* ANN: SELinux userspace 2.7-rc1 release
@ 2017-06-09 17:18 Stephen Smalley
2017-06-09 17:31 ` Stephen Smalley
` (3 more replies)
0 siblings, 4 replies; 24+ messages in thread
From: Stephen Smalley @ 2017-06-09 17:18 UTC (permalink / raw)
To: selinux
A release candidate for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Below are some notes on this release for packagers and users of the
SELinux userspace. A git shortlog will follow in a separate email. If
you see (or encounter) other changes that you think are important to
call out for packagers and users in the final release announcement, let
us know. Also, since we have removed the older manually maintained
ChangeLog files, let us know whether you would like to see a full
ChangeLog (generated via git log) and/or shortlog for the entire
release or by individual component added to the release (and if so,
whether this ought to go into the tar files themselves or can be
separate on the download page).
1) This will be the first release with the split up policycoreutils
(see https://www.mail-archive.com/selinux@tycho.nsa.gov/msg02914.html
and the rest of that thread). If there are any final desired changes
to the structure, naming, etc, now is the last opportunity to get it
fixed before we make a final release with the new structure/naming.
Fedora already packages many of these components separately, although
not always with the same organization and naming scheme. Note that a
number of these components are not necessary for basic use of SELinux
and likely should not be installed by default, e.g. selinux-dbus,
selinux-gui, mcstrans, restorecond, selinux-sandbox.
2) libsepol now has binary module support for ioctl xperms rules
(module version 18), making it possible to use allowxperm rules in
modularly built refpolicy-based policies. Previously, ioctl xperms
rules were only supported in monolithic policy and in CIL modules.
This change means that refpolicy and/or policies derived from it can
begin to leverage ioctl whitelisting, which has already been leveraged
for some time in Android policies, which do not rely on binary modules.
3) This release introduces support for Infiniband object labeling,
including support for kernel policy version 31 and module version 19,
policy.conf and CIL language support, and semanage support. It appears
that the corresponding kernel support will land in Linux v4.13.
4) This release introduces support for building policies with the
extended_socket_class and cgroup_seclabel policy capabilities enabled.
The extended_socket_class policy capability allows distinctions to be
made in policy among socket address families that were previously
mapped to the generic socket class (e.g. bluetooth, nfc, and many other
socket address families that previously did not have their own distinct
security class) as well as for SCTP and ICMP/ping sockets that were
previously mapped to the rawip_socket class. This policy capability is
supported by Linux v4.11 and later. refpolicy master already includes
the class/permission definitions for this capability but does not yet
enable the capability by default (and further allow rules will be
necessary to allow access to the new socket classes; review all allow
rules on socket and rawip_socket and see whether they should be
duplicated for the new classes but do not blindly allow access to them
all). AOSP master policy also includes the class/permission
definitions for this policy capability and enables the capability by
default, and will likewise need corresponding allow rules added when
kernels >= 4.11 are used. The cgroup_seclabel policy capability allows
userspace to set labels on cgroup/cgroup2 files, enabling fine-grained
labeling of cgroup files by userspace. This policy capability is also
supported by Linux v4.11 and later. This capability is not yet defined
in any policy. Note that enabling this capability will break current
Android userspace/policy and requires introducing appropriate
file_contexts definitions for cgroup files (or a change to the Android
init program's handling of them) in order to avoid mislabeling them.
5) checkpolicy now supports for generating CIL or policy.conf from a
kernel binary policy. Sample usage is checkpolicy -M -C -b policy.N -o
policy.cil and checkpolicy -M -F -b policy.N -o policy.conf. There is
also now a secil2conf program that can generate policy.conf from CIL,
e.g. secil2conf -o policy.conf policy.cil.
6) Attribute generation and expansion has changed in several ways in
order to address kernel runtime performance issues that occur when
types have many attributes assigned to them while ensuring preservation
of attributes where desired. Binary module to CIL conversion now
ensures that duplicate attributes are not generated for the same type
set. secilc now supports -G and -X options to force expansion of
automatically generated attributes (-G) and/or attributes that have
fewer than a specified number of types (-X number). secilc will also
now more aggressively expand attributes based on whether they will
actually be used by the kernel, are needed for debugging denials by
audit2allow/why, or are needed for neverallow checking of binary
policies (in Android). New statements are supported in policy.conf
(expandattribute) and in CIL (expandtypeattribute) to support
specifying in source policy that specific attributes should always be
expanded or never be expanded in order to override the default
behaviors in checkpolicy and secilc.
7) checkpolicy/checkmodule now treats it as an error if a type is
declared as an attribute or vice versa in a require block. Such
mismatches between declarations and require statements are an error in
policy and should be corrected in policy; refpolicy master should
already be fixed.
8) A change to libsepol-internal data structures breaks the build of
setools4. This is fixed by setools4 commit
743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch. The
change was to align the libsepol structures with the kernel in order to
allow direct comparison of libsepol-generated policy files against
/sys/fs/selinux/policy after normalizing them through checkpolicy.
9) audit2why now understands type bounds failures and reports them as
such, although it does not yet provide detailed reporting. Detailed
bounds violation reporting can be obtained already by enabling expand-
check=1 in semanage.conf or by running semodule_expand (without -a) at
policy validation time.
10) libsemanage now saves the linked policy and skips re-linking
whenever possible. This significantly improves the performance and
memory overhead of semanage commands that do not affect policy modules
(setting booleans and adding, deleting, or modifying local context
mappings). Previously, libsemanage only skipped re-linking when setting
booleans as a special case, but this was found to have a bug that could
yield duplicate object context entries (e.g. portcon) in policy. That
optimization was therefore reverted and replaced with this one, which
both fixes the bug and generalizes the optimization beyond just setting
booleans. The change does bring an associated storage cost, primarily
storing an extra copy of the kernel policy file (if a concern, this
could be made optional but it seems well worth it). The first semanage
or setsebool -P command run with the new libsemanage will not
demonstrate any improvement due to needing to generate the linked
policy for the first time, but subsequent commands will leverage the
saved linked policy.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc1 release
2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley
@ 2017-06-09 17:31 ` Stephen Smalley
2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley
` (2 subsequent siblings)
3 siblings, 0 replies; 24+ messages in thread
From: Stephen Smalley @ 2017-06-09 17:31 UTC (permalink / raw)
To: selinux
On Fri, 2017-06-09 at 13:18 -0400, Stephen Smalley wrote:
> A release candidate for the SELinux userspace is now available at:
> https://github.com/SELinuxProject/selinux/wiki/Releases
git shortlog output for this release.
Alan Jenkins (24):
policycoreutils, python: Fix bad manpage formatting in "SEE ALSO"
restorecon manpage: link back to fixfiles
policycoreutils: let output of `fixfiles` be redirected (as normal)
policycoreutils: fixfiles should handle path arguments more robustly
policycoreutils: fixfiles: handle unexpected spaces in command
policycoreutils/setfiles: stdout messages don't need program prefix
policycoreutils/setfiles: don't scramble stdout and stderr together
policycoreutils: fixfiles: remove useless use of cat
Revert "policycoreutils: let output of `fixfiles` be redirected (as normal)"
policycoreutils: fixfiles: remove (broken) redundant code
policycoreutils: fixfiles: clarify exclude_dirs()
policycoreutils: fixfiles: fix logging about R/O filesystems
policycoreutils: fixfiles: move logit call outside of redirected function
policycoreutils: fixfiles: deprecate -l option
policycoreutils: fixfiles: tidy up usage(), manpage synopsis
policycoreutils: fixfiles: remove two unused variables
policycoreutils: fixfiles: syntax error
policycoreutils: fixfiles: usage errors are fatal
policycoreutils: fixfiles: if restorecon aborts, we should too
policycoreutils: fixfiles: refactor into the `set -u` dialect
policycoreutils: fixfiles: un-document `-R -a` option
policycoreutils: fixfiles: remove bad modes of "relabel" command
policycoreutils: fixfiles: don't ignore `-F` when run in `-C` mode
policycoreutils: fixfiles: use a consistent order for options to restorecon
Bernhard M. Wiedemann (1):
sort input files
Christian Göttsche (2):
libselinux: add security_get_checkreqprot
sestatus: show checkreqprot status
Colin Walters (1):
config: Don't finalize mount state in selinux_set_policy_root()
Dan Walsh (5):
policycoreutils/sepolicy: Add documentation for MCS separated domains
sepolicy: Add manpages for typealiased types
sepolicy: Move svirt man page out of libvirt into its own
Fix up generation of application policy
sepolicy: We should be creating _exec interfaces when we create the domtrans interface
Daniel Jurgens (10):
checkpolicy: Add support for ibpkeycon labels
libsepol: Add ibpkey ocontext handling
libsepol: Add Infiniband Pkey handling to CIL
checkpolicy: Add support for ibendportcon labels
libsepol: Add ibendport ocontext handling
libsepol: Add IB end port handling to CIL
semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
semanage: Update semanage to allow runtime labeling of ibendports
semanage: Update man pages for infiniband
semanage: Fix manpage author for ibpkey and ibendport pages.
Gary Tierney (1):
libsepol/cil: remove avrules with no affected types
Guido Trentalancia (2):
libselinux: Fix unitialized variable compiler warnings
libsemanage: Fix unitialized variable compiler warnings
James Carter (42):
libsepol/cil: Check for improper category range
libsepol/cil: Use empty list for category expression evaluated as empty
libsepol/cil: Use an empty list to represent an unknown permission
libsepol/cil: Check if identifier is NULL when verifying name
libsepol/cil: Check that permission is not an empty list
libsepol/cil: Verify alias in aliasactual statement is really an alias
libsepol/cil: Verify neither child nor parent in a bounds is an attribute
Updated libsepol ChangeLog.
Updated libsepol ChangeLog.
libsepol/cil: Exit with an error for an unknown map permission
Updated libsepol ChangeLog.
libsepol/cil: Add ability to write policy.conf file from CIL AST
secilc: Add secil2conf which creates a policy.conf from CIL policy
libsepol: Fix neverallow checking to also check the other types when self is included in a target type set.
checkpolicy: Create common function for type declares and requires
checkpolicy: Create common function for role declares and requires
checkpolicy: Create common function for user declares and requires
checkpolicy: Cleanup error messages
checkpolicy: Move common require and declare code into new function
checkpolicy: Improve check for identifier flavor mismatch
libsepol: Return +1 when declaration is followed by a require
checkpolicy: Remove uneeded return check in require_symbol()
checkpolicy: Make print_error_msg() static
policycoreutils/semodule: fix -Wwrite-strings warnings
libsepol/cil: Destroy cil_tree_node stacks when finished resolving AST
libsepol/cil: Move initialization of bitmap in __cil_permx_to_bitmap()
checkpolicy: Fix minor memory leak in checkpolicy
libsepol/cil: Allow hexadecimal numbers in Xen context rules
libsepol: Update module_to_cil to output hexadecimal for Xen rules
libsepol/cil: Use hexadecimal numbers when writing Xen rules
libsepol/cil: Add hexadecimal support for Xen ioportcon statements
libsepol: Add ability to convert binary policy to CIL
libsepol: Add ability to convert binary policy to policy.conf file
checkpolicy: Add options to convert binary policy to CIL or a policy.conf
libsepol: In module_to_cil create one attribute for each unique set
libsepol/cil: Add ability to expand some attributes in binary policy
secilc: Add options to control the expansion of attributes
libsepol/cil: Remove uneeded null checks of unused parameters
libsepol: Clean up scope handling
libsepol: Fix module_to_cil's handling of type aliases
libsepol/cil: Fix bug in cil_reset_ibpkeycon()
libsepol: Expand attributes with TYPE_FLAGS_EXPAND_ATTR_TRUE set
Jason Zaman (13):
libsepol: Add symver with explicit version to build with ld.gold
mcstrans: Fix Werror=shadow errors
mcstrans: take LIBDIR from args, dont guess
Add stub make test targets to new subdirs
mcstrans: Add utils gitignore
restorecond: Add gitignore
policycoreutils: honour LINGUAS variable
libselinux: get pcre CFLAGS/LDFLAGS from pkg-config
libselinux: PCRE_LDFLAGS is actually LDLIBS
Makefiles: drop -L/-I to system paths
restorecond: get pcre cflags/libs from pkg-config
Add includes for DESTDIR only in root Makefile
policycoreutils: make audit and pam support configurable
Jeff Vander Stoep (1):
Add attribute expansion options
Karl MacMillan (1):
libsepol compilation fixes for macOS.
Kyle Walker (1):
seobject: Handle python error returns correctly
Laurent Bigonville (8):
libselinux: Add clean-pywrap and clean-rubywrap targets
libselinux: Allow overriding libsepol.a location during build
policycoreutils: Use "new" sepolicy icon in .desktop file for sepolicy gui
Revert "libselinux: support new python3 functions"
Sandbox: Use next() over the sepolicy.info() result
policycoreutils: Make sepolicy work with python3
policycoreutils: Force GTK3.0 for sepolicy gui
policycoreutils: Use GObject introspection binding instead of python-gobject in selinux_server.py
Lokesh Mandvekar (1):
libselinux: selinux_restorecon.3 man page typo fix
Luis Ressel (1):
policycoreutils/load_policy: Drop is_selinux_enabled() check
Mike Frysinger (2):
selinux(8): fix display of man page references
man: standardize spacing with pointers in prototypes
Miroslav Grepl (2):
sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin
Fix typo in executable.py template.
Nick Kralevich (5):
label_file.h: actually use the results of compat_validate
enabled.c: Remove stdio_ext.h header
procattr.c: Use __ANDROID__ instead of ANDROID
policy_define.c: don't free memory returned from queue_head()
libselinux: add O_CLOEXEC
Nicolas Iooss (130):
policycoreutils: restorecond: use pkg-config to find dbus-glib-1 files
policycoreutils: semodule_package: do not fail with an empty fc file
libselinux: remove rpm_execcon from SWIG wrappers
libsemanage: remove ruby_semanage.so with "make clean"
libselinux, libsemanage: remove *swig_python_exception.i if its creation failed
libsemanage: semanage_seuser_key_create: copy name
libselinux,libsemanage: use Ruby to define RUBYINC
libselinux,libsemanage: link Ruby wrapper with -lruby
libsemanage: query for python site-packages dir directly
libselinux,libsemanage: link Python wrapper with Python
secilc: do not build secilc man page if it is up to date
libselinux,libsemanage: fall back to gcc in exception.sh
libselinux, libsemanage: swig: use SWIG_fail when an error occurs
libsemanage: use a macro prefixed with SEMANAGE to protect dso.h
libsepol: replace an assert with an error message
libsepol: test for ebitmap_read() negative return value
libsepol: make parsing symbol table headers more robust
sandbox: make test not fail on systems without SELinux
mcstrans: fix global "make install"
libselinux: audit2why: remove unused module_state structure
libselinux, libsemanage: use Python-specific .so extension
libsepol: do not call a NULL function in additive_scopes_to_cil()
libsepol: do not crash when a symbol does not exist
libsepol: do not crash when block->branch_list is NULL
libsepol: make scope_index_destroy() more robust
libsepol: fix unknown magic section number error message
libsepol: do not modify p->p_roles.nprim in role_set_expand
libsepol: do not check decl->symtab[i].nprim
libsepol: ebitmap: reject loading bitmaps with incorrect high bit
libsepol: check decl_id bounds before using it
libsepol: detect duplicated symbol IDs
mcstrans/utils: make "make all" use $DESTDIR
libsepol/tests: use LDFLAGS when linking
checkpolicy: remove -lfl from LDLIBS
libsepol,libsemanage: write file name in flex output
libsemanage/tests: make "make test" fail when a CUnit test fails
libsemanage/tests: make tests standalone
libsemanage/tests: test more cases of semanage_split*()
libsemanage: simplify string utilities functions
libsemanage: add semanage_str_replace() utility function
libsemanage: genhomedircon: drop ustr dependency
libsemanage: remove ustr library from Makefiles, README and pkg-config
libselinux/utils: do not create an empty /sbin directory
libsepol/tests: fix -Wsometimes-uninitialized clang warnings
libsepol/tests: fix some memory leaks
checkpolicy: free id in define_port_context()
checkpolicy: fix memory leaks in genfscon statements parsing
checkpolicy: do not leak queue elements in queue_destroy()
checkpolicy: free id where it was leaked
libsemanage: genhomedircon: remove duplicated test condition
libsemanage: increment the right index variable in for loop
checkpolicy: fix memory usage in define_bool_tunable()
libsepol: make capability index an unsigned int
libselinux: include errno.h instead of sys/errno.h
checkpolicy: always include ctypes.h
mcstransd: fix and reorder includes
libsemanage: genhomedircon: consider SEMANAGE_FCONTEXT_DIR in fcontext_matches()
semanage, sepolicy: make tests not fail on systems without SELinux
Re-link programs after libsepol.a is updated
libsepol: use constant keys in hashtab functions
libsepol: verify the right variable after calling calloc()
libsepol: remove useless assignments
libselinux: always free catalog in db_init()
libselinux: fix argument order in get_default_context_with_rolelevel() doc
checkpolicy: always free id in define_type()
checkpolicy: fix memory leaks in define_filename_trans()
checkpolicy: add a missing free(id) in define_roleattribute()
checkpolicy: do not leak memory when a class is not found in an avrule
libsepol: fix -Wwrite-strings warnings
libsemanage: make lang_ext parameter const in semanage_direct_write_langext()
policycoreutils/hll/pp: fix -Wwrite-strings warnings
mcstrans: fix -Wwrite-strings warnings
semodule_deps: hide -Wwrite-strings warnings
libsepol/tests: fix -Wwrite-strings warnings
libsemanage/tests: fix -Wwrite-strings warnings
libsepol/cil: fix type confusion in cil_copy_ast
Introduce Travis-CI tests
libsepol/cil: use __cil_ordered_lists_destroy() to free unordered_classorder_lists
libsepol/cil: free the first operand if the second one is invalid
libsepol/cil: do not leak left-hand side of an invalid constraint
libsepol/cil: free bitmaps in cil_level_equals()
libselinux, libsemanage: make PYPREFIX computation more robust
semodule_package: do not leak memory when using -u or -s
libsepol/cil: do not dereference args before checking it was not null
libsemanage: never call memcpy with a NULL value
libsemanage/tests: include libsepol headers from $DESTDIR
mcstrans: do not dereference color_str if it is NULL
libselinux: initialize temp value in SWIG wrapper to prevent freeing garbage
restorecond: add noreturn attribute to exitApp()
checkpolicy: add noreturn attribute to usage()
secilc: add noreturn attribute to usage()
mcstrans: add noreturn attribute to usage()
semodule-utils: add noreturn attribute to usage()
policycoreutils: add noreturn attribute to usage()
libsepol/cil: make reporting conflicting type transitions work
libsepol/cil: avoid freeing uninitialized values
checkpolicy: dereference rangehead after checking it was not NULL
libsepol/cil: do not dereference a NULL pointer when calloc() fails
libsepol: do not dereference a NULL pointer when stack_init() fails
libsepol: make process_boolean() fail on invalid lines
libsepol: constify sepol_genbools()'s boolpath parameter
libsepol: fix use-after-free in sepol_user_clone()
libsemanage: do not close uninitialized file descriptors
libsemanage: do not dereference a NULL pointer when calloc() fails
libsemanage: genhomedircon: fix possible double-free
libselinux: do not dereference a NULL pointer when calloc() fails
libsemanage: drop checks on semanage_module_info_destroy() value
libselinux: make process_boolean() fail on invalid lines
libselinux: ensure that 4 columns are read from /proc/mounts
libsepol: refuse to load policies with no block
libsepol: do not wrap integers when checking bound
libsepol: do not free attr_name twice
libsepol: do not leak memory when an error occurs
libsepol: correct spelling errors in module_to_cil.c comments
libsepol: cil: check cil_fill_list return value
libselinux: avoid calling strcmp() on a NULL pointer
libselinux: getsebool: always free names
policycoreutils: newrole: do not free pw strings twice
policycoreutils: newrole: always initialize pw fields
libselinux/utils: add noreturn attribute to selinux_check_access's usage
libsepol: silence false-positive -Wwrite-strings warning
libsepol/cil: do not use an uninitialized value in __cil_fqn_qualify_blocks
libselinux: close the subs file if fstat failed
libselinux: rework selabel_subs_init() to avoid use-after-free
libselinux: propagate selabel_subs_init() errors
libsepol: remove unused attribute on a used argument
libsepol: propagate calloc() failure
libsepol: use the number of elements in calloc first argument
libsepol: make role_list_destroy() do nothing when role_list is NULL
libsepol: do not use handle when it is marked unused
Nikola Forró (1):
mcstrans: fix typo in mcstransd.8 man page
Petr Lautrbach (18):
libselinux: Generate SWIG wrappers for selinux_restorecon()
libselinux: Rewrite restorecon() python method
sepolicy: Fix spelling mistakes in commands in generated manpages
policycoreutils/sepolicy: boolean.png is in help/
sepolicy: Adapt to new the semodule list output
sepolicy: Don't return filter(), use [ ] notation instead
sepolicy: Simplify policy types detection
sepolicy/generate.py: Fix string formatting
policycoreutils/sepolicy: Define our own cmp()
dbus: Use text streams in selinux_server.py
sepolicy: setools.*Query wants a list in ruletype
sepolicy: Fix several issues in 'sepolicy manpage -a'
sepolicy: info() should provide attributes for a TYPE
sepolicy/gui: Update text strings to use better gettext templates
libsepol/utils: Fix build without system sepol.h
Fix recently introduced TabError's
sepolicy/interface: Use relative python 3 imports
sepolicy: Fix sorting of port_strings in python 3
Richard Haines (4):
setfiles: Fix setfiles progress indicator
libselinux: Add permissive= entry to avc audit log
libselinux: Add selinux_check_access utility
libselinux: Remove util/selinux_restorecon.c
Sandeep Patil (1):
libselinux: replace all malloc + memset by calloc in android label backend.
