpolicy/Makefile > +++ b/checkpolicy/Makefile > @@ -1,7 +1,7 @@ > # > # Makefile for building the checkpolicy program > # > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > MANDIR ?= $(PREFIX)/share/man > LIBDIR ?= $(PREFIX)/lib > @@ -26,9 +26,9 @@ GENERATED=lex.yy.c y.tab.c y.tab.h > all: $(TARGETS) > $(MAKE) -C test > > -checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA) > +checkpolicy: $(CHECKPOLOBJS) $(DESTDIR)$(LIBSEPOLA) Hmm...seems like we're still using DESTDIR for more than just install. So either the patch or the patch description isn't quite right. The original usage of make DESTDIR in selinux was to support building and installing to a private directory, so we wanted it to affect more than just install. If we truly make this transition to conform to the GNU standards, then we still need a clean way of building and installing to a private directory for local testing. The top-level Makefile has a workaround currently of automatically defining CFLAGS and LDFLAGS when DESTDIR is defined, but that has a side effect: it suppresses any non-override CFLAGS and LDFLAGS definitions in the Makefiles, so then we no longer get all of the warning options enabled in such local builds like we used to do. All of this leaves me wondering about whether we ought to just revert the earlier changes and preserve our usage of DESTDIR, even if it doesn't correspond to GNU. > > -checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) > +checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA) > > %.o: %.c > $(CC) $(CFLAGS) -o $@ -c $< > @@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c > $(LEX) policy_scan.l > > install: all > - -mkdir -p $(BINDIR) > - -mkdir -p $(MANDIR)/man8 > - install -m 755 $(TARGETS) $(BINDIR) > - install -m 644 checkpolicy.8 $(MANDIR)/man8 > - install -m 644 checkmodule.8 $(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(BINDIR) > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) > + install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 > + install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 > > relabel: install > - /sbin/restorecon $(BINDIR)/checkpolicy > - /sbin/restorecon $(BINDIR)/checkmodule > + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy > + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule > > clean: > -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c > y.tab.h lex.yy.c > diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile > index 59fa4460..c9a8d4c5 100644 > --- a/checkpolicy/test/Makefile > +++ b/checkpolicy/test/Makefile > @@ -1,7 +1,7 @@ > # > # Makefile for building the dispol program > # > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > LIBDIR ?= $(PREFIX)/lib > INCLUDEDIR ?= $(PREFIX)/include > @@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe > > all: dispol dismod > > -dispol: dispol.o $(LIBSEPOLA) > +dispol: dispol.o $(DESTDIR)$(LIBSEPOLA) > > -dismod: dismod.o $(LIBSEPOLA) > +dismod: dismod.o $(DESTDIR)$(LIBSEPOLA) Ditto > > clean: > -rm -f dispol dismod *.o > diff --git a/gui/Makefile b/gui/Makefile > index 4fc2c1a1..52c3cab2 100644 > --- a/gui/Makefile > +++ b/gui/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= ${DESTDIR}/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > SHAREDIR ?= $(PREFIX)/share/system-config-selinux > DATADIR ?= $(PREFIX)/share > @@ -24,29 +24,29 @@ usersPage.py > all: $(TARGETS) system-config-selinux.py polgengui.py > > install: all > - -mkdir -p $(MANDIR)/man8 > - -mkdir -p $(SHAREDIR) > - -mkdir -p $(BINDIR) > - -mkdir -p $(DATADIR)/pixmaps > - -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps > - -mkdir -p $(DATADIR)/polkit-1/actions/ > - install -m 755 system-config-selinux.py $(SHAREDIR) > - install -m 755 system-config-selinux $(BINDIR) > - install -m 755 polgengui.py $(SHAREDIR) > - install -m 644 $(TARGETS) $(SHAREDIR) > - install -m 644 system-config-selinux.8 $(MANDIR)/man8 > - install -m 644 selinux-polgengui.8 $(MANDIR)/man8 > - install -m 644 system-config-selinux.png $(DATADIR)/pixmaps > - install -m 644 system-config-selinux.png > $(DATADIR)/icons/hicolor/24x24/apps > - install -m 644 system-config-selinux.png $(DATADIR)/system- > config-selinux > - install -m 644 *.desktop $(DATADIR)/system-config-selinux This one seems to have been dropped accidentally rather than augmented with $(DESTDIR). > - -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps > - install -m 644 sepolicy_256.png > $(DATADIR)/pixmaps/sepolicy.png > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(SHAREDIR) > + -mkdir -p $(DESTDIR)$(BINDIR) > + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps > + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps > + -mkdir -p $(DESTDIR)$(SYSCONFDIR) > + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ > + install -m 755 system-config-selinux.py > $(DESTDIR)$(SHAREDIR) > + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) > + install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) > + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) > + install -m 644 system-config-selinux.8 > $(DESTDIR)$(MANDIR)/man8 > + install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8 > + install -m 644 system-config-selinux.png > $(DESTDIR)$(DATADIR)/pixmaps > + install -m 644 system-config-selinux.png > $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps > + install -m 644 system-config-selinux.png > $(DESTDIR)$(DATADIR)/system-config-selinux > + -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps > + install -m 644 sepolicy_256.png > $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png > for i in 16 22 32 48 256; do \ > - mkdir -p $(DESTDIR) > $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ > - install -m 644 sepolicy_$${i}.png > $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ > + mkdir -p > $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ > + install -m 644 sepolicy_$${i}.png > $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ > done > - install -m 644 org.selinux.config.policy $(DATADIR)/polkit- > 1/actions/ > + install -m 644 org.selinux.config.policy > $(DESTDIR)$(DATADIR)/polkit-1/actions/ > clean: > > indent: > diff --git a/libselinux/include/Makefile > b/libselinux/include/Makefile > index 757a6c9c..c1d3fa15 100644 > --- a/libselinux/include/Makefile > +++ b/libselinux/include/Makefile > @@ -1,12 +1,12 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCDIR ?= $(PREFIX)/include/selinux > > all: > > install: all > - test -d $(INCDIR) || install -m 755 -d $(INCDIR) > - install -m 644 $(wildcard selinux/*.h) $(INCDIR) > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d > $(DESTDIR)$(INCDIR) > + install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR) > > relabel: > > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile > index 4306dd0e..6d65b682 100644 > --- a/libselinux/src/Makefile > +++ b/libselinux/src/Makefile > @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) > PKG_CONFIG ?= pkg-config > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > -SHLIBDIR ?= $(DESTDIR)/lib > +SHLIBDIR ?= /lib > INCLUDEDIR ?= $(PREFIX)/include > PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) > PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) > -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; > print(site.getsitepackages()[0])') > +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; > print(site.getsitepackages()[0])') > PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in > imp.get_suffixes() if t == imp.C_EXTENSION][0])') > RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + > RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + > RbConfig::CONFIG["rubyhdrdir"]') > RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + > RbConfig::CONFIG["libdir"] + " -lruby"') > -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts > RbConfig::CONFIG["vendorarchdir"]') > +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts > RbConfig::CONFIG["vendorarchdir"]') > LIBBASE ?= $(shell basename $(LIBDIR)) > LIBSEPOLA ?= $(LIBDIR)/libsepol.a > > @@ -156,7 +156,7 @@ selinuxswig_python_exception.i: > ../include/selinux/selinux.h > $(AUDIT2WHYLOBJ): audit2why.c > $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC > -DSHARED -c -o $@ $< > > -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) > +$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA) > $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux > $(PYLIBS) Here again with using DESTDIR outside of install. > > %.o: %.c policy.h > @@ -177,26 +177,26 @@ swigify: $(SWIGIF) > $(SWIG) $< > > install: all > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) > - install -m 644 $(LIBA) $(LIBDIR) > - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) > - install -m 755 $(LIBSO) $(SHLIBDIR) > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d > $(LIBDIR)/pkgconfig > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig > - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d > $(DESTDIR)$(LIBDIR) > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) > + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d > $(DESTDIR)$(SHLIBDIR) > + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d > $(DESTDIR)$(LIBDIR)/pkgconfig > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig > + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > $(DESTDIR)$(LIBDIR)/$(TARGET) > > install-pywrap: pywrap > - test -d $(PYSITEDIR)/selinux || install -m 755 -d > $(PYSITEDIR)/selinux > - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT) > - install -m 755 $(AUDIT2WHYSO) > $(PYSITEDIR)/selinux/audit2why$(PYCEXT) > - install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py > + test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d > $(DESTDIR)$(PYSITEDIR)/selinux > + install -m 755 $(SWIGSO) > $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT) > + install -m 755 $(AUDIT2WHYSO) > $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT) > + install -m 644 $(SWIGPYOUT) > $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py > > install-rubywrap: rubywrap > - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) > - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so > + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d > $(DESTDIR)$(RUBYINSTALL) > + install -m 755 $(SWIGRUBYSO) > $(DESTDIR)$(RUBYINSTALL)/selinux.so > > relabel: > - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) > + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > > clean-pywrap: > -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO) > diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile > index 843b0e7c..882a6787 100644 > --- a/libselinux/utils/Makefile > +++ b/libselinux/utils/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > SBINDIR ?= $(PREFIX)/sbin > INCLUDEDIR ?= $(PREFIX)/include > @@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o > ../src/regex.o > all: $(TARGETS) > > install: all > - -mkdir -p $(SBINDIR) > - install -m 755 $(TARGETS) $(SBINDIR) > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) > > clean: > rm -f $(TARGETS) *.o *~ > diff --git a/libsemanage/include/Makefile > b/libsemanage/include/Makefile > index b660660e..6e44a28a 100644 > --- a/libsemanage/include/Makefile > +++ b/libsemanage/include/Makefile > @@ -1,12 +1,12 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCDIR ?= $(PREFIX)/include/semanage > > all: > > install: all > - test -d $(INCDIR) || install -m 755 -d $(INCDIR) > - install -m 644 $(wildcard semanage/*.h) $(INCDIR) > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d > $(DESTDIR)$(INCDIR) > + install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR) > > indent: > ../../scripts/Lindent $(wildcard semanage/*.h) > diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile > index f01385c5..8c0b4557 100644 > --- a/libsemanage/src/Makefile > +++ b/libsemanage/src/Makefile > @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) > PKG_CONFIG ?= pkg-config > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > -SHLIBDIR ?= $(DESTDIR)/lib > +SHLIBDIR ?= /lib > INCLUDEDIR ?= $(PREFIX)/include > PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) > PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) > -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; > print(site.getsitepackages()[0])') > +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; > print(site.getsitepackages()[0])') > PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in > imp.get_suffixes() if t == imp.C_EXTENSION][0])') > RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + > RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + > RbConfig::CONFIG["rubyhdrdir"]') > RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + > RbConfig::CONFIG["libdir"] + " -lruby"') > -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts > RbConfig::CONFIG["vendorarchdir"]') > +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts > RbConfig::CONFIG["vendorarchdir"]') > > LIBBASE=$(shell basename $(LIBDIR)) > > @@ -136,26 +136,26 @@ swigify: $(SWIGIF) > $(SWIG) $< > > install: all > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) > - install -m 644 $(LIBA) $(LIBDIR) > - install -m 755 $(LIBSO) $(LIBDIR) > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d > $(LIBDIR)/pkgconfig > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d > $(DESTDIR)$(LIBDIR) > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) > + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d > $(DESTDIR)$(LIBDIR)/pkgconfig > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig > test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 > -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION) > - cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET) > + cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET) > > install-pywrap: pywrap > - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR) > - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT) > - install -m 644 semanage.py $(PYSITEDIR) > + test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d > $(DESTDIR)$(PYSITEDIR) > + install -m 755 $(SWIGSO) > $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT) > + install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR) > > > install-rubywrap: rubywrap > - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) > - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so > + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d > $(DESTDIR)$(RUBYINSTALL) > + install -m 755 $(SWIGRUBYSO) > $(DESTDIR)$(RUBYINSTALL)/semanage.so > > relabel: > - /sbin/restorecon $(LIBDIR)/$(LIBSO) > + /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO) > > clean: > -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) > $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf- > parse.h conf-scan.c *.o *.lo *~ > diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile > index 2ef8d30d..8103cf8f 100644 > --- a/libsemanage/tests/Makefile > +++ b/libsemanage/tests/Makefile > @@ -1,4 +1,4 @@ > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > > # Add your test source files here: > diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile > index 725f0eec..5b8fbb6b 100644 > --- a/libsemanage/utils/Makefile > +++ b/libsemanage/utils/Makefile > @@ -1,13 +1,13 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBEXECDIR ?= $(PREFIX)/libexec > SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/ > > all: > > install: all > - -mkdir -p $(SELINUXEXECDIR) > - install -m 755 semanage_migrate_store $(SELINUXEXECDIR) > + -mkdir -p $(DESTDIR)$(SELINUXEXECDIR) > + install -m 755 semanage_migrate_store > $(DESTDIR)$(SELINUXEXECDIR) > > clean: > > diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile > index 56b7a114..49f817ce 100644 > --- a/libsepol/include/Makefile > +++ b/libsepol/include/Makefile > @@ -1,17 +1,17 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCDIR ?= $(PREFIX)/include/sepol > CILDIR ?= ../cil > > all: > > install: all > - test -d $(INCDIR) || install -m 755 -d $(INCDIR) > - test -d $(INCDIR)/policydb || install -m 755 -d > $(INCDIR)/policydb > - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil > - install -m 644 $(wildcard sepol/*.h) $(INCDIR) > - install -m 644 $(wildcard sepol/policydb/*.h) > $(INCDIR)/policydb > - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) > $(INCDIR)/cil > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d > $(DESTDIR)$(INCDIR) > + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d > $(DESTDIR)$(INCDIR)/policydb > + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d > $(DESTDIR)$(INCDIR)/cil > + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR) > + install -m 644 $(wildcard sepol/policydb/*.h) > $(DESTDIR)$(INCDIR)/policydb > + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) > $(DESTDIR)$(INCDIR)/cil > > indent: > ../../scripts/Lindent $(wildcard sepol/*.h) > diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile > index 819d261b..4c7e23fa 100644 > --- a/libsepol/src/Makefile > +++ b/libsepol/src/Makefile > @@ -1,8 +1,8 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > LIBDIR ?= $(PREFIX)/lib > -SHLIBDIR ?= $(DESTDIR)/lib > +SHLIBDIR ?= $(PREFIX)/lib This yields a change in the default install location for libsepol.so.1 (/lib -> /usr/lib). > RANLIB ?= ranlib > LIBBASE ?= $(shell basename $(LIBDIR)) > CILDIR ?= ../cil > @@ -80,16 +80,16 @@ endif > $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< > > install: all > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) > - install -m 644 $(LIBA) $(LIBDIR) > - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) > - install -m 755 $(LIBSO) $(SHLIBDIR) > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d > $(LIBDIR)/pkgconfig > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig > - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) > $(LIBDIR)/$(TARGET) > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d > $(DESTDIR)$(LIBDIR) > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) > + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d > $(DESTDIR)$(SHLIBDIR) > + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d > $(DESTDIR)$(LIBDIR)/pkgconfig > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig > + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > $(DESTDIR)$(LIBDIR)/$(TARGET) > > relabel: > - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) > + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > > clean: > -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) > $(TARGET) $(CIL_GENERATED) > diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile > index fba1d8a0..31932c11 100644 > --- a/libsepol/utils/Makefile > +++ b/libsepol/utils/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > > CFLAGS ?= -Wall -Werror > @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) > all: $(TARGETS) > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 $(TARGETS) $(BINDIR) > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) > > clean: > -rm -f $(TARGETS) *.o > diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile > index 8e971192..dbd87f49 100644 > --- a/mcstrans/man/Makefile > +++ b/mcstrans/man/Makefile > @@ -1,11 +1,11 @@ > # Installation directories. > -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 > +MAN8DIR ?= /usr/share/man/man8 > > all: > > install: all > - mkdir -p $(MAN8DIR) > - install -m 644 man8/*.8 $(MAN8DIR) > + mkdir -p $(DESTDIR)$(MAN8DIR) > + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) > > clean: > -rm -f *~ \#* > diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile > index 709e1e02..be54e349 100644 > --- a/mcstrans/src/Makefile > +++ b/mcstrans/src/Makefile > @@ -1,9 +1,9 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > -SBINDIR ?= $(DESTDIR)/sbin > -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d > -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd > +SBINDIR ?= /sbin > +INITDIR ?= /etc/rc.d/init.d > +SYSTEMDDIR ?= /usr/lib/systemd > > PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c > PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC)) > @@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE > -D_FILE_OFFSET_BITS=64 > all: $(PROG) > > $(PROG): $(PROG_OBJS) > - $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre > $(LIBDIR)/libsepol.a > + $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre > $(DESTDIR)$(LIBDIR)/libsepol.a > > %.o: %.c > $(CC) $(CFLAGS) -fPIE -c -o $@ $< > > install: all > - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) > - install -m 755 $(PROG) $(SBINDIR) > - test -d $(INITDIR) || install -m 755 -d $(INITDIR) > - install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT) > - test -d $(SYSTEMDDIR)/system || install -m 755 -d > $(SYSTEMDDIR)/system > - install -m 644 mcstrans.service $(SYSTEMDDIR)/system/ > + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d > $(DESTDIR)$(SBINDIR) > + install -m 755 $(PROG) $(DESTDIR)$(SBINDIR) > + test -d $(DESTDIR)$(INITDIR) || install -m 755 -d > $(DESTDIR)$(INITDIR) > + install -m 755 $(INITSCRIPT).init > $(DESTDIR)$(INITDIR)/$(INITSCRIPT) > + test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d > $(DESTDIR)$(SYSTEMDDIR)/system > + install -m 644 mcstrans.service > $(DESTDIR)$(SYSTEMDDIR)/system/ > > clean: > -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~ > \#* > diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile > index 4d3cbfcb..1364cece 100644 > --- a/mcstrans/utils/Makefile > +++ b/mcstrans/utils/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > SBINDIR ?= $(PREFIX)/sbin > LIBSEPOLA ?= $(LIBDIR)/libsepol.a > @@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) > > all: $(TARGETS) > > -$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA) > +$(TARGETS): ../src/mcstrans.o ../src/mls_level.o > $(DESTDIR)$(LIBSEPOLA) > > install: all > - -mkdir -p $(SBINDIR) > - install -m 755 $(TARGETS) $(SBINDIR) > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) > > test: > ./mlstrans-test-runner.py ../test/*.test > diff --git a/policycoreutils/hll/pp/Makefile > b/policycoreutils/hll/pp/Makefile > index 3401dcc9..ed70c449 100644 > --- a/policycoreutils/hll/pp/Makefile > +++ b/policycoreutils/hll/pp/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > MANDIR = $(PREFIX)/share/man > LIBDIR ?= $(PREFIX)/lib > @@ -21,8 +21,8 @@ pp: $(PP_OBJS) > $(CC) $(CFLAGS) -c -o $@ $^ > > install: all > - -mkdir -p $(HLLDIR) > - install -m 755 pp $(HLLDIR) > + -mkdir -p $(DESTDIR)$(HLLDIR) > + install -m 755 pp $(DESTDIR)$(HLLDIR) > > relabel: > > diff --git a/policycoreutils/load_policy/Makefile > b/policycoreutils/load_policy/Makefile > index b85833c2..00f59aba 100644 > --- a/policycoreutils/load_policy/Makefile > +++ b/policycoreutils/load_policy/Makefile > @@ -1,6 +1,6 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > -SBINDIR ?= $(DESTDIR)/sbin > +PREFIX ?= /usr > +SBINDIR ?= /sbin > MANDIR ?= $(PREFIX)/share/man > LOCALEDIR ?= /usr/share/locale > > @@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) > all: $(TARGETS) > > install: all > - -mkdir -p $(SBINDIR) > - install -m 755 $(TARGETS) $(SBINDIR) > - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 > - install -m 644 load_policy.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man8 > + install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/ > > clean: > -rm -f $(TARGETS) *.o > @@ -25,4 +25,4 @@ indent: > ../../scripts/Lindent $(wildcard *.