Stephen Smalley (91):
Fix release script
scripts/release: cleanups
libsemanage: genhomedircon: only set MLS level if MLS is enabled
Updated libsemanage ChangeLog
Updated libselinux and libsepol ChangeLogs
Updated policycoreutils ChangeLog
Updated libselinux ChangeLog
Updated libselinux ChangeLog.
Updated libselinux ChangeLog
Updated policycoreutils ChangeLog
Updated libsepol ChangeLog
Updated libselinux ChangeLog
libselinux: avc_internal.c: allow building with clang
Updated libselinux ChangeLog
libsemanage: fix kernel pathname in semanage_verify_kernel()
Updated ChangeLogs
Updated policycoreutils ChangeLog
Updated libselinux ChangeLog
Updated libselinux and libsemanage ChangeLogs
Updated policycoreutils ChangeLog
Updated policycoreutils ChangeLog
libsepol: sepol_{bool|iface|user}_key_create: copy name
Updated libsepol ChangeLog
libsepol: fix checkpolicy dontaudit compiler bug
Updated libsepol ChangeLog
libselinux: fix subdir build and usage of cmdline CFLAGS
Updated libselinux ChangeLog
Updated libsemanage ChangeLog
Updated libsepol ChangeLog
Updated policycoreutils ChangeLog
Updated libselinux and libsemanage ChangeLogs
Updated secilc ChangeLog
Updated libselinux and libsemanage ChangeLog
libsepol: cil_lexer: make warnings non-fatal for building
Updated libsepol ChangeLog
Updated libsemanage ChangeLog
Updated libsepol ChangeLog
Updated libsepol ChangeLog
Move policycoreutils/gui to gui.
Move policycoreutils/mcstrans to mcstrans.
Move policycoreutils/restorecond to restorecond.
Move policycoreutils/sandbox to sandbox.
Move policycoreutils/sepolicy dbus service files to dbus.
Move policycoreutils/{sepolicy,audit2allow,semanage,scripts/chcat*} and sepolgen to python.
Move policycoreutils/semodule_{deps,expand,link} to semodule-utils.
Make it easy to omit optional components.
Build mcstrans.
mcstrans: Add .gitignore file
mcstrans: Add a relabel target.
Move sepolicy desktop and png files to gui.
Move policycoreutils/sepolgen-ifgen into python/audit2allow.
mcstrans: fix clang warnings
Update release script for the new structure.
Fix release script for packages that need prefixes.
Add VERSION files for new components
Move policycoreutils/semodule_package to semodule-utils.
restorecond: break source dependency on policycoreutils/setfiles
Fix release script
Add COPYING files for new subdirs.
semodule-utils: Drop -lselinux from Makefiles.
Drop ChangeLog files
mcstrans: Fix signed/unsigned warnings
libselinux: normalize enforce values from the kernel
checkpolicy: treat -self as an error
libsepol: do not write object_r types to policy file
libsepol,checkpolicy: convert rangetrans and filenametrans to hashtabs
libsepol: do not #include <sys/cdefs.h>
libselinux: avcstat: Clean up redundant condition
libsepol: sepol_av_to_string: clear static buffer
libsepol,libselinux,audit2allow: teach audit2why about type bounds failures
libsepol: Define extended_socket_class policy capability
libselinux: selinux_restorecon: only log no default label warning if recursive
libselinux: selinux_restorecon: only log no default label warning for caller-supplied pathname
policycoreutils/setfiles: set up a logging callback for libselinux
libselinux: disable filespec hash table stats on non-debug builds
policycoreutils: remove deprecated -o option from fixfiles verify
libsepol: Define cgroup_seclabel policy capability
python/semanage: fix export of fcontext socket entries
libsepol: do not seg fault on sepol_*_key_free(NULL)
libsemanage: revert "Skip policy module re-link when only setting booleans."
libsemanage: Save linked policy, skip re-link when possible
libselinux: Fix CFLAGS definition
checkpolicy,libsepol: drop unnecessary usage of s6_addr32
libsepol,checkpolicy: add binary module support for xperms
python/semanage: print is a function in python3
libsepol,libsemanage,libselinux: Fix fallthrough warnings from gcc 7
libsemanage: Fix snprintf warnings from gcc 7
libsepol: Fix alloc-size-larger-than warning from gcc 7
libselinux: fix selabel_lookup*() double slash bug
libselinux: always unmount selinuxfs for SELINUX=disabled
Update VERSION files for 2.7-rc1 release.
Steve Lawrence (4):
libsepol: fix pp module to cil nodecon statement
libsepol/cil: fix aliasactual resolution errors
libsepol/cil: better error message with duplicate aliases + support aliases to aliases
libsepol/cil: fix error check in new cil_resolve_name
Thomas Petazzoni (1):
libselinux/src/regex.c: support old compilers for the endian check
Tom Cherry (1):
procattr.c: Use __BIONIC__ instead of __ANDROID__
Ville Skyttä (1):
Python 3.6 invalid escape sequence deprecation fixes
Vit Mojzis (13):
policycoreutils/gui: fix system-config-selinux editing features
policycoreutils/sepolicy/gui: fix current selinux state radiobutton
python/sepolicy/sepolicy/gui: Fix getting python lib path
python/semanage/semanage: Unify argument handling
python: Fix some typos
python/sepolicy/sepolicy/gui: Reflect sepolicy changes into gui
python/sepolicy/sepolicy: Cleanup of gui code
python/sepolicy/sepolicy: optimise sepolicy gui loading
policycoreutils/setfiles: Mention customizable types in restorecon man page
policycoreutils/restorecond: Decrease loglevel of termination message
policycoreutils/hll/pp: Fix pp crash when processing base module
sepolgen: strip non-printable characters when parsing audit messages
python/sepolicy: fix obtaining domain name in HTMLManPages
William Roberts (15):
libsepol/cil: disable symver on Mac builds
libsepol: build on mac
libselinux: fix mac build warning when ANDROID_HOST=y
libselinux: fix required alignment for sha1.c on mac
libselinux/utils: add noreturn to sefcontext_compile
libselinux: support ANDROID_HOST=1 on Mac
libselinux: DISABLE_BOOL move to include headers
libselinux: add booleans.c to ANDROID_HOST=y recipe
libselinux: fix compiler flags for linux + clang
libselinux/utils: fix all the noreturn errors
Revert "libsepol: fix checkpolicy dontaudit compiler bug"
libsepol: fix checkpolicy dontaudit compiler bug
policydb.h: use AVTAB macros to avoid duplications
expand_avrule_helper: cleanup
expand_terule_helper: cleanups
cgzones (1):
fix semanage fcontext help message
dcashman (2):
libsepol: cil: cil_strpool: Allow multiple strpool users.
libsepol: cil: remove double-free.
stephensmalley (1):
Merge pull request #35 from cgzones/semanage_fcontext_description
vmojzis (1):
libselinux: fix pointer handling in realpath_not_final
^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc2 release
2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley
2017-06-09 17:31 ` Stephen Smalley
@ 2017-06-16 16:55 ` Stephen Smalley
2017-06-18 7:32 ` Jason Zaman
2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley
2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley
3 siblings, 1 reply; 24+ messages in thread
From: Stephen Smalley @ 2017-06-16 16:55 UTC (permalink / raw)
To: selinux
A second release candidate for the SELinux userspace is now available
at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Changes from the -rc1 release:
James Carter (2):
libsepol: Fix neverallow bug when checking conditional policy
libsepol/cil: Fix bugs when writing policy.conf rules
Nicolas Iooss (1):
libsepol: destroy the expanded level when
mls_semantic_level_expand() fails
Richard Haines (2):
libsepol/cil: ibendportcon fails to resolve in CIL policy
secilc: Update test policy and documentation for Infiniband
Stephen Smalley (1):
Update VERSION files for 2.7-rc2 release.
Vit Mojzis (1):
policycoreutils/fixfiles: do not dereference link files in tmp
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley
@ 2017-06-18 7:32 ` Jason Zaman
2017-06-18 7:46 ` Jason Zaman
2017-06-19 17:06 ` Stephen Smalley
0 siblings, 2 replies; 24+ messages in thread
From: Jason Zaman @ 2017-06-18 7:32 UTC (permalink / raw)
To: Stephen Smalley; +Cc: selinux
There is a bug that needs to be fixed before the final release:
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.
-- Jason
On Fri, Jun 16, 2017 at 12:55:09PM -0400, Stephen Smalley wrote:
> A second release candidate for the SELinux userspace is now available
> at:
> https://github.com/SELinuxProject/selinux/wiki/Releases
>
> Please give it a test and let us know if there are any issues.
>
> Changes from the -rc1 release:
>
> James Carter (2):
> libsepol: Fix neverallow bug when checking conditional policy
> libsepol/cil: Fix bugs when writing policy.conf rules
>
> Nicolas Iooss (1):
> libsepol: destroy the expanded level when
> mls_semantic_level_expand() fails
>
> Richard Haines (2):
> libsepol/cil: ibendportcon fails to resolve in CIL policy
> secilc: Update test policy and documentation for Infiniband
>
> Stephen Smalley (1):
> Update VERSION files for 2.7-rc2 release.
>
> Vit Mojzis (1):
> policycoreutils/fixfiles: do not dereference link files in tmp
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-18 7:32 ` Jason Zaman
@ 2017-06-18 7:46 ` Jason Zaman
2017-06-20 10:54 ` Petr Lautrbach
2017-06-19 17:06 ` Stephen Smalley
1 sibling, 1 reply; 24+ messages in thread
From: Jason Zaman @ 2017-06-18 7:46 UTC (permalink / raw)
To: Stephen Smalley; +Cc: selinux
On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
> There is a bug that needs to be fixed before the final release:
> https://bugs.gentoo.org/show_bug.cgi?id=621762
>
> I think the fix is just add override in utils/Makefile to the LDLIBS and
> LDFLAGS bits. I'm not sure I'll have time to get around to testing
> it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on override it
was pretty obvious.
> -- Jason
>
> On Fri, Jun 16, 2017 at 12:55:09PM -0400, Stephen Smalley wrote:
> > A second release candidate for the SELinux userspace is now available
> > at:
> > https://github.com/SELinuxProject/selinux/wiki/Releases
> >
> > Please give it a test and let us know if there are any issues.
> >
> > Changes from the -rc1 release:
> >
> > James Carter (2):
> > libsepol: Fix neverallow bug when checking conditional policy
> > libsepol/cil: Fix bugs when writing policy.conf rules
> >
> > Nicolas Iooss (1):
> > libsepol: destroy the expanded level when
> > mls_semantic_level_expand() fails
> >
> > Richard Haines (2):
> > libsepol/cil: ibendportcon fails to resolve in CIL policy
> > secilc: Update test policy and documentation for Infiniband
> >
> > Stephen Smalley (1):
> > Update VERSION files for 2.7-rc2 release.
> >
> > Vit Mojzis (1):
> > policycoreutils/fixfiles: do not dereference link files in tmp
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-18 7:32 ` Jason Zaman
2017-06-18 7:46 ` Jason Zaman
@ 2017-06-19 17:06 ` Stephen Smalley
2017-06-20 4:55 ` Jason Zaman
1 sibling, 1 reply; 24+ messages in thread
From: Stephen Smalley @ 2017-06-19 17:06 UTC (permalink / raw)
To: Jason Zaman; +Cc: selinux
On Sun, 2017-06-18 at 15:32 +0800, Jason Zaman wrote:
> There is a bug that needs to be fixed before the final release:
> https://bugs.gentoo.org/show_bug.cgi?id=621762
>
> I think the fix is just add override in utils/Makefile to the LDLIBS
> and
> LDFLAGS bits. I'm not sure I'll have time to get around to testing
> it so just wanted to let you know before the final release.
I wondering if we should actually revert
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, at least wrt removal of -L/-
I. This seems to have broken usage of DESTDIR (except from top-level,
via 9a7763e18604c4649ff67ea6d43a730f90311592, which doesn't help people
using the individual tar balls. And it seems like many package recipes
are relying on make DESTDIR= to work as expected.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-19 17:06 ` Stephen Smalley
@ 2017-06-20 4:55 ` Jason Zaman
2017-06-21 18:04 ` [PATCH] Use DESTDIR only in install targets Petr Lautrbach
0 siblings, 1 reply; 24+ messages in thread
From: Jason Zaman @ 2017-06-20 4:55 UTC (permalink / raw)
To: Stephen Smalley; +Cc: selinux
On Mon, Jun 19, 2017 at 01:06:10PM -0400, Stephen Smalley wrote:
> On Sun, 2017-06-18 at 15:32 +0800, Jason Zaman wrote:
> > There is a bug that needs to be fixed before the final release:
> > https://bugs.gentoo.org/show_bug.cgi?id=621762
> >
> > I think the fix is just add override in utils/Makefile to the LDLIBS
> > and
> > LDFLAGS bits. I'm not sure I'll have time to get around to testing
> > it so just wanted to let you know before the final release.
>
> I wondering if we should actually revert
> fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, at least wrt removal of -L/-
> I. This seems to have broken usage of DESTDIR (except from top-level,
> via 9a7763e18604c4649ff67ea6d43a730f90311592, which doesn't help people
> using the individual tar balls. And it seems like many package recipes
> are relying on make DESTDIR= to work as expected.
Thats the thing tho, DESTDIR is not supposed to affect compilation at
all. it should only affect where things are installed to. lots of other
things get confused if that changes. DESTDIR is for when rpm or portage
or whatever want to keep track of all the files installed by a package
before merging into the real / so it can uninstall them all. If you
want to do like a prefix install into /home/bin or whatever then i think
the variable is SYSROOT or something like that.
building should technically be done something like:
passing DESTDIR when you do the actual compilation bits isnt right.
# portage or rpm's building thing or whatever do this automatically
export CC CFLAGS LDLFAGS etc
make all
make DESTDIR="/wherever" install
cd /wherever/
tar cf libselinux.tar ./
https://www.gnu.org/prep/standards/html_node/DESTDIR.html
"DESTDIR should be supported only in the install* and uninstall*
targets, as those are the only targets where it is useful."
-- Jason
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-18 7:46 ` Jason Zaman
@ 2017-06-20 10:54 ` Petr Lautrbach
2017-06-20 12:14 ` Stephen Smalley
0 siblings, 1 reply; 24+ messages in thread
From: Petr Lautrbach @ 2017-06-20 10:54 UTC (permalink / raw)
To: selinux
On 06/18/2017 09:46 AM, Jason Zaman wrote:
> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
>> There is a bug that needs to be fixed before the final release:
>> https://bugs.gentoo.org/show_bug.cgi?id=621762
>>
>> I think the fix is just add override in utils/Makefile to the LDLIBS and
>> LDFLAGS bits. I'm not sure I'll have time to get around to testing
>> it so just wanted to let you know before the final release.
>
> Yep, thats the fix, I sent a patch.
> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/libselinux-9999.ebuild#n58
> The gentoo ebuild overrides LDFLAGS on the commandline which is why the
> override was required. When i first tried to repro manually i just
> exported LDFLAGS and couldnt repro. once i read the docs on override it
> was pretty obvious.
A similar patch is needed almost for every other part when you try to
build everything from git first and then install it.
In order to that I need to apply a patch [1] and do the following steps:
ln -s ../../cil/include/cil libsepol/include/sepol/cil
make \
CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
LIBSEPOLA="`pwd`/libsepol/src/libsepol.a"
make -C libselinux \
CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" \
PYTHON=%{__python} pywrap
make \
DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \
CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
SHLIBDIR="%{buildroot}/%{_lib}" \
BINDIR="%{buildroot}%{_bindir}" \
SBINDIR="%{buildroot}%{_sbindir}" \
PYTHON=%{__python} \
install install-pywrap
[1]
https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch
Using this I preserve rpath problems pointing to DESTDIR and rpm can
simply use everything from DESTDIR for /
Petr
>> -- Jason
>>
>> On Fri, Jun 16, 2017 at 12:55:09PM -0400, Stephen Smalley wrote:
>>> A second release candidate for the SELinux userspace is now available
>>> at:
>>> https://github.com/SELinuxProject/selinux/wiki/Releases
>>>
>>> Please give it a test and let us know if there are any issues.
>>>
>>> Changes from the -rc1 release:
>>>
>>> James Carter (2):
>>> libsepol: Fix neverallow bug when checking conditional policy
>>> libsepol/cil: Fix bugs when writing policy.conf rules
>>>
>>> Nicolas Iooss (1):
>>> libsepol: destroy the expanded level when
>>> mls_semantic_level_expand() fails
>>>
>>> Richard Haines (2):
>>> libsepol/cil: ibendportcon fails to resolve in CIL policy
>>> secilc: Update test policy and documentation for Infiniband
>>>
>>> Stephen Smalley (1):
>>> Update VERSION files for 2.7-rc2 release.
>>>
>>> Vit Mojzis (1):
>>> policycoreutils/fixfiles: do not dereference link files in tmp
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-20 10:54 ` Petr Lautrbach
@ 2017-06-20 12:14 ` Stephen Smalley
2017-06-20 13:28 ` Petr Lautrbach
0 siblings, 1 reply; 24+ messages in thread
From: Stephen Smalley @ 2017-06-20 12:14 UTC (permalink / raw)
To: Petr Lautrbach, selinux
On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
> On 06/18/2017 09:46 AM, Jason Zaman wrote:
> > On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
> > > There is a bug that needs to be fixed before the final release:
> > > https://bugs.gentoo.org/show_bug.cgi?id=621762
> > >
> > > I think the fix is just add override in utils/Makefile to the
> > > LDLIBS and
> > > LDFLAGS bits. I'm not sure I'll have time to get around to
> > > testing
> > > it so just wanted to let you know before the final release.
> >
> > Yep, thats the fix, I sent a patch.
> > https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
> > libselinux-9999.ebuild#n58
> > The gentoo ebuild overrides LDFLAGS on the commandline which is why
> > the
> > override was required. When i first tried to repro manually i just
> > exported LDFLAGS and couldnt repro. once i read the docs on
> > override it
> > was pretty obvious.
>
> A similar patch is needed almost for every other part when you try
> to
> build everything from git first and then install it.
>
> In order to that I need to apply a patch [1] and do the following
> steps:
>
> ln -s ../../cil/include/cil libsepol/include/sepol/cil
>
> make \
> CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
> LIBSEPOLA="`pwd`/libsepol/src/libsepol.a"
>
> make -C libselinux \
> CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
> LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" \
> PYTHON=%{__python} pywrap
>
> make \
> DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \
> CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
> SHLIBDIR="%{buildroot}/%{_lib}" \
> BINDIR="%{buildroot}%{_bindir}" \
> SBINDIR="%{buildroot}%{_sbindir}" \
> PYTHON=%{__python} \
> install install-pywrap
>
>
> [1]
> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
> -without-install.patch
>
> Using this I preserve rpath problems pointing to DESTDIR and rpm can
> simply use everything from DESTDIR for /
That seems very onerous for packagers.
So, are you advocating for reverting
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
patch cited above for upstream instead?
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-20 12:14 ` Stephen Smalley
@ 2017-06-20 13:28 ` Petr Lautrbach
2017-06-20 13:31 ` Petr Lautrbach
2017-06-20 14:22 ` Jason Zaman
0 siblings, 2 replies; 24+ messages in thread
From: Petr Lautrbach @ 2017-06-20 13:28 UTC (permalink / raw)
To: Stephen Smalley, selinux
On 06/20/2017 02:14 PM, Stephen Smalley wrote:
> On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
>> On 06/18/2017 09:46 AM, Jason Zaman wrote:
>>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
>>>> There is a bug that needs to be fixed before the final release:
>>>> https://bugs.gentoo.org/show_bug.cgi?id=621762
>>>>
>>>> I think the fix is just add override in utils/Makefile to the
>>>> LDLIBS and
>>>> LDFLAGS bits. I'm not sure I'll have time to get around to
>>>> testing
>>>> it so just wanted to let you know before the final release.
>>>
>>> Yep, thats the fix, I sent a patch.
>>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
>>> libselinux-9999.ebuild#n58
>>> The gentoo ebuild overrides LDFLAGS on the commandline which is why
>>> the
>>> override was required. When i first tried to repro manually i just
>>> exported LDFLAGS and couldnt repro. once i read the docs on
>>> override it
>>> was pretty obvious.
>>
>> A similar patch is needed almost for every other part when you try
>> to
>> build everything from git first and then install it.
>>
>> In order to that I need to apply a patch [1] and do the following
>> steps:
...
>>
>> [1]
>> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
>> -without-install.patch
>>
>> Using this I preserve rpath problems pointing to DESTDIR and rpm can
>> simply use everything from DESTDIR for /
>
> That seems very onerous for packagers.
> So, are you advocating for reverting
> fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
> patch cited above for upstream instead?
>
Actually it seems that fcb5d5cc7 didn't break this use case.
At the moment, we still build SELinux tools and libraries from tar balls
in Fedora so it's not affected. But since some of directories were split
I decided to build snapshot SELinux rpms [2] from one selinux src rpm
which uses the whole git snapshot.
For my use case, I'd rather see the [1] patch upstream if it's
acceptable solution. I'll rebase it against latest HEAD and sent it for
review.
[2] https://gitlab.com/bachradsusi/selinux-rpm
Petr
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-20 13:28 ` Petr Lautrbach
@ 2017-06-20 13:31 ` Petr Lautrbach
2017-06-20 14:22 ` Jason Zaman
1 sibling, 0 replies; 24+ messages in thread
From: Petr Lautrbach @ 2017-06-20 13:31 UTC (permalink / raw)
To: Stephen Smalley, selinux
On 06/20/2017 03:28 PM, Petr Lautrbach wrote:
> On 06/20/2017 02:14 PM, Stephen Smalley wrote:
>> On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
>>> On 06/18/2017 09:46 AM, Jason Zaman wrote:
>>>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
>>>>> There is a bug that needs to be fixed before the final release:
>>>>> https://bugs.gentoo.org/show_bug.cgi?id=621762
>>>>>
>>>>> I think the fix is just add override in utils/Makefile to the
>>>>> LDLIBS and
>>>>> LDFLAGS bits. I'm not sure I'll have time to get around to
>>>>> testing
>>>>> it so just wanted to let you know before the final release.
>>>>
>>>> Yep, thats the fix, I sent a patch.
>>>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
>>>> libselinux-9999.ebuild#n58
>>>> The gentoo ebuild overrides LDFLAGS on the commandline which is why
>>>> the
>>>> override was required. When i first tried to repro manually i just
>>>> exported LDFLAGS and couldnt repro. once i read the docs on
>>>> override it
>>>> was pretty obvious.
>>>
>>> A similar patch is needed almost for every other part when you try
>>> to
>>> build everything from git first and then install it.
>>>
>>> In order to that I need to apply a patch [1] and do the following
>>> steps:
> ...
>>>
>>> [1]
>>> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
>>> -without-install.patch
>>>
>>> Using this I preserve rpath problems pointing to DESTDIR and rpm can
>>> simply use everything from DESTDIR for /
>>
>> That seems very onerous for packagers.
>> So, are you advocating for reverting
>> fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
>> patch cited above for upstream instead?
>>
>
> Actually it seems that fcb5d5cc7 didn't break this use case.
I mean it was broken even before this change according to my testing.
cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
-m64 -mtune=generic -I../include -I/usr/include -D_GNU_SOURCE
-DNO_ANDROID_BACKEND -c -o load_policy.o load_policy.c
load_policy.c:15:10: fatal error: sepol/sepol.h: No such file or directory
#include <sepol/sepol.h>
^~~~~~~~~~~~~~~
>
> At the moment, we still build SELinux tools and libraries from tar balls
> in Fedora so it's not affected. But since some of directories were split
> I decided to build snapshot SELinux rpms [2] from one selinux src rpm
> which uses the whole git snapshot.
>
> For my use case, I'd rather see the [1] patch upstream if it's
> acceptable solution. I'll rebase it against latest HEAD and sent it for
> review.
>
> [2] https://gitlab.com/bachradsusi/selinux-rpm
>
> Petr
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-20 13:28 ` Petr Lautrbach
2017-06-20 13:31 ` Petr Lautrbach
@ 2017-06-20 14:22 ` Jason Zaman
2017-06-21 17:58 ` Petr Lautrbach
1 sibling, 1 reply; 24+ messages in thread
From: Jason Zaman @ 2017-06-20 14:22 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: Stephen Smalley, selinux
On Tue, Jun 20, 2017 at 03:28:44PM +0200, Petr Lautrbach wrote:
> On 06/20/2017 02:14 PM, Stephen Smalley wrote:
> > On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
> >> On 06/18/2017 09:46 AM, Jason Zaman wrote:
> >>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
> >>>> There is a bug that needs to be fixed before the final release:
> >>>> https://bugs.gentoo.org/show_bug.cgi?id=621762
> >>>>
> >>>> I think the fix is just add override in utils/Makefile to the
> >>>> LDLIBS and
> >>>> LDFLAGS bits. I'm not sure I'll have time to get around to
> >>>> testing
> >>>> it so just wanted to let you know before the final release.
> >>>
> >>> Yep, thats the fix, I sent a patch.
> >>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
> >>> libselinux-9999.ebuild#n58
> >>> The gentoo ebuild overrides LDFLAGS on the commandline which is why
> >>> the
> >>> override was required. When i first tried to repro manually i just
> >>> exported LDFLAGS and couldnt repro. once i read the docs on
> >>> override it
> >>> was pretty obvious.
> >>
> >> A similar patch is needed almost for every other part when you try
> >> to
> >> build everything from git first and then install it.
> >>
> >> In order to that I need to apply a patch [1] and do the following
> >> steps:
> ...
> >>
> >> [1]
> >> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
> >> -without-install.patch
> >>
> >> Using this I preserve rpath problems pointing to DESTDIR and rpm can
> >> simply use everything from DESTDIR for /
> >
> > That seems very onerous for packagers.
> > So, are you advocating for reverting
> > fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
> > patch cited above for upstream instead?
> >
>
> Actually it seems that fcb5d5cc7 didn't break this use case.
>
> At the moment, we still build SELinux tools and libraries from tar balls
> in Fedora so it's not affected. But since some of directories were split
> I decided to build snapshot SELinux rpms [2] from one selinux src rpm
> which uses the whole git snapshot.
Ooohh.. okay i was about to ask i thought fedora packaged everything
separately. and didnt get why things were refering to libsepol and
libselinux in the same build script.
In gentoo they're all separate no matter if its git or a release, the
only thing we change is if we have to cd into a subdir with version
number or without.
the repo doesnt build very well unless you've installed the earlier deps
before building the later ones. you'll probably have a better time if
the builds are split out again or if you build and install each one
separately
There are a bunch of issues with the patch tho, it moves -L around to
the wrong places. -L should be before the objects and -l after
Also, https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch#L288
that check echos out a y above, so replacing it there will always be
false which is probably wrong. I changed it because in gentoo we dont
do automagic dependencies so it needs a good way to en/disable manually
but the default was unchanged to check if the system has the header.
But the bits in the patch with override are probably right. I'll check
through all the Makefiles and see where needs overriding and send a
patch tmrr.
-- Jason
> For my use case, I'd rather see the [1] patch upstream if it's
> acceptable solution. I'll rebase it against latest HEAD and sent it for
> review.
>
> [2] https://gitlab.com/bachradsusi/selinux-rpm
>
> Petr
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc2 release
2017-06-20 14:22 ` Jason Zaman
@ 2017-06-21 17:58 ` Petr Lautrbach
0 siblings, 0 replies; 24+ messages in thread
From: Petr Lautrbach @ 2017-06-21 17:58 UTC (permalink / raw)
To: Jason Zaman; +Cc: Stephen Smalley, selinux
On 06/20/2017 04:22 PM, Jason Zaman wrote:
> On Tue, Jun 20, 2017 at 03:28:44PM +0200, Petr Lautrbach wrote:
>> On 06/20/2017 02:14 PM, Stephen Smalley wrote:
>>> On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
>>>> On 06/18/2017 09:46 AM, Jason Zaman wrote:
>>>>> On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
>>>>>> There is a bug that needs to be fixed before the final release:
>>>>>> https://bugs.gentoo.org/show_bug.cgi?id=621762
>>>>>>
>>>>>> I think the fix is just add override in utils/Makefile to the
>>>>>> LDLIBS and
>>>>>> LDFLAGS bits. I'm not sure I'll have time to get around to
>>>>>> testing
>>>>>> it so just wanted to let you know before the final release.
>>>>>
>>>>> Yep, thats the fix, I sent a patch.
>>>>> https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
>>>>> libselinux-9999.ebuild#n58
>>>>> The gentoo ebuild overrides LDFLAGS on the commandline which is why
>>>>> the
>>>>> override was required. When i first tried to repro manually i just
>>>>> exported LDFLAGS and couldnt repro. once i read the docs on
>>>>> override it
>>>>> was pretty obvious.
>>>>
>>>> A similar patch is needed almost for every other part when you try
>>>> to
>>>> build everything from git first and then install it.
>>>>
>>>> In order to that I need to apply a patch [1] and do the following
>>>> steps:
>> ...
>>>>
>>>> [1]
>>>> https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
>>>> -without-install.patch
>>>>
>>>> Using this I preserve rpath problems pointing to DESTDIR and rpm can
>>>> simply use everything from DESTDIR for /
>>>
>>> That seems very onerous for packagers.
>>> So, are you advocating for reverting
>>> fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
>>> patch cited above for upstream instead?
>>>
>>
>> Actually it seems that fcb5d5cc7 didn't break this use case.
>>
>> At the moment, we still build SELinux tools and libraries from tar balls
>> in Fedora so it's not affected. But since some of directories were split
>> I decided to build snapshot SELinux rpms [2] from one selinux src rpm
>> which uses the whole git snapshot.
>
> Ooohh.. okay i was about to ask i thought fedora packaged everything
> separately. and didnt get why things were refering to libsepol and
> libselinux in the same build script.
>
> In gentoo they're all separate no matter if its git or a release, the
> only thing we change is if we have to cd into a subdir with version
> number or without.
>
> the repo doesnt build very well unless you've installed the earlier deps
> before building the later ones. you'll probably have a better time if
> the builds are split out again or if you build and install each one
> separately
It seems to be only working solution right now. But it's the most
complicated in regards of Fedora build systems koji and COPR. Packages
are built using mock and non-root user - a build process can't install
files to /. So one need to build libsepol package first, push it to the
buildroot so that it's installed during build of other packages, build
libselinux, push it to the buildroot, ... This quite a long and
complicated process even in COPR.
> There are a bunch of issues with the patch tho, it moves -L around to
> the wrong places. -L should be before the objects and -l after
>
> Also, https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch#L288
> that check echos out a y above, so replacing it there will always be
> false which is probably wrong. I changed it because in gentoo we dont
> do automagic dependencies so it needs a good way to en/disable manually
> but the default was unchanged to check if the system has the header.
Thanks for the comment. I'll take a look at it.
>
> But the bits in the patch with override are probably right. I'll check
> through all the Makefiles and see where needs overriding and send a
> patch tmrr.
>
> -- Jason
>
>> For my use case, I'd rather see the [1] patch upstream if it's
>> acceptable solution. I'll rebase it against latest HEAD and sent it for
>> review.