[ch]) > > relabel: > - /sbin/restorecon $(SBINDIR)/load_policy > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy > diff --git a/policycoreutils/man/Makefile > b/policycoreutils/man/Makefile > index 0d91cd46..ae3d27b6 100644 > --- a/policycoreutils/man/Makefile > +++ b/policycoreutils/man/Makefile > @@ -1,12 +1,12 @@ > # Installation directories. > -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 > +MAN5DIR ?= /usr/share/man/man5 > > all: > > clean: > > install: all > - mkdir -p $(MAN5DIR) > - install -m 644 man5/*.5 $(MAN5DIR) > + mkdir -p $(DESTDIR)$(MAN5DIR) > + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) > > relabel: > diff --git a/policycoreutils/newrole/Makefile > b/policycoreutils/newrole/Makefile > index 196af926..e687b6ab 100644 > --- a/policycoreutils/newrole/Makefile > +++ b/policycoreutils/newrole/Makefile > @@ -1,8 +1,8 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > MANDIR ?= $(PREFIX)/share/man > -ETCDIR ?= $(DESTDIR)/etc > +ETCDIR ?= /etc > LOCALEDIR = /usr/share/locale > PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) > @@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS) > $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) > > install: all > - test -d $(BINDIR) || install -m 755 -d $(BINDIR) > - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d > - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 > - install -m $(MODE) newrole $(BINDIR) > - install -m 644 newrole.1 $(MANDIR)/man1/ > + test -d $(DESTDIR)$(BINDIR) || install -m 755 -d > $(DESTDIR)$(BINDIR) > + test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d > $(DESTDIR)$(ETCDIR)/pam.d > + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man1 > + install -m $(MODE) newrole $(DESTDIR)$(BINDIR) > + install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/ > ifeq ($(PAMH), y) > - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d > + test -d $(ETCDIR)/pam.d || install -m 755 -d > $(DESTDIR)$(ETCDIR)/pam.d Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too. > ifeq ($(LSPP_PRIV),y) > - install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole > + install -m 644 newrole-lspp.pamd > $(DESTDIR)$(ETCDIR)/pam.d/newrole > else > - install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole > + install -m 644 newrole.pamd > $(DESTDIR)$(ETCDIR)/pam.d/newrole > endif > endif > > @@ -82,4 +82,4 @@ indent: > ../../scripts/Lindent $(wildcard *.[ch]) > > relabel: install > - /sbin/restorecon $(BINDIR)/newrole > + /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole > diff --git a/policycoreutils/run_init/Makefile > b/policycoreutils/run_init/Makefile > index 921f0b07..8d8eb704 100644 > --- a/policycoreutils/run_init/Makefile > +++ b/policycoreutils/run_init/Makefile > @@ -1,9 +1,9 @@ > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > SBINDIR ?= $(PREFIX)/sbin > MANDIR ?= $(PREFIX)/share/man > -ETCDIR ?= $(DESTDIR)/etc > +ETCDIR ?= /etc > LOCALEDIR ?= /usr/share/locale > PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) > @@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c > > > install: all > - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) > - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 > - install -m 755 run_init $(SBINDIR) > - install -m 755 open_init_pty $(SBINDIR) > - install -m 644 run_init.8 $(MANDIR)/man8/ > - install -m 644 open_init_pty.8 $(MANDIR)/man8/ > + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d > $(DESTDIR)$(SBINDIR) > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man8 > + install -m 755 run_init $(DESTDIR)$(SBINDIR) > + install -m 755 open_init_pty $(DESTDIR)$(SBINDIR) > + install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/ > + install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/ > ifeq ($(PAMH), y) > - install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init > + install -m 644 run_init.pamd > $(DESTDIR)$(ETCDIR)/pam.d/run_init > endif > > clean: > @@ -49,4 +49,4 @@ indent: > ../../scripts/Lindent $(wildcard *.[ch]) > > relabel: install > - /sbin/restorecon $(SBINDIR)/run_init > $(SBINDIR)/open_init_pty > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init > $(DESTDIR)$(SBINDIR)/open_init_pty > diff --git a/policycoreutils/scripts/Makefile > b/policycoreutils/scripts/Makefile > index d9e86ffe..a988144b 100644 > --- a/policycoreutils/scripts/Makefile > +++ b/policycoreutils/scripts/Makefile > @@ -1,6 +1,6 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > -SBINDIR ?= $(DESTDIR)/sbin > +PREFIX ?= /usr > +SBINDIR ?= /sbin > MANDIR ?= $(PREFIX)/share/man > LOCALEDIR ?= $(PREFIX)/share/locale > > @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale > all: fixfiles > > install: all > - -mkdir -p $(SBINDIR) > - install -m 755 fixfiles $(SBINDIR) > - -mkdir -p $(MANDIR)/man8 > - install -m 644 fixfiles.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 fixfiles $(DESTDIR)$(SBINDIR) > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/ > > clean: > > diff --git a/policycoreutils/secon/Makefile > b/policycoreutils/secon/Makefile > index 8e491d74..c03f0d7d 100644 > --- a/policycoreutils/secon/Makefile > +++ b/policycoreutils/secon/Makefile > @@ -1,5 +1,5 @@ > # secon tool - command-line context > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > BINDIR ?= $(PREFIX)/bin > MANDIR ?= $(PREFIX)/share/man > @@ -18,13 +18,13 @@ secon: secon.o > install-nogui: install > > install: all > - install -m 755 secon $(BINDIR); > + install -m 755 secon $(DESTDIR)$(BINDIR); > > - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 > - install -m 644 secon.1 $(MANDIR)/man1 > + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man1 > + install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1 > > relabel: > - /sbin/restorecon $(BINDIR)/secon > + /sbin/restorecon $(DESTDIR)$(BINDIR)/secon > > clean: > rm -f *.o core* secon *~ *.bak > diff --git a/policycoreutils/semodule/Makefile > b/policycoreutils/semodule/Makefile > index fffb43ac..7c257bf5 100644 > --- a/policycoreutils/semodule/Makefile > +++ b/policycoreutils/semodule/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > SBINDIR ?= $(PREFIX)/sbin > MANDIR = $(PREFIX)/share/man > @@ -17,12 +17,12 @@ genhomedircon: > ln -sf semodule genhomedircon > > install: all > - -mkdir -p $(SBINDIR) > - install -m 755 semodule $(SBINDIR) > - (cd $(SBINDIR); ln -sf semodule genhomedircon) > - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 > - install -m 644 semodule.8 $(MANDIR)/man8/ > - install -m 644 genhomedircon.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 semodule $(DESTDIR)$(SBINDIR) > + (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon) > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man8 > + install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/ > + install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/ > > relabel: > > diff --git a/policycoreutils/sestatus/Makefile > b/policycoreutils/sestatus/Makefile > index 41ca6832..130b764b 100644 > --- a/policycoreutils/sestatus/Makefile > +++ b/policycoreutils/sestatus/Makefile > @@ -1,8 +1,8 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > SBINDIR ?= $(PREFIX)/sbin > MANDIR = $(PREFIX)/share/man > -ETCDIR ?= $(DESTDIR)/etc > +ETCDIR ?= /etc > LIBDIR ?= $(PREFIX)/lib > > CFLAGS ?= -Werror -Wall -W > @@ -14,14 +14,14 @@ all: sestatus > sestatus: sestatus.o > > install: all > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > - [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5 > - -mkdir -p $(SBINDIR) > - install -m 755 sestatus $(SBINDIR) > - install -m 644 sestatus.8 $(MANDIR)/man8 > - install -m 644 sestatus.conf.5 $(MANDIR)/man5 > - -mkdir -p $(ETCDIR) > - install -m 644 sestatus.conf $(ETCDIR) > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > $(DESTDIR)$(MANDIR)/man8 > + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p > $(DESTDIR)$(MANDIR)/man5 > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 sestatus $(DESTDIR)$(SBINDIR) > + install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8 > + install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5 > + -mkdir -p $(DESTDIR)$(ETCDIR) > + install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR) > > clean: > rm -f sestatus *.o > diff --git a/policycoreutils/setfiles/Makefile > b/policycoreutils/setfiles/Makefile > index c08e2dd1..4e56698f 100644 > --- a/policycoreutils/setfiles/Makefile > +++ b/policycoreutils/setfiles/Makefile > @@ -1,6 +1,6 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > -SBINDIR ?= $(DESTDIR)/sbin > +PREFIX ?= /usr > +SBINDIR ?= /sbin > MANDIR = $(PREFIX)/share/man > LIBDIR ?= $(PREFIX)/lib > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) > @@ -29,14 +29,14 @@ man: > @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" > setfiles.8.man > > install: all > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > - -mkdir -p $(SBINDIR) > - install -m 755 setfiles $(SBINDIR) > - (cd $(SBINDIR) && ln -sf setfiles restorecon) > - install -m 755 restorecon_xattr $(SBINDIR) > - install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8 > - install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8 > - install -m 644 restorecon_xattr.8 > $(MANDIR)/man8/restorecon_xattr.8 > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > $(DESTDIR)$(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 setfiles $(DESTDIR)$(SBINDIR) > + (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon) > + install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR) > + install -m 644 setfiles.8.man > $(DESTDIR)$(MANDIR)/man8/setfiles.8 > + install -m 644 restorecon.8 > $(DESTDIR)$(MANDIR)/man8/restorecon.8 > + install -m 644 restorecon_xattr.8 > $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8 > > clean: > rm -f setfiles restorecon restorecon_xattr *.o > setfiles.8.man > @@ -45,4 +45,4 @@ indent: > ../../scripts/Lindent $(wildcard *.[ch]) > > relabel: install > - $(SBINDIR)/restorecon $(SBINDIR)/setfiles > $(SBINDIR)/restorecon_xattr > + $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles > $(DESTDIR)$(SBINDIR)/restorecon_xattr > diff --git a/policycoreutils/setsebool/Makefile > b/policycoreutils/setsebool/Makefile > index bc254dab..f3379be9 100644 > --- a/policycoreutils/setsebool/Makefile > +++ b/policycoreutils/setsebool/Makefile > @@ -1,10 +1,10 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > SBINDIR ?= $(PREFIX)/sbin > MANDIR = $(PREFIX)/share/man > LIBDIR ?= $(PREFIX)/lib > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- > completion/completions > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions > > CFLAGS ?= -Werror -Wall -W > override LDLIBS += -lsepol -lselinux -lsemanage > @@ -17,12 +17,12 @@ all: setsebool > setsebool: $(SETSEBOOL_OBJS) > > install: all > - -mkdir -p $(SBINDIR) > - install -m 755 setsebool $(SBINDIR) > - -mkdir -p $(MANDIR)/man8 > - install -m 644 setsebool.8 $(MANDIR)/man8/ > - -mkdir -p $(BASHCOMPLETIONDIR) > - install -m 644 $(BASHCOMPLETIONS) > $(BASHCOMPLETIONDIR)/setsebool > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 setsebool $(DESTDIR)$(SBINDIR) > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) > + install -m 644 $(BASHCOMPLETIONS) > $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool > > relabel: > > diff --git a/python/audit2allow/Makefile > b/python/audit2allow/Makefile > index 8db8075f..02526fa7 100644 > --- a/python/audit2allow/Makefile > +++ b/python/audit2allow/Makefile > @@ -1,7 +1,7 @@ > PYTHON ?= python > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > LIBDIR ?= $(PREFIX)/lib > MANDIR ?= $(PREFIX)/share/man > @@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W > > all: audit2why sepolgen-ifgen-attr-helper > > -sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o > $(LIBSEPOLA) > +sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o > $(DESTDIR)$(LIBSEPOLA) > > audit2why: > ln -sf audit2allow audit2why > @@ -22,14 +22,14 @@ test: all > @$(PYTHON) test_audit2allow.py -v > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 audit2allow $(BINDIR) > - (cd $(BINDIR); ln -sf audit2allow audit2why) > - install -m 755 sepolgen-ifgen-attr-helper $(BINDIR) > - install -m 755 sepolgen-ifgen $(BINDIR) > - -mkdir -p $(MANDIR)/man1 > - install -m 644 audit2allow.1 $(MANDIR)/man1/ > - install -m 644 audit2why.1 $(MANDIR)/man1/ > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 audit2allow $(DESTDIR)$(BINDIR) > + (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why) > + install -m 755 sepolgen-ifgen-attr-helper > $(DESTDIR)$(BINDIR) > + install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR) > + -mkdir -p $(DESTDIR)$(MANDIR)/man1 > + install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/ > + install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/ > > clean: > rm -f *~ *.o sepolgen-ifgen-attr-helper > diff --git a/python/chcat/Makefile b/python/chcat/Makefile > index 0fd12d6d..890033e2 100644 > --- a/python/chcat/Makefile > +++ b/python/chcat/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > MANDIR ?= $(PREFIX)/share/man > LOCALEDIR ?= $(PREFIX)/share/locale > @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale > all: chcat > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 chcat $(BINDIR) > - -mkdir -p $(MANDIR)/man8 > - install -m 644 chcat.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 chcat $(DESTDIR)$(BINDIR) > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/ > > clean: > > diff --git a/python/semanage/Makefile b/python/semanage/Makefile > index 60c36a3a..bd02e9e9 100644 > --- a/python/semanage/Makefile > +++ b/python/semanage/Makefile > @@ -1,29 +1,29 @@ > PYTHON ?= python > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > SBINDIR ?= $(PREFIX)/sbin > MANDIR = $(PREFIX)/share/man > PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % > sys.version_info[0:2])') > PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- > completion/completions > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions > > TARGETS=semanage > > -BASHCOMPLETIONS=semanage-bash-completion.sh > +BASHCOMPLETIONS=semanage-bash-completion.sh > > all: $(TARGETS) > > install: all > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > - -mkdir -p $(SBINDIR) > - install -m 755 semanage $(SBINDIR) > - install -m 644 *.8 $(MANDIR)/man8 > - test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d > $(PYTHONLIBDIR)/site-packages > - install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages > - -mkdir -p $(BASHCOMPLETIONDIR) > - install -m 644 $(BASHCOMPLETIONS) > $(BASHCOMPLETIONDIR)/semanage > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > $(DESTDIR)$(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 semanage $(DESTDIR)$(SBINDIR) > + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 > + test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install > -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages > + install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site- > packages > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) > + install -m 644 $(BASHCOMPLETIONS) > $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage > > test: > @$(PYTHON) test-semanage.py -a > diff --git a/python/sepolgen/src/sepolgen/Makefile > b/python/sepolgen/src/sepolgen/Makefile > index d3aa7715..12ef0827 100644 > --- a/python/sepolgen/src/sepolgen/Makefile > +++ b/python/sepolgen/src/sepolgen/Makefile > @@ -1,12 +1,12 @@ > PYTHON ?= python > PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig > import *; print(get_python_lib(1))") > -PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen > +PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen > > all: > > install: all > - -mkdir -p $(PACKAGEDIR) > - install -m 644 *.py $(PACKAGEDIR) > + -mkdir -p $(DESTDIR)$(PACKAGEDIR) > + install -m 644 *.py $(DESTDIR)$(PACKAGEDIR) > > clean: > rm -f parser.out parsetab.py > diff --git a/python/sepolgen/src/share/Makefile > b/python/sepolgen/src/share/Makefile > index abf5e451..1a7133cb 100644 > --- a/python/sepolgen/src/share/Makefile > +++ b/python/sepolgen/src/share/Makefile > @@ -1,10 +1,10 @@ > -SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen > +SHAREDIR ?= /var/lib/sepolgen > > all: > > install: all > - -mkdir -p $(SHAREDIR) > - install -m 644 perm_map $(SHAREDIR) > + -mkdir -p $(DESTDIR)$(SHAREDIR) > + install -m 644 perm_map $(DESTDIR)$(SHAREDIR) > > clean: > - rm -f *~ > \ No newline at end of file > + rm -f *~ > diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile > index 5a56e6c8..c75dce73 100644 > --- a/python/sepolicy/Makefile > +++ b/python/sepolicy/Makefile > @@ -1,13 +1,13 @@ > PYTHON ?= python > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > LIBDIR ?= $(PREFIX)/lib > BINDIR ?= $(PREFIX)/bin > DATADIR ?= $(PREFIX)/share > MANDIR ?= $(PREFIX)/share/man > LOCALEDIR ?= /usr/share/locale > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- > completion/completions > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions > SHAREDIR ?= $(PREFIX)/share/sandbox > CFLAGS ?= -Wall -Werror -Wextra -W > override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared > @@ -31,12 +31,12 @@ test: > > install: > $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo -- > root $(DESTDIR)` > - [ -d $(BINDIR) ] || mkdir -p $(BINDIR) > - install -m 755 sepolicy.py $(BINDIR)/sepolicy > - (cd $(BINDIR); ln -sf sepolicy sepolgen) > - -mkdir -p $(MANDIR)/man8 > - install -m 644 *.8 $(MANDIR)/man8 > - -mkdir -p $(BASHCOMPLETIONDIR) > - install -m 644 $(BASHCOMPLETIONS) > $(BASHCOMPLETIONDIR)/sepolicy > + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy > + (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) > + install -m 644 $(BASHCOMPLETIONS) > $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy > > relabel: > diff --git a/restorecond/Makefile b/restorecond/Makefile > index ada94aeb..a9a57b48 100644 > --- a/restorecond/Makefile > +++ b/restorecond/Makefile > @@ -1,17 +1,17 @@ > PKG_CONFIG ?= pkg-config > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > SBINDIR ?= $(PREFIX)/sbin > LIBDIR ?= $(PREFIX)/lib > MANDIR = $(PREFIX)/share/man > -AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart > -DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services > -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd > +AUTOSTARTDIR = /etc/xdg/autostart > +DBUSSERVICEDIR = /usr/share/dbus-1/services > +SYSTEMDDIR ?= /usr/lib/systemd > > autostart_DATA = sealertauto.desktop > -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d > -SELINUXDIR = $(DESTDIR)/etc/selinux > +INITDIR ?= /etc/rc.d/init.d > +SELINUXDIR = /etc/selinux > > DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1) > DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1) > @@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o > utmpwatcher.o stringslist.o user.o watch.o > $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) > > install: all > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > - -mkdir -p $(SBINDIR) > - install -m 755 restorecond $(SBINDIR) > - install -m 644 restorecond.8 $(MANDIR)/man8 > - -mkdir -p $(INITDIR) > - install -m 755 restorecond.init $(INITDIR)/restorecond > - -mkdir -p $(SELINUXDIR) > - install -m 644 restorecond.conf > $(SELINUXDIR)/restorecond.conf > - install -m 644 restorecond_user.conf > $(SELINUXDIR)/restorecond_user.conf > - -mkdir -p $(AUTOSTARTDIR) > - install -m 644 restorecond.desktop > $(AUTOSTARTDIR)/restorecond.desktop > - -mkdir -p $(DBUSSERVICEDIR) > - install -m 600 > org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restor > econd.service > - -mkdir -p $(SYSTEMDDIR)/system > - install -m 644 restorecond.service $(SYSTEMDDIR)/system/ > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > $(DESTDIR)$(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 755 restorecond $(DESTDIR)$(SBINDIR) > + install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(INITDIR) > + install -m 755 restorecond.init > $(DESTDIR)$(INITDIR)/restorecond > + -mkdir -p $(DESTDIR)$(SELINUXDIR) > + install -m 644 restorecond.conf > $(DESTDIR)$(SELINUXDIR)/restorecond.conf > + install -m 644 restorecond_user.conf > $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf > + -mkdir -p $(DESTDIR)$(AUTOSTARTDIR) > + install -m 644 restorecond.desktop > $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop > + -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR) > + install -m 600 > org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.seli > nux.Restorecond.service > + -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system > + install -m 644 restorecond.service > $(DESTDIR)$(SYSTEMDDIR)/system/ > relabel: install > - /sbin/restorecon $(SBINDIR)/restorecond > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond > > clean: > -rm -f restorecond *.o *~ > diff --git a/sandbox/Makefile b/sandbox/Makefile > index 05c3d658..9c78041c 100644 > --- a/sandbox/Makefile > +++ b/sandbox/Makefile > @@ -1,8 +1,8 @@ > PYTHON ?= python > > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > -SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig > +PREFIX ?= /usr > +SYSCONFDIR ?= /etc/sysconfig > LIBDIR ?= $(PREFIX)/lib > BINDIR ?= $(PREFIX)/bin > SBINDIR ?= $(PREFIX)/sbin > @@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start > seunshare: $(SEUNSHARE_OBJS) > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 sandbox $(BINDIR) > - -mkdir -p $(MANDIR)/man8 > - install -m 644 sandbox.8 $(MANDIR)/man8/ > - install -m 644 seunshare.8 $(MANDIR)/man8/ > - -mkdir -p $(MANDIR)/man5 > - install -m 644 sandbox.5 $(MANDIR)/man5/ > - -mkdir -p $(SBINDIR) > - install -m 4755 seunshare $(SBINDIR)/ > - -mkdir -p $(SHAREDIR) > - install -m 755 sandboxX.sh $(SHAREDIR) > - install -m 755 start $(SHAREDIR) > - -mkdir -p $(SYSCONFDIR) > - install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 sandbox $(DESTDIR)$(BINDIR) > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/ > + install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(MANDIR)/man5 > + install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/ > + -mkdir -p $(DESTDIR)$(SBINDIR) > + install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/ > + -mkdir -p $(DESTDIR)$(SHAREDIR) > + install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR) > + install -m 755 start $(DESTDIR)$(SHAREDIR) > + -mkdir -p $(DESTDIR)$(SYSCONFDIR) > + install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox > > test: > @$(PYTHON) test_sandbox.py -v > diff --git a/secilc/Makefile b/secilc/Makefile > index 1cac53e4..597b4a27 100644 > --- a/secilc/Makefile > +++ b/secilc/Makefile > @@ -1,4 +1,4 @@ > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > BINDIR ?= $(PREFIX)/bin > MANDIR ?= $(PREFIX)/share/man > LIBDIR ?= $(PREFIX)/lib > @@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml > $(XMLTO) man $(SECIL2CONF_MANPAGE).xml > > install: all man > - -mkdir -p $(BINDIR) > - -mkdir -p $(MANDIR)/man8 > - install -m 755 $(SECILC) $(BINDIR) > - install -m 755 $(SECIL2CONF) $(BINDIR) > - install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8 > - install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8 > + -mkdir -p $(DESTDIR)$(BINDIR) > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > + install -m 755 $(SECILC) $(DESTDIR)$(BINDIR) > + install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR) > + install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8 > + install -m 644 $(SECIL2CONF_MANPAGE) > $(DESTDIR)$(MANDIR)/man8 > > doc: > $(MAKE) -C docs > diff --git a/semodule-utils/semodule_deps/Makefile b/semodule- > utils/semodule_deps/Makefile > index 328a5030..7b106781 100644 > --- a/semodule-utils/semodule_deps/Makefile > +++ b/semodule-utils/semodule_deps/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > BINDIR ?= $(PREFIX)/bin > LIBDIR ?= $(PREFIX)/lib > @@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W > > all: semodule_deps > > -semodule_deps: semodule_deps.o $(LIBSEPOLA) > +semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA) > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 semodule_deps $(BINDIR) > - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 > - install -m 644 semodule_deps.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 semodule_deps $(DESTDIR)$(BINDIR) > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man8 > + install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/ > > relabel: > > diff --git a/semodule-utils/semodule_expand/Makefile b/semodule- > utils/semodule_expand/Makefile > index 072f2137..58d2d3cb 100644 > --- a/semodule-utils/semodule_expand/Makefile > +++ b/semodule-utils/semodule_expand/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > BINDIR ?= $(PREFIX)/bin > LIBDIR ?= $(PREFIX)/lib > @@ -13,10 +13,10 @@ all: semodule_expand > semodule_expand: semodule_expand.o > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 semodule_expand $(BINDIR) > - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 > - install -m 644 semodule_expand.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 semodule_expand $(DESTDIR)$(BINDIR) > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man8 > + install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/ > > relabel: > > diff --git a/semodule-utils/semodule_link/Makefile b/semodule- > utils/semodule_link/Makefile > index cc4687bd..178bea30 100644 > --- a/semodule-utils/semodule_link/Makefile > +++ b/semodule-utils/semodule_link/Makefile > @@ -1,6 +1,6 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > -INCLUDEDIR ?= $(PREFIX)/include > +PREFIX ?= /usr > +INCLUDEDIR ?= /include > BINDIR ?= $(PREFIX)/bin > MANDIR ?= $(PREFIX)/share/man > LIBDIR ?= $(PREFIX)/lib > @@ -13,10 +13,10 @@ all: semodule_link > semodule_link: semodule_link.o > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 semodule_link $(BINDIR) > - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 > - install -m 644 semodule_link.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 semodule_link $(DESTDIR)$(BINDIR) > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > $(PREFIX)$(MANDIR)/man8 Missing $(DESTDIR) in the final install location above. > + install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/ > > relabel: > > diff --git a/semodule-utils/semodule_package/Makefile b/semodule- > utils/semodule_package/Makefile > index 96dd7c4f..37bd0d4b 100644 > --- a/semodule-utils/semodule_package/Makefile > +++ b/semodule-utils/semodule_package/Makefile > @@ -1,5 +1,5 @@ > # Installation directories. > -PREFIX ?= $(DESTDIR)/usr > +PREFIX ?= /usr > INCLUDEDIR ?= $(PREFIX)/include > BINDIR ?= $(PREFIX)/bin > LIBDIR ?= $(PREFIX)/lib > @@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage > semodule_package: semodule_package.o > > install: all > - -mkdir -p $(BINDIR) > - install -m 755 semodule_package $(BINDIR) > - install -m 755 semodule_unpackage $(BINDIR) > - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 > - install -m 644 semodule_package.8 $(MANDIR)/man8/ > - install -m 644 semodule_unpackage.8 $(MANDIR)/man8/ > + -mkdir -p $(DESTDIR)$(BINDIR) > + install -m 755 semodule_package $(DESTDIR)$(BINDIR) > + install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR) > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > $(DESTDIR)$(MANDIR)/man8 > + install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/ > + install -m 644 semodule_unpackage.8 > $(DESTDIR)$(MANDIR)/man8/ > > relabel: > ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] Use DESTDIR only in install targets 2017-06-21 19:51 ` Stephen Smalley @ 2017-06-22 16:25 ` Petr Lautrbach 2017-06-22 16:45 ` Stephen Smalley 0 siblings, 1 reply; 24+ messages in thread From: Petr Lautrbach @ 2017-06-22 16:25 UTC (permalink / raw) To: Stephen Smalley, selinux On 06/21/2017 09:51 PM, Stephen Smalley wrote: > Hmm...seems like we're still using DESTDIR for more than just install. > So either the patch or the patch description isn't quite right. > The original usage of make DESTDIR in selinux was to support building > and installing to a private directory, so we wanted it to affect more > than just install. If we truly make this transition to conform to the > GNU standards, then we still need a clean way of building and > installing to a private directory for local testing. The top-level > Makefile has a workaround currently of automatically defining CFLAGS > and LDFLAGS when DESTDIR is defined, but that has a side effect: it > suppresses any non-override CFLAGS and LDFLAGS definitions in the > Makefiles, so then we no longer get all of the warning options enabled > in such local builds like we used to do. All of this leaves me > wondering about whether we ought to just revert the earlier changes and > preserve our usage of DESTDIR, even if it doesn't correspond to GNU. PREFIX could be used for the case you described and DESTDIR would be used just for installing to a different root directory. The difference could be seen in .pc files: $ make DESTDIR=/selinux-DESTDIR LIBSEPOLA=/selinux-DESTDIR/usr/lib/libsepol.a install install-pywrap install-rubywrap $ head -n 2 /selinux-DESTDIR/usr/lib/pkgconfig/libsepol.pc prefix=//usr exec_prefix=${prefix} vs $ make PREFIX=/selinux-PREFIX install install-pywrap install-rubywrap $ head -n 2 /selinux-PREFIX/usr/lib/pkgconfig/libsepol.pc prefix=/selinux-PREFIX/usr exec_prefix=${prefix} I've got two work-in-progress patches for that: https://github.com/bachradsusi/SELinuxProject-selinux/commit/03d7e6a3802aa5376fe6162f6e7f9a6314f2b028 https://github.com/bachradsusi/SELinuxProject-selinux/commit/ddf070fa82a4331b8fe2d82f61929c1120a12630 They need more testing and some enhancements but for the first look they seem to work. At least structure of directories seem to be same. >> >> -checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) >> +checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA) >> >> %.o: %.c >> $(CC) $(CFLAGS) -o $@ -c $< >> @@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c >> $(LEX) policy_scan.l >> >> install: all >> - -mkdir -p $(BINDIR) >> - -mkdir -p $(MANDIR)/man8 >> - install -m 755 $(TARGETS) $(BINDIR) >> - install -m 644 checkpolicy.8 $(MANDIR)/man8 >> - install -m 644 checkmodule.8 $(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) >> + install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 >> >> relabel: install >> - /sbin/restorecon $(BINDIR)/checkpolicy >> - /sbin/restorecon $(BINDIR)/checkmodule >> + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy >> + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule >> >> clean: >> -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c >> y.tab.h lex.yy.c >> diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile >> index 59fa4460..c9a8d4c5 100644 >> --- a/checkpolicy/test/Makefile >> +++ b/checkpolicy/test/Makefile >> @@ -1,7 +1,7 @@ >> # >> # Makefile for building the dispol program >> # >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> BINDIR ?= $(PREFIX)/bin >> LIBDIR ?= $(PREFIX)/lib >> INCLUDEDIR ?= $(PREFIX)/include >> @@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe >> >> all: dispol dismod >> >> -dispol: dispol.o $(LIBSEPOLA) >> +dispol: dispol.o $(DESTDIR)$(LIBSEPOLA) >> >> -dismod: dismod.o $(LIBSEPOLA) >> +dismod: dismod.o $(DESTDIR)$(LIBSEPOLA) > > Ditto > >> >> clean: >> -rm -f dispol dismod *.o >> diff --git a/gui/Makefile b/gui/Makefile >> index 4fc2c1a1..52c3cab2 100644 >> --- a/gui/Makefile >> +++ b/gui/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= ${DESTDIR}/usr >> +PREFIX ?= /usr >> BINDIR ?= $(PREFIX)/bin >> SHAREDIR ?= $(PREFIX)/share/system-config-selinux >> DATADIR ?= $(PREFIX)/share >> @@ -24,29 +24,29 @@ usersPage.py >> all: $(TARGETS) system-config-selinux.py polgengui.py >> >> install: all >> - -mkdir -p $(MANDIR)/man8 >> - -mkdir -p $(SHAREDIR) >> - -mkdir -p $(BINDIR) >> - -mkdir -p $(DATADIR)/pixmaps >> - -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps >> - -mkdir -p $(DATADIR)/polkit-1/actions/ >> - install -m 755 system-config-selinux.py $(SHAREDIR) >> - install -m 755 system-config-selinux $(BINDIR) >> - install -m 755 polgengui.py $(SHAREDIR) >> - install -m 644 $(TARGETS) $(SHAREDIR) >> - install -m 644 system-config-selinux.8 $(MANDIR)/man8 >> - install -m 644 selinux-polgengui.8 $(MANDIR)/man8 >> - install -m 644 system-config-selinux.png $(DATADIR)/pixmaps >> - install -m 644 system-config-selinux.png >> $(DATADIR)/icons/hicolor/24x24/apps >> - install -m 644 system-config-selinux.png $(DATADIR)/system- >> config-selinux >> - install -m 644 *.desktop $(DATADIR)/system-config-selinux > > This one seems to have been dropped accidentally rather than augmented > with $(DESTDIR). > >> - -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps >> - install -m 644 sepolicy_256.png >> $(DATADIR)/pixmaps/sepolicy.png >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(SHAREDIR) >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps >> + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps >> + -mkdir -p $(DESTDIR)$(SYSCONFDIR) >> + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ >> + install -m 755 system-config-selinux.py >> $(DESTDIR)$(SHAREDIR) >> + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) >> + install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) >> + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) >> + install -m 644 system-config-selinux.8 >> $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 system-config-selinux.png >> $(DESTDIR)$(DATADIR)/pixmaps >> + install -m 644 system-config-selinux.png >> $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps >> + install -m 644 system-config-selinux.png >> $(DESTDIR)$(DATADIR)/system-config-selinux >> + -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps >> + install -m 644 sepolicy_256.png >> $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png >> for i in 16 22 32 48 256; do \ >> - mkdir -p $(DESTDIR) >> $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ >> - install -m 644 sepolicy_$${i}.png >> $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ >> + mkdir -p >> $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ >> + install -m 644 sepolicy_$${i}.png >> $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ >> done >> - install -m 644 org.selinux.config.policy $(DATADIR)/polkit- >> 1/actions/ >> + install -m 644 org.selinux.config.policy >> $(DESTDIR)$(DATADIR)/polkit-1/actions/ >> clean: >> >> indent: >> diff --git a/libselinux/include/Makefile >> b/libselinux/include/Makefile >> index 757a6c9c..c1d3fa15 100644 >> --- a/libselinux/include/Makefile >> +++ b/libselinux/include/Makefile >> @@ -1,12 +1,12 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCDIR ?= $(PREFIX)/include/selinux >> >> all: >> >> install: all >> - test -d $(INCDIR) || install -m 755 -d $(INCDIR) >> - install -m 644 $(wildcard selinux/*.h) $(INCDIR) >> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d >> $(DESTDIR)$(INCDIR) >> + install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR) >> >> relabel: >> >> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile >> index 4306dd0e..6d65b682 100644 >> --- a/libselinux/src/Makefile >> +++ b/libselinux/src/Makefile >> @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) >> PKG_CONFIG ?= pkg-config >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> -SHLIBDIR ?= $(DESTDIR)/lib >> +SHLIBDIR ?= /lib >> INCLUDEDIR ?= $(PREFIX)/include >> PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) >> PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) >> -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; >> print(site.getsitepackages()[0])') >> +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; >> print(site.getsitepackages()[0])') >> PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in >> imp.get_suffixes() if t == imp.C_EXTENSION][0])') >> RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + >> RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + >> RbConfig::CONFIG["rubyhdrdir"]') >> RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + >> RbConfig::CONFIG["libdir"] + " -lruby"') >> -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts >> RbConfig::CONFIG["vendorarchdir"]') >> +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts >> RbConfig::CONFIG["vendorarchdir"]') >> LIBBASE ?= $(shell basename $(LIBDIR)) >> LIBSEPOLA ?= $(LIBDIR)/libsepol.a >> >> @@ -156,7 +156,7 @@ selinuxswig_python_exception.i: >> ../include/selinux/selinux.h >> $(AUDIT2WHYLOBJ): audit2why.c >> $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC >> -DSHARED -c -o $@ $< >> >> -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) >> +$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA) >> $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux >> $(PYLIBS) > > Here again with using DESTDIR outside of install. > >> >> %.o: %.c policy.h >> @@ -177,26 +177,26 @@ swigify: $(SWIGIF) >> $(SWIG) $< >> >> install: all >> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) >> - install -m 644 $(LIBA) $(LIBDIR) >> - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) >> - install -m 755 $(LIBSO) $(SHLIBDIR) >> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d >> $(LIBDIR)/pkgconfig >> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig >> - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET) >> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d >> $(DESTDIR)$(LIBDIR) >> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) >> + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d >> $(DESTDIR)$(SHLIBDIR) >> + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) >> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d >> $(DESTDIR)$(LIBDIR)/pkgconfig >> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig >> + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) >> $(DESTDIR)$(LIBDIR)/$(TARGET) >> >> install-pywrap: pywrap >> - test -d $(PYSITEDIR)/selinux || install -m 755 -d >> $(PYSITEDIR)/selinux >> - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT) >> - install -m 755 $(AUDIT2WHYSO) >> $(PYSITEDIR)/selinux/audit2why$(PYCEXT) >> - install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py >> + test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d >> $(DESTDIR)$(PYSITEDIR)/selinux >> + install -m 755 $(SWIGSO) >> $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT) >> + install -m 755 $(AUDIT2WHYSO) >> $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT) >> + install -m 644 $(SWIGPYOUT) >> $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py >> >> install-rubywrap: rubywrap >> - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) >> - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so >> + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d >> $(DESTDIR)$(RUBYINSTALL) >> + install -m 755 $(SWIGRUBYSO) >> $(DESTDIR)$(RUBYINSTALL)/selinux.so >> >> relabel: >> - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) >> + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) >> >> clean-pywrap: >> -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO) >> diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile >> index 843b0e7c..882a6787 100644 >> --- a/libselinux/utils/Makefile >> +++ b/libselinux/utils/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> SBINDIR ?= $(PREFIX)/sbin >> INCLUDEDIR ?= $(PREFIX)/include >> @@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o >> ../src/regex.o >> all: $(TARGETS) >> >> install: all >> - -mkdir -p $(SBINDIR) >> - install -m 755 $(TARGETS) $(SBINDIR) >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) >> >> clean: >> rm -f $(TARGETS) *.o *~ >> diff --git a/libsemanage/include/Makefile >> b/libsemanage/include/Makefile >> index b660660e..6e44a28a 100644 >> --- a/libsemanage/include/Makefile >> +++ b/libsemanage/include/Makefile >> @@ -1,12 +1,12 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCDIR ?= $(PREFIX)/include/semanage >> >> all: >> >> install: all >> - test -d $(INCDIR) || install -m 755 -d $(INCDIR) >> - install -m 644 $(wildcard semanage/*.h) $(INCDIR) >> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d >> $(DESTDIR)$(INCDIR) >> + install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR) >> >> indent: >> ../../scripts/Lindent $(wildcard semanage/*.h) >> diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile >> index f01385c5..8c0b4557 100644 >> --- a/libsemanage/src/Makefile >> +++ b/libsemanage/src/Makefile >> @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) >> PKG_CONFIG ?= pkg-config >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> -SHLIBDIR ?= $(DESTDIR)/lib >> +SHLIBDIR ?= /lib >> INCLUDEDIR ?= $(PREFIX)/include >> PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) >> PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) >> -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; >> print(site.getsitepackages()[0])') >> +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; >> print(site.getsitepackages()[0])') >> PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in >> imp.get_suffixes() if t == imp.C_EXTENSION][0])') >> RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + >> RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + >> RbConfig::CONFIG["rubyhdrdir"]') >> RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + >> RbConfig::CONFIG["libdir"] + " -lruby"') >> -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts >> RbConfig::CONFIG["vendorarchdir"]') >> +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts >> RbConfig::CONFIG["vendorarchdir"]') >> >> LIBBASE=$(shell basename $(LIBDIR)) >> >> @@ -136,26 +136,26 @@ swigify: $(SWIGIF) >> $(SWIG) $< >> >> install: all >> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) >> - install -m 644 $(LIBA) $(LIBDIR) >> - install -m 755 $(LIBSO) $(LIBDIR) >> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d >> $(LIBDIR)/pkgconfig >> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig >> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d >> $(DESTDIR)$(LIBDIR) >> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) >> + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) >> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d >> $(DESTDIR)$(LIBDIR)/pkgconfig >> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig >> test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 >> -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION) >> - cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET) >> + cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET) >> >> install-pywrap: pywrap >> - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR) >> - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT) >> - install -m 644 semanage.py $(PYSITEDIR) >> + test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d >> $(DESTDIR)$(PYSITEDIR) >> + install -m 755 $(SWIGSO) >> $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT) >> + install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR) >> >> >> install-rubywrap: rubywrap >> - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) >> - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so >> + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d >> $(DESTDIR)$(RUBYINSTALL) >> + install -m 755 $(SWIGRUBYSO) >> $(DESTDIR)$(RUBYINSTALL)/semanage.so >> >> relabel: >> - /sbin/restorecon $(LIBDIR)/$(LIBSO) >> + /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO) >> >> clean: >> -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) >> $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf- >> parse.h conf-scan.c *.o *.lo *~ >> diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile >> index 2ef8d30d..8103cf8f 100644 >> --- a/libsemanage/tests/Makefile >> +++ b/libsemanage/tests/Makefile >> @@ -1,4 +1,4 @@ >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> >> # Add your test source files here: >> diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile >> index 725f0eec..5b8fbb6b 100644 >> --- a/libsemanage/utils/Makefile >> +++ b/libsemanage/utils/Makefile >> @@ -1,13 +1,13 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBEXECDIR ?= $(PREFIX)/libexec >> SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/ >> >> all: >> >> install: all >> - -mkdir -p $(SELINUXEXECDIR) >> - install -m 755 semanage_migrate_store $(SELINUXEXECDIR) >> + -mkdir -p $(DESTDIR)$(SELINUXEXECDIR) >> + install -m 755 semanage_migrate_store >> $(DESTDIR)$(SELINUXEXECDIR) >> >> clean: >> >> diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile >> index 56b7a114..49f817ce 100644 >> --- a/libsepol/include/Makefile >> +++ b/libsepol/include/Makefile >> @@ -1,17 +1,17 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCDIR ?= $(PREFIX)/include/sepol >> CILDIR ?= ../cil >> >> all: >> >> install: all >> - test -d $(INCDIR) || install -m 755 -d $(INCDIR) >> - test -d $(INCDIR)/policydb || install -m 755 -d >> $(INCDIR)/policydb >> - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil >> - install -m 644 $(wildcard sepol/*.h) $(INCDIR) >> - install -m 644 $(wildcard sepol/policydb/*.h) >> $(INCDIR)/policydb >> - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) >> $(INCDIR)/cil >> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d >> $(DESTDIR)$(INCDIR) >> + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d >> $(DESTDIR)$(INCDIR)/policydb >> + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d >> $(DESTDIR)$(INCDIR)/cil >> + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR) >> + install -m 644 $(wildcard sepol/policydb/*.h) >> $(DESTDIR)$(INCDIR)/policydb >> + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) >> $(DESTDIR)$(INCDIR)/cil >> >> indent: >> ../../scripts/Lindent $(wildcard sepol/*.h) >> diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile >> index 819d261b..4c7e23fa 100644 >> --- a/libsepol/src/Makefile >> +++ b/libsepol/src/Makefile >> @@ -1,8 +1,8 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> LIBDIR ?= $(PREFIX)/lib >> -SHLIBDIR ?= $(DESTDIR)/lib >> +SHLIBDIR ?= $(PREFIX)/lib > > This yields a change in the default install location for libsepol.so.1 > (/lib -> /usr/lib). > >> RANLIB ?= ranlib >> LIBBASE ?= $(shell basename $(LIBDIR)) >> CILDIR ?