>>
>> [2] https://gitlab.com/bachradsusi/selinux-rpm
>>
>> Petr
^ permalink raw reply [flat|nested] 24+ messages in thread
* [PATCH] Use DESTDIR only in install targets
2017-06-20 4:55 ` Jason Zaman
@ 2017-06-21 18:04 ` Petr Lautrbach
2017-06-21 19:51 ` Stephen Smalley
0 siblings, 1 reply; 24+ messages in thread
From: Petr Lautrbach @ 2017-06-21 18:04 UTC (permalink / raw)
To: selinux
https://www.gnu.org/prep/standards/html_node/DESTDIR.html
DESTDIR should be supported only in the install* and uninstall*
targets, as those are the only targets where it is useful.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
checkpolicy/Makefile | 20 +++++++--------
checkpolicy/test/Makefile | 6 ++---
gui/Makefile | 44 ++++++++++++++++----------------
libselinux/include/Makefile | 6 ++---
libselinux/src/Makefile | 38 +++++++++++++--------------
libselinux/utils/Makefile | 6 ++---
libsemanage/include/Makefile | 6 ++---
libsemanage/src/Makefile | 32 +++++++++++------------
libsemanage/tests/Makefile | 2 +-
libsemanage/utils/Makefile | 6 ++---
libsepol/include/Makefile | 14 +++++-----
libsepol/src/Makefile | 20 +++++++--------
libsepol/utils/Makefile | 6 ++---
mcstrans/man/Makefile | 6 ++---
mcstrans/src/Makefile | 22 ++++++++--------
mcstrans/utils/Makefile | 8 +++---
policycoreutils/hll/pp/Makefile | 6 ++---
policycoreutils/load_policy/Makefile | 14 +++++-----
policycoreutils/man/Makefile | 6 ++---
policycoreutils/newrole/Makefile | 22 ++++++++--------
policycoreutils/run_init/Makefile | 20 +++++++--------
policycoreutils/scripts/Makefile | 12 ++++-----
policycoreutils/secon/Makefile | 10 ++++----
policycoreutils/semodule/Makefile | 14 +++++-----
policycoreutils/sestatus/Makefile | 20 +++++++--------
policycoreutils/setfiles/Makefile | 22 ++++++++--------
policycoreutils/setsebool/Makefile | 16 ++++++------
python/audit2allow/Makefile | 20 +++++++--------
python/chcat/Makefile | 10 ++++----
python/semanage/Makefile | 22 ++++++++--------
python/sepolgen/src/sepolgen/Makefile | 6 ++---
python/sepolgen/src/share/Makefile | 8 +++---
python/sepolicy/Makefile | 18 ++++++-------
restorecond/Makefile | 44 ++++++++++++++++----------------
sandbox/Makefile | 32 +++++++++++------------
secilc/Makefile | 14 +++++-----
semodule-utils/semodule_deps/Makefile | 12 ++++-----
semodule-utils/semodule_expand/Makefile | 10 ++++----
semodule-utils/semodule_link/Makefile | 12 ++++-----
semodule-utils/semodule_package/Makefile | 14 +++++-----
40 files changed, 313 insertions(+), 313 deletions(-)
diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile
index 68e11f2a..e4f4fa19 100644
--- a/checkpolicy/Makefile
+++ b/checkpolicy/Makefile
@@ -1,7 +1,7 @@
#
# Makefile for building the checkpolicy program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -26,9 +26,9 @@ GENERATED=lex.yy.c y.tab.c y.tab.h
all: $(TARGETS)
$(MAKE) -C test
-checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+checkpolicy: $(CHECKPOLOBJS) $(DESTDIR)$(LIBSEPOLA)
-checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
$(LEX) policy_scan.l
install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
clean:
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
index 59fa4460..c9a8d4c5 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -1,7 +1,7 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
INCLUDEDIR ?= $(PREFIX)/include
@@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
all: dispol dismod
-dispol: dispol.o $(LIBSEPOLA)
+dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)
-dismod: dismod.o $(LIBSEPOLA)
+dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)
clean:
-rm -f dispol dismod *.o
diff --git a/gui/Makefile b/gui/Makefile
index 4fc2c1a1..52c3cab2 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
DATADIR ?= $(PREFIX)/share
@@ -24,29 +24,29 @@ usersPage.py
all: $(TARGETS) system-config-selinux.py polgengui.py
install: all
- -mkdir -p $(MANDIR)/man8
- -mkdir -p $(SHAREDIR)
- -mkdir -p $(BINDIR)
- -mkdir -p $(DATADIR)/pixmaps
- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
- -mkdir -p $(DATADIR)/polkit-1/actions/
- install -m 755 system-config-selinux.py $(SHAREDIR)
- install -m 755 system-config-selinux $(BINDIR)
- install -m 755 polgengui.py $(SHAREDIR)
- install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 system-config-selinux.8 $(MANDIR)/man8
- install -m 644 selinux-polgengui.8 $(MANDIR)/man8
- install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
- install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps
- install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux
- install -m 644 *.desktop $(DATADIR)/system-config-selinux
- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
- install -m 644 sepolicy_256.png $(DATADIR)/pixmaps/sepolicy.png
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
+ -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
for i in 16 22 32 48 256; do \
- mkdir -p $(DESTDIR) $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
- install -m 644 sepolicy_$${i}.png $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ mkdir -p $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
+ install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
done
- install -m 644 org.selinux.config.policy $(DATADIR)/polkit-1/actions/
+ install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
clean:
indent:
diff --git a/libselinux/include/Makefile b/libselinux/include/Makefile
index 757a6c9c..c1d3fa15 100644
--- a/libselinux/include/Makefile
+++ b/libselinux/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/selinux
all:
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR)
relabel:
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 4306dd0e..6d65b682 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
LIBBASE ?= $(shell basename $(LIBDIR))
LIBSEPOLA ?= $(LIBDIR)/libsepol.a
@@ -156,7 +156,7 @@ selinuxswig_python_exception.i: ../include/selinux/selinux.h
$(AUDIT2WHYLOBJ): audit2why.c
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
+$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(PYLIBS)
%.o: %.c policy.h
@@ -177,26 +177,26 @@ swigify: $(SWIGIF)
$(SWIG) $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
- test -d $(PYSITEDIR)/selinux || install -m 755 -d $(PYSITEDIR)/selinux
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO) $(PYSITEDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py
+ test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYSITEDIR)/selinux
+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
+ install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
+ install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py
install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/selinux.so
relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
clean-pywrap:
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index 843b0e7c..882a6787 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
INCLUDEDIR ?= $(PREFIX)/include
@@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o ../src/regex.o
all: $(TARGETS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
clean:
rm -f $(TARGETS) *.o *~
diff --git a/libsemanage/include/Makefile b/libsemanage/include/Makefile
index b660660e..6e44a28a 100644
--- a/libsemanage/include/Makefile
+++ b/libsemanage/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/semanage
all:
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard semanage/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR)
indent:
../../scripts/Lindent $(wildcard semanage/*.h)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index f01385c5..8c0b4557 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
LIBBASE=$(shell basename $(LIBDIR))
@@ -136,26 +136,26 @@ swigify: $(SWIGIF)
$(SWIG) $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- install -m 755 $(LIBSO) $(LIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
- cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+ cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
install-pywrap: pywrap
- test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
- install -m 644 semanage.py $(PYSITEDIR)
+ test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d $(DESTDIR)$(PYSITEDIR)
+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
+ install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)
install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/semanage.so
relabel:
- /sbin/restorecon $(LIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
clean:
-rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-parse.h conf-scan.c *.o *.lo *~
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 2ef8d30d..8103cf8f 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
# Add your test source files here:
diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile
index 725f0eec..5b8fbb6b 100644
--- a/libsemanage/utils/Makefile
+++ b/libsemanage/utils/Makefile
@@ -1,13 +1,13 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBEXECDIR ?= $(PREFIX)/libexec
SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
all:
install: all
- -mkdir -p $(SELINUXEXECDIR)
- install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
+ -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
+ install -m 755 semanage_migrate_store $(DESTDIR)$(SELINUXEXECDIR)
clean:
diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
index 56b7a114..49f817ce 100644
--- a/libsepol/include/Makefile
+++ b/libsepol/include/Makefile
@@ -1,17 +1,17 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/sepol
CILDIR ?= ../cil
all:
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
- install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil
indent:
../../scripts/Lindent $(wildcard sepol/*.h)
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index 819d261b..4c7e23fa 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= $(PREFIX)/lib
RANLIB ?= ranlib
LIBBASE ?= $(shell basename $(LIBDIR))
CILDIR ?= ../cil
@@ -80,16 +80,16 @@ endif
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
clean:
-rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED)
diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
index fba1d8a0..31932c11 100644
--- a/libsepol/utils/Makefile
+++ b/libsepol/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
CFLAGS ?= -Wall -Werror
@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
clean:
-rm -f $(TARGETS) *.o
diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
index 8e971192..dbd87f49 100644
--- a/mcstrans/man/Makefile
+++ b/mcstrans/man/Makefile
@@ -1,11 +1,11 @@
# Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN8DIR ?= /usr/share/man/man8
all:
install: all
- mkdir -p $(MAN8DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
clean:
-rm -f *~ \#*
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 709e1e02..be54e349 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SBINDIR ?= $(DESTDIR)/sbin
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+SBINDIR ?= /sbin
+INITDIR ?= /etc/rc.d/init.d
+SYSTEMDDIR ?= /usr/lib/systemd
PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
@@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
all: $(PROG)
$(PROG): $(PROG_OBJS)
- $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+ $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(DESTDIR)$(LIBDIR)/libsepol.a
%.o: %.c
$(CC) $(CFLAGS) -fPIE -c -o $@ $<
install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- install -m 755 $(PROG) $(SBINDIR)
- test -d $(INITDIR) || install -m 755 -d $(INITDIR)
- install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
- test -d $(SYSTEMDDIR)/system || install -m 755 -d $(SYSTEMDDIR)/system
- install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
+ install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(INITDIR) || install -m 755 -d $(DESTDIR)$(INITDIR)
+ install -m 755 $(INITSCRIPT).init $(DESTDIR)$(INITDIR)/$(INITSCRIPT)
+ test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 mcstrans.service $(DESTDIR)$(SYSTEMDDIR)/system/
clean:
-rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~ \#*
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
index 4d3cbfcb..1364cece 100644
--- a/mcstrans/utils/Makefile
+++ b/mcstrans/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
LIBSEPOLA ?= $(LIBDIR)/libsepol.a
@@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
-$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(DESTDIR)$(LIBSEPOLA)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
test:
./mlstrans-test-runner.py ../test/*.test
diff --git a/policycoreutils/hll/pp/Makefile b/policycoreutils/hll/pp/Makefile
index 3401dcc9..ed70c449 100644
--- a/policycoreutils/hll/pp/Makefile
+++ b/policycoreutils/hll/pp/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -21,8 +21,8 @@ pp: $(PP_OBJS)
$(CC) $(CFLAGS) -c -o $@ $^
install: all
- -mkdir -p $(HLLDIR)
- install -m 755 pp $(HLLDIR)
+ -mkdir -p $(DESTDIR)$(HLLDIR)
+ install -m 755 pp $(DESTDIR)$(HLLDIR)
relabel:
diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile
index b85833c2..00f59aba 100644
--- a/policycoreutils/load_policy/Makefile
+++ b/policycoreutils/load_policy/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
clean:
-rm -f $(TARGETS) *.o
@@ -25,4 +25,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel:
- /sbin/restorecon $(SBINDIR)/load_policy
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
diff --git a/policycoreutils/man/Makefile b/policycoreutils/man/Makefile
index 0d91cd46..ae3d27b6 100644
--- a/policycoreutils/man/Makefile
+++ b/policycoreutils/man/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+MAN5DIR ?= /usr/share/man/man5
all:
clean:
install: all
- mkdir -p $(MAN5DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
relabel:
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
index 196af926..e687b6ab 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LOCALEDIR = /usr/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
- test -d $(BINDIR) || install -m 755 -d $(BINDIR)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
+ test -d $(DESTDIR)$(BINDIR) || install -m 755 -d $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
+ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
ifeq ($(PAMH), y)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ test -d $(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole-lspp.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
else
- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
endif
endif
@@ -82,4 +82,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(BINDIR)/newrole
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile
index 921f0b07..8d8eb704 100644
--- a/policycoreutils/run_init/Makefile
+++ b/policycoreutils/run_init/Makefile
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LOCALEDIR ?= /usr/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 755 run_init $(SBINDIR)
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 755 run_init $(DESTDIR)$(SBINDIR)
+ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
+ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
ifeq ($(PAMH), y)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ install -m 644 run_init.pamd $(DESTDIR)$(ETCDIR)/pam.d/run_init
endif
clean:
@@ -49,4 +49,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init $(DESTDIR)$(SBINDIR)/open_init_pty
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
index d9e86ffe..a988144b 100644
--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= $(PREFIX)/share/locale
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
all: fixfiles
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 fixfiles $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
clean:
diff --git a/policycoreutils/secon/Makefile b/policycoreutils/secon/Makefile
index 8e491d74..c03f0d7d 100644
--- a/policycoreutils/secon/Makefile
+++ b/policycoreutils/secon/Makefile
@@ -1,5 +1,5 @@
# secon tool - command-line context
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
@@ -18,13 +18,13 @@ secon: secon.o
install-nogui: install
install: all
- install -m 755 secon $(BINDIR);
+ install -m 755 secon $(DESTDIR)$(BINDIR);
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m 644 secon.1 $(MANDIR)/man1
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
relabel:
- /sbin/restorecon $(BINDIR)/secon
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
clean:
rm -f *.o core* secon *~ *.bak
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
index fffb43ac..7c257bf5 100644
--- a/policycoreutils/semodule/Makefile
+++ b/policycoreutils/semodule/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
@@ -17,12 +17,12 @@ genhomedircon:
ln -sf semodule genhomedircon
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
- (cd $(SBINDIR); ln -sf semodule genhomedircon)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semodule $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile
index 41ca6832..130b764b 100644
--- a/policycoreutils/sestatus/Makefile
+++ b/policycoreutils/sestatus/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
@@ -14,14 +14,14 @@ all: sestatus
sestatus: sestatus.o
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
- -mkdir -p $(SBINDIR)
- install -m 755 sestatus $(SBINDIR)
- install -m 644 sestatus.8 $(MANDIR)/man8
- install -m 644 sestatus.conf.5 $(MANDIR)/man5
- -mkdir -p $(ETCDIR)
- install -m 644 sestatus.conf $(ETCDIR)
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 sestatus $(DESTDIR)$(SBINDIR)
+ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(ETCDIR)
+ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
clean:
rm -f sestatus *.o
diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
index c08e2dd1..4e56698f 100644
--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -29,14 +29,14 @@ man:
@sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 setfiles $(SBINDIR)
- (cd $(SBINDIR) && ln -sf setfiles restorecon)
- install -m 755 restorecon_xattr $(SBINDIR)
- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
- install -m 644 restorecon_xattr.8 $(MANDIR)/man8/restorecon_xattr.8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setfiles $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
+ install -m 644 setfiles.8.man $(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 restorecon.8 $(DESTDIR)$(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon_xattr.8 $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
clean:
rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man
@@ -45,4 +45,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- $(SBINDIR)/restorecon $(SBINDIR)/setfiles $(SBINDIR)/restorecon_xattr
+ $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles $(DESTDIR)$(SBINDIR)/restorecon_xattr
diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile
index bc254dab..f3379be9 100644
--- a/policycoreutils/setsebool/Makefile
+++ b/policycoreutils/setsebool/Makefile
@@ -1,10 +1,10 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +17,12 @@ all: setsebool
setsebool: $(SETSEBOOL_OBJS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 setsebool.8 $(MANDIR)/man8/
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/setsebool
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setsebool $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
relabel:
diff --git a/python/audit2allow/Makefile b/python/audit2allow/Makefile
index 8db8075f..02526fa7 100644
--- a/python/audit2allow/Makefile
+++ b/python/audit2allow/Makefile
@@ -1,7 +1,7 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
@@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W
all: audit2why sepolgen-ifgen-attr-helper
-sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(LIBSEPOLA)
+sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(DESTDIR)$(LIBSEPOLA)
audit2why:
ln -sf audit2allow audit2why
@@ -22,14 +22,14 @@ test: all
@$(PYTHON) test_audit2allow.py -v
install: all
- -mkdir -p $(BINDIR)
- install -m 755 audit2allow $(BINDIR)
- (cd $(BINDIR); ln -sf audit2allow audit2why)
- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2allow.1 $(MANDIR)/man1/
- install -m 644 audit2why.1 $(MANDIR)/man1/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 audit2allow $(DESTDIR)$(BINDIR)
+ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
+ install -m 755 sepolgen-ifgen-attr-helper $(DESTDIR)$(BINDIR)
+ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man1
+ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
+ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
clean:
rm -f *~ *.o sepolgen-ifgen-attr-helper
diff --git a/python/chcat/Makefile b/python/chcat/Makefile
index 0fd12d6d..890033e2 100644
--- a/python/chcat/Makefile
+++ b/python/chcat/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= $(PREFIX)/share/locale
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
all: chcat
install: all
- -mkdir -p $(BINDIR)
- install -m 755 chcat $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 chcat.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 chcat $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
clean:
diff --git a/python/semanage/Makefile b/python/semanage/Makefile
index 60c36a3a..bd02e9e9 100644
--- a/python/semanage/Makefile
+++ b/python/semanage/Makefile
@@ -1,29 +1,29 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
TARGETS=semanage
-BASHCOMPLETIONS=semanage-bash-completion.sh
+BASHCOMPLETIONS=semanage-bash-completion.sh
all: $(TARGETS)
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 semanage $(SBINDIR)
- install -m 644 *.8 $(MANDIR)/man8
- test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
- install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semanage $(DESTDIR)$(SBINDIR)
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
+ install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site-packages
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
test:
@$(PYTHON) test-semanage.py -a
diff --git a/python/sepolgen/src/sepolgen/Makefile b/python/sepolgen/src/sepolgen/Makefile
index d3aa7715..12ef0827 100644
--- a/python/sepolgen/src/sepolgen/Makefile
+++ b/python/sepolgen/src/sepolgen/Makefile
@@ -1,12 +1,12 @@
PYTHON ?= python
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen
all:
install: all
- -mkdir -p $(PACKAGEDIR)
- install -m 644 *.py $(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(PACKAGEDIR)
+ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
clean:
rm -f parser.out parsetab.py
diff --git a/python/sepolgen/src/share/Makefile b/python/sepolgen/src/share/Makefile
index abf5e451..1a7133cb 100644
--- a/python/sepolgen/src/share/Makefile
+++ b/python/sepolgen/src/share/Makefile
@@ -1,10 +1,10 @@
-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+SHAREDIR ?= /var/lib/sepolgen
all:
install: all
- -mkdir -p $(SHAREDIR)
- install -m 644 perm_map $(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
clean:
- rm -f *~
\ No newline at end of file
+ rm -f *~
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
index 5a56e6c8..c75dce73 100644
--- a/python/sepolicy/Makefile
+++ b/python/sepolicy/Makefile
@@ -1,13 +1,13 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
BINDIR ?= $(PREFIX)/bin
DATADIR ?= $(PREFIX)/share
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
SHAREDIR ?= $(PREFIX)/share/sandbox
CFLAGS ?= -Wall -Werror -Wextra -W
override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
@@ -31,12 +31,12 @@ test:
install:
$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
- -mkdir -p $(MANDIR)/man8
- install -m 644 *.8 $(MANDIR)/man8
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/sepolicy
+ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
relabel:
diff --git a/restorecond/Makefile b/restorecond/Makefile
index ada94aeb..a9a57b48 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -1,17 +1,17 @@
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
LIBDIR ?= $(PREFIX)/lib
MANDIR = $(PREFIX)/share/man
-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+AUTOSTARTDIR = /etc/xdg/autostart
+DBUSSERVICEDIR = /usr/share/dbus-1/services
+SYSTEMDDIR ?= /usr/lib/systemd
autostart_DATA = sealertauto.desktop
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INITDIR ?= /etc/rc.d/init.d
+SELINUXDIR = /etc/selinux
DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1)
DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
@@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecond $(SBINDIR)
- install -m 644 restorecond.8 $(MANDIR)/man8
- -mkdir -p $(INITDIR)
- install -m 755 restorecond.init $(INITDIR)/restorecond
- -mkdir -p $(SELINUXDIR)
- install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf
- install -m 644 restorecond_user.conf $(SELINUXDIR)/restorecond_user.conf
- -mkdir -p $(AUTOSTARTDIR)
- install -m 644 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop
- -mkdir -p $(DBUSSERVICEDIR)
- install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service
- -mkdir -p $(SYSTEMDDIR)/system
- install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 restorecond $(DESTDIR)$(SBINDIR)
+ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(INITDIR)
+ install -m 755 restorecond.init $(DESTDIR)$(INITDIR)/restorecond
+ -mkdir -p $(DESTDIR)$(SELINUXDIR)
+ install -m 644 restorecond.conf $(DESTDIR)$(SELINUXDIR)/restorecond.conf
+ install -m 644 restorecond_user.conf $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
+ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
+ install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ install -m 600 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
+ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/
relabel: install
- /sbin/restorecon $(SBINDIR)/restorecond
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
clean:
-rm -f restorecond *.o *~
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 05c3d658..9c78041c 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -1,8 +1,8 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
+PREFIX ?= /usr
+SYSCONFDIR ?= /etc/sysconfig
LIBDIR ?= $(PREFIX)/lib
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
@@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
seunshare: $(SEUNSHARE_OBJS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 sandbox.8 $(MANDIR)/man8/
- install -m 644 seunshare.8 $(MANDIR)/man8/
- -mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.5 $(MANDIR)/man5/
- -mkdir -p $(SBINDIR)
- install -m 4755 seunshare $(SBINDIR)/
- -mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
- install -m 755 start $(SHAREDIR)
- -mkdir -p $(SYSCONFDIR)
- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sandbox $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
test:
@$(PYTHON) test_sandbox.py -v
diff --git a/secilc/Makefile b/secilc/Makefile
index 1cac53e4..597b4a27 100644
--- a/secilc/Makefile
+++ b/secilc/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
$(XMLTO) man $(SECIL2CONF_MANPAGE).xml
install: all man
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(SECILC) $(BINDIR)
- install -m 755 $(SECIL2CONF) $(BINDIR)
- install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
- install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+ install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8
doc:
$(MAKE) -C docs
diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-utils/semodule_deps/Makefile
index 328a5030..7b106781 100644
--- a/semodule-utils/semodule_deps/Makefile
+++ b/semodule-utils/semodule_deps/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W
all: semodule_deps
-semodule_deps: semodule_deps.o $(LIBSEPOLA)
+semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_deps $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_deps.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-utils/semodule_expand/Makefile
index 072f2137..58d2d3cb 100644
--- a/semodule-utils/semodule_expand/Makefile
+++ b/semodule-utils/semodule_expand/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_expand
semodule_expand: semodule_expand.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_expand.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/semodule-utils/semodule_link/Makefile b/semodule-utils/semodule_link/Makefile
index cc4687bd..178bea30 100644
--- a/semodule-utils/semodule_link/Makefile
+++ b/semodule-utils/semodule_link/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
+INCLUDEDIR ?= /include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_link
semodule_link: semodule_link.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_link.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_link $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(PREFIX)$(MANDIR)/man8
+ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/semodule-utils/semodule_package/Makefile b/semodule-utils/semodule_package/Makefile
index 96dd7c4f..37bd0d4b 100644
--- a/semodule-utils/semodule_package/Makefile
+++ b/semodule-utils/semodule_package/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
semodule_package: semodule_package.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
- install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_package $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 semodule_unpackage.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
--
2.13.0
^ permalink raw reply related [flat|nested] 24+ messages in thread
* Re: [PATCH] Use DESTDIR only in install targets
2017-06-21 18:04 ` [PATCH] Use DESTDIR only in install targets Petr Lautrbach
@ 2017-06-21 19:51 ` Stephen Smalley
2017-06-22 16:25 ` Petr Lautrbach
0 siblings, 1 reply; 24+ messages in thread
From: Stephen Smalley @ 2017-06-21 19:51 UTC (permalink / raw)
To: Petr Lautrbach, selinux
On Wed, 2017-06-21 at 20:04 +0200, Petr Lautrbach wrote:
> https://www.gnu.org/prep/standards/html_node/DESTDIR.html
> DESTDIR should be supported only in the install* and uninstall*
> targets, as those are the only targets where it is useful.