= ../cil >> @@ -80,16 +80,16 @@ endif >> $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< >> >> install: all >> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) >> - install -m 644 $(LIBA) $(LIBDIR) >> - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) >> - install -m 755 $(LIBSO) $(SHLIBDIR) >> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d >> $(LIBDIR)/pkgconfig >> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig >> - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) >> $(LIBDIR)/$(TARGET) >> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d >> $(DESTDIR)$(LIBDIR) >> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) >> + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d >> $(DESTDIR)$(SHLIBDIR) >> + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) >> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d >> $(DESTDIR)$(LIBDIR)/pkgconfig >> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig >> + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) >> $(DESTDIR)$(LIBDIR)/$(TARGET) >> >> relabel: >> - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) >> + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) >> >> clean: >> -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) >> $(TARGET) $(CIL_GENERATED) >> diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile >> index fba1d8a0..31932c11 100644 >> --- a/libsepol/utils/Makefile >> +++ b/libsepol/utils/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> BINDIR ?= $(PREFIX)/bin >> >> CFLAGS ?= -Wall -Werror >> @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) >> all: $(TARGETS) >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 $(TARGETS) $(BINDIR) >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) >> >> clean: >> -rm -f $(TARGETS) *.o >> diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile >> index 8e971192..dbd87f49 100644 >> --- a/mcstrans/man/Makefile >> +++ b/mcstrans/man/Makefile >> @@ -1,11 +1,11 @@ >> # Installation directories. >> -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 >> +MAN8DIR ?= /usr/share/man/man8 >> >> all: >> >> install: all >> - mkdir -p $(MAN8DIR) >> - install -m 644 man8/*.8 $(MAN8DIR) >> + mkdir -p $(DESTDIR)$(MAN8DIR) >> + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) >> >> clean: >> -rm -f *~ \#* >> diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile >> index 709e1e02..be54e349 100644 >> --- a/mcstrans/src/Makefile >> +++ b/mcstrans/src/Makefile >> @@ -1,9 +1,9 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> -SBINDIR ?= $(DESTDIR)/sbin >> -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d >> -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd >> +SBINDIR ?= /sbin >> +INITDIR ?= /etc/rc.d/init.d >> +SYSTEMDDIR ?= /usr/lib/systemd >> >> PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c >> PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC)) >> @@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE >> -D_FILE_OFFSET_BITS=64 >> all: $(PROG) >> >> $(PROG): $(PROG_OBJS) >> - $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre >> $(LIBDIR)/libsepol.a >> + $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre >> $(DESTDIR)$(LIBDIR)/libsepol.a >> >> %.o: %.c >> $(CC) $(CFLAGS) -fPIE -c -o $@ $< >> >> install: all >> - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) >> - install -m 755 $(PROG) $(SBINDIR) >> - test -d $(INITDIR) || install -m 755 -d $(INITDIR) >> - install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT) >> - test -d $(SYSTEMDDIR)/system || install -m 755 -d >> $(SYSTEMDDIR)/system >> - install -m 644 mcstrans.service $(SYSTEMDDIR)/system/ >> + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d >> $(DESTDIR)$(SBINDIR) >> + install -m 755 $(PROG) $(DESTDIR)$(SBINDIR) >> + test -d $(DESTDIR)$(INITDIR) || install -m 755 -d >> $(DESTDIR)$(INITDIR) >> + install -m 755 $(INITSCRIPT).init >> $(DESTDIR)$(INITDIR)/$(INITSCRIPT) >> + test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d >> $(DESTDIR)$(SYSTEMDDIR)/system >> + install -m 644 mcstrans.service >> $(DESTDIR)$(SYSTEMDDIR)/system/ >> >> clean: >> -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~ >> \#* >> diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile >> index 4d3cbfcb..1364cece 100644 >> --- a/mcstrans/utils/Makefile >> +++ b/mcstrans/utils/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> SBINDIR ?= $(PREFIX)/sbin >> LIBSEPOLA ?= $(LIBDIR)/libsepol.a >> @@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) >> >> all: $(TARGETS) >> >> -$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA) >> +$(TARGETS): ../src/mcstrans.o ../src/mls_level.o >> $(DESTDIR)$(LIBSEPOLA) >> >> install: all >> - -mkdir -p $(SBINDIR) >> - install -m 755 $(TARGETS) $(SBINDIR) >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) >> >> test: >> ./mlstrans-test-runner.py ../test/*.test >> diff --git a/policycoreutils/hll/pp/Makefile >> b/policycoreutils/hll/pp/Makefile >> index 3401dcc9..ed70c449 100644 >> --- a/policycoreutils/hll/pp/Makefile >> +++ b/policycoreutils/hll/pp/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> MANDIR = $(PREFIX)/share/man >> LIBDIR ?= $(PREFIX)/lib >> @@ -21,8 +21,8 @@ pp: $(PP_OBJS) >> $(CC) $(CFLAGS) -c -o $@ $^ >> >> install: all >> - -mkdir -p $(HLLDIR) >> - install -m 755 pp $(HLLDIR) >> + -mkdir -p $(DESTDIR)$(HLLDIR) >> + install -m 755 pp $(DESTDIR)$(HLLDIR) >> >> relabel: >> >> diff --git a/policycoreutils/load_policy/Makefile >> b/policycoreutils/load_policy/Makefile >> index b85833c2..00f59aba 100644 >> --- a/policycoreutils/load_policy/Makefile >> +++ b/policycoreutils/load_policy/Makefile >> @@ -1,6 +1,6 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> -SBINDIR ?= $(DESTDIR)/sbin >> +PREFIX ?= /usr >> +SBINDIR ?= /sbin >> MANDIR ?= $(PREFIX)/share/man >> LOCALEDIR ?= /usr/share/locale >> >> @@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) >> all: $(TARGETS) >> >> install: all >> - -mkdir -p $(SBINDIR) >> - install -m 755 $(TARGETS) $(SBINDIR) >> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 >> - install -m 644 load_policy.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) >> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/ >> >> clean: >> -rm -f $(TARGETS) *.o >> @@ -25,4 +25,4 @@ indent: >> ../../scripts/Lindent $(wildcard *.[ch]) >> >> relabel: >> - /sbin/restorecon $(SBINDIR)/load_policy >> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy >> diff --git a/policycoreutils/man/Makefile >> b/policycoreutils/man/Makefile >> index 0d91cd46..ae3d27b6 100644 >> --- a/policycoreutils/man/Makefile >> +++ b/policycoreutils/man/Makefile >> @@ -1,12 +1,12 @@ >> # Installation directories. >> -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 >> +MAN5DIR ?= /usr/share/man/man5 >> >> all: >> >> clean: >> >> install: all >> - mkdir -p $(MAN5DIR) >> - install -m 644 man5/*.5 $(MAN5DIR) >> + mkdir -p $(DESTDIR)$(MAN5DIR) >> + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) >> >> relabel: >> diff --git a/policycoreutils/newrole/Makefile >> b/policycoreutils/newrole/Makefile >> index 196af926..e687b6ab 100644 >> --- a/policycoreutils/newrole/Makefile >> +++ b/policycoreutils/newrole/Makefile >> @@ -1,8 +1,8 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> BINDIR ?= $(PREFIX)/bin >> MANDIR ?= $(PREFIX)/share/man >> -ETCDIR ?= $(DESTDIR)/etc >> +ETCDIR ?= /etc >> LOCALEDIR = /usr/share/locale >> PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) >> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) >> @@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS) >> $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) >> >> install: all >> - test -d $(BINDIR) || install -m 755 -d $(BINDIR) >> - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d >> - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 >> - install -m $(MODE) newrole $(BINDIR) >> - install -m 644 newrole.1 $(MANDIR)/man1/ >> + test -d $(DESTDIR)$(BINDIR) || install -m 755 -d >> $(DESTDIR)$(BINDIR) >> + test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d >> $(DESTDIR)$(ETCDIR)/pam.d >> + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man1 >> + install -m $(MODE) newrole $(DESTDIR)$(BINDIR) >> + install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/ >> ifeq ($(PAMH), y) >> - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d >> + test -d $(ETCDIR)/pam.d || install -m 755 -d >> $(DESTDIR)$(ETCDIR)/pam.d > > Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too. > >> ifeq ($(LSPP_PRIV),y) >> - install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole >> + install -m 644 newrole-lspp.pamd >> $(DESTDIR)$(ETCDIR)/pam.d/newrole >> else >> - install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole >> + install -m 644 newrole.pamd >> $(DESTDIR)$(ETCDIR)/pam.d/newrole >> endif >> endif >> >> @@ -82,4 +82,4 @@ indent: >> ../../scripts/Lindent $(wildcard *.[ch]) >> >> relabel: install >> - /sbin/restorecon $(BINDIR)/newrole >> + /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole >> diff --git a/policycoreutils/run_init/Makefile >> b/policycoreutils/run_init/Makefile >> index 921f0b07..8d8eb704 100644 >> --- a/policycoreutils/run_init/Makefile >> +++ b/policycoreutils/run_init/Makefile >> @@ -1,9 +1,9 @@ >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> SBINDIR ?= $(PREFIX)/sbin >> MANDIR ?= $(PREFIX)/share/man >> -ETCDIR ?= $(DESTDIR)/etc >> +ETCDIR ?= /etc >> LOCALEDIR ?= /usr/share/locale >> PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) >> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) >> @@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c >> >> >> install: all >> - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) >> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 >> - install -m 755 run_init $(SBINDIR) >> - install -m 755 open_init_pty $(SBINDIR) >> - install -m 644 run_init.8 $(MANDIR)/man8/ >> - install -m 644 open_init_pty.8 $(MANDIR)/man8/ >> + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d >> $(DESTDIR)$(SBINDIR) >> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man8 >> + install -m 755 run_init $(DESTDIR)$(SBINDIR) >> + install -m 755 open_init_pty $(DESTDIR)$(SBINDIR) >> + install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/ >> + install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/ >> ifeq ($(PAMH), y) >> - install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init >> + install -m 644 run_init.pamd >> $(DESTDIR)$(ETCDIR)/pam.d/run_init >> endif >> >> clean: >> @@ -49,4 +49,4 @@ indent: >> ../../scripts/Lindent $(wildcard *.[ch]) >> >> relabel: install >> - /sbin/restorecon $(SBINDIR)/run_init >> $(SBINDIR)/open_init_pty >> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init >> $(DESTDIR)$(SBINDIR)/open_init_pty >> diff --git a/policycoreutils/scripts/Makefile >> b/policycoreutils/scripts/Makefile >> index d9e86ffe..a988144b 100644 >> --- a/policycoreutils/scripts/Makefile >> +++ b/policycoreutils/scripts/Makefile >> @@ -1,6 +1,6 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> -SBINDIR ?= $(DESTDIR)/sbin >> +PREFIX ?= /usr >> +SBINDIR ?= /sbin >> MANDIR ?= $(PREFIX)/share/man >> LOCALEDIR ?= $(PREFIX)/share/locale >> >> @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale >> all: fixfiles >> >> install: all >> - -mkdir -p $(SBINDIR) >> - install -m 755 fixfiles $(SBINDIR) >> - -mkdir -p $(MANDIR)/man8 >> - install -m 644 fixfiles.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 fixfiles $(DESTDIR)$(SBINDIR) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/ >> >> clean: >> >> diff --git a/policycoreutils/secon/Makefile >> b/policycoreutils/secon/Makefile >> index 8e491d74..c03f0d7d 100644 >> --- a/policycoreutils/secon/Makefile >> +++ b/policycoreutils/secon/Makefile >> @@ -1,5 +1,5 @@ >> # secon tool - command-line context >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> BINDIR ?= $(PREFIX)/bin >> MANDIR ?= $(PREFIX)/share/man >> @@ -18,13 +18,13 @@ secon: secon.o >> install-nogui: install >> >> install: all >> - install -m 755 secon $(BINDIR); >> + install -m 755 secon $(DESTDIR)$(BINDIR); >> >> - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 >> - install -m 644 secon.1 $(MANDIR)/man1 >> + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man1 >> + install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1 >> >> relabel: >> - /sbin/restorecon $(BINDIR)/secon >> + /sbin/restorecon $(DESTDIR)$(BINDIR)/secon >> >> clean: >> rm -f *.o core* secon *~ *.bak >> diff --git a/policycoreutils/semodule/Makefile >> b/policycoreutils/semodule/Makefile >> index fffb43ac..7c257bf5 100644 >> --- a/policycoreutils/semodule/Makefile >> +++ b/policycoreutils/semodule/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> SBINDIR ?= $(PREFIX)/sbin >> MANDIR = $(PREFIX)/share/man >> @@ -17,12 +17,12 @@ genhomedircon: >> ln -sf semodule genhomedircon >> >> install: all >> - -mkdir -p $(SBINDIR) >> - install -m 755 semodule $(SBINDIR) >> - (cd $(SBINDIR); ln -sf semodule genhomedircon) >> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 >> - install -m 644 semodule.8 $(MANDIR)/man8/ >> - install -m 644 genhomedircon.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 semodule $(DESTDIR)$(SBINDIR) >> + (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon) >> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/ >> + install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/ >> >> relabel: >> >> diff --git a/policycoreutils/sestatus/Makefile >> b/policycoreutils/sestatus/Makefile >> index 41ca6832..130b764b 100644 >> --- a/policycoreutils/sestatus/Makefile >> +++ b/policycoreutils/sestatus/Makefile >> @@ -1,8 +1,8 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> SBINDIR ?= $(PREFIX)/sbin >> MANDIR = $(PREFIX)/share/man >> -ETCDIR ?= $(DESTDIR)/etc >> +ETCDIR ?= /etc >> LIBDIR ?= $(PREFIX)/lib >> >> CFLAGS ?= -Werror -Wall -W >> @@ -14,14 +14,14 @@ all: sestatus >> sestatus: sestatus.o >> >> install: all >> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 >> - [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5 >> - -mkdir -p $(SBINDIR) >> - install -m 755 sestatus $(SBINDIR) >> - install -m 644 sestatus.8 $(MANDIR)/man8 >> - install -m 644 sestatus.conf.5 $(MANDIR)/man5 >> - -mkdir -p $(ETCDIR) >> - install -m 644 sestatus.conf $(ETCDIR) >> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p >> $(DESTDIR)$(MANDIR)/man8 >> + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p >> $(DESTDIR)$(MANDIR)/man5 >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 sestatus $(DESTDIR)$(SBINDIR) >> + install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5 >> + -mkdir -p $(DESTDIR)$(ETCDIR) >> + install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR) >> >> clean: >> rm -f sestatus *.o >> diff --git a/policycoreutils/setfiles/Makefile >> b/policycoreutils/setfiles/Makefile >> index c08e2dd1..4e56698f 100644 >> --- a/policycoreutils/setfiles/Makefile >> +++ b/policycoreutils/setfiles/Makefile >> @@ -1,6 +1,6 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> -SBINDIR ?= $(DESTDIR)/sbin >> +PREFIX ?= /usr >> +SBINDIR ?= /sbin >> MANDIR = $(PREFIX)/share/man >> LIBDIR ?= $(PREFIX)/lib >> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) >> @@ -29,14 +29,14 @@ man: >> @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" >> setfiles.8.man >> >> install: all >> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 >> - -mkdir -p $(SBINDIR) >> - install -m 755 setfiles $(SBINDIR) >> - (cd $(SBINDIR) && ln -sf setfiles restorecon) >> - install -m 755 restorecon_xattr $(SBINDIR) >> - install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8 >> - install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8 >> - install -m 644 restorecon_xattr.8 >> $(MANDIR)/man8/restorecon_xattr.8 >> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p >> $(DESTDIR)$(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 setfiles $(DESTDIR)$(SBINDIR) >> + (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon) >> + install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR) >> + install -m 644 setfiles.8.man >> $(DESTDIR)$(MANDIR)/man8/setfiles.8 >> + install -m 644 restorecon.8 >> $(DESTDIR)$(MANDIR)/man8/restorecon.8 >> + install -m 644 restorecon_xattr.8 >> $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8 >> >> clean: >> rm -f setfiles restorecon restorecon_xattr *.o >> setfiles.8.man >> @@ -45,4 +45,4 @@ indent: >> ../../scripts/Lindent $(wildcard *.[ch]) >> >> relabel: install >> - $(SBINDIR)/restorecon $(SBINDIR)/setfiles >> $(SBINDIR)/restorecon_xattr >> + $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles >> $(DESTDIR)$(SBINDIR)/restorecon_xattr >> diff --git a/policycoreutils/setsebool/Makefile >> b/policycoreutils/setsebool/Makefile >> index bc254dab..f3379be9 100644 >> --- a/policycoreutils/setsebool/Makefile >> +++ b/policycoreutils/setsebool/Makefile >> @@ -1,10 +1,10 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> SBINDIR ?= $(PREFIX)/sbin >> MANDIR = $(PREFIX)/share/man >> LIBDIR ?= $(PREFIX)/lib >> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- >> completion/completions >> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions >> >> CFLAGS ?= -Werror -Wall -W >> override LDLIBS += -lsepol -lselinux -lsemanage >> @@ -17,12 +17,12 @@ all: setsebool >> setsebool: $(SETSEBOOL_OBJS) >> >> install: all >> - -mkdir -p $(SBINDIR) >> - install -m 755 setsebool $(SBINDIR) >> - -mkdir -p $(MANDIR)/man8 >> - install -m 644 setsebool.8 $(MANDIR)/man8/ >> - -mkdir -p $(BASHCOMPLETIONDIR) >> - install -m 644 $(BASHCOMPLETIONS) >> $(BASHCOMPLETIONDIR)/setsebool >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 setsebool $(DESTDIR)$(SBINDIR) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) >> + install -m 644 $(BASHCOMPLETIONS) >> $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool >> >> relabel: >> >> diff --git a/python/audit2allow/Makefile >> b/python/audit2allow/Makefile >> index 8db8075f..02526fa7 100644 >> --- a/python/audit2allow/Makefile >> +++ b/python/audit2allow/Makefile >> @@ -1,7 +1,7 @@ >> PYTHON ?= python >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> BINDIR ?= $(PREFIX)/bin >> LIBDIR ?= $(PREFIX)/lib >> MANDIR ?= $(PREFIX)/share/man >> @@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W >> >> all: audit2why sepolgen-ifgen-attr-helper >> >> -sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o >> $(LIBSEPOLA) >> +sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o >> $(DESTDIR)$(LIBSEPOLA) >> >> audit2why: >> ln -sf audit2allow audit2why >> @@ -22,14 +22,14 @@ test: all >> @$(PYTHON) test_audit2allow.py -v >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 audit2allow $(BINDIR) >> - (cd $(BINDIR); ln -sf audit2allow audit2why) >> - install -m 755 sepolgen-ifgen-attr-helper $(BINDIR) >> - install -m 755 sepolgen-ifgen $(BINDIR) >> - -mkdir -p $(MANDIR)/man1 >> - install -m 644 audit2allow.1 $(MANDIR)/man1/ >> - install -m 644 audit2why.1 $(MANDIR)/man1/ >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 audit2allow $(DESTDIR)$(BINDIR) >> + (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why) >> + install -m 755 sepolgen-ifgen-attr-helper >> $(DESTDIR)$(BINDIR) >> + install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man1 >> + install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/ >> + install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/ >> >> clean: >> rm -f *~ *.o sepolgen-ifgen-attr-helper >> diff --git a/python/chcat/Makefile b/python/chcat/Makefile >> index 0fd12d6d..890033e2 100644 >> --- a/python/chcat/Makefile >> +++ b/python/chcat/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> BINDIR ?= $(PREFIX)/bin >> MANDIR ?= $(PREFIX)/share/man >> LOCALEDIR ?= $(PREFIX)/share/locale >> @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale >> all: chcat >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 chcat $(BINDIR) >> - -mkdir -p $(MANDIR)/man8 >> - install -m 644 chcat.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 chcat $(DESTDIR)$(BINDIR) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/ >> >> clean: >> >> diff --git a/python/semanage/Makefile b/python/semanage/Makefile >> index 60c36a3a..bd02e9e9 100644 >> --- a/python/semanage/Makefile >> +++ b/python/semanage/Makefile >> @@ -1,29 +1,29 @@ >> PYTHON ?= python >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> SBINDIR ?= $(PREFIX)/sbin >> MANDIR = $(PREFIX)/share/man >> PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % >> sys.version_info[0:2])') >> PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) >> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- >> completion/completions >> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions >> >> TARGETS=semanage >> >> -BASHCOMPLETIONS=semanage-bash-completion.sh >> +BASHCOMPLETIONS=semanage-bash-completion.sh >> >> all: $(TARGETS) >> >> install: all >> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 >> - -mkdir -p $(SBINDIR) >> - install -m 755 semanage $(SBINDIR) >> - install -m 644 *.8 $(MANDIR)/man8 >> - test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d >> $(PYTHONLIBDIR)/site-packages >> - install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages >> - -mkdir -p $(BASHCOMPLETIONDIR) >> - install -m 644 $(BASHCOMPLETIONS) >> $(BASHCOMPLETIONDIR)/semanage >> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p >> $(DESTDIR)$(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 semanage $(DESTDIR)$(SBINDIR) >> + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 >> + test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install >> -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages >> + install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site- >> packages >> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) >> + install -m 644 $(BASHCOMPLETIONS) >> $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage >> >> test: >> @$(PYTHON) test-semanage.py -a >> diff --git a/python/sepolgen/src/sepolgen/Makefile >> b/python/sepolgen/src/sepolgen/Makefile >> index d3aa7715..12ef0827 100644 >> --- a/python/sepolgen/src/sepolgen/Makefile >> +++ b/python/sepolgen/src/sepolgen/Makefile >> @@ -1,12 +1,12 @@ >> PYTHON ?= python >> PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig >> import *; print(get_python_lib(1))") >> -PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen >> +PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen >> >> all: >> >> install: all >> - -mkdir -p $(PACKAGEDIR) >> - install -m 644 *.py $(PACKAGEDIR) >> + -mkdir -p $(DESTDIR)$(PACKAGEDIR) >> + install -m 644 *.py $(DESTDIR)$(PACKAGEDIR) >> >> clean: >> rm -f parser.out parsetab.py >> diff --git a/python/sepolgen/src/share/Makefile >> b/python/sepolgen/src/share/Makefile >> index abf5e451..1a7133cb 100644 >> --- a/python/sepolgen/src/share/Makefile >> +++ b/python/sepolgen/src/share/Makefile >> @@ -1,10 +1,10 @@ >> -SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen >> +SHAREDIR ?= /var/lib/sepolgen >> >> all: >> >> install: all >> - -mkdir -p $(SHAREDIR) >> - install -m 644 perm_map $(SHAREDIR) >> + -mkdir -p $(DESTDIR)$(SHAREDIR) >> + install -m 644 perm_map $(DESTDIR)$(SHAREDIR) >> >> clean: >> - rm -f *~ >> \ No newline at end of file >> + rm -f *~ >> diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile >> index 5a56e6c8..c75dce73 100644 >> --- a/python/sepolicy/Makefile >> +++ b/python/sepolicy/Makefile >> @@ -1,13 +1,13 @@ >> PYTHON ?= python >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> LIBDIR ?= $(PREFIX)/lib >> BINDIR ?= $(PREFIX)/bin >> DATADIR ?= $(PREFIX)/share >> MANDIR ?= $(PREFIX)/share/man >> LOCALEDIR ?= /usr/share/locale >> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- >> completion/completions >> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions >> SHAREDIR ?= $(PREFIX)/share/sandbox >> CFLAGS ?= -Wall -Werror -Wextra -W >> override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared >> @@ -31,12 +31,12 @@ test: >> >> install: >> $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo -- >> root $(DESTDIR)` >> - [ -d $(BINDIR) ] || mkdir -p $(BINDIR) >> - install -m 755 sepolicy.py $(BINDIR)/sepolicy >> - (cd $(BINDIR); ln -sf sepolicy sepolgen) >> - -mkdir -p $(MANDIR)/man8 >> - install -m 644 *.8 $(MANDIR)/man8 >> - -mkdir -p $(BASHCOMPLETIONDIR) >> - install -m 644 $(BASHCOMPLETIONS) >> $(BASHCOMPLETIONDIR)/sepolicy >> + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy >> + (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) >> + install -m 644 $(BASHCOMPLETIONS) >> $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy >> >> relabel: >> diff --git a/restorecond/Makefile b/restorecond/Makefile >> index ada94aeb..a9a57b48 100644 >> --- a/restorecond/Makefile >> +++ b/restorecond/Makefile >> @@ -1,17 +1,17 @@ >> PKG_CONFIG ?= pkg-config >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> SBINDIR ?= $(PREFIX)/sbin >> LIBDIR ?= $(PREFIX)/lib >> MANDIR = $(PREFIX)/share/man >> -AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart >> -DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services >> -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd >> +AUTOSTARTDIR = /etc/xdg/autostart >> +DBUSSERVICEDIR = /usr/share/dbus-1/services >> +SYSTEMDDIR ?= /usr/lib/systemd >> >> autostart_DATA = sealertauto.desktop >> -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d >> -SELINUXDIR = $(DESTDIR)/etc/selinux >> +INITDIR ?= /etc/rc.d/init.d >> +SELINUXDIR = /etc/selinux >> >> DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1) >> DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1) >> @@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o >> utmpwatcher.o stringslist.o user.o watch.o >> $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) >> >> install: all >> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 >> - -mkdir -p $(SBINDIR) >> - install -m 755 restorecond $(SBINDIR) >> - install -m 644 restorecond.8 $(MANDIR)/man8 >> - -mkdir -p $(INITDIR) >> - install -m 755 restorecond.init $(INITDIR)/restorecond >> - -mkdir -p $(SELINUXDIR) >> - install -m 644 restorecond.conf >> $(SELINUXDIR)/restorecond.conf >> - install -m 644 restorecond_user.conf >> $(SELINUXDIR)/restorecond_user.conf >> - -mkdir -p $(AUTOSTARTDIR) >> - install -m 644 restorecond.desktop >> $(AUTOSTARTDIR)/restorecond.desktop >> - -mkdir -p $(DBUSSERVICEDIR) >> - install -m 600 >> org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restor >> econd.service >> - -mkdir -p $(SYSTEMDDIR)/system >> - install -m 644 restorecond.service $(SYSTEMDDIR)/system/ >> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p >> $(DESTDIR)$(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 755 restorecond $(DESTDIR)$(SBINDIR) >> + install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(INITDIR) >> + install -m 755 restorecond.init >> $(DESTDIR)$(INITDIR)/restorecond >> + -mkdir -p $(DESTDIR)$(SELINUXDIR) >> + install -m 644 restorecond.conf >> $(DESTDIR)$(SELINUXDIR)/restorecond.conf >> + install -m 644 restorecond_user.conf >> $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf >> + -mkdir -p $(DESTDIR)$(AUTOSTARTDIR) >> + install -m 644 restorecond.desktop >> $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop >> + -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR) >> + install -m 600 >> org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.seli >> nux.Restorecond.service >> + -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system >> + install -m 644 restorecond.service >> $(DESTDIR)$(SYSTEMDDIR)/system/ >> relabel: install >> - /sbin/restorecon $(SBINDIR)/restorecond >> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond >> >> clean: >> -rm -f restorecond *.o *~ >> diff --git a/sandbox/Makefile b/sandbox/Makefile >> index 05c3d658..9c78041c 100644 >> --- a/sandbox/Makefile >> +++ b/sandbox/Makefile >> @@ -1,8 +1,8 @@ >> PYTHON ?= python >> >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> -SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig >> +PREFIX ?= /usr >> +SYSCONFDIR ?= /etc/sysconfig >> LIBDIR ?= $(PREFIX)/lib >> BINDIR ?= $(PREFIX)/bin >> SBINDIR ?= $(PREFIX)/sbin >> @@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start >> seunshare: $(SEUNSHARE_OBJS) >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 sandbox $(BINDIR) >> - -mkdir -p $(MANDIR)/man8 >> - install -m 644 sandbox.8 $(MANDIR)/man8/ >> - install -m 644 seunshare.8 $(MANDIR)/man8/ >> - -mkdir -p $(MANDIR)/man5 >> - install -m 644 sandbox.5 $(MANDIR)/man5/ >> - -mkdir -p $(SBINDIR) >> - install -m 4755 seunshare $(SBINDIR)/ >> - -mkdir -p $(SHAREDIR) >> - install -m 755 sandboxX.sh $(SHAREDIR) >> - install -m 755 start $(SHAREDIR) >> - -mkdir -p $(SYSCONFDIR) >> - install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 sandbox $(DESTDIR)$(BINDIR) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/ >> + install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(MANDIR)/man5 >> + install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/ >> + -mkdir -p $(DESTDIR)$(SBINDIR) >> + install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/ >> + -mkdir -p $(DESTDIR)$(SHAREDIR) >> + install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR) >> + install -m 755 start $(DESTDIR)$(SHAREDIR) >> + -mkdir -p $(DESTDIR)$(SYSCONFDIR) >> + install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox >> >> test: >> @$(PYTHON) test_sandbox.py -v >> diff --git a/secilc/Makefile b/secilc/Makefile >> index 1cac53e4..597b4a27 100644 >> --- a/secilc/Makefile >> +++ b/secilc/Makefile >> @@ -1,4 +1,4 @@ >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> BINDIR ?= $(PREFIX)/bin >> MANDIR ?= $(PREFIX)/share/man >> LIBDIR ?= $(PREFIX)/lib >> @@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml >> $(XMLTO) man $(SECIL2CONF_MANPAGE).xml >> >> install: all man >> - -mkdir -p $(BINDIR) >> - -mkdir -p $(MANDIR)/man8 >> - install -m 755 $(SECILC) $(BINDIR) >> - install -m 755 $(SECIL2CONF) $(BINDIR) >> - install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8 >> - install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8 >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + -mkdir -p $(DESTDIR)$(MANDIR)/man8 >> + install -m 755 $(SECILC) $(DESTDIR)$(BINDIR) >> + install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR) >> + install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 $(SECIL2CONF_MANPAGE) >> $(DESTDIR)$(MANDIR)/man8 >> >> doc: >> $(MAKE) -C docs >> diff --git a/semodule-utils/semodule_deps/Makefile b/semodule- >> utils/semodule_deps/Makefile >> index 328a5030..7b106781 100644 >> --- a/semodule-utils/semodule_deps/Makefile >> +++ b/semodule-utils/semodule_deps/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> BINDIR ?= $(PREFIX)/bin >> LIBDIR ?= $(PREFIX)/lib >> @@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W >> >> all: semodule_deps >> >> -semodule_deps: semodule_deps.o $(LIBSEPOLA) >> +semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA) >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 semodule_deps $(BINDIR) >> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 >> - install -m 644 semodule_deps.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 semodule_deps $(DESTDIR)$(BINDIR) >> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/ >> >> relabel: >> >> diff --git a/semodule-utils/semodule_expand/Makefile b/semodule- >> utils/semodule_expand/Makefile >> index 072f2137..58d2d3cb 100644 >> --- a/semodule-utils/semodule_expand/Makefile >> +++ b/semodule-utils/semodule_expand/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> BINDIR ?= $(PREFIX)/bin >> LIBDIR ?= $(PREFIX)/lib >> @@ -13,10 +13,10 @@ all: semodule_expand >> semodule_expand: semodule_expand.o >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 semodule_expand $(BINDIR) >> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 >> - install -m 644 semodule_expand.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 semodule_expand $(DESTDIR)$(BINDIR) >> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/ >> >> relabel: >> >> diff --git a/semodule-utils/semodule_link/Makefile b/semodule- >> utils/semodule_link/Makefile >> index cc4687bd..178bea30 100644 >> --- a/semodule-utils/semodule_link/Makefile >> +++ b/semodule-utils/semodule_link/Makefile >> @@ -1,6 +1,6 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> -INCLUDEDIR ?= $(PREFIX)/include >> +PREFIX ?= /usr >> +INCLUDEDIR ?= /include >> BINDIR ?= $(PREFIX)/bin >> MANDIR ?= $(PREFIX)/share/man >> LIBDIR ?= $(PREFIX)/lib >> @@ -13,10 +13,10 @@ all: semodule_link >> semodule_link: semodule_link.o >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 semodule_link $(BINDIR) >> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 >> - install -m 644 semodule_link.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 semodule_link $(DESTDIR)$(BINDIR) >> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d >> $(PREFIX)$(MANDIR)/man8 > > Missing $(DESTDIR) in the final install location above. > >> + install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/ >> >> relabel: >> >> diff --git a/semodule-utils/semodule_package/Makefile b/semodule- >> utils/semodule_package/Makefile >> index 96dd7c4f..37bd0d4b 100644 >> --- a/semodule-utils/semodule_package/Makefile >> +++ b/semodule-utils/semodule_package/Makefile >> @@ -1,5 +1,5 @@ >> # Installation directories. >> -PREFIX ?= $(DESTDIR)/usr >> +PREFIX ?= /usr >> INCLUDEDIR ?= $(PREFIX)/include >> BINDIR ?= $(PREFIX)/bin >> LIBDIR ?= $(PREFIX)/lib >> @@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage >> semodule_package: semodule_package.o >> >> install: all >> - -mkdir -p $(BINDIR) >> - install -m 755 semodule_package $(BINDIR) >> - install -m 755 semodule_unpackage $(BINDIR) >> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 >> - install -m 644 semodule_package.8 $(MANDIR)/man8/ >> - install -m 644 semodule_unpackage.8 $(MANDIR)/man8/ >> + -mkdir -p $(DESTDIR)$(BINDIR) >> + install -m 755 semodule_package $(DESTDIR)$(BINDIR) >> + install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR) >> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d >> $(DESTDIR)$(MANDIR)/man8 >> + install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/ >> + install -m 644 semodule_unpackage.8 >> $(DESTDIR)$(MANDIR)/man8/ >> >> relabel: >> ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] Use DESTDIR only in install targets 2017-06-22 16:25 ` Petr Lautrbach @ 2017-06-22 16:45 ` Stephen Smalley 0 siblings, 0 replies; 24+ messages in thread From: Stephen Smalley @ 2017-06-22 16:45 UTC (permalink / raw) To: Petr Lautrbach, selinux On Thu, 2017-06-22 at 18:25 +0200, Petr Lautrbach wrote: > On 06/21/2017 09:51 PM, Stephen Smalley wrote: > > Hmm...seems like we're still using DESTDIR for more than just > > install. > > So either the patch or the patch description isn't quite right. > > The original usage of make DESTDIR in selinux was to support > > building > > and installing to a private directory, so we wanted it to affect > > more > > than just install. If we truly make this transition to conform to > > the > > GNU standards, then we still need a clean way of building and > > installing to a private directory for local testing. The top-level > > Makefile has a workaround currently of automatically defining > > CFLAGS > > and LDFLAGS when DESTDIR is defined, but that has a side effect: it > > suppresses any non-override CFLAGS and LDFLAGS definitions in the > > Makefiles, so then we no longer get all of the warning options > > enabled > > in such local builds like we used to do. All of this leaves me > > wondering about whether we ought to just revert the earlier changes > > and > > preserve our usage of DESTDIR, even if it doesn't correspond to > > GNU. > > PREFIX could be used for the case you described and DESTDIR would be > used just for installing to a different root directory. Doesn't help with the CFLAGS/LDFLAGS issue; prior to fcb5d5cc7211, the Makefiles would automatically add -I$(INCLUDEDIR)and -L(LIBDIR) and therefore build with the private copies of the headers and libraries rather than the system ones. Since that commit, we have to separately specify CFLAGS/LDFLAGS, which in turn suppresses any non-override CFLAGS/LDFLAGS definitions (which suppresses many warnings on such builds). Also, I could be wrong but I thought prefix meant something else in the GNU standards too, e.g. the prefix for files used by the program at runtime, not necessarily the compilation. So I think we are out of spec on both DESTDIR and PREFIX. Whether or not that matters I'm not sure. What exactly is the problem with keeping -I$(INCLUDEDIR) and -L(LIBDIR) in the Makefiles? I saw the gentoo issue but I'm not clear on exactly what breaks and why. > > > The difference could be seen in .pc files: > > $ make DESTDIR=/selinux-DESTDIR > LIBSEPOLA=/selinux-DESTDIR/usr/lib/libsepol.a install install-pywrap > install-rubywrap > > $ head -n 2 /selinux-DESTDIR/usr/lib/pkgconfig/libsepol.pc > prefix=//usr > exec_prefix=${prefix} > > vs > > $ make PREFIX=/selinux-PREFIX install install-pywrap install- > rubywrap > > $ head -n 2 /selinux-PREFIX/usr/lib/pkgconfig/libsepol.pc > prefix=/selinux-PREFIX/usr > exec_prefix=${prefix} > > I've got two work-in-progress patches for that: > > https://github.com/bachradsusi/SELinuxProject-selinux/commit/03d7e6a3 > 802aa5376fe6162f6e7f9a6314f2b028 > https://github.com/bachradsusi/SELinuxProject-selinux/commit/ddf070fa > 82a4331b8fe2d82f61929c1120a12630 > > They need more testing and some enhancements but for the first look > they > seem to work. At least structure of directories seem to be same. > > > > > > > > > -checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA) > > > +checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA) > > > > > > %.o: %.c > > > $(CC) $(CFLAGS) -o $@ -c $< > > > @@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c > > > $(LEX) policy_scan.l > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - -mkdir -p $(MANDIR)/man8 > > > - install -m 755 $(TARGETS) $(BINDIR) > > > - install -m 644 checkpolicy.8 $(MANDIR)/man8 > > > - install -m 644 checkmodule.8 $(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) > > > + install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8 > > > > > > relabel: install > > > - /sbin/restorecon $(BINDIR)/checkpolicy > > > - /sbin/restorecon $(BINDIR)/checkmodule > > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy > > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule > > > > > > clean: > > > -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) > > > y.tab.c > > > y.tab.h lex.yy.c > > > diff --git a/checkpolicy/test/Makefile > > > b/checkpolicy/test/Makefile > > > index 59fa4460..c9a8d4c5 100644 > > > --- a/checkpolicy/test/Makefile > > > +++ b/checkpolicy/test/Makefile > > > @@ -1,7 +1,7 @@ > > > # > > > # Makefile for building the dispol program > > > # > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > BINDIR ?= $(PREFIX)/bin > > > LIBDIR ?= $(PREFIX)/lib > > > INCLUDEDIR ?= $(PREFIX)/include > > > @@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe > > > > > > all: dispol dismod > > > > > > -dispol: dispol.o $(LIBSEPOLA) > > > +dispol: dispol.o $(DESTDIR)$(LIBSEPOLA) > > > > > > -dismod: dismod.o $(LIBSEPOLA) > > > +dismod: dismod.o $(DESTDIR)$(LIBSEPOLA) > > > > Ditto > > > > > > > > clean: > > > -rm -f dispol dismod *.o > > > diff --git a/gui/Makefile b/gui/Makefile > > > index 4fc2c1a1..52c3cab2 100644 > > > --- a/gui/Makefile > > > +++ b/gui/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= ${DESTDIR}/usr > > > +PREFIX ?= /usr > > > BINDIR ?= $(PREFIX)/bin > > > SHAREDIR ?= $(PREFIX)/share/system-config-selinux > > > DATADIR ?= $(PREFIX)/share > > > @@ -24,29 +24,29 @@ usersPage.py > > > all: $(TARGETS) system-config-selinux.py polgengui.py > > > > > > install: all > > > - -mkdir -p $(MANDIR)/man8 > > > - -mkdir -p $(SHAREDIR) > > > - -mkdir -p $(BINDIR) > > > - -mkdir -p $(DATADIR)/pixmaps > > > - -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps > > > - -mkdir -p $(DATADIR)/polkit-1/actions/ > > > - install -m 755 system-config-selinux.py $(SHAREDIR) > > > - install -m 755 system-config-selinux $(BINDIR) > > > - install -m 755 polgengui.py $(SHAREDIR) > > > - install -m 644 $(TARGETS) $(SHAREDIR) > > > - install -m 644 system-config-selinux.8 $(MANDIR)/man8 > > > - install -m 644 selinux-polgengui.8 $(MANDIR)/man8 > > > - install -m 644 system-config-selinux.png > > > $(DATADIR)/pixmaps > > > - install -m 644 system-config-selinux.png > > > $(DATADIR)/icons/hicolor/24x24/apps > > > - install -m 644 system-config-selinux.png > > > $(DATADIR)/system- > > > config-selinux > > > - install -m 644 *.desktop $(DATADIR)/system-config- > > > selinux > > > > This one seems to have been dropped accidentally rather than > > augmented > > with $(DESTDIR). > > > > > - -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps > > > - install -m 644 sepolicy_256.png > > > $(DATADIR)/pixmaps/sepolicy.png > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(SHAREDIR) > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps > > > + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps > > > + -mkdir -p $(DESTDIR)$(SYSCONFDIR) > > > + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ > > > + install -m 755 system-config-selinux.py > > > $(DESTDIR)$(SHAREDIR) > > > + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) > > > + install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) > > > + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) > > > + install -m 644 system-config-selinux.8 > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 selinux-polgengui.8 > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 system-config-selinux.png > > > $(DESTDIR)$(DATADIR)/pixmaps > > > + install -m 644 system-config-selinux.png > > > $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps > > > + install -m 644 system-config-selinux.png > > > $(DESTDIR)$(DATADIR)/system-config-selinux > > > + -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps > > > + install -m 644 sepolicy_256.png > > > $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png > > > for i in 16 22 32 48 256; do \ > > > - mkdir -p $(DESTDIR) > > > $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ > > > - install -m 644 sepolicy_$${i}.png > > > $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ > > > + mkdir -p > > > $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ > > > + install -m 644 sepolicy_$${i}.png > > > $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; > > > \ > > > done > > > - install -m 644 org.selinux.config.policy > > > $(DATADIR)/polkit- > > > 1/actions/ > > > + install -m 644 org.selinux.config.policy > > > $(DESTDIR)$(DATADIR)/polkit-1/actions/ > > > clean: > > > > > > indent: > > > diff --git a/libselinux/include/Makefile > > > b/libselinux/include/Makefile > > > index 757a6c9c..c1d3fa15 100644 > > > --- a/libselinux/include/Makefile > > > +++ b/libselinux/include/Makefile > > > @@ -1,12 +1,12 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCDIR ?= $(PREFIX)/include/selinux > > > > > > all: > > > > > > install: all > > > - test -d $(INCDIR) || install -m 755 -d $(INCDIR) > > > - install -m 644 $(wildcard selinux/*.h) $(INCDIR) > > > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d > > > $(DESTDIR)$(INCDIR) > > > + install -m 644 $(wildcard selinux/*.h) > > > $(DESTDIR)$(INCDIR) > > > > > > relabel: > > > > > > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile > > > index 4306dd0e..6d65b682 100644 > > > --- a/libselinux/src/Makefile > > > +++ b/libselinux/src/Makefile > > > @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) > > > PKG_CONFIG ?= pkg-config > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > -SHLIBDIR ?= $(DESTDIR)/lib > > > +SHLIBDIR ?= /lib > > > INCLUDEDIR ?= $(PREFIX)/include > > > PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) > > > PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) > > > -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; > > > print(site.getsitepackages()[0])') > > > +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; > > > print(site.getsitepackages()[0])') > > > PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t > > > in > > > imp.get_suffixes() if t == imp.C_EXTENSION][0])') > > > RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + > > > RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + > > > RbConfig::CONFIG["rubyhdrdir"]') > > > RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + > > > RbConfig::CONFIG["libdir"] + " -lruby"') > > > -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts > > > RbConfig::CONFIG["vendorarchdir"]') > > > +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts > > > RbConfig::CONFIG["vendorarchdir"]') > > > LIBBASE ?= $(shell basename $(LIBDIR)) > > > LIBSEPOLA ?= $(LIBDIR)/libsepol.a > > > > > > @@ -156,7 +156,7 @@ selinuxswig_python_exception.i: > > > ../include/selinux/selinux.h > > > $(AUDIT2WHYLOBJ): audit2why.c > > > $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC > > > -DSHARED -c -o $@ $< > > > > > > -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) > > > +$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA) > > > $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ > > > -lselinux > > > $(PYLIBS) > > > > Here again with using DESTDIR outside of install. > > > > > > > > %.o: %.c policy.h > > > @@ -177,26 +177,26 @@ swigify: $(SWIGIF) > > > $(SWIG) $< > > > > > > install: all > > > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) > > > - install -m 644 $(LIBA) $(LIBDIR) > > > - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) > > > - install -m 755 $(LIBSO) $(SHLIBDIR) > > > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d > > > $(LIBDIR)/pkgconfig > > > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig > > > - ln -sf --relative $(SHLIBDIR)/$(LIBSO) > > > $(LIBDIR)/$(TARGET) > > > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d > > > $(DESTDIR)$(LIBDIR) > > > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) > > > + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d > > > $(DESTDIR)$(SHLIBDIR) > > > + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) > > > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 > > > -d > > > $(DESTDIR)$(LIBDIR)/pkgconfig > > > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig > > > + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > > > $(DESTDIR)$(LIBDIR)/$(TARGET) > > > > > > install-pywrap: pywrap > > > - test -d $(PYSITEDIR)/selinux || install -m 755 -d > > > $(PYSITEDIR)/selinux > > > - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT) > > > - install -m 755 $(AUDIT2WHYSO) > > > $(PYSITEDIR)/selinux/audit2why$(PYCEXT) > > > - install -m 644 $(SWIGPYOUT) > > > $(PYSITEDIR)/selinux/__init__.py > > > + test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 > > > -d > > > $(DESTDIR)$(PYSITEDIR)/selinux > > > + install -m 755 $(SWIGSO) > > > $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT) > > > + install -m 755 $(AUDIT2WHYSO) > > > $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT) > > > + install -m 644 $(SWIGPYOUT) > > > $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py > > > > > > install-rubywrap: rubywrap > > > - test -d $(RUBYINSTALL) || install -m 755 -d > > > $(RUBYINSTALL) > > > - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so > > > + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d > > > $(DESTDIR)$(RUBYINSTALL) > > > + install -m 755 $(SWIGRUBYSO) > > > $(DESTDIR)$(RUBYINSTALL)/selinux.so > > > > > > relabel: > > > - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) > > > + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > > > > > > clean-pywrap: > > > -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) > > > $(AUDIT2WHYSO) > > > diff --git a/libselinux/utils/Makefile > > > b/libselinux/utils/Makefile > > > index 843b0e7c..882a6787 100644 > > > --- a/libselinux/utils/Makefile > > > +++ b/libselinux/utils/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > SBINDIR ?