If you run make with DESTDIR= set before and after this change, and
compare both the output of make and the resulting directories, you'll
see there are some unexpected differences (I noted the ones I saw
below, but there may be more).
Also, as I note below, this does not fully remove all usage of DESTDIR
outside of install targets (I think it is reasonable to use it in
relabel targets too, but we're still using it elsewhere).
Lastly, there was trailing whitespace.
>
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
> ---
> checkpolicy/Makefile | 20 +++++++--------
> checkpolicy/test/Makefile | 6 ++---
> gui/Makefile | 44 ++++++++++++++++----
> ------------
> libselinux/include/Makefile | 6 ++---
> libselinux/src/Makefile | 38 +++++++++++++---------
> -----
> libselinux/utils/Makefile | 6 ++---
> libsemanage/include/Makefile | 6 ++---
> libsemanage/src/Makefile | 32 +++++++++++-----------
> -
> libsemanage/tests/Makefile | 2 +-
> libsemanage/utils/Makefile | 6 ++---
> libsepol/include/Makefile | 14 +++++-----
> libsepol/src/Makefile | 20 +++++++--------
> libsepol/utils/Makefile | 6 ++---
> mcstrans/man/Makefile | 6 ++---
> mcstrans/src/Makefile | 22 ++++++++--------
> mcstrans/utils/Makefile | 8 +++---
> policycoreutils/hll/pp/Makefile | 6 ++---
> policycoreutils/load_policy/Makefile | 14 +++++-----
> policycoreutils/man/Makefile | 6 ++---
> policycoreutils/newrole/Makefile | 22 ++++++++--------
> policycoreutils/run_init/Makefile | 20 +++++++--------
> policycoreutils/scripts/Makefile | 12 ++++-----
> policycoreutils/secon/Makefile | 10 ++++----
> policycoreutils/semodule/Makefile | 14 +++++-----
> policycoreutils/sestatus/Makefile | 20 +++++++--------
> policycoreutils/setfiles/Makefile | 22 ++++++++--------
> policycoreutils/setsebool/Makefile | 16 ++++++------
> python/audit2allow/Makefile | 20 +++++++--------
> python/chcat/Makefile | 10 ++++----
> python/semanage/Makefile | 22 ++++++++--------
> python/sepolgen/src/sepolgen/Makefile | 6 ++---
> python/sepolgen/src/share/Makefile | 8 +++---
> python/sepolicy/Makefile | 18 ++++++-------
> restorecond/Makefile | 44 ++++++++++++++++----
> ------------
> sandbox/Makefile | 32 +++++++++++-----------
> -
> secilc/Makefile | 14 +++++-----
> semodule-utils/semodule_deps/Makefile | 12 ++++-----
> semodule-utils/semodule_expand/Makefile | 10 ++++----
> semodule-utils/semodule_link/Makefile | 12 ++++-----
> semodule-utils/semodule_package/Makefile | 14 +++++-----
> 40 files changed, 313 insertions(+), 313 deletions(-)
>
> diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile
> index 68e11f2a..e4f4fa19 100644
> --- a/checkpolicy/Makefile
> +++ b/checkpolicy/Makefile
> @@ -1,7 +1,7 @@
> #
> # Makefile for building the checkpolicy program
> #
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> MANDIR ?= $(PREFIX)/share/man
> LIBDIR ?= $(PREFIX)/lib
> @@ -26,9 +26,9 @@ GENERATED=lex.yy.c y.tab.c y.tab.h
> all: $(TARGETS)
> $(MAKE) -C test
>
> -checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
> +checkpolicy: $(CHECKPOLOBJS) $(DESTDIR)$(LIBSEPOLA)
Hmm...seems like we're still using DESTDIR for more than just install.
So either the patch or the patch description isn't quite right.
The original usage of make DESTDIR in selinux was to support building
and installing to a private directory, so we wanted it to affect more
than just install. If we truly make this transition to conform to the
GNU standards, then we still need a clean way of building and
installing to a private directory for local testing. The top-level
Makefile has a workaround currently of automatically defining CFLAGS
and LDFLAGS when DESTDIR is defined, but that has a side effect: it
suppresses any non-override CFLAGS and LDFLAGS definitions in the
Makefiles, so then we no longer get all of the warning options enabled
in such local builds like we used to do. All of this leaves me
wondering about whether we ought to just revert the earlier changes and
preserve our usage of DESTDIR, even if it doesn't correspond to GNU.
>
> -checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
> +checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)
>
> %.o: %.c
> $(CC) $(CFLAGS) -o $@ -c $<
> @@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
> $(LEX) policy_scan.l
>
> install: all
> - -mkdir -p $(BINDIR)
> - -mkdir -p $(MANDIR)/man8
> - install -m 755 $(TARGETS) $(BINDIR)
> - install -m 644 checkpolicy.8 $(MANDIR)/man8
> - install -m 644 checkmodule.8 $(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
> + install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
> + install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
>
> relabel: install
> - /sbin/restorecon $(BINDIR)/checkpolicy
> - /sbin/restorecon $(BINDIR)/checkmodule
> + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
> + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
>
> clean:
> -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c
> y.tab.h lex.yy.c
> diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
> index 59fa4460..c9a8d4c5 100644
> --- a/checkpolicy/test/Makefile
> +++ b/checkpolicy/test/Makefile
> @@ -1,7 +1,7 @@
> #
> # Makefile for building the dispol program
> #
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> LIBDIR ?= $(PREFIX)/lib
> INCLUDEDIR ?= $(PREFIX)/include
> @@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
>
> all: dispol dismod
>
> -dispol: dispol.o $(LIBSEPOLA)
> +dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)
>
> -dismod: dismod.o $(LIBSEPOLA)
> +dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)
Ditto
>
> clean:
> -rm -f dispol dismod *.o
> diff --git a/gui/Makefile b/gui/Makefile
> index 4fc2c1a1..52c3cab2 100644
> --- a/gui/Makefile
> +++ b/gui/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= ${DESTDIR}/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> SHAREDIR ?= $(PREFIX)/share/system-config-selinux
> DATADIR ?= $(PREFIX)/share
> @@ -24,29 +24,29 @@ usersPage.py
> all: $(TARGETS) system-config-selinux.py polgengui.py
>
> install: all
> - -mkdir -p $(MANDIR)/man8
> - -mkdir -p $(SHAREDIR)
> - -mkdir -p $(BINDIR)
> - -mkdir -p $(DATADIR)/pixmaps
> - -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
> - -mkdir -p $(DATADIR)/polkit-1/actions/
> - install -m 755 system-config-selinux.py $(SHAREDIR)
> - install -m 755 system-config-selinux $(BINDIR)
> - install -m 755 polgengui.py $(SHAREDIR)
> - install -m 644 $(TARGETS) $(SHAREDIR)
> - install -m 644 system-config-selinux.8 $(MANDIR)/man8
> - install -m 644 selinux-polgengui.8 $(MANDIR)/man8
> - install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
> - install -m 644 system-config-selinux.png
> $(DATADIR)/icons/hicolor/24x24/apps
> - install -m 644 system-config-selinux.png $(DATADIR)/system-
> config-selinux
> - install -m 644 *.desktop $(DATADIR)/system-config-selinux
This one seems to have been dropped accidentally rather than augmented
with $(DESTDIR).
> - -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
> - install -m 644 sepolicy_256.png
> $(DATADIR)/pixmaps/sepolicy.png
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(SHAREDIR)
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
> + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
> + -mkdir -p $(DESTDIR)$(SYSCONFDIR)
> + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
> + install -m 755 system-config-selinux.py
> $(DESTDIR)$(SHAREDIR)
> + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
> + install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
> + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
> + install -m 644 system-config-selinux.8
> $(DESTDIR)$(MANDIR)/man8
> + install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
> + install -m 644 system-config-selinux.png
> $(DESTDIR)$(DATADIR)/pixmaps
> + install -m 644 system-config-selinux.png
> $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
> + install -m 644 system-config-selinux.png
> $(DESTDIR)$(DATADIR)/system-config-selinux
> + -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
> + install -m 644 sepolicy_256.png
> $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
> for i in 16 22 32 48 256; do \
> - mkdir -p $(DESTDIR)
> $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
> - install -m 644 sepolicy_$${i}.png
> $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
> + mkdir -p
> $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
> + install -m 644 sepolicy_$${i}.png
> $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
> done
> - install -m 644 org.selinux.config.policy $(DATADIR)/polkit-
> 1/actions/
> + install -m 644 org.selinux.config.policy
> $(DESTDIR)$(DATADIR)/polkit-1/actions/
> clean:
>
> indent:
> diff --git a/libselinux/include/Makefile
> b/libselinux/include/Makefile
> index 757a6c9c..c1d3fa15 100644
> --- a/libselinux/include/Makefile
> +++ b/libselinux/include/Makefile
> @@ -1,12 +1,12 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCDIR ?= $(PREFIX)/include/selinux
>
> all:
>
> install: all
> - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
> - install -m 644 $(wildcard selinux/*.h) $(INCDIR)
> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
> $(DESTDIR)$(INCDIR)
> + install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR)
>
> relabel:
>
> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> index 4306dd0e..6d65b682 100644
> --- a/libselinux/src/Makefile
> +++ b/libselinux/src/Makefile
> @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
> PKG_CONFIG ?= pkg-config
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
> -SHLIBDIR ?= $(DESTDIR)/lib
> +SHLIBDIR ?= /lib
> INCLUDEDIR ?= $(PREFIX)/include
> PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
> PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
> -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
> print(site.getsitepackages()[0])')
> +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
> print(site.getsitepackages()[0])')
> PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
> imp.get_suffixes() if t == imp.C_EXTENSION][0])')
> RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
> RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
> RbConfig::CONFIG["rubyhdrdir"]')
> RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
> RbConfig::CONFIG["libdir"] + " -lruby"')
> -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
> RbConfig::CONFIG["vendorarchdir"]')
> +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
> RbConfig::CONFIG["vendorarchdir"]')
> LIBBASE ?= $(shell basename $(LIBDIR))
> LIBSEPOLA ?= $(LIBDIR)/libsepol.a
>
> @@ -156,7 +156,7 @@ selinuxswig_python_exception.i:
> ../include/selinux/selinux.h
> $(AUDIT2WHYLOBJ): audit2why.c
> $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC
> -DSHARED -c -o $@ $<
>
> -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
> +$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
> $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux
> $(PYLIBS)
Here again with using DESTDIR outside of install.