= $(PREFIX)/sbin > > > INCLUDEDIR ?= $(PREFIX)/include > > > @@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o > > > ../src/regex.o > > > all: $(TARGETS) > > > > > > install: all > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 $(TARGETS) $(SBINDIR) > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) > > > > > > clean: > > > rm -f $(TARGETS) *.o *~ > > > diff --git a/libsemanage/include/Makefile > > > b/libsemanage/include/Makefile > > > index b660660e..6e44a28a 100644 > > > --- a/libsemanage/include/Makefile > > > +++ b/libsemanage/include/Makefile > > > @@ -1,12 +1,12 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCDIR ?= $(PREFIX)/include/semanage > > > > > > all: > > > > > > install: all > > > - test -d $(INCDIR) || install -m 755 -d $(INCDIR) > > > - install -m 644 $(wildcard semanage/*.h) $(INCDIR) > > > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d > > > $(DESTDIR)$(INCDIR) > > > + install -m 644 $(wildcard semanage/*.h) > > > $(DESTDIR)$(INCDIR) > > > > > > indent: > > > ../../scripts/Lindent $(wildcard semanage/*.h) > > > diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile > > > index f01385c5..8c0b4557 100644 > > > --- a/libsemanage/src/Makefile > > > +++ b/libsemanage/src/Makefile > > > @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY)) > > > PKG_CONFIG ?= pkg-config > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > -SHLIBDIR ?= $(DESTDIR)/lib > > > +SHLIBDIR ?= /lib > > > INCLUDEDIR ?= $(PREFIX)/include > > > PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) > > > PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) > > > -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; > > > print(site.getsitepackages()[0])') > > > +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; > > > print(site.getsitepackages()[0])') > > > PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t > > > in > > > imp.get_suffixes() if t == imp.C_EXTENSION][0])') > > > RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + > > > RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + > > > RbConfig::CONFIG["rubyhdrdir"]') > > > RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + > > > RbConfig::CONFIG["libdir"] + " -lruby"') > > > -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts > > > RbConfig::CONFIG["vendorarchdir"]') > > > +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts > > > RbConfig::CONFIG["vendorarchdir"]') > > > > > > LIBBASE=$(shell basename $(LIBDIR)) > > > > > > @@ -136,26 +136,26 @@ swigify: $(SWIGIF) > > > $(SWIG) $< > > > > > > install: all > > > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) > > > - install -m 644 $(LIBA) $(LIBDIR) > > > - install -m 755 $(LIBSO) $(LIBDIR) > > > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d > > > $(LIBDIR)/pkgconfig > > > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig > > > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d > > > $(DESTDIR)$(LIBDIR) > > > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) > > > + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) > > > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 > > > -d > > > $(DESTDIR)$(LIBDIR)/pkgconfig > > > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig > > > test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m > > > 644 > > > -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION) > > > - cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET) > > > + cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET) > > > > > > install-pywrap: pywrap > > > - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR) > > > - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT) > > > - install -m 644 semanage.py $(PYSITEDIR) > > > + test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d > > > $(DESTDIR)$(PYSITEDIR) > > > + install -m 755 $(SWIGSO) > > > $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT) > > > + install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR) > > > > > > > > > install-rubywrap: rubywrap > > > - test -d $(RUBYINSTALL) || install -m 755 -d > > > $(RUBYINSTALL) > > > - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so > > > + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d > > > $(DESTDIR)$(RUBYINSTALL) > > > + install -m 755 $(SWIGRUBYSO) > > > $(DESTDIR)$(RUBYINSTALL)/semanage.so > > > > > > relabel: > > > - /sbin/restorecon $(LIBDIR)/$(LIBSO) > > > + /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO) > > > > > > clean: > > > -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) > > > $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf- > > > parse.h conf-scan.c *.o *.lo *~ > > > diff --git a/libsemanage/tests/Makefile > > > b/libsemanage/tests/Makefile > > > index 2ef8d30d..8103cf8f 100644 > > > --- a/libsemanage/tests/Makefile > > > +++ b/libsemanage/tests/Makefile > > > @@ -1,4 +1,4 @@ > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > > > > # Add your test source files here: > > > diff --git a/libsemanage/utils/Makefile > > > b/libsemanage/utils/Makefile > > > index 725f0eec..5b8fbb6b 100644 > > > --- a/libsemanage/utils/Makefile > > > +++ b/libsemanage/utils/Makefile > > > @@ -1,13 +1,13 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBEXECDIR ?= $(PREFIX)/libexec > > > SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/ > > > > > > all: > > > > > > install: all > > > - -mkdir -p $(SELINUXEXECDIR) > > > - install -m 755 semanage_migrate_store $(SELINUXEXECDIR) > > > + -mkdir -p $(DESTDIR)$(SELINUXEXECDIR) > > > + install -m 755 semanage_migrate_store > > > $(DESTDIR)$(SELINUXEXECDIR) > > > > > > clean: > > > > > > diff --git a/libsepol/include/Makefile > > > b/libsepol/include/Makefile > > > index 56b7a114..49f817ce 100644 > > > --- a/libsepol/include/Makefile > > > +++ b/libsepol/include/Makefile > > > @@ -1,17 +1,17 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCDIR ?= $(PREFIX)/include/sepol > > > CILDIR ?= ../cil > > > > > > all: > > > > > > install: all > > > - test -d $(INCDIR) || install -m 755 -d $(INCDIR) > > > - test -d $(INCDIR)/policydb || install -m 755 -d > > > $(INCDIR)/policydb > > > - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil > > > - install -m 644 $(wildcard sepol/*.h) $(INCDIR) > > > - install -m 644 $(wildcard sepol/policydb/*.h) > > > $(INCDIR)/policydb > > > - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) > > > $(INCDIR)/cil > > > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d > > > $(DESTDIR)$(INCDIR) > > > + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 > > > -d > > > $(DESTDIR)$(INCDIR)/policydb > > > + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d > > > $(DESTDIR)$(INCDIR)/cil > > > + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR) > > > + install -m 644 $(wildcard sepol/policydb/*.h) > > > $(DESTDIR)$(INCDIR)/policydb > > > + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) > > > $(DESTDIR)$(INCDIR)/cil > > > > > > indent: > > > ../../scripts/Lindent $(wildcard sepol/*.h) > > > diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile > > > index 819d261b..4c7e23fa 100644 > > > --- a/libsepol/src/Makefile > > > +++ b/libsepol/src/Makefile > > > @@ -1,8 +1,8 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > LIBDIR ?= $(PREFIX)/lib > > > -SHLIBDIR ?= $(DESTDIR)/lib > > > +SHLIBDIR ?= $(PREFIX)/lib > > > > This yields a change in the default install location for > > libsepol.so.1 > > (/lib -> /usr/lib). > > > > > RANLIB ?= ranlib > > > LIBBASE ?= $(shell basename $(LIBDIR)) > > > CILDIR ?= ../cil > > > @@ -80,16 +80,16 @@ endif > > > $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< > > > > > > install: all > > > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) > > > - install -m 644 $(LIBA) $(LIBDIR) > > > - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) > > > - install -m 755 $(LIBSO) $(SHLIBDIR) > > > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d > > > $(LIBDIR)/pkgconfig > > > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig > > > - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) > > > $(LIBDIR)/$(TARGET) > > > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d > > > $(DESTDIR)$(LIBDIR) > > > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) > > > + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d > > > $(DESTDIR)$(SHLIBDIR) > > > + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) > > > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 > > > -d > > > $(DESTDIR)$(LIBDIR)/pkgconfig > > > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig > > > + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > > > $(DESTDIR)$(LIBDIR)/$(TARGET) > > > > > > relabel: > > > - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) > > > + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) > > > > > > clean: > > > -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) > > > $(LIBSO) > > > $(TARGET) $(CIL_GENERATED) > > > diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile > > > index fba1d8a0..31932c11 100644 > > > --- a/libsepol/utils/Makefile > > > +++ b/libsepol/utils/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > BINDIR ?= $(PREFIX)/bin > > > > > > CFLAGS ?= -Wall -Werror > > > @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard > > > *.c))) > > > all: $(TARGETS) > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 $(TARGETS) $(BINDIR) > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR) > > > > > > clean: > > > -rm -f $(TARGETS) *.o > > > diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile > > > index 8e971192..dbd87f49 100644 > > > --- a/mcstrans/man/Makefile > > > +++ b/mcstrans/man/Makefile > > > @@ -1,11 +1,11 @@ > > > # Installation directories. > > > -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8 > > > +MAN8DIR ?= /usr/share/man/man8 > > > > > > all: > > > > > > install: all > > > - mkdir -p $(MAN8DIR) > > > - install -m 644 man8/*.8 $(MAN8DIR) > > > + mkdir -p $(DESTDIR)$(MAN8DIR) > > > + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR) > > > > > > clean: > > > -rm -f *~ \#* > > > diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile > > > index 709e1e02..be54e349 100644 > > > --- a/mcstrans/src/Makefile > > > +++ b/mcstrans/src/Makefile > > > @@ -1,9 +1,9 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > -SBINDIR ?= $(DESTDIR)/sbin > > > -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d > > > -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd > > > +SBINDIR ?= /sbin > > > +INITDIR ?= /etc/rc.d/init.d > > > +SYSTEMDDIR ?= /usr/lib/systemd > > > > > > PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c > > > PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC)) > > > @@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE > > > -D_FILE_OFFSET_BITS=64 > > > all: $(PROG) > > > > > > $(PROG): $(PROG_OBJS) > > > - $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre > > > $(LIBDIR)/libsepol.a > > > + $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre > > > $(DESTDIR)$(LIBDIR)/libsepol.a > > > > > > %.o: %.c > > > $(CC) $(CFLAGS) -fPIE -c -o $@ $< > > > > > > install: all > > > - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) > > > - install -m 755 $(PROG) $(SBINDIR) > > > - test -d $(INITDIR) || install -m 755 -d $(INITDIR) > > > - install -m 755 $(INITSCRIPT).init > > > $(INITDIR)/$(INITSCRIPT) > > > - test -d $(SYSTEMDDIR)/system || install -m 755 -d > > > $(SYSTEMDDIR)/system > > > - install -m 644 mcstrans.service $(SYSTEMDDIR)/system/ > > > + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d > > > $(DESTDIR)$(SBINDIR) > > > + install -m 755 $(PROG) $(DESTDIR)$(SBINDIR) > > > + test -d $(DESTDIR)$(INITDIR) || install -m 755 -d > > > $(DESTDIR)$(INITDIR) > > > + install -m 755 $(INITSCRIPT).init > > > $(DESTDIR)$(INITDIR)/$(INITSCRIPT) > > > + test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 > > > -d > > > $(DESTDIR)$(SYSTEMDDIR)/system > > > + install -m 644 mcstrans.service > > > $(DESTDIR)$(SYSTEMDDIR)/system/ > > > > > > clean: > > > -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) > > > *~ > > > \#* > > > diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile > > > index 4d3cbfcb..1364cece 100644 > > > --- a/mcstrans/utils/Makefile > > > +++ b/mcstrans/utils/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > SBINDIR ?= $(PREFIX)/sbin > > > LIBSEPOLA ?= $(LIBDIR)/libsepol.a > > > @@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard > > > *.c))) > > > > > > all: $(TARGETS) > > > > > > -$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA) > > > +$(TARGETS): ../src/mcstrans.o ../src/mls_level.o > > > $(DESTDIR)$(LIBSEPOLA) > > > > > > install: all > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 $(TARGETS) $(SBINDIR) > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) > > > > > > test: > > > ./mlstrans-test-runner.py ../test/*.test > > > diff --git a/policycoreutils/hll/pp/Makefile > > > b/policycoreutils/hll/pp/Makefile > > > index 3401dcc9..ed70c449 100644 > > > --- a/policycoreutils/hll/pp/Makefile > > > +++ b/policycoreutils/hll/pp/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > MANDIR = $(PREFIX)/share/man > > > LIBDIR ?= $(PREFIX)/lib > > > @@ -21,8 +21,8 @@ pp: $(PP_OBJS) > > > $(CC) $(CFLAGS) -c -o $@ $^ > > > > > > install: all > > > - -mkdir -p $(HLLDIR) > > > - install -m 755 pp $(HLLDIR) > > > + -mkdir -p $(DESTDIR)$(HLLDIR) > > > + install -m 755 pp $(DESTDIR)$(HLLDIR) > > > > > > relabel: > > > > > > diff --git a/policycoreutils/load_policy/Makefile > > > b/policycoreutils/load_policy/Makefile > > > index b85833c2..00f59aba 100644 > > > --- a/policycoreutils/load_policy/Makefile > > > +++ b/policycoreutils/load_policy/Makefile > > > @@ -1,6 +1,6 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > -SBINDIR ?= $(DESTDIR)/sbin > > > +PREFIX ?= /usr > > > +SBINDIR ?= /sbin > > > MANDIR ?= $(PREFIX)/share/man > > > LOCALEDIR ?= /usr/share/locale > > > > > > @@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard > > > *.c))) > > > all: $(TARGETS) > > > > > > install: all > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 $(TARGETS) $(SBINDIR) > > > - test -d $(MANDIR)/man8 || install -m 755 -d > > > $(MANDIR)/man8 > > > - install -m 644 load_policy.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) > > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/ > > > > > > clean: > > > -rm -f $(TARGETS) *.o > > > @@ -25,4 +25,4 @@ indent: > > > ../../scripts/Lindent $(wildcard *.[ch]) > > > > > > relabel: > > > - /sbin/restorecon $(SBINDIR)/load_policy > > > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy > > > diff --git a/policycoreutils/man/Makefile > > > b/policycoreutils/man/Makefile > > > index 0d91cd46..ae3d27b6 100644 > > > --- a/policycoreutils/man/Makefile > > > +++ b/policycoreutils/man/Makefile > > > @@ -1,12 +1,12 @@ > > > # Installation directories. > > > -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 > > > +MAN5DIR ?= /usr/share/man/man5 > > > > > > all: > > > > > > clean: > > > > > > install: all > > > - mkdir -p $(MAN5DIR) > > > - install -m 644 man5/*.5 $(MAN5DIR) > > > + mkdir -p $(DESTDIR)$(MAN5DIR) > > > + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) > > > > > > relabel: > > > diff --git a/policycoreutils/newrole/Makefile > > > b/policycoreutils/newrole/Makefile > > > index 196af926..e687b6ab 100644 > > > --- a/policycoreutils/newrole/Makefile > > > +++ b/policycoreutils/newrole/Makefile > > > @@ -1,8 +1,8 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > BINDIR ?= $(PREFIX)/bin > > > MANDIR ?= $(PREFIX)/share/man > > > -ETCDIR ?= $(DESTDIR)/etc > > > +ETCDIR ?= /etc > > > LOCALEDIR = /usr/share/locale > > > PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && > > > echo y) > > > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) > > > @@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS) > > > $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) > > > > > > install: all > > > - test -d $(BINDIR) || install -m 755 -d $(BINDIR) > > > - test -d $(ETCDIR)/pam.d || install -m 755 -d > > > $(ETCDIR)/pam.d > > > - test -d $(MANDIR)/man1 || install -m 755 -d > > > $(MANDIR)/man1 > > > - install -m $(MODE) newrole $(BINDIR) > > > - install -m 644 newrole.1 $(MANDIR)/man1/ > > > + test -d $(DESTDIR)$(BINDIR) || install -m 755 -d > > > $(DESTDIR)$(BINDIR) > > > + test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d > > > $(DESTDIR)$(ETCDIR)/pam.d > > > + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man1 > > > + install -m $(MODE) newrole $(DESTDIR)$(BINDIR) > > > + install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/ > > > ifeq ($(PAMH), y) > > > - test -d $(ETCDIR)/pam.d || install -m 755 -d > > > $(ETCDIR)/pam.d > > > + test -d $(ETCDIR)/pam.d || install -m 755 -d > > > $(DESTDIR)$(ETCDIR)/pam.d > > > > Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too. > > > > > ifeq ($(LSPP_PRIV),y) > > > - install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole > > > + install -m 644 newrole-lspp.pamd > > > $(DESTDIR)$(ETCDIR)/pam.d/newrole > > > else > > > - install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole > > > + install -m 644 newrole.pamd > > > $(DESTDIR)$(ETCDIR)/pam.d/newrole > > > endif > > > endif > > > > > > @@ -82,4 +82,4 @@ indent: > > > ../../scripts/Lindent $(wildcard *.[ch]) > > > > > > relabel: install > > > - /sbin/restorecon $(BINDIR)/newrole > > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole > > > diff --git a/policycoreutils/run_init/Makefile > > > b/policycoreutils/run_init/Makefile > > > index 921f0b07..8d8eb704 100644 > > > --- a/policycoreutils/run_init/Makefile > > > +++ b/policycoreutils/run_init/Makefile > > > @@ -1,9 +1,9 @@ > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > SBINDIR ?= $(PREFIX)/sbin > > > MANDIR ?= $(PREFIX)/share/man > > > -ETCDIR ?= $(DESTDIR)/etc > > > +ETCDIR ?= /etc > > > LOCALEDIR ?= /usr/share/locale > > > PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && > > > echo y) > > > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) > > > @@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c > > > > > > > > > install: all > > > - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) > > > - test -d $(MANDIR)/man8 || install -m 755 -d > > > $(MANDIR)/man8 > > > - install -m 755 run_init $(SBINDIR) > > > - install -m 755 open_init_pty $(SBINDIR) > > > - install -m 644 run_init.8 $(MANDIR)/man8/ > > > - install -m 644 open_init_pty.8 $(MANDIR)/man8/ > > > + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d > > > $(DESTDIR)$(SBINDIR) > > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 755 run_init $(DESTDIR)$(SBINDIR) > > > + install -m 755 open_init_pty $(DESTDIR)$(SBINDIR) > > > + install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/ > > > + install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/ > > > ifeq ($(PAMH), y) > > > - install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init > > > + install -m 644 run_init.pamd > > > $(DESTDIR)$(ETCDIR)/pam.d/run_init > > > endif > > > > > > clean: > > > @@ -49,4 +49,4 @@ indent: > > > ../../scripts/Lindent $(wildcard *.[ch]) > > > > > > relabel: install > > > - /sbin/restorecon $(SBINDIR)/run_init > > > $(SBINDIR)/open_init_pty > > > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init > > > $(DESTDIR)$(SBINDIR)/open_init_pty > > > diff --git a/policycoreutils/scripts/Makefile > > > b/policycoreutils/scripts/Makefile > > > index d9e86ffe..a988144b 100644 > > > --- a/policycoreutils/scripts/Makefile > > > +++ b/policycoreutils/scripts/Makefile > > > @@ -1,6 +1,6 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > -SBINDIR ?= $(DESTDIR)/sbin > > > +PREFIX ?= /usr > > > +SBINDIR ?= /sbin > > > MANDIR ?= $(PREFIX)/share/man > > > LOCALEDIR ?= $(PREFIX)/share/locale > > > > > > @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale > > > all: fixfiles > > > > > > install: all > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 fixfiles $(SBINDIR) > > > - -mkdir -p $(MANDIR)/man8 > > > - install -m 644 fixfiles.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 fixfiles $(DESTDIR)$(SBINDIR) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/ > > > > > > clean: > > > > > > diff --git a/policycoreutils/secon/Makefile > > > b/policycoreutils/secon/Makefile > > > index 8e491d74..c03f0d7d 100644 > > > --- a/policycoreutils/secon/Makefile > > > +++ b/policycoreutils/secon/Makefile > > > @@ -1,5 +1,5 @@ > > > # secon tool - command-line context > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > BINDIR ?= $(PREFIX)/bin > > > MANDIR ?= $(PREFIX)/share/man > > > @@ -18,13 +18,13 @@ secon: secon.o > > > install-nogui: install > > > > > > install: all > > > - install -m 755 secon $(BINDIR); > > > + install -m 755 secon $(DESTDIR)$(BINDIR); > > > > > > - test -d $(MANDIR)/man1 || install -m 755 -d > > > $(MANDIR)/man1 > > > - install -m 644 secon.1 $(MANDIR)/man1 > > > + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man1 > > > + install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1 > > > > > > relabel: > > > - /sbin/restorecon $(BINDIR)/secon > > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/secon > > > > > > clean: > > > rm -f *.o core* secon *~ *.bak > > > diff --git a/policycoreutils/semodule/Makefile > > > b/policycoreutils/semodule/Makefile > > > index fffb43ac..7c257bf5 100644 > > > --- a/policycoreutils/semodule/Makefile > > > +++ b/policycoreutils/semodule/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > SBINDIR ?= $(PREFIX)/sbin > > > MANDIR = $(PREFIX)/share/man > > > @@ -17,12 +17,12 @@ genhomedircon: > > > ln -sf semodule genhomedircon > > > > > > install: all > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 semodule $(SBINDIR) > > > - (cd $(SBINDIR); ln -sf semodule genhomedircon) > > > - test -d $(MANDIR)/man8 || install -m 755 -d > > > $(MANDIR)/man8 > > > - install -m 644 semodule.8 $(MANDIR)/man8/ > > > - install -m 644 genhomedircon.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 semodule $(DESTDIR)$(SBINDIR) > > > + (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon) > > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/ > > > + install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/ > > > > > > relabel: > > > > > > diff --git a/policycoreutils/sestatus/Makefile > > > b/policycoreutils/sestatus/Makefile > > > index 41ca6832..130b764b 100644 > > > --- a/policycoreutils/sestatus/Makefile > > > +++ b/policycoreutils/sestatus/Makefile > > > @@ -1,8 +1,8 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > SBINDIR ?= $(PREFIX)/sbin > > > MANDIR = $(PREFIX)/share/man > > > -ETCDIR ?= $(DESTDIR)/etc > > > +ETCDIR ?= /etc > > > LIBDIR ?= $(PREFIX)/lib > > > > > > CFLAGS ?= -Werror -Wall -W > > > @@ -14,14 +14,14 @@ all: sestatus > > > sestatus: sestatus.o > > > > > > install: all > > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > > > - [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5 > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 sestatus $(SBINDIR) > > > - install -m 644 sestatus.8 $(MANDIR)/man8 > > > - install -m 644 sestatus.conf.5 $(MANDIR)/man5 > > > - -mkdir -p $(ETCDIR) > > > - install -m 644 sestatus.conf $(ETCDIR) > > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > > > $(DESTDIR)$(MANDIR)/man8 > > > + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p > > > $(DESTDIR)$(MANDIR)/man5 > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 sestatus $(DESTDIR)$(SBINDIR) > > > + install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5 > > > + -mkdir -p $(DESTDIR)$(ETCDIR) > > > + install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR) > > > > > > clean: > > > rm -f sestatus *.o > > > diff --git a/policycoreutils/setfiles/Makefile > > > b/policycoreutils/setfiles/Makefile > > > index c08e2dd1..4e56698f 100644 > > > --- a/policycoreutils/setfiles/Makefile > > > +++ b/policycoreutils/setfiles/Makefile > > > @@ -1,6 +1,6 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > -SBINDIR ?= $(DESTDIR)/sbin > > > +PREFIX ?= /usr > > > +SBINDIR ?= /sbin > > > MANDIR = $(PREFIX)/share/man > > > LIBDIR ?= $(PREFIX)/lib > > > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) > > > @@ -29,14 +29,14 @@ man: > > > @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" > > > setfiles.8.man > > > > > > install: all > > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 setfiles $(SBINDIR) > > > - (cd $(SBINDIR) && ln -sf setfiles restorecon) > > > - install -m 755 restorecon_xattr $(SBINDIR) > > > - install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8 > > > - install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8 > > > - install -m 644 restorecon_xattr.8 > > > $(MANDIR)/man8/restorecon_xattr.8 > > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > > > $(DESTDIR)$(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 setfiles $(DESTDIR)$(SBINDIR) > > > + (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon) > > > + install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR) > > > + install -m 644 setfiles.8.man > > > $(DESTDIR)$(MANDIR)/man8/setfiles.8 > > > + install -m 644 restorecon.8 > > > $(DESTDIR)$(MANDIR)/man8/restorecon.8 > > > + install -m 644 restorecon_xattr.8 > > > $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8 > > > > > > clean: > > > rm -f setfiles restorecon restorecon_xattr *.o > > > setfiles.8.man > > > @@ -45,4 +45,4 @@ indent: > > > ../../scripts/Lindent $(wildcard *.[ch]) > > > > > > relabel: install > > > - $(SBINDIR)/restorecon $(SBINDIR)/setfiles > > > $(SBINDIR)/restorecon_xattr > > > + $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles > > > $(DESTDIR)$(SBINDIR)/restorecon_xattr > > > diff --git a/policycoreutils/setsebool/Makefile > > > b/policycoreutils/setsebool/Makefile > > > index bc254dab..f3379be9 100644 > > > --- a/policycoreutils/setsebool/Makefile > > > +++ b/policycoreutils/setsebool/Makefile > > > @@ -1,10 +1,10 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > SBINDIR ?= $(PREFIX)/sbin > > > MANDIR = $(PREFIX)/share/man > > > LIBDIR ?= $(PREFIX)/lib > > > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- > > > completion/completions > > > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions > > > > > > CFLAGS ?= -Werror -Wall -W > > > override LDLIBS += -lsepol -lselinux -lsemanage > > > @@ -17,12 +17,12 @@ all: setsebool > > > setsebool: $(SETSEBOOL_OBJS) > > > > > > install: all > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 setsebool $(SBINDIR) > > > - -mkdir -p $(MANDIR)/man8 > > > - install -m 644 setsebool.8 $(MANDIR)/man8/ > > > - -mkdir -p $(BASHCOMPLETIONDIR) > > > - install -m 644 $(BASHCOMPLETIONS) > > > $(BASHCOMPLETIONDIR)/setsebool > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 setsebool $(DESTDIR)$(SBINDIR) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) > > > + install -m 644 $(BASHCOMPLETIONS) > > > $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool > > > > > > relabel: > > > > > > diff --git a/python/audit2allow/Makefile > > > b/python/audit2allow/Makefile > > > index 8db8075f..02526fa7 100644 > > > --- a/python/audit2allow/Makefile > > > +++ b/python/audit2allow/Makefile > > > @@ -1,7 +1,7 @@ > > > PYTHON ?= python > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > BINDIR ?= $(PREFIX)/bin > > > LIBDIR ?= $(PREFIX)/lib > > > MANDIR ?= $(PREFIX)/share/man > > > @@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W > > > > > > all: audit2why sepolgen-ifgen-attr-helper > > > > > > -sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o > > > $(LIBSEPOLA) > > > +sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o > > > $(DESTDIR)$(LIBSEPOLA) > > > > > > audit2why: > > > ln -sf audit2allow audit2why > > > @@ -22,14 +22,14 @@ test: all > > > @$(PYTHON) test_audit2allow.py -v > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 audit2allow $(BINDIR) > > > - (cd $(BINDIR); ln -sf audit2allow audit2why) > > > - install -m 755 sepolgen-ifgen-attr-helper $(BINDIR) > > > - install -m 755 sepolgen-ifgen $(BINDIR) > > > - -mkdir -p $(MANDIR)/man1 > > > - install -m 644 audit2allow.1 $(MANDIR)/man1/ > > > - install -m 644 audit2why.1 $(MANDIR)/man1/ > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 audit2allow $(DESTDIR)$(BINDIR) > > > + (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why) > > > + install -m 755 sepolgen-ifgen-attr-helper > > > $(DESTDIR)$(BINDIR) > > > + install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man1 > > > + install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/ > > > + install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/ > > > > > > clean: > > > rm -f *~ *.o sepolgen-ifgen-attr-helper > > > diff --git a/python/chcat/Makefile b/python/chcat/Makefile > > > index 0fd12d6d..890033e2 100644 > > > --- a/python/chcat/Makefile > > > +++ b/python/chcat/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > BINDIR ?= $(PREFIX)/bin > > > MANDIR ?= $(PREFIX)/share/man > > > LOCALEDIR ?= $(PREFIX)/share/locale > > > @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale > > > all: chcat > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 chcat $(BINDIR) > > > - -mkdir -p $(MANDIR)/man8 > > > - install -m 644 chcat.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 chcat $(DESTDIR)$(BINDIR) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/ > > > > > > clean: > > > > > > diff --git a/python/semanage/Makefile b/python/semanage/Makefile > > > index 60c36a3a..bd02e9e9 100644 > > > --- a/python/semanage/Makefile > > > +++ b/python/semanage/Makefile > > > @@ -1,29 +1,29 @@ > > > PYTHON ?= python > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > SBINDIR ?= $(PREFIX)/sbin > > > MANDIR = $(PREFIX)/share/man > > > PYLIBVER ?= $(shell $(PYTHON) -c 'import > > > sys;print("python%d.%d" % > > > sys.version_info[0:2])') > > > PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) > > > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- > > > completion/completions > > > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions > > > > > > TARGETS=semanage > > > > > > -BASHCOMPLETIONS=semanage-bash-completion.sh > > > +BASHCOMPLETIONS=semanage-bash-completion.sh > > > > > > all: $(TARGETS) > > > > > > install: all > > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 semanage $(SBINDIR) > > > - install -m 644 *.8 $(MANDIR)/man8 > > > - test -d $(PYTHONLIBDIR)/site-packages || install -m 755 > > > -d > > > $(PYTHONLIBDIR)/site-packages > > > - install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages > > > - -mkdir -p $(BASHCOMPLETIONDIR) > > > - install -m 644 $(BASHCOMPLETIONS) > > > $(BASHCOMPLETIONDIR)/semanage > > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > > > $(DESTDIR)$(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 semanage $(DESTDIR)$(SBINDIR) > > > + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 > > > + test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || > > > install > > > -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages > > > + install -m 755 seobject.py > > > $(DESTDIR)$(PYTHONLIBDIR)/site- > > > packages > > > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) > > > + install -m 644 $(BASHCOMPLETIONS) > > > $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage > > > > > > test: > > > @$(PYTHON) test-semanage.py -a > > > diff --git a/python/sepolgen/src/sepolgen/Makefile > > > b/python/sepolgen/src/sepolgen/Makefile > > > index d3aa7715..12ef0827 100644 > > > --- a/python/sepolgen/src/sepolgen/Makefile > > > +++ b/python/sepolgen/src/sepolgen/Makefile > > > @@ -1,12 +1,12 @@ > > > PYTHON ?= python > > > PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig > > > import *; print(get_python_lib(1))") > > > -PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen > > > +PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen > > > > > > all: > > > > > > install: all > > > - -mkdir -p $(PACKAGEDIR) > > > - install -m 644 *.py $(PACKAGEDIR) > > > + -mkdir -p $(DESTDIR)$(PACKAGEDIR) > > > + install -m 644 *.py $(DESTDIR)$(PACKAGEDIR) > > > > > > clean: > > > rm -f parser.out parsetab.py > > > diff --git a/python/sepolgen/src/share/Makefile > > > b/python/sepolgen/src/share/Makefile > > > index abf5e451..1a7133cb 100644 > > > --- a/python/sepolgen/src/share/Makefile > > > +++ b/python/sepolgen/src/share/Makefile > > > @@ -1,10 +1,10 @@ > > > -SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen > > > +SHAREDIR ?= /var/lib/sepolgen > > > > > > all: > > > > > > install: all > > > - -mkdir -p $(SHAREDIR) > > > - install -m 644 perm_map $(SHAREDIR) > > > + -mkdir -p $(DESTDIR)$(SHAREDIR) > > > + install -m 644 perm_map $(DESTDIR)$(SHAREDIR) > > > > > > clean: > > > - rm -f *~ > > > \ No newline at end of file > > > + rm -f *~ > > > diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile > > > index 5a56e6c8..c75dce73 100644 > > > --- a/python/sepolicy/Makefile > > > +++ b/python/sepolicy/Makefile > > > @@ -1,13 +1,13 @@ > > > PYTHON ?= python > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > LIBDIR ?= $(PREFIX)/lib > > > BINDIR ?= $(PREFIX)/bin > > > DATADIR ?= $(PREFIX)/share > > > MANDIR ?= $(PREFIX)/share/man > > > LOCALEDIR ?= /usr/share/locale > > > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash- > > > completion/completions > > > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions > > > SHAREDIR ?= $(PREFIX)/share/sandbox > > > CFLAGS ?= -Wall -Werror -Wextra -W > > > override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared > > > @@ -31,12 +31,12 @@ test: > > > > > > install: > > > $(PYTHON) setup.py install `test -n "$(DESTDIR)" && > > > echo -- > > > root $(DESTDIR)` > > > - [ -d $(BINDIR) ] || mkdir -p $(BINDIR) > > > - install -m 755 sepolicy.py $(BINDIR)/sepolicy > > > - (cd $(BINDIR); ln -sf sepolicy sepolgen) > > > - -mkdir -p $(MANDIR)/man8 > > > - install -m 644 *.8 $(MANDIR)/man8 > > > - -mkdir -p $(BASHCOMPLETIONDIR) > > > - install -m 644 $(BASHCOMPLETIONS) > > > $(BASHCOMPLETIONDIR)/sepolicy > > > + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p > > > $(DESTDIR)$(BINDIR) > > > + install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy > > > + (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) > > > + install -m 644 $(BASHCOMPLETIONS) > > > $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy > > > > > > relabel: > > > diff --git a/restorecond/Makefile b/restorecond/Makefile > > > index ada94aeb..a9a57b48 100644 > > > --- a/restorecond/Makefile > > > +++ b/restorecond/Makefile > > > @@ -1,17 +1,17 @@ > > > PKG_CONFIG ?= pkg-config > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > SBINDIR ?= $(PREFIX)/sbin > > > LIBDIR ?= $(PREFIX)/lib > > > MANDIR = $(PREFIX)/share/man > > > -AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart > > > -DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services > > > -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd > > > +AUTOSTARTDIR = /etc/xdg/autostart > > > +DBUSSERVICEDIR = /usr/share/dbus-1/services > > > +SYSTEMDDIR ?= /usr/lib/systemd > > > > > > autostart_DATA = sealertauto.desktop > > > -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d > > > -SELINUXDIR = $(DESTDIR)/etc/selinux > > > +INITDIR ?= /etc/rc.d/init.d > > > +SELINUXDIR = /etc/selinux > > > > > > DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus- > > > glib-1) > > > DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1) > > > @@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o > > > utmpwatcher.o stringslist.o user.o watch.o > > > $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) > > > > > > install: all > > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 > > > - -mkdir -p $(SBINDIR) > > > - install -m 755 restorecond $(SBINDIR) > > > - install -m 644 restorecond.8 $(MANDIR)/man8 > > > - -mkdir -p $(INITDIR) > > > - install -m 755 restorecond.init $(INITDIR)/restorecond > > > - -mkdir -p $(SELINUXDIR) > > > - install -m 644 restorecond.conf > > > $(SELINUXDIR)/restorecond.conf > > > - install -m 644 restorecond_user.conf > > > $(SELINUXDIR)/restorecond_user.conf > > > - -mkdir -p $(AUTOSTARTDIR) > > > - install -m 644 restorecond.desktop > > > $(AUTOSTARTDIR)/restorecond.desktop > > > - -mkdir -p $(DBUSSERVICEDIR) > > > - install -m 600 > > > org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Re > > > stor > > > econd.service > > > - -mkdir -p $(SYSTEMDDIR)/system > > > - install -m 644 restorecond.service $(SYSTEMDDIR)/system/ > > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p > > > $(DESTDIR)$(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 755 restorecond $(DESTDIR)$(SBINDIR) > > > + install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(INITDIR) > > > + install -m 755 restorecond.init > > > $(DESTDIR)$(INITDIR)/restorecond > > > + -mkdir -p $(DESTDIR)$(SELINUXDIR) > > > + install -m 644 restorecond.conf > > > $(DESTDIR)$(SELINUXDIR)/restorecond.conf > > > + install -m 644 restorecond_user.conf > > > $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf > > > + -mkdir -p $(DESTDIR)$(AUTOSTARTDIR) > > > + install -m 644 restorecond.desktop > > > $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop > > > + -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR) > > > + install -m 600 > > > org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org. > > > seli > > > nux.Restorecond.service > > > + -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system > > > + install -m 644 restorecond.service > > > $(DESTDIR)$(SYSTEMDDIR)/system/ > > > relabel: install > > > - /sbin/restorecon $(SBINDIR)/restorecond > > > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond > > > > > > clean: > > > -rm -f restorecond *.o *~ > > > diff --git a/sandbox/Makefile b/sandbox/Makefile > > > index 05c3d658..9c78041c 100644 > > > --- a/sandbox/Makefile > > > +++ b/sandbox/Makefile > > > @@ -1,8 +1,8 @@ > > > PYTHON ?= python > > > > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > -SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig > > > +PREFIX ?= /usr > > > +SYSCONFDIR ?= /etc/sysconfig > > > LIBDIR ?= $(PREFIX)/lib > > > BINDIR ?= $(PREFIX)/bin > > > SBINDIR ?= $(PREFIX)/sbin > > > @@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start > > > seunshare: $(SEUNSHARE_OBJS) > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 sandbox $(BINDIR) > > > - -mkdir -p $(MANDIR)/man8 > > > - install -m 644 sandbox.8 $(MANDIR)/man8/ > > > - install -m 644 seunshare.8 $(MANDIR)/man8/ > > > - -mkdir -p $(MANDIR)/man5 > > > - install -m 644 sandbox.5 $(MANDIR)/man5/ > > > - -mkdir -p $(SBINDIR) > > > - install -m 4755 seunshare $(SBINDIR)/ > > > - -mkdir -p $(SHAREDIR) > > > - install -m 755 sandboxX.sh $(SHAREDIR) > > > - install -m 755 start $(SHAREDIR) > > > - -mkdir -p $(SYSCONFDIR) > > > - install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 sandbox $(DESTDIR)$(BINDIR) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/ > > > + install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man5 > > > + install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/ > > > + -mkdir -p $(DESTDIR)$(SBINDIR) > > > + install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/ > > > + -mkdir -p $(DESTDIR)$(SHAREDIR) > > > + install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR) > > > + install -m 755 start $(DESTDIR)$(SHAREDIR) > > > + -mkdir -p $(DESTDIR)$(SYSCONFDIR) > > > + install -m 644 sandbox.conf > > > $(DESTDIR)$(SYSCONFDIR)/sandbox > > > > > > test: > > > @$(PYTHON) test_sandbox.py -v > > > diff --git a/secilc/Makefile b/secilc/Makefile > > > index 1cac53e4..597b4a27 100644 > > > --- a/secilc/Makefile > > > +++ b/secilc/Makefile > > > @@ -1,4 +1,4 @@ > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > BINDIR ?= $(PREFIX)/bin > > > MANDIR ?= $(PREFIX)/share/man > > > LIBDIR ?= $(PREFIX)/lib > > > @@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): > > > $(SECIL2CONF_MANPAGE).xml > > > $(XMLTO) man $(SECIL2CONF_MANPAGE).xml > > > > > > install: all man > > > - -mkdir -p $(BINDIR) > > > - -mkdir -p $(MANDIR)/man8 > > > - install -m 755 $(SECILC) $(BINDIR) > > > - install -m 755 $(SECIL2CONF) $(BINDIR) > > > - install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8 > > > - install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8 > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8 > > > + install -m 755 $(SECILC) $(DESTDIR)$(BINDIR) > > > + install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR) > > > + install -m 644 $(SECILC_MANPAGE) > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 $(SECIL2CONF_MANPAGE) > > > $(DESTDIR)$(MANDIR)/man8 > > > > > > doc: > > > $(MAKE) -C docs > > > diff --git a/semodule-utils/semodule_deps/Makefile b/semodule- > > > utils/semodule_deps/Makefile > > > index 328a5030..7b106781 100644 > > > --- a/semodule-utils/semodule_deps/Makefile > > > +++ b/semodule-utils/semodule_deps/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > BINDIR ?= $(PREFIX)/bin > > > LIBDIR ?= $(PREFIX)/lib > > > @@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W > > > > > > all: semodule_deps > > > > > > -semodule_deps: semodule_deps.o $(LIBSEPOLA) > > > +semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA) > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 semodule_deps $(BINDIR) > > > - test -d $(MANDIR)/man8 || install -m 755 -d > > > $(MANDIR)/man8 > > > - install -m 644 semodule_deps.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 semodule_deps $(DESTDIR)$(BINDIR) > > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/ > > > > > > relabel: > > > > > > diff --git a/semodule-utils/semodule_expand/Makefile b/semodule- > > > utils/semodule_expand/Makefile > > > index 072f2137..58d2d3cb 100644 > > > --- a/semodule-utils/semodule_expand/Makefile > > > +++ b/semodule-utils/semodule_expand/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > BINDIR ?= $(PREFIX)/bin > > > LIBDIR ?= $(PREFIX)/lib > > > @@ -13,10 +13,10 @@ all: semodule_expand > > > semodule_expand: semodule_expand.o > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 semodule_expand $(BINDIR) > > > - test -d $(MANDIR)/man8 || install -m 755 -d > > > $(MANDIR)/man8 > > > - install -m 644 semodule_expand.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 semodule_expand $(DESTDIR)$(BINDIR) > > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 semodule_expand.8 > > > $(DESTDIR)$(MANDIR)/man8/ > > > > > > relabel: > > > > > > diff --git a/semodule-utils/semodule_link/Makefile b/semodule- > > > utils/semodule_link/Makefile > > > index cc4687bd..178bea30 100644 > > > --- a/semodule-utils/semodule_link/Makefile > > > +++ b/semodule-utils/semodule_link/Makefile > > > @@ -1,6 +1,6 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > -INCLUDEDIR ?= $(PREFIX)/include > > > +PREFIX ?= /usr > > > +INCLUDEDIR ?= /include > > > BINDIR ?= $(PREFIX)/bin > > > MANDIR ?= $(PREFIX)/share/man > > > LIBDIR ?= $(PREFIX)/lib > > > @@ -13,10 +13,10 @@ all: semodule_link > > > semodule_link: semodule_link.o > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 semodule_link $(BINDIR) > > > - test -d $(MANDIR)/man8 || install -m 755 -d > > > $(MANDIR)/man8 > > > - install -m 644 semodule_link.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 semodule_link $(DESTDIR)$(BINDIR) > > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > > > $(PREFIX)$(MANDIR)/man8 > > > > Missing $(DESTDIR) in the final install location above. > > > > > + install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/ > > > > > > relabel: > > > > > > diff --git a/semodule-utils/semodule_package/Makefile b/semodule- > > > utils/semodule_package/Makefile > > > index 96dd7c4f..37bd0d4b 100644 > > > --- a/semodule-utils/semodule_package/Makefile > > > +++ b/semodule-utils/semodule_package/Makefile > > > @@ -1,5 +1,5 @@ > > > # Installation directories. > > > -PREFIX ?= $(DESTDIR)/usr > > > +PREFIX ?= /usr > > > INCLUDEDIR ?= $(PREFIX)/include > > > BINDIR ?= $(PREFIX)/bin > > > LIBDIR ?= $(PREFIX)/lib > > > @@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage > > > semodule_package: semodule_package.o > > > > > > install: all > > > - -mkdir -p $(BINDIR) > > > - install -m 755 semodule_package $(BINDIR) > > > - install -m 755 semodule_unpackage $(BINDIR) > > > - test -d $(MANDIR)/man8 || install -m 755 -d > > > $(MANDIR)/man8 > > > - install -m 644 semodule_package.8 $(MANDIR)/man8/ > > > - install -m 644 semodule_unpackage.8 $(MANDIR)/man8/ > > > + -mkdir -p $(DESTDIR)$(BINDIR) > > > + install -m 755 semodule_package $(DESTDIR)$(BINDIR) > > > + install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR) > > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d > > > $(DESTDIR)$(MANDIR)/man8 > > > + install -m 644 semodule_package.8 > > > $(DESTDIR)$(MANDIR)/man8/ > > > + install -m 644 semodule_unpackage.8 > > > $(DESTDIR)$(MANDIR)/man8/ > > > > > > relabel: > > > ^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc3 release candidate 2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley 2017-06-09 17:31 ` Stephen Smalley 2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley @ 2017-06-23 17:07 ` Stephen Smalley 2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley 2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley 3 siblings, 1 reply; 24+ messages in thread From: Stephen Smalley @ 2017-06-23 17:07 UTC (permalink / raw) To: selinux A third release candidate for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases Please give it a test and let us know if there are any issues. Changes from the -rc2 release: Jason Zaman (2): libselinux utils: override LD{FLAGS, LIBS} for libselinux.so in Makefile Makefiles: override *FLAGS and *LIBS Nicolas Iooss (3): libsemanage/tests: fix linking gui: do not create /etc python/sepolicy: remove definition of SYSCONFDIR Patrick Steinhardt (3): libsepol: replace non-standard use of __BEGIN_DECLS libselinux: avoid redefining _FORTIFY_SOURCE genhomedircon: avoid use of non-standard `getpwent_r` Petr Lautrbach (1): mcstrans: Allow overriding libsepol.a location during build Stephen Smalley (2): Fix BINDIR/SBINDIR/... variables in Makefiles Update VERSION files for 2.7-rc3 release. ^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc4 release candidate 2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley @ 2017-06-30 17:53 ` Stephen Smalley 2017-07-09 10:12 ` Jason Zaman 2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley 0 siblings, 2 replies; 24+ messages in thread From: Stephen Smalley @ 2017-06-30 17:53 UTC (permalink / raw) To: selinux A fourth (and hopefully final) release candidate for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases Please give it a test and let us know if there are any issues. Barring any significant further changes, a final 2.7 release is likely the week of July 10th. Changes from the -rc3 release: Laurent Bigonville (1): Fix consistency of PYTHONLIBDIR variable across modules Nicolas Iooss (3): Travis-CI: update the list of Ruby's and Python's versions libsepol/tests: override CPPFLAGS too Travis-CI: test defining CFLAGS, LDFLAGS, etc. on make command line Stephen Smalley (2): libselinux,libsemanage: fix RUBYLIBS definition Update VERSION files for 2.7-rc4 release. ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc4 release candidate 2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley @ 2017-07-09 10:12 ` Jason Zaman 2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley 1 sibling, 0 replies; 24+ messages in thread From: Jason Zaman @ 2017-07-09 10:12 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux https://bugs.gentoo.org/show_bug.cgi?id=621062 I'm fairly short on time lately. Does the patch in this bug seem right? If it does can you apply it before the final release? Thanks, Jason On Fri, Jun 30, 2017 at 01:53:28PM -0400, Stephen Smalley wrote: > A fourth (and hopefully final) release candidate for the SELinux > userspace is now available at: > https://github.com/SELinuxProject/selinux/wiki/Releases > > Please give it a test and let us know if there are any issues. > Barring any significant further changes, a final 2.7 release is likely > the week of July 10th. > > Changes from the -rc3 release: > > Laurent Bigonville (1): > Fix consistency of PYTHONLIBDIR variable across modules > > Nicolas Iooss (3): > Travis-CI: update the list of Ruby's and Python's versions > libsepol/tests: override CPPFLAGS too > Travis-CI: test defining CFLAGS, LDFLAGS, etc. on make command > line > > Stephen Smalley (2): > libselinux,libsemanage: fix RUBYLIBS definition > Update VERSION files for 2.7-rc4 release. > > > > ^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc5 release candidate 2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley 2017-07-09 10:12 ` Jason Zaman @ 2017-07-18 16:14 ` Stephen Smalley 2017-07-28 19:47 ` ANN: SELinux userspace 2.7-rc6 " Stephen Smalley 1 sibling, 1 reply; 24+ messages in thread From: Stephen Smalley @ 2017-07-18 16:14 UTC (permalink / raw) To: selinux A fifth release candidate for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases Please give it a test and let us know if there are any issues. Changes from the -rc4 release: Stephen Smalley (4): open_init_pty: Do not make stdin and stdout non-blocking Revert "open_init_pty: Do not make stdin and stdout non-blocking" open_init_pty: restore stdin/stdout to blocking upon exit Update VERSION files for 2.7-rc5 ^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc6 release candidate 2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley @ 2017-07-28 19:47 ` Stephen Smalley 0 siblings, 0 replies; 24+ messages in thread From: Stephen Smalley @ 2017-07-28 19:47 UTC (permalink / raw) To: selinux A sixth release candidate for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases Please give it a test and let us know if there are any issues. Changes from the -rc5 release: Dan Cashman (1): libsepol: cil: enable cpp compilation of cil.h. Petr Lautrbach (4): sepolicy: Fix minor typo in 'transition -s' test sepolicy: Fix syntax errors in 'manpage -w' sepolicy: Make manpage and transition faster sepolicy: File labels used to be sorted in a man page Stephen Smalley (2): libsepol: Define nnp_nosuid_transition policy capability Update VERSION files for 2.7-rc6 Tom Cherry (1): libselinux: fix thread safety issues with lookup_common() ^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace release 20170804 / 2.7 2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley ` (2 preceding siblings ...) 2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley @ 2017-08-04 18:57 ` Stephen Smalley 2017-08-04 19:21 ` Dominick Grift 3 siblings, 1 reply; 24+ messages in thread From: Stephen Smalley @ 2017-08-04 18:57 UTC (permalink / raw) To: selinux The 20170804 / 2.7 release for the SELinux userspace release is now available from: https://github.com/SELinuxProject/selinux/wiki/Releases Below are some notes on this release for packagers and users of the SELinux userspace. git log and git shortlog output for all changes since the 20161014 / 2.6 release are linked from the release page. Thanks to all the contributors to this release! If you notice corrections or additional items that should be added to the release notes (below and also linked from the releases page), reply to this message with your suggested changes/additions and we'll add them to the one linked from the releases page too. * This is the first release with the split up policycoreutils (see https://www.mail-archive.com/selinux@tycho.nsa.gov/msg02914.html and the rest of that thread). Fedora already packages many of these components separately, although not always with the same organization and naming scheme. Note that a number of these components are not necessary for basic use of SELinux and likely should not be installed by default, e.g. selinux-dbus, selinux-gui, mcstrans, restorecond, selinux-sandbox. * libsepol now has binary module support for ioctl xperms rules (module version 18), making it possible to use allowxperm rules in modularly built refpolicy-based policies. Previously, ioctl xperms rules were only supported in monolithic policy and in CIL modules. This change means that refpolicy and/or policies derived from it can begin to leverage ioctl whitelisting, which has already been leveraged for some time in Android policies, which do not rely on binary modules. * This release introduces support for Infiniband object labeling, including support for kernel policy version 31 and module version 19, policy.conf and CIL language support, and semanage support. The corresponding kernel support was introduced in Linux v4.13. * This release introduces support for building policies with the extended_socket_class, cgroup_seclabel, and nnp_nosuid_transition policy capabilities enabled: ** The extended_socket_class policy capability allows distinctions to be made in policy among socket address families that were previously mapped to the generic socket class (e.g. bluetooth, nfc, and many other socket address families that previously did not have their own distinct security class) as well as for SCTP and ICMP/ping sockets that were previously mapped to the rawip_socket class. This policy capability is supported by Linux v4.11 and later. Enabling this capability in policy requires reviewing existing rules on socket and rawip_socket classes to determine whether they should be duplicated for the new classes. ** The cgroup_seclabel policy capability allows userspace to set labels on cgroup/cgroup2 files, enabling fine-grained labeling of cgroup files by userspace. This policy capability is also supported by Linux v4.11 and later. Note that enabling this capability will break current Android userspace/policy and requires introducing appropriate file_contexts definitions for cgroup files (or a change to the Android init program's handling of them) in order to avoid mislabeling them. ** The nnp_nosuid_transition policy capability enables SELinux domain transitions to occur under no_new_privs (NNP) or on nosuid mounts if the corresponding permission (nnp_transition for NNP, nosuid_transition for nosuid; both in the newly defined process2 security class / access vector) is allowed between the old and new contexts. This change was motivated by the increasing use of NNP by systemd for confining system services and the desire to be able to leverage NNP/nosuid-provided protections in combination with SELinux rather than having to make undesirable tradeoffs in security. With this policy capability enabled and the corresponding permissions allowed where required, it should be possible to use upstream systemd unit files without modification on SELinux-enabled systems. NB: Allowing nnp_transition between two contexts opens up the potential for the old context to subvert the new context by installing seccomp filters before the execve. Allowing nosuid_transition between two contexts opens up the potential for a context transition to occur on a file from an untrusted filesystem (e.g. removable media or remote filesystem). Use with care. * checkpolicy now supports generating CIL or policy.conf from a kernel binary policy. Sample usage is checkpolicy -M -C -b policy.N -o policy.cil and checkpolicy -M -F -b policy.N -o policy.conf. There is also now a secil2conf program that can generate policy.conf from CIL, e.g. secil2conf -o policy.conf policy.cil. * Attribute generation and expansion has changed in several ways in order to address kernel runtime performance issues that occur when types have many attributes assigned to them while ensuring preservation of attributes where desired. Binary module to CIL conversion now ensures that duplicate attributes are not generated for the same type set. secilc now supports -G and -X options to force expansion of automatically generated attributes (-G) and/or attributes that have fewer than a specified number of types (-X number). secilc will also now more aggressively expand attributes based on whether they will actually be used by the kernel, are needed for debugging denials by audit2allow/why, or are needed for neverallow checking of binary policies (in Android). New statements are supported in policy.conf (expandattribute) and in CIL (expandtypeattribute) to support specifying in source policy that specific attributes should always be expanded or never be expanded in order to override the default behaviors in checkpolicy and secilc. * checkpolicy/checkmodule now treats it as an error if a type is declared as an attribute or vice versa in a require block. Such mismatches between declarations and require statements are an error in policy and should be corrected in policy; refpolicy master should already be fixed. * A change to libsepol-internal data structures breaks the build of setools4. This is fixed by setools4 commit 743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch. The change was to align the libsepol structures with the kernel in order to allow direct comparison of libsepol-generated policy files against /sys/fs/selinux/policy after normalizing them through checkpolicy. * audit2why now understands type bounds failures and reports them as such, although it does not yet provide detailed reporting. Detailed bounds violation reporting can be obtained already by enabling expand- check=1 in semanage.conf or by running semodule_expand (without -a) at policy validation time. * libsemanage now saves the linked policy and skips re-linking whenever possible. This significantly improves the performance and memory overhead of semanage commands that do not affect policy modules (setting booleans and adding, deleting, or modifying local context mappings). Previously, libsemanage only skipped re-linking when setting booleans as a special case, but this was found to have a bug that could yield duplicate object context entries (e.g. portcon) in policy. That optimization was therefore reverted and replaced with this one, which both fixes the bug and generalizes the optimization beyond just setting booleans. The change does bring an associated storage cost, primarily storing an extra copy of the kernel policy file (if a concern, this could be made optional but it seems well worth it). The first semanage or setsebool -P command run with the new libsemanage will not demonstrate any improvement due to needing to generate the linked policy for the first time, but subsequent commands will leverage the saved linked policy. * libsemanage no longer depends on ustr. * libselinux/utils Makefile now uses SBINDIR instead of USRBINDIR. * mcstrans/utils Makefile now uses SBINDIR instead of BINDIR. * Some packages (libselinux, checkpolicy, selinux-python, semodule-utils and mcstrans) require LIBSEPOLA to be set to the absolute path to libsepol.a when building with DESTDIR set. * policycoreutils make install no longer creates a symlink from /usr/sbin/load_policy to /sbin/load_policy. ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace release 20170804 / 2.7 2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley @ 2017-08-04 19:21 ` Dominick Grift 0 siblings, 0 replies; 24+ messages in thread From: Dominick Grift @ 2017-08-04 19:21 UTC (permalink / raw) To: selinux [-- Attachment #1: Type: text/plain, Size: 9138 bytes --] On Fri, Aug 04, 2017 at 02:57:20PM -0400, Stephen Smalley wrote: > The 20170804 / 2.7 release for the SELinux userspace release is now > available from: > https://github.com/SELinuxProject/selinux/wiki/Releases Thanks for bringing us this new release! > > Below are some notes on this release for packagers and users of the > SELinux userspace. git log and git shortlog output for all changes > since the 20161014 / 2.6 release are linked from the release page. > Thanks to all the contributors to this release! > > If you notice corrections or additional items that should be added to > the release notes (below and also linked from the releases page), reply > to this message with your suggested changes/additions and we'll add > them to the one linked from the releases page too. > > * This is the first release with the split up policycoreutils (see > https://www.mail-archive.com/selinux@tycho.nsa.gov/msg02914.html and > the rest of that thread). Fedora already packages many of these > components separately, although not always with the same organization > and naming scheme. Note that a number of these components are not > necessary for basic use of SELinux and likely should not be installed > by default, e.g. selinux-dbus, selinux-gui, mcstrans, restorecond, > selinux-sandbox. > > * libsepol now has binary module support for ioctl xperms rules > (module version 18), making it possible to use allowxperm rules in > modularly built refpolicy-based policies. Previously, ioctl xperms > rules were only supported in monolithic policy and in CIL modules. > This change means that refpolicy and/or policies derived from it can > begin to leverage ioctl whitelisting, which has already been leveraged > for some time in Android policies, which do not rely on binary modules. > > * This release introduces support for Infiniband object labeling, > including support for kernel policy version 31 and module version 19, > policy.conf and CIL language support, and semanage support. The > corresponding kernel support was introduced in Linux v4.13. > > * This release introduces support for building policies with the > extended_socket_class, cgroup_seclabel, and nnp_nosuid_transition > policy > capabilities enabled: > > ** The extended_socket_class policy capability allows distinctions to > be made in policy among socket address families that were previously > mapped to the generic socket class (e.g. bluetooth, nfc, and many > other socket address families that previously did not have their own > distinct security class) as well as for SCTP and ICMP/ping sockets > that were previously mapped to the rawip_socket class. This policy > capability is supported by Linux v4.11 and later. Enabling this > capability > in policy requires reviewing existing rules on socket and rawip_socket > classes to determine whether they should be duplicated for the new > classes. > > ** The cgroup_seclabel policy capability allows userspace to set > labels on cgroup/cgroup2 files, enabling fine-grained labeling of > cgroup files by userspace. This policy capability is also supported > by Linux v4.11 and later. Note that enabling this capability will > break current Android userspace/policy and requires introducing > appropriate file_contexts definitions for cgroup files (or a change to > the Android init program's handling of them) in order to avoid > mislabeling them. > > ** The nnp_nosuid_transition policy capability enables SELinux domain > transitions to occur under no_new_privs (NNP) or on nosuid mounts if > the corresponding permission (nnp_transition for NNP, > nosuid_transition for nosuid; both in the newly defined process2 > security class / access vector) is allowed between the old and new > contexts. This change was motivated by the increasing use of NNP by > systemd for confining system services and the desire to be able to > leverage NNP/nosuid-provided protections in combination with SELinux > rather than having to make undesirable tradeoffs in security. With > this policy capability enabled and the corresponding permissions > allowed where required, it should be possible to use upstream systemd > unit files without modification on SELinux-enabled systems. > NB: Allowing nnp_transition between two contexts opens up the > potential for the old context to subvert the new context by > installing seccomp filters before the execve. Allowing > nosuid_transition between two contexts opens up the potential for > a context transition to occur on a file from an untrusted > filesystem (e.g. removable media or remote filesystem). Use with > care. Linux support is expected with 4.14 > > * checkpolicy now supports generating CIL or policy.conf from a > kernel binary policy. Sample usage is checkpolicy -M -C -b policy.N -o > policy.cil and checkpolicy -M -F -b policy.N -o policy.conf. There is > also now a secil2conf program that can generate policy.conf from CIL, > e.g. secil2conf -o policy.conf policy.cil. > > * Attribute generation and expansion has changed in several ways in > order to address kernel runtime performance issues that occur when > types have many attributes assigned to them while ensuring preservation > of attributes where desired. Binary module to CIL conversion now > ensures that duplicate attributes are not generated for the same type > set. secilc now supports -G and -X options to force expansion of > automatically generated attributes (-G) and/or attributes that have > fewer than a specified number of types (-X number). secilc will also > now more aggressively expand attributes based on whether they will > actually be used by the kernel, are needed for debugging denials by > audit2allow/why, or are needed for neverallow checking of binary > policies (in Android). New statements are supported in policy.conf > (expandattribute) and in CIL (expandtypeattribute) to support > specifying in source policy that specific attributes should always be > expanded or never be expanded in order to override the default > behaviors in checkpolicy and secilc. This statement (expandtypeattribute) should probably be documented in the secilc docs: https://github.com/SELinuxProject/selinux/tree/master/secilc/docs > > * checkpolicy/checkmodule now treats it as an error if a type is > declared as an attribute or vice versa in a require block. Such > mismatches between declarations and require statements are an error in > policy and should be corrected in policy; refpolicy master should > already be fixed. > > * A change to libsepol-internal data structures breaks the build of > setools4. This is fixed by setools4 commit > 743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch. The > change was to align the libsepol structures with the kernel in order to > allow direct comparison of libsepol-generated policy files against > /sys/fs/selinux/policy after normalizing them through checkpolicy. > > * audit2why now understands type bounds failures and reports them as > such, although it does not yet provide detailed reporting. Detailed > bounds violation reporting can be obtained already by enabling expand- > check=1 in semanage.conf or by running semodule_expand (without -a) at > policy validation time. > > * libsemanage now saves the linked policy and skips re-linking > whenever possible. This significantly improves the performance and > memory overhead of semanage commands that do not affect policy modules > (setting booleans and adding, deleting, or modifying local context > mappings). Previously, libsemanage only skipped re-linking when setting > booleans as a special case, but this was found to have a bug that could > yield duplicate object context entries (e.g. portcon) in policy. That > optimization was therefore reverted and replaced with this one, which > both fixes the bug and generalizes the optimization beyond just setting > booleans. The change does bring an associated storage cost, primarily > storing an extra copy of the kernel policy file (if a concern, this > could be made optional but it seems well worth it). The first semanage > or setsebool -P command run with the new libsemanage will not > demonstrate any improvement due to needing to generate the linked > policy for the first time, but subsequent commands will leverage the > saved linked policy. > > * libsemanage no longer depends on ustr. > > * libselinux/utils Makefile now uses SBINDIR instead of USRBINDIR. > > * mcstrans/utils Makefile now uses SBINDIR instead of BINDIR. > > * Some packages (libselinux, checkpolicy, selinux-python, > semodule-utils and mcstrans) require LIBSEPOLA to be set to the > absolute path to libsepol.a when building with DESTDIR set. > > * policycoreutils make install no longer creates a symlink from > /usr/sbin/load_policy to /sbin/load_policy. > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2017-08-04 19:21 UTC | newest] Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley 2017-06-09 17:31 ` Stephen Smalley 2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley 2017-06-18 7:32 ` Jason Zaman 2017-06-18 7:46 ` Jason Zaman 2017-06-20 10:54 ` Petr Lautrbach 2017-06-20 12:14 ` Stephen Smalley 2017-06-20 13:28 ` Petr Lautrbach 2017-06-20 13:31 ` Petr Lautrbach 2017-06-20 14:22 ` Jason Zaman 2017-06-21 17:58 ` Petr Lautrbach 2017-06-19 17:06 ` Stephen Smalley 2017-06-20 4:55 ` Jason Zaman 2017-06-21 18:04 ` [PATCH] Use DESTDIR only in install targets Petr Lautrbach 2017-06-21 19:51 ` Stephen Smalley 2017-06-22 16:25 ` Petr Lautrbach 2017-06-22 16:45 ` Stephen Smalley 2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley 2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley 2017-07-09 10:12 ` Jason Zaman 2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley 2017-07-28 19:47 ` ANN: SELinux userspace 2.7-rc6 " Stephen Smalley 2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley 2017-08-04 19:21 ` Dominick Grift
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.