>
> %.o: %.c policy.h
> @@ -177,26 +177,26 @@ swigify: $(SWIGIF)
> $(SWIG) $<
>
> install: all
> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> - install -m 644 $(LIBA) $(LIBDIR)
> - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> - install -m 755 $(LIBSO) $(SHLIBDIR)
> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
> $(LIBDIR)/pkgconfig
> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
> $(DESTDIR)$(LIBDIR)
> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
> + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
> $(DESTDIR)$(SHLIBDIR)
> + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
> $(DESTDIR)$(LIBDIR)/pkgconfig
> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
> + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
> $(DESTDIR)$(LIBDIR)/$(TARGET)
>
> install-pywrap: pywrap
> - test -d $(PYSITEDIR)/selinux || install -m 755 -d
> $(PYSITEDIR)/selinux
> - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
> - install -m 755 $(AUDIT2WHYSO)
> $(PYSITEDIR)/selinux/audit2why$(PYCEXT)
> - install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py
> + test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d
> $(DESTDIR)$(PYSITEDIR)/selinux
> + install -m 755 $(SWIGSO)
> $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
> + install -m 755 $(AUDIT2WHYSO)
> $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
> + install -m 644 $(SWIGPYOUT)
> $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py
>
> install-rubywrap: rubywrap
> - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
> - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
> + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
> $(DESTDIR)$(RUBYINSTALL)
> + install -m 755 $(SWIGRUBYSO)
> $(DESTDIR)$(RUBYINSTALL)/selinux.so
>
> relabel:
> - /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
>
> clean-pywrap:
> -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
> diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
> index 843b0e7c..882a6787 100644
> --- a/libselinux/utils/Makefile
> +++ b/libselinux/utils/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
> SBINDIR ?= $(PREFIX)/sbin
> INCLUDEDIR ?= $(PREFIX)/include
> @@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o
> ../src/regex.o
> all: $(TARGETS)
>
> install: all
> - -mkdir -p $(SBINDIR)
> - install -m 755 $(TARGETS) $(SBINDIR)
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
>
> clean:
> rm -f $(TARGETS) *.o *~
> diff --git a/libsemanage/include/Makefile
> b/libsemanage/include/Makefile
> index b660660e..6e44a28a 100644
> --- a/libsemanage/include/Makefile
> +++ b/libsemanage/include/Makefile
> @@ -1,12 +1,12 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCDIR ?= $(PREFIX)/include/semanage
>
> all:
>
> install: all
> - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
> - install -m 644 $(wildcard semanage/*.h) $(INCDIR)
> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
> $(DESTDIR)$(INCDIR)
> + install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR)
>
> indent:
> ../../scripts/Lindent $(wildcard semanage/*.h)
> diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
> index f01385c5..8c0b4557 100644
> --- a/libsemanage/src/Makefile
> +++ b/libsemanage/src/Makefile
> @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
> PKG_CONFIG ?= pkg-config
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
> -SHLIBDIR ?= $(DESTDIR)/lib
> +SHLIBDIR ?= /lib
> INCLUDEDIR ?= $(PREFIX)/include
> PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
> PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
> -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
> print(site.getsitepackages()[0])')
> +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
> print(site.getsitepackages()[0])')
> PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
> imp.get_suffixes() if t == imp.C_EXTENSION][0])')
> RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
> RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
> RbConfig::CONFIG["rubyhdrdir"]')
> RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
> RbConfig::CONFIG["libdir"] + " -lruby"')
> -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
> RbConfig::CONFIG["vendorarchdir"]')
> +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
> RbConfig::CONFIG["vendorarchdir"]')
>
> LIBBASE=$(shell basename $(LIBDIR))
>
> @@ -136,26 +136,26 @@ swigify: $(SWIGIF)
> $(SWIG) $<
>
> install: all
> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> - install -m 644 $(LIBA) $(LIBDIR)
> - install -m 755 $(LIBSO) $(LIBDIR)
> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
> $(LIBDIR)/pkgconfig
> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
> $(DESTDIR)$(LIBDIR)
> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
> + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
> $(DESTDIR)$(LIBDIR)/pkgconfig
> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
> test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644
> -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
> - cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
> + cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
>
> install-pywrap: pywrap
> - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
> - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
> - install -m 644 semanage.py $(PYSITEDIR)
> + test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d
> $(DESTDIR)$(PYSITEDIR)
> + install -m 755 $(SWIGSO)
> $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
> + install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)
>
>
> install-rubywrap: rubywrap
> - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
> - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
> + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
> $(DESTDIR)$(RUBYINSTALL)
> + install -m 755 $(SWIGRUBYSO)
> $(DESTDIR)$(RUBYINSTALL)/semanage.so
>
> relabel:
> - /sbin/restorecon $(LIBDIR)/$(LIBSO)
> + /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
>
> clean:
> -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
> $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-
> parse.h conf-scan.c *.o *.lo *~
> diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
> index 2ef8d30d..8103cf8f 100644
> --- a/libsemanage/tests/Makefile
> +++ b/libsemanage/tests/Makefile
> @@ -1,4 +1,4 @@
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
>
> # Add your test source files here:
> diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile
> index 725f0eec..5b8fbb6b 100644
> --- a/libsemanage/utils/Makefile
> +++ b/libsemanage/utils/Makefile
> @@ -1,13 +1,13 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBEXECDIR ?= $(PREFIX)/libexec
> SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
>
> all:
>
> install: all
> - -mkdir -p $(SELINUXEXECDIR)
> - install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
> + -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
> + install -m 755 semanage_migrate_store
> $(DESTDIR)$(SELINUXEXECDIR)
>
> clean:
>
> diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
> index 56b7a114..49f817ce 100644
> --- a/libsepol/include/Makefile
> +++ b/libsepol/include/Makefile
> @@ -1,17 +1,17 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCDIR ?= $(PREFIX)/include/sepol
> CILDIR ?= ../cil
>
> all:
>
> install: all
> - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
> - test -d $(INCDIR)/policydb || install -m 755 -d
> $(INCDIR)/policydb
> - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
> - install -m 644 $(wildcard sepol/*.h) $(INCDIR)
> - install -m 644 $(wildcard sepol/policydb/*.h)
> $(INCDIR)/policydb
> - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
> $(INCDIR)/cil
> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
> $(DESTDIR)$(INCDIR)
> + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d
> $(DESTDIR)$(INCDIR)/policydb
> + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d
> $(DESTDIR)$(INCDIR)/cil
> + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
> + install -m 644 $(wildcard sepol/policydb/*.h)
> $(DESTDIR)$(INCDIR)/policydb
> + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
> $(DESTDIR)$(INCDIR)/cil
>
> indent:
> ../../scripts/Lindent $(wildcard sepol/*.h)
> diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
> index 819d261b..4c7e23fa 100644
> --- a/libsepol/src/Makefile
> +++ b/libsepol/src/Makefile
> @@ -1,8 +1,8 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> LIBDIR ?= $(PREFIX)/lib
> -SHLIBDIR ?= $(DESTDIR)/lib
> +SHLIBDIR ?= $(PREFIX)/lib
This yields a change in the default install location for libsepol.so.1
(/lib -> /usr/lib).
> RANLIB ?= ranlib
> LIBBASE ?= $(shell basename $(LIBDIR))
> CILDIR ?= ../cil
> @@ -80,16 +80,16 @@ endif
> $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
>
> install: all
> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> - install -m 644 $(LIBA) $(LIBDIR)
> - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> - install -m 755 $(LIBSO) $(SHLIBDIR)
> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
> $(LIBDIR)/pkgconfig
> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO)
> $(LIBDIR)/$(TARGET)
> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
> $(DESTDIR)$(LIBDIR)
> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
> + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
> $(DESTDIR)$(SHLIBDIR)
> + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
> $(DESTDIR)$(LIBDIR)/pkgconfig
> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
> + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
> $(DESTDIR)$(LIBDIR)/$(TARGET)
>
> relabel:
> - /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
>
> clean:
> -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
> $(TARGET) $(CIL_GENERATED)
> diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
> index fba1d8a0..31932c11 100644
> --- a/libsepol/utils/Makefile
> +++ b/libsepol/utils/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
>
> CFLAGS ?= -Wall -Werror
> @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
> all: $(TARGETS)
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 $(TARGETS) $(BINDIR)
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
>
> clean:
> -rm -f $(TARGETS) *.o
> diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
> index 8e971192..dbd87f49 100644
> --- a/mcstrans/man/Makefile
> +++ b/mcstrans/man/Makefile
> @@ -1,11 +1,11 @@
> # Installation directories.
> -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
> +MAN8DIR ?= /usr/share/man/man8
>
> all:
>
> install: all
> - mkdir -p $(MAN8DIR)
> - install -m 644 man8/*.8 $(MAN8DIR)
> + mkdir -p $(DESTDIR)$(MAN8DIR)
> + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
>
> clean:
> -rm -f *~ \#*
> diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
> index 709e1e02..be54e349 100644
> --- a/mcstrans/src/Makefile
> +++ b/mcstrans/src/Makefile
> @@ -1,9 +1,9 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
> -SBINDIR ?= $(DESTDIR)/sbin
> -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
> -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
> +SBINDIR ?= /sbin
> +INITDIR ?= /etc/rc.d/init.d
> +SYSTEMDDIR ?= /usr/lib/systemd
>
> PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
> PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
> @@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE
> -D_FILE_OFFSET_BITS=64
> all: $(PROG)
>
> $(PROG): $(PROG_OBJS)
> - $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre
> $(LIBDIR)/libsepol.a
> + $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre
> $(DESTDIR)$(LIBDIR)/libsepol.a
>
> %.o: %.c
> $(CC) $(CFLAGS) -fPIE -c -o $@ $<
>
> install: all
> - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
> - install -m 755 $(PROG) $(SBINDIR)
> - test -d $(INITDIR) || install -m 755 -d $(INITDIR)
> - install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
> - test -d $(SYSTEMDDIR)/system || install -m 755 -d
> $(SYSTEMDDIR)/system
> - install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
> + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
> $(DESTDIR)$(SBINDIR)
> + install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
> + test -d $(DESTDIR)$(INITDIR) || install -m 755 -d
> $(DESTDIR)$(INITDIR)
> + install -m 755 $(INITSCRIPT).init
> $(DESTDIR)$(INITDIR)/$(INITSCRIPT)
> + test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d
> $(DESTDIR)$(SYSTEMDDIR)/system
> + install -m 644 mcstrans.service
> $(DESTDIR)$(SYSTEMDDIR)/system/
>
> clean:
> -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~
> \#*
> diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
> index 4d3cbfcb..1364cece 100644
> --- a/mcstrans/utils/Makefile
> +++ b/mcstrans/utils/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
> SBINDIR ?= $(PREFIX)/sbin
> LIBSEPOLA ?= $(LIBDIR)/libsepol.a
> @@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
>
> all: $(TARGETS)
>
> -$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
> +$(TARGETS): ../src/mcstrans.o ../src/mls_level.o
> $(DESTDIR)$(LIBSEPOLA)
>
> install: all
> - -mkdir -p $(SBINDIR)
> - install -m 755 $(TARGETS) $(SBINDIR)
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
>
> test:
> ./mlstrans-test-runner.py ../test/*.test
> diff --git a/policycoreutils/hll/pp/Makefile
> b/policycoreutils/hll/pp/Makefile
> index 3401dcc9..ed70c449 100644
> --- a/policycoreutils/hll/pp/Makefile
> +++ b/policycoreutils/hll/pp/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> MANDIR = $(PREFIX)/share/man
> LIBDIR ?= $(PREFIX)/lib
> @@ -21,8 +21,8 @@ pp: $(PP_OBJS)
> $(CC) $(CFLAGS) -c -o $@ $^
>
> install: all
> - -mkdir -p $(HLLDIR)
> - install -m 755 pp $(HLLDIR)
> + -mkdir -p $(DESTDIR)$(HLLDIR)
> + install -m 755 pp $(DESTDIR)$(HLLDIR)
>
> relabel:
>
> diff --git a/policycoreutils/load_policy/Makefile
> b/policycoreutils/load_policy/Makefile
> index b85833c2..00f59aba 100644
> --- a/policycoreutils/load_policy/Makefile
> +++ b/policycoreutils/load_policy/Makefile
> @@ -1,6 +1,6 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> -SBINDIR ?= $(DESTDIR)/sbin
> +PREFIX ?= /usr
> +SBINDIR ?= /sbin
> MANDIR ?= $(PREFIX)/share/man
> LOCALEDIR ?= /usr/share/locale
>
> @@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
> all: $(TARGETS)
>
> install: all
> - -mkdir -p $(SBINDIR)
> - install -m 755 $(TARGETS) $(SBINDIR)
> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
> - install -m 644 load_policy.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man8
> + install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
>
> clean:
> -rm -f $(TARGETS) *.o
> @@ -25,4 +25,4 @@ indent:
> ../../scripts/Lindent $(wildcard *.[ch])
>
> relabel:
> - /sbin/restorecon $(SBINDIR)/load_policy
> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
> diff --git a/policycoreutils/man/Makefile
> b/policycoreutils/man/Makefile
> index 0d91cd46..ae3d27b6 100644
> --- a/policycoreutils/man/Makefile
> +++ b/policycoreutils/man/Makefile
> @@ -1,12 +1,12 @@
> # Installation directories.
> -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
> +MAN5DIR ?= /usr/share/man/man5
>
> all:
>
> clean:
>
> install: all
> - mkdir -p $(MAN5DIR)
> - install -m 644 man5/*.5 $(MAN5DIR)
> + mkdir -p $(DESTDIR)$(MAN5DIR)
> + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
>
> relabel:
> diff --git a/policycoreutils/newrole/Makefile
> b/policycoreutils/newrole/Makefile
> index 196af926..e687b6ab 100644
> --- a/policycoreutils/newrole/Makefile
> +++ b/policycoreutils/newrole/Makefile
> @@ -1,8 +1,8 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> MANDIR ?= $(PREFIX)/share/man
> -ETCDIR ?= $(DESTDIR)/etc
> +ETCDIR ?= /etc
> LOCALEDIR = /usr/share/locale
> PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
> @@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
> $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
>
> install: all
> - test -d $(BINDIR) || install -m 755 -d $(BINDIR)
> - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
> - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
> - install -m $(MODE) newrole $(BINDIR)
> - install -m 644 newrole.1 $(MANDIR)/man1/
> + test -d $(DESTDIR)$(BINDIR) || install -m 755 -d
> $(DESTDIR)$(BINDIR)
> + test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d
> $(DESTDIR)$(ETCDIR)/pam.d
> + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man1
> + install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
> + install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
> ifeq ($(PAMH), y)
> - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
> + test -d $(ETCDIR)/pam.d || install -m 755 -d
> $(DESTDIR)$(ETCDIR)/pam.d
Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too.
> ifeq ($(LSPP_PRIV),y)
> - install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
> + install -m 644 newrole-lspp.pamd
> $(DESTDIR)$(ETCDIR)/pam.d/newrole
> else
> - install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
> + install -m 644 newrole.pamd
> $(DESTDIR)$(ETCDIR)/pam.d/newrole
> endif
> endif
>
> @@ -82,4 +82,4 @@ indent:
> ../../scripts/Lindent $(wildcard *.[ch])
>
> relabel: install
> - /sbin/restorecon $(BINDIR)/newrole
> + /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
> diff --git a/policycoreutils/run_init/Makefile
> b/policycoreutils/run_init/Makefile
> index 921f0b07..8d8eb704 100644
> --- a/policycoreutils/run_init/Makefile
> +++ b/policycoreutils/run_init/Makefile
> @@ -1,9 +1,9 @@
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> SBINDIR ?= $(PREFIX)/sbin
> MANDIR ?= $(PREFIX)/share/man
> -ETCDIR ?= $(DESTDIR)/etc
> +ETCDIR ?= /etc
> LOCALEDIR ?= /usr/share/locale
> PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
> @@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
>
>
> install: all
> - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
> - install -m 755 run_init $(SBINDIR)
> - install -m 755 open_init_pty $(SBINDIR)
> - install -m 644 run_init.8 $(MANDIR)/man8/
> - install -m 644 open_init_pty.8 $(MANDIR)/man8/
> + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
> $(DESTDIR)$(SBINDIR)
> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man8
> + install -m 755 run_init $(DESTDIR)$(SBINDIR)
> + install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
> + install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
> + install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
> ifeq ($(PAMH), y)
> - install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
> + install -m 644 run_init.pamd
> $(DESTDIR)$(ETCDIR)/pam.d/run_init
> endif
>
> clean:
> @@ -49,4 +49,4 @@ indent:
> ../../scripts/Lindent $(wildcard *.[ch])
>
> relabel: install
> - /sbin/restorecon $(SBINDIR)/run_init
> $(SBINDIR)/open_init_pty
> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init
> $(DESTDIR)$(SBINDIR)/open_init_pty
> diff --git a/policycoreutils/scripts/Makefile
> b/policycoreutils/scripts/Makefile
> index d9e86ffe..a988144b 100644
> --- a/policycoreutils/scripts/Makefile
> +++ b/policycoreutils/scripts/Makefile
> @@ -1,6 +1,6 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> -SBINDIR ?= $(DESTDIR)/sbin
> +PREFIX ?= /usr
> +SBINDIR ?= /sbin
> MANDIR ?= $(PREFIX)/share/man
> LOCALEDIR ?= $(PREFIX)/share/locale
>
> @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
> all: fixfiles
>
> install: all
> - -mkdir -p $(SBINDIR)
> - install -m 755 fixfiles $(SBINDIR)
> - -mkdir -p $(MANDIR)/man8
> - install -m 644 fixfiles.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
>
> clean:
>
> diff --git a/policycoreutils/secon/Makefile
> b/policycoreutils/secon/Makefile
> index 8e491d74..c03f0d7d 100644
> --- a/policycoreutils/secon/Makefile
> +++ b/policycoreutils/secon/Makefile
> @@ -1,5 +1,5 @@
> # secon tool - command-line context
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> BINDIR ?= $(PREFIX)/bin
> MANDIR ?= $(PREFIX)/share/man
> @@ -18,13 +18,13 @@ secon: secon.o
> install-nogui: install
>
> install: all
> - install -m 755 secon $(BINDIR);
> + install -m 755 secon $(DESTDIR)$(BINDIR);
>
> - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
> - install -m 644 secon.1 $(MANDIR)/man1
> + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man1
> + install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
>
> relabel:
> - /sbin/restorecon $(BINDIR)/secon
> + /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
>
> clean:
> rm -f *.o core* secon *~ *.bak
> diff --git a/policycoreutils/semodule/Makefile
> b/policycoreutils/semodule/Makefile
> index fffb43ac..7c257bf5 100644
> --- a/policycoreutils/semodule/Makefile
> +++ b/policycoreutils/semodule/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> SBINDIR ?= $(PREFIX)/sbin
> MANDIR = $(PREFIX)/share/man
> @@ -17,12 +17,12 @@ genhomedircon:
> ln -sf semodule genhomedircon
>
> install: all
> - -mkdir -p $(SBINDIR)
> - install -m 755 semodule $(SBINDIR)
> - (cd $(SBINDIR); ln -sf semodule genhomedircon)
> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
> - install -m 644 semodule.8 $(MANDIR)/man8/
> - install -m 644 genhomedircon.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 semodule $(DESTDIR)$(SBINDIR)
> + (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man8
> + install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
> + install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
>
> relabel:
>
> diff --git a/policycoreutils/sestatus/Makefile
> b/policycoreutils/sestatus/Makefile
> index 41ca6832..130b764b 100644
> --- a/policycoreutils/sestatus/Makefile
> +++ b/policycoreutils/sestatus/Makefile
> @@ -1,8 +1,8 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> SBINDIR ?= $(PREFIX)/sbin
> MANDIR = $(PREFIX)/share/man
> -ETCDIR ?= $(DESTDIR)/etc
> +ETCDIR ?= /etc
> LIBDIR ?= $(PREFIX)/lib
>
> CFLAGS ?= -Werror -Wall -W
> @@ -14,14 +14,14 @@ all: sestatus
> sestatus: sestatus.o
>
> install: all
> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> - [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
> - -mkdir -p $(SBINDIR)
> - install -m 755 sestatus $(SBINDIR)
> - install -m 644 sestatus.8 $(MANDIR)/man8
> - install -m 644 sestatus.conf.5 $(MANDIR)/man5
> - -mkdir -p $(ETCDIR)
> - install -m 644 sestatus.conf $(ETCDIR)
> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> $(DESTDIR)$(MANDIR)/man8
> + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p
> $(DESTDIR)$(MANDIR)/man5
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 sestatus $(DESTDIR)$(SBINDIR)
> + install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
> + install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
> + -mkdir -p $(DESTDIR)$(ETCDIR)
> + install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
>
> clean:
> rm -f sestatus *.o
> diff --git a/policycoreutils/setfiles/Makefile
> b/policycoreutils/setfiles/Makefile
> index c08e2dd1..4e56698f 100644
> --- a/policycoreutils/setfiles/Makefile
> +++ b/policycoreutils/setfiles/Makefile
> @@ -1,6 +1,6 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> -SBINDIR ?= $(DESTDIR)/sbin
> +PREFIX ?= /usr
> +SBINDIR ?= /sbin
> MANDIR = $(PREFIX)/share/man
> LIBDIR ?= $(PREFIX)/lib
> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
> @@ -29,14 +29,14 @@ man:
> @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g"
> setfiles.8.man
>
> install: all
> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> - -mkdir -p $(SBINDIR)
> - install -m 755 setfiles $(SBINDIR)
> - (cd $(SBINDIR) && ln -sf setfiles restorecon)
> - install -m 755 restorecon_xattr $(SBINDIR)
> - install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
> - install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
> - install -m 644 restorecon_xattr.8
> $(MANDIR)/man8/restorecon_xattr.8
> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> $(DESTDIR)$(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 setfiles $(DESTDIR)$(SBINDIR)
> + (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
> + install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
> + install -m 644 setfiles.8.man
> $(DESTDIR)$(MANDIR)/man8/setfiles.8
> + install -m 644 restorecon.8
> $(DESTDIR)$(MANDIR)/man8/restorecon.8
> + install -m 644 restorecon_xattr.8
> $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
>
> clean:
> rm -f setfiles restorecon restorecon_xattr *.o
> setfiles.8.man
> @@ -45,4 +45,4 @@ indent:
> ../../scripts/Lindent $(wildcard *.[ch])
>
> relabel: install
> - $(SBINDIR)/restorecon $(SBINDIR)/setfiles
> $(SBINDIR)/restorecon_xattr
> + $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles
> $(DESTDIR)$(SBINDIR)/restorecon_xattr
> diff --git a/policycoreutils/setsebool/Makefile
> b/policycoreutils/setsebool/Makefile
> index bc254dab..f3379be9 100644
> --- a/policycoreutils/setsebool/Makefile
> +++ b/policycoreutils/setsebool/Makefile
> @@ -1,10 +1,10 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> SBINDIR ?= $(PREFIX)/sbin
> MANDIR = $(PREFIX)/share/man
> LIBDIR ?= $(PREFIX)/lib
> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
> completion/completions
> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
>
> CFLAGS ?= -Werror -Wall -W
> override LDLIBS += -lsepol -lselinux -lsemanage
> @@ -17,12 +17,12 @@ all: setsebool
> setsebool: $(SETSEBOOL_OBJS)
>
> install: all
> - -mkdir -p $(SBINDIR)
> - install -m 755 setsebool $(SBINDIR)
> - -mkdir -p $(MANDIR)/man8
> - install -m 644 setsebool.8 $(MANDIR)/man8/
> - -mkdir -p $(BASHCOMPLETIONDIR)
> - install -m 644 $(BASHCOMPLETIONS)
> $(BASHCOMPLETIONDIR)/setsebool
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 setsebool $(DESTDIR)$(SBINDIR)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
> + install -m 644 $(BASHCOMPLETIONS)
> $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
>
> relabel:
>
> diff --git a/python/audit2allow/Makefile
> b/python/audit2allow/Makefile
> index 8db8075f..02526fa7 100644
> --- a/python/audit2allow/Makefile
> +++ b/python/audit2allow/Makefile
> @@ -1,7 +1,7 @@
> PYTHON ?= python
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> LIBDIR ?= $(PREFIX)/lib
> MANDIR ?= $(PREFIX)/share/man
> @@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W
>
> all: audit2why sepolgen-ifgen-attr-helper
>
> -sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
> $(LIBSEPOLA)
> +sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
> $(DESTDIR)$(LIBSEPOLA)
>
> audit2why:
> ln -sf audit2allow audit2why
> @@ -22,14 +22,14 @@ test: all
> @$(PYTHON) test_audit2allow.py -v
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 audit2allow $(BINDIR)
> - (cd $(BINDIR); ln -sf audit2allow audit2why)
> - install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
> - install -m 755 sepolgen-ifgen $(BINDIR)
> - -mkdir -p $(MANDIR)/man1
> - install -m 644 audit2allow.1 $(MANDIR)/man1/
> - install -m 644 audit2why.1 $(MANDIR)/man1/
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 audit2allow $(DESTDIR)$(BINDIR)
> + (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
> + install -m 755 sepolgen-ifgen-attr-helper
> $(DESTDIR)$(BINDIR)
> + install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man1
> + install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
> + install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
>
> clean:
> rm -f *~ *.o sepolgen-ifgen-attr-helper
> diff --git a/python/chcat/Makefile b/python/chcat/Makefile
> index 0fd12d6d..890033e2 100644
> --- a/python/chcat/Makefile
> +++ b/python/chcat/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> MANDIR ?= $(PREFIX)/share/man
> LOCALEDIR ?= $(PREFIX)/share/locale
> @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
> all: chcat
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 chcat $(BINDIR)
> - -mkdir -p $(MANDIR)/man8
> - install -m 644 chcat.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 chcat $(DESTDIR)$(BINDIR)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
>
> clean:
>
> diff --git a/python/semanage/Makefile b/python/semanage/Makefile
> index 60c36a3a..bd02e9e9 100644
> --- a/python/semanage/Makefile
> +++ b/python/semanage/Makefile
> @@ -1,29 +1,29 @@
> PYTHON ?= python
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
> SBINDIR ?= $(PREFIX)/sbin
> MANDIR = $(PREFIX)/share/man
> PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" %
> sys.version_info[0:2])')
> PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
> completion/completions
> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
>
> TARGETS=semanage
>
> -BASHCOMPLETIONS=semanage-bash-completion.sh
> +BASHCOMPLETIONS=semanage-bash-completion.sh
>
> all: $(TARGETS)
>
> install: all
> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> - -mkdir -p $(SBINDIR)
> - install -m 755 semanage $(SBINDIR)
> - install -m 644 *.8 $(MANDIR)/man8
> - test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d
> $(PYTHONLIBDIR)/site-packages
> - install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
> - -mkdir -p $(BASHCOMPLETIONDIR)
> - install -m 644 $(BASHCOMPLETIONS)
> $(BASHCOMPLETIONDIR)/semanage
> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> $(DESTDIR)$(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 semanage $(DESTDIR)$(SBINDIR)
> + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
> + test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install
> -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
> + install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site-
> packages
> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
> + install -m 644 $(BASHCOMPLETIONS)
> $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
>
> test:
> @$(PYTHON) test-semanage.py -a
> diff --git a/python/sepolgen/src/sepolgen/Makefile
> b/python/sepolgen/src/sepolgen/Makefile
> index d3aa7715..12ef0827 100644
> --- a/python/sepolgen/src/sepolgen/Makefile
> +++ b/python/sepolgen/src/sepolgen/Makefile
> @@ -1,12 +1,12 @@
> PYTHON ?= python
> PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig
> import *; print(get_python_lib(1))")
> -PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
> +PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen
>
> all:
>
> install: all
> - -mkdir -p $(PACKAGEDIR)
> - install -m 644 *.py $(PACKAGEDIR)
> + -mkdir -p $(DESTDIR)$(PACKAGEDIR)
> + install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
>
> clean:
> rm -f parser.out parsetab.py
> diff --git a/python/sepolgen/src/share/Makefile
> b/python/sepolgen/src/share/Makefile
> index abf5e451..1a7133cb 100644
> --- a/python/sepolgen/src/share/Makefile
> +++ b/python/sepolgen/src/share/Makefile
> @@ -1,10 +1,10 @@
> -SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
> +SHAREDIR ?= /var/lib/sepolgen
>
> all:
>
> install: all
> - -mkdir -p $(SHAREDIR)
> - install -m 644 perm_map $(SHAREDIR)
> + -mkdir -p $(DESTDIR)$(SHAREDIR)
> + install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
>
> clean:
> - rm -f *~
> \ No newline at end of file
> + rm -f *~
> diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
> index 5a56e6c8..c75dce73 100644
> --- a/python/sepolicy/Makefile
> +++ b/python/sepolicy/Makefile
> @@ -1,13 +1,13 @@
> PYTHON ?= python
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> LIBDIR ?= $(PREFIX)/lib
> BINDIR ?= $(PREFIX)/bin
> DATADIR ?= $(PREFIX)/share
> MANDIR ?= $(PREFIX)/share/man
> LOCALEDIR ?= /usr/share/locale
> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
> completion/completions
> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
> SHAREDIR ?= $(PREFIX)/share/sandbox
> CFLAGS ?= -Wall -Werror -Wextra -W
> override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
> @@ -31,12 +31,12 @@ test:
>
> install:
> $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --
> root $(DESTDIR)`
> - [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
> - install -m 755 sepolicy.py $(BINDIR)/sepolicy
> - (cd $(BINDIR); ln -sf sepolicy sepolgen)
> - -mkdir -p $(MANDIR)/man8
> - install -m 644 *.8 $(MANDIR)/man8
> - -mkdir -p $(BASHCOMPLETIONDIR)
> - install -m 644 $(BASHCOMPLETIONS)
> $(BASHCOMPLETIONDIR)/sepolicy
> + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
> + (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
> + install -m 644 $(BASHCOMPLETIONS)
> $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
>
> relabel:
> diff --git a/restorecond/Makefile b/restorecond/Makefile
> index ada94aeb..a9a57b48 100644
> --- a/restorecond/Makefile
> +++ b/restorecond/Makefile
> @@ -1,17 +1,17 @@
> PKG_CONFIG ?= pkg-config
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> SBINDIR ?= $(PREFIX)/sbin
> LIBDIR ?= $(PREFIX)/lib
> MANDIR = $(PREFIX)/share/man
> -AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
> -DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
> -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
> +AUTOSTARTDIR = /etc/xdg/autostart
> +DBUSSERVICEDIR = /usr/share/dbus-1/services
> +SYSTEMDDIR ?= /usr/lib/systemd
>
> autostart_DATA = sealertauto.desktop
> -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
> -SELINUXDIR = $(DESTDIR)/etc/selinux
> +INITDIR ?= /etc/rc.d/init.d
> +SELINUXDIR = /etc/selinux
>
> DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1)
> DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
> @@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o
> utmpwatcher.o stringslist.o user.o watch.o
> $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
>
> install: all
> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> - -mkdir -p $(SBINDIR)
> - install -m 755 restorecond $(SBINDIR)
> - install -m 644 restorecond.8 $(MANDIR)/man8
> - -mkdir -p $(INITDIR)
> - install -m 755 restorecond.init $(INITDIR)/restorecond
> - -mkdir -p $(SELINUXDIR)
> - install -m 644 restorecond.conf
> $(SELINUXDIR)/restorecond.conf
> - install -m 644 restorecond_user.conf
> $(SELINUXDIR)/restorecond_user.conf
> - -mkdir -p $(AUTOSTARTDIR)
> - install -m 644 restorecond.desktop
> $(AUTOSTARTDIR)/restorecond.desktop
> - -mkdir -p $(DBUSSERVICEDIR)
> - install -m 600
> org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restor
> econd.service
> - -mkdir -p $(SYSTEMDDIR)/system
> - install -m 644 restorecond.service $(SYSTEMDDIR)/system/
> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> $(DESTDIR)$(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 755 restorecond $(DESTDIR)$(SBINDIR)
> + install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(INITDIR)
> + install -m 755 restorecond.init
> $(DESTDIR)$(INITDIR)/restorecond
> + -mkdir -p $(DESTDIR)$(SELINUXDIR)
> + install -m 644 restorecond.conf
> $(DESTDIR)$(SELINUXDIR)/restorecond.conf
> + install -m 644 restorecond_user.conf
> $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
> + -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
> + install -m 644 restorecond.desktop
> $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
> + -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
> + install -m 600
> org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.seli
> nux.Restorecond.service
> + -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
> + install -m 644 restorecond.service
> $(DESTDIR)$(SYSTEMDDIR)/system/
> relabel: install
> - /sbin/restorecon $(SBINDIR)/restorecond
> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
>
> clean:
> -rm -f restorecond *.o *~
> diff --git a/sandbox/Makefile b/sandbox/Makefile
> index 05c3d658..9c78041c 100644
> --- a/sandbox/Makefile
> +++ b/sandbox/Makefile
> @@ -1,8 +1,8 @@
> PYTHON ?= python
>
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> -SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
> +PREFIX ?= /usr
> +SYSCONFDIR ?= /etc/sysconfig
> LIBDIR ?= $(PREFIX)/lib
> BINDIR ?= $(PREFIX)/bin
> SBINDIR ?= $(PREFIX)/sbin
> @@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
> seunshare: $(SEUNSHARE_OBJS)
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 sandbox $(BINDIR)
> - -mkdir -p $(MANDIR)/man8
> - install -m 644 sandbox.8 $(MANDIR)/man8/
> - install -m 644 seunshare.8 $(MANDIR)/man8/
> - -mkdir -p $(MANDIR)/man5
> - install -m 644 sandbox.5 $(MANDIR)/man5/
> - -mkdir -p $(SBINDIR)
> - install -m 4755 seunshare $(SBINDIR)/
> - -mkdir -p $(SHAREDIR)
> - install -m 755 sandboxX.sh $(SHAREDIR)
> - install -m 755 start $(SHAREDIR)
> - -mkdir -p $(SYSCONFDIR)
> - install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 sandbox $(DESTDIR)$(BINDIR)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
> + install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(MANDIR)/man5
> + install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
> + -mkdir -p $(DESTDIR)$(SBINDIR)
> + install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
> + -mkdir -p $(DESTDIR)$(SHAREDIR)
> + install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
> + install -m 755 start $(DESTDIR)$(SHAREDIR)
> + -mkdir -p $(DESTDIR)$(SYSCONFDIR)
> + install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
>
> test:
> @$(PYTHON) test_sandbox.py -v
> diff --git a/secilc/Makefile b/secilc/Makefile
> index 1cac53e4..597b4a27 100644
> --- a/secilc/Makefile
> +++ b/secilc/Makefile
> @@ -1,4 +1,4 @@
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> BINDIR ?= $(PREFIX)/bin
> MANDIR ?= $(PREFIX)/share/man
> LIBDIR ?= $(PREFIX)/lib
> @@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
> $(XMLTO) man $(SECIL2CONF_MANPAGE).xml
>
> install: all man
> - -mkdir -p $(BINDIR)
> - -mkdir -p $(MANDIR)/man8
> - install -m 755 $(SECILC) $(BINDIR)
> - install -m 755 $(SECIL2CONF) $(BINDIR)
> - install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
> - install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> + install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
> + install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
> + install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
> + install -m 644 $(SECIL2CONF_MANPAGE)
> $(DESTDIR)$(MANDIR)/man8
>
> doc:
> $(MAKE) -C docs
> diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-
> utils/semodule_deps/Makefile
> index 328a5030..7b106781 100644
> --- a/semodule-utils/semodule_deps/Makefile
> +++ b/semodule-utils/semodule_deps/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> BINDIR ?= $(PREFIX)/bin
> LIBDIR ?= $(PREFIX)/lib
> @@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W
>
> all: semodule_deps
>
> -semodule_deps: semodule_deps.o $(LIBSEPOLA)
> +semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA)
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 semodule_deps $(BINDIR)
> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
> - install -m 644 semodule_deps.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man8
> + install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/
>
> relabel:
>
> diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-
> utils/semodule_expand/Makefile
> index 072f2137..58d2d3cb 100644
> --- a/semodule-utils/semodule_expand/Makefile
> +++ b/semodule-utils/semodule_expand/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> BINDIR ?= $(PREFIX)/bin
> LIBDIR ?= $(PREFIX)/lib
> @@ -13,10 +13,10 @@ all: semodule_expand
> semodule_expand: semodule_expand.o
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 semodule_expand $(BINDIR)
> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
> - install -m 644 semodule_expand.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man8
> + install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/
>
> relabel:
>
> diff --git a/semodule-utils/semodule_link/Makefile b/semodule-
> utils/semodule_link/Makefile
> index cc4687bd..178bea30 100644
> --- a/semodule-utils/semodule_link/Makefile
> +++ b/semodule-utils/semodule_link/Makefile
> @@ -1,6 +1,6 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> -INCLUDEDIR ?= $(PREFIX)/include
> +PREFIX ?= /usr
> +INCLUDEDIR ?= /include
> BINDIR ?= $(PREFIX)/bin
> MANDIR ?= $(PREFIX)/share/man
> LIBDIR ?= $(PREFIX)/lib
> @@ -13,10 +13,10 @@ all: semodule_link
> semodule_link: semodule_link.o
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 semodule_link $(BINDIR)
> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
> - install -m 644 semodule_link.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 semodule_link $(DESTDIR)$(BINDIR)
> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> $(PREFIX)$(MANDIR)/man8
Missing $(DESTDIR) in the final install location above.
> + install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
>
> relabel:
>
> diff --git a/semodule-utils/semodule_package/Makefile b/semodule-
> utils/semodule_package/Makefile
> index 96dd7c4f..37bd0d4b 100644
> --- a/semodule-utils/semodule_package/Makefile
> +++ b/semodule-utils/semodule_package/Makefile
> @@ -1,5 +1,5 @@
> # Installation directories.
> -PREFIX ?= $(DESTDIR)/usr
> +PREFIX ?= /usr
> INCLUDEDIR ?= $(PREFIX)/include
> BINDIR ?= $(PREFIX)/bin
> LIBDIR ?= $(PREFIX)/lib
> @@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
> semodule_package: semodule_package.o
>
> install: all
> - -mkdir -p $(BINDIR)
> - install -m 755 semodule_package $(BINDIR)
> - install -m 755 semodule_unpackage $(BINDIR)
> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
> - install -m 644 semodule_package.8 $(MANDIR)/man8/
> - install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
> + -mkdir -p $(DESTDIR)$(BINDIR)
> + install -m 755 semodule_package $(DESTDIR)$(BINDIR)
> + install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> $(DESTDIR)$(MANDIR)/man8
> + install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
> + install -m 644 semodule_unpackage.8
> $(DESTDIR)$(MANDIR)/man8/
>
> relabel:
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] Use DESTDIR only in install targets
2017-06-21 19:51 ` Stephen Smalley
@ 2017-06-22 16:25 ` Petr Lautrbach
2017-06-22 16:45 ` Stephen Smalley
0 siblings, 1 reply; 24+ messages in thread
From: Petr Lautrbach @ 2017-06-22 16:25 UTC (permalink / raw)
To: Stephen Smalley, selinux
On 06/21/2017 09:51 PM, Stephen Smalley wrote:
> Hmm...seems like we're still using DESTDIR for more than just install.
> So either the patch or the patch description isn't quite right.
> The original usage of make DESTDIR in selinux was to support building
> and installing to a private directory, so we wanted it to affect more
> than just install. If we truly make this transition to conform to the
> GNU standards, then we still need a clean way of building and
> installing to a private directory for local testing. The top-level
> Makefile has a workaround currently of automatically defining CFLAGS
> and LDFLAGS when DESTDIR is defined, but that has a side effect: it
> suppresses any non-override CFLAGS and LDFLAGS definitions in the
> Makefiles, so then we no longer get all of the warning options enabled
> in such local builds like we used to do. All of this leaves me
> wondering about whether we ought to just revert the earlier changes and
> preserve our usage of DESTDIR, even if it doesn't correspond to GNU.
PREFIX could be used for the case you described and DESTDIR would be
used just for installing to a different root directory.
The difference could be seen in .pc files:
$ make DESTDIR=/selinux-DESTDIR
LIBSEPOLA=/selinux-DESTDIR/usr/lib/libsepol.a install install-pywrap
install-rubywrap
$ head -n 2 /selinux-DESTDIR/usr/lib/pkgconfig/libsepol.pc
prefix=//usr
exec_prefix=${prefix}
vs
$ make PREFIX=/selinux-PREFIX install install-pywrap install-rubywrap
$ head -n 2 /selinux-PREFIX/usr/lib/pkgconfig/libsepol.pc
prefix=/selinux-PREFIX/usr
exec_prefix=${prefix}
I've got two work-in-progress patches for that:
https://github.com/bachradsusi/SELinuxProject-selinux/commit/03d7e6a3802aa5376fe6162f6e7f9a6314f2b028
https://github.com/bachradsusi/SELinuxProject-selinux/commit/ddf070fa82a4331b8fe2d82f61929c1120a12630
They need more testing and some enhancements but for the first look they
seem to work. At least structure of directories seem to be same.
>>
>> -checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
>> +checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)
>>
>> %.o: %.c
>> $(CC) $(CFLAGS) -o $@ -c $<
>> @@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
>> $(LEX) policy_scan.l
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - -mkdir -p $(MANDIR)/man8
>> - install -m 755 $(TARGETS) $(BINDIR)
>> - install -m 644 checkpolicy.8 $(MANDIR)/man8
>> - install -m 644 checkmodule.8 $(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
>> + install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
>>
>> relabel: install
>> - /sbin/restorecon $(BINDIR)/checkpolicy
>> - /sbin/restorecon $(BINDIR)/checkmodule
>> + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
>> + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
>>
>> clean:
>> -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c
>> y.tab.h lex.yy.c
>> diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
>> index 59fa4460..c9a8d4c5 100644
>> --- a/checkpolicy/test/Makefile
>> +++ b/checkpolicy/test/Makefile
>> @@ -1,7 +1,7 @@
>> #
>> # Makefile for building the dispol program
>> #
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> BINDIR ?= $(PREFIX)/bin
>> LIBDIR ?= $(PREFIX)/lib
>> INCLUDEDIR ?= $(PREFIX)/include
>> @@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
>>
>> all: dispol dismod
>>
>> -dispol: dispol.o $(LIBSEPOLA)
>> +dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)
>>
>> -dismod: dismod.o $(LIBSEPOLA)
>> +dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)
>
> Ditto
>
>>
>> clean:
>> -rm -f dispol dismod *.o
>> diff --git a/gui/Makefile b/gui/Makefile
>> index 4fc2c1a1..52c3cab2 100644
>> --- a/gui/Makefile
>> +++ b/gui/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= ${DESTDIR}/usr
>> +PREFIX ?= /usr
>> BINDIR ?= $(PREFIX)/bin
>> SHAREDIR ?= $(PREFIX)/share/system-config-selinux
>> DATADIR ?= $(PREFIX)/share
>> @@ -24,29 +24,29 @@ usersPage.py
>> all: $(TARGETS) system-config-selinux.py polgengui.py
>>
>> install: all
>> - -mkdir -p $(MANDIR)/man8
>> - -mkdir -p $(SHAREDIR)
>> - -mkdir -p $(BINDIR)
>> - -mkdir -p $(DATADIR)/pixmaps
>> - -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
>> - -mkdir -p $(DATADIR)/polkit-1/actions/
>> - install -m 755 system-config-selinux.py $(SHAREDIR)
>> - install -m 755 system-config-selinux $(BINDIR)
>> - install -m 755 polgengui.py $(SHAREDIR)
>> - install -m 644 $(TARGETS) $(SHAREDIR)
>> - install -m 644 system-config-selinux.8 $(MANDIR)/man8
>> - install -m 644 selinux-polgengui.8 $(MANDIR)/man8
>> - install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
>> - install -m 644 system-config-selinux.png
>> $(DATADIR)/icons/hicolor/24x24/apps
>> - install -m 644 system-config-selinux.png $(DATADIR)/system-
>> config-selinux
>> - install -m 644 *.desktop $(DATADIR)/system-config-selinux
>
> This one seems to have been dropped accidentally rather than augmented
> with $(DESTDIR).
>
>> - -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
>> - install -m 644 sepolicy_256.png
>> $(DATADIR)/pixmaps/sepolicy.png
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(SHAREDIR)
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
>> + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
>> + -mkdir -p $(DESTDIR)$(SYSCONFDIR)
>> + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
>> + install -m 755 system-config-selinux.py
>> $(DESTDIR)$(SHAREDIR)
>> + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
>> + install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
>> + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
>> + install -m 644 system-config-selinux.8
>> $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 system-config-selinux.png
>> $(DESTDIR)$(DATADIR)/pixmaps
>> + install -m 644 system-config-selinux.png
>> $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
>> + install -m 644 system-config-selinux.png
>> $(DESTDIR)$(DATADIR)/system-config-selinux
>> + -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
>> + install -m 644 sepolicy_256.png
>> $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
>> for i in 16 22 32 48 256; do \
>> - mkdir -p $(DESTDIR)
>> $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
>> - install -m 644 sepolicy_$${i}.png
>> $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
>> + mkdir -p
>> $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
>> + install -m 644 sepolicy_$${i}.png
>> $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
>> done
>> - install -m 644 org.selinux.config.policy $(DATADIR)/polkit-
>> 1/actions/
>> + install -m 644 org.selinux.config.policy
>> $(DESTDIR)$(DATADIR)/polkit-1/actions/
>> clean:
>>
>> indent:
>> diff --git a/libselinux/include/Makefile
>> b/libselinux/include/Makefile
>> index 757a6c9c..c1d3fa15 100644
>> --- a/libselinux/include/Makefile
>> +++ b/libselinux/include/Makefile
>> @@ -1,12 +1,12 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCDIR ?= $(PREFIX)/include/selinux
>>
>> all:
>>
>> install: all
>> - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>> - install -m 644 $(wildcard selinux/*.h) $(INCDIR)
>> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
>> $(DESTDIR)$(INCDIR)
>> + install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR)
>>
>> relabel:
>>
>> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
>> index 4306dd0e..6d65b682 100644
>> --- a/libselinux/src/Makefile
>> +++ b/libselinux/src/Makefile
>> @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
>> PKG_CONFIG ?= pkg-config
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>> -SHLIBDIR ?= $(DESTDIR)/lib
>> +SHLIBDIR ?= /lib
>> INCLUDEDIR ?= $(PREFIX)/include
>> PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
>> PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
>> -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
>> print(site.getsitepackages()[0])')
>> +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
>> print(site.getsitepackages()[0])')
>> PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
>> imp.get_suffixes() if t == imp.C_EXTENSION][0])')
>> RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
>> RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
>> RbConfig::CONFIG["rubyhdrdir"]')
>> RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
>> RbConfig::CONFIG["libdir"] + " -lruby"')
>> -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
>> RbConfig::CONFIG["vendorarchdir"]')
>> +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
>> RbConfig::CONFIG["vendorarchdir"]')
>> LIBBASE ?= $(shell basename $(LIBDIR))
>> LIBSEPOLA ?= $(LIBDIR)/libsepol.a
>>
>> @@ -156,7 +156,7 @@ selinuxswig_python_exception.i:
>> ../include/selinux/selinux.h
>> $(AUDIT2WHYLOBJ): audit2why.c
>> $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC
>> -DSHARED -c -o $@ $<
>>
>> -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
>> +$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
>> $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux
>> $(PYLIBS)
>
> Here again with using DESTDIR outside of install.
>
>>
>> %.o: %.c policy.h
>> @@ -177,26 +177,26 @@ swigify: $(SWIGIF)
>> $(SWIG) $<
>>
>> install: all
>> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
>> - install -m 644 $(LIBA) $(LIBDIR)
>> - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
>> - install -m 755 $(LIBSO) $(SHLIBDIR)
>> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
>> $(LIBDIR)/pkgconfig
>> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
>> - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
>> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
>> $(DESTDIR)$(LIBDIR)
>> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
>> + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
>> $(DESTDIR)$(SHLIBDIR)
>> + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
>> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
>> $(DESTDIR)$(LIBDIR)/pkgconfig
>> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
>> + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
>> $(DESTDIR)$(LIBDIR)/$(TARGET)
>>
>> install-pywrap: pywrap
>> - test -d $(PYSITEDIR)/selinux || install -m 755 -d
>> $(PYSITEDIR)/selinux
>> - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
>> - install -m 755 $(AUDIT2WHYSO)
>> $(PYSITEDIR)/selinux/audit2why$(PYCEXT)
>> - install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py
>> + test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d
>> $(DESTDIR)$(PYSITEDIR)/selinux
>> + install -m 755 $(SWIGSO)
>> $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
>> + install -m 755 $(AUDIT2WHYSO)
>> $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
>> + install -m 644 $(SWIGPYOUT)
>> $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py
>>
>> install-rubywrap: rubywrap
>> - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
>> - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
>> + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
>> $(DESTDIR)$(RUBYINSTALL)
>> + install -m 755 $(SWIGRUBYSO)
>> $(DESTDIR)$(RUBYINSTALL)/selinux.so
>>
>> relabel:
>> - /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
>> + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
>>
>> clean-pywrap:
>> -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
>> diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
>> index 843b0e7c..882a6787 100644
>> --- a/libselinux/utils/Makefile
>> +++ b/libselinux/utils/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>> SBINDIR ?= $(PREFIX)/sbin
>> INCLUDEDIR ?= $(PREFIX)/include
>> @@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o
>> ../src/regex.o
>> all: $(TARGETS)
>>
>> install: all
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 $(TARGETS) $(SBINDIR)
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
>>
>> clean:
>> rm -f $(TARGETS) *.o *~
>> diff --git a/libsemanage/include/Makefile
>> b/libsemanage/include/Makefile
>> index b660660e..6e44a28a 100644
>> --- a/libsemanage/include/Makefile
>> +++ b/libsemanage/include/Makefile
>> @@ -1,12 +1,12 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCDIR ?= $(PREFIX)/include/semanage
>>
>> all:
>>
>> install: all
>> - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>> - install -m 644 $(wildcard semanage/*.h) $(INCDIR)
>> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
>> $(DESTDIR)$(INCDIR)
>> + install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR)
>>
>> indent:
>> ../../scripts/Lindent $(wildcard semanage/*.h)
>> diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
>> index f01385c5..8c0b4557 100644
>> --- a/libsemanage/src/Makefile
>> +++ b/libsemanage/src/Makefile
>> @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
>> PKG_CONFIG ?= pkg-config
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>> -SHLIBDIR ?= $(DESTDIR)/lib
>> +SHLIBDIR ?= /lib
>> INCLUDEDIR ?= $(PREFIX)/include
>> PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
>> PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
>> -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
>> print(site.getsitepackages()[0])')
>> +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
>> print(site.getsitepackages()[0])')
>> PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
>> imp.get_suffixes() if t == imp.C_EXTENSION][0])')
>> RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
>> RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
>> RbConfig::CONFIG["rubyhdrdir"]')
>> RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
>> RbConfig::CONFIG["libdir"] + " -lruby"')
>> -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
>> RbConfig::CONFIG["vendorarchdir"]')
>> +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
>> RbConfig::CONFIG["vendorarchdir"]')
>>
>> LIBBASE=$(shell basename $(LIBDIR))
>>
>> @@ -136,26 +136,26 @@ swigify: $(SWIGIF)
>> $(SWIG) $<
>>
>> install: all
>> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
>> - install -m 644 $(LIBA) $(LIBDIR)
>> - install -m 755 $(LIBSO) $(LIBDIR)
>> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
>> $(LIBDIR)/pkgconfig
>> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
>> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
>> $(DESTDIR)$(LIBDIR)
>> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
>> + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
>> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
>> $(DESTDIR)$(LIBDIR)/pkgconfig
>> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
>> test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644
>> -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
>> - cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
>> + cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
>>
>> install-pywrap: pywrap
>> - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
>> - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
>> - install -m 644 semanage.py $(PYSITEDIR)
>> + test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d
>> $(DESTDIR)$(PYSITEDIR)
>> + install -m 755 $(SWIGSO)
>> $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
>> + install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)
>>
>>
>> install-rubywrap: rubywrap
>> - test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
>> - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
>> + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
>> $(DESTDIR)$(RUBYINSTALL)
>> + install -m 755 $(SWIGRUBYSO)
>> $(DESTDIR)$(RUBYINSTALL)/semanage.so
>>
>> relabel:
>> - /sbin/restorecon $(LIBDIR)/$(LIBSO)
>> + /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
>>
>> clean:
>> -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
>> $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-
>> parse.h conf-scan.c *.o *.lo *~
>> diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
>> index 2ef8d30d..8103cf8f 100644
>> --- a/libsemanage/tests/Makefile
>> +++ b/libsemanage/tests/Makefile
>> @@ -1,4 +1,4 @@
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>>
>> # Add your test source files here:
>> diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile
>> index 725f0eec..5b8fbb6b 100644
>> --- a/libsemanage/utils/Makefile
>> +++ b/libsemanage/utils/Makefile
>> @@ -1,13 +1,13 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBEXECDIR ?= $(PREFIX)/libexec
>> SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
>>
>> all:
>>
>> install: all
>> - -mkdir -p $(SELINUXEXECDIR)
>> - install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
>> + -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
>> + install -m 755 semanage_migrate_store
>> $(DESTDIR)$(SELINUXEXECDIR)
>>
>> clean:
>>
>> diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
>> index 56b7a114..49f817ce 100644
>> --- a/libsepol/include/Makefile
>> +++ b/libsepol/include/Makefile
>> @@ -1,17 +1,17 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCDIR ?= $(PREFIX)/include/sepol
>> CILDIR ?= ../cil
>>
>> all:
>>
>> install: all
>> - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
>> - test -d $(INCDIR)/policydb || install -m 755 -d
>> $(INCDIR)/policydb
>> - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
>> - install -m 644 $(wildcard sepol/*.h) $(INCDIR)
>> - install -m 644 $(wildcard sepol/policydb/*.h)
>> $(INCDIR)/policydb
>> - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
>> $(INCDIR)/cil
>> + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
>> $(DESTDIR)$(INCDIR)
>> + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d
>> $(DESTDIR)$(INCDIR)/policydb
>> + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d
>> $(DESTDIR)$(INCDIR)/cil
>> + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
>> + install -m 644 $(wildcard sepol/policydb/*.h)
>> $(DESTDIR)$(INCDIR)/policydb
>> + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
>> $(DESTDIR)$(INCDIR)/cil
>>
>> indent:
>> ../../scripts/Lindent $(wildcard sepol/*.h)
>> diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
>> index 819d261b..4c7e23fa 100644
>> --- a/libsepol/src/Makefile
>> +++ b/libsepol/src/Makefile
>> @@ -1,8 +1,8 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> LIBDIR ?= $(PREFIX)/lib
>> -SHLIBDIR ?= $(DESTDIR)/lib
>> +SHLIBDIR ?= $(PREFIX)/lib
>
> This yields a change in the default install location for libsepol.so.1
> (/lib -> /usr/lib).
>
>> RANLIB ?= ranlib
>> LIBBASE ?= $(shell basename $(LIBDIR))
>> CILDIR ?= ../cil
>> @@ -80,16 +80,16 @@ endif
>> $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
>>
>> install: all
>> - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
>> - install -m 644 $(LIBA) $(LIBDIR)
>> - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
>> - install -m 755 $(LIBSO) $(SHLIBDIR)
>> - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
>> $(LIBDIR)/pkgconfig
>> - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
>> - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO)
>> $(LIBDIR)/$(TARGET)
>> + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
>> $(DESTDIR)$(LIBDIR)
>> + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
>> + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
>> $(DESTDIR)$(SHLIBDIR)
>> + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
>> + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
>> $(DESTDIR)$(LIBDIR)/pkgconfig
>> + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
>> + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
>> $(DESTDIR)$(LIBDIR)/$(TARGET)
>>
>> relabel:
>> - /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
>> + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
>>
>> clean:
>> -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
>> $(TARGET) $(CIL_GENERATED)
>> diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
>> index fba1d8a0..31932c11 100644
>> --- a/libsepol/utils/Makefile
>> +++ b/libsepol/utils/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> BINDIR ?= $(PREFIX)/bin
>>
>> CFLAGS ?= -Wall -Werror
>> @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
>> all: $(TARGETS)
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 $(TARGETS) $(BINDIR)
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
>>
>> clean:
>> -rm -f $(TARGETS) *.o
>> diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
>> index 8e971192..dbd87f49 100644
>> --- a/mcstrans/man/Makefile
>> +++ b/mcstrans/man/Makefile
>> @@ -1,11 +1,11 @@
>> # Installation directories.
>> -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
>> +MAN8DIR ?= /usr/share/man/man8
>>
>> all:
>>
>> install: all
>> - mkdir -p $(MAN8DIR)
>> - install -m 644 man8/*.8 $(MAN8DIR)
>> + mkdir -p $(DESTDIR)$(MAN8DIR)
>> + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
>>
>> clean:
>> -rm -f *~ \#*
>> diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
>> index 709e1e02..be54e349 100644
>> --- a/mcstrans/src/Makefile
>> +++ b/mcstrans/src/Makefile
>> @@ -1,9 +1,9 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>> -SBINDIR ?= $(DESTDIR)/sbin
>> -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
>> -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
>> +SBINDIR ?= /sbin
>> +INITDIR ?= /etc/rc.d/init.d
>> +SYSTEMDDIR ?= /usr/lib/systemd
>>
>> PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
>> PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
>> @@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE
>> -D_FILE_OFFSET_BITS=64
>> all: $(PROG)
>>
>> $(PROG): $(PROG_OBJS)
>> - $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre
>> $(LIBDIR)/libsepol.a
>> + $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre
>> $(DESTDIR)$(LIBDIR)/libsepol.a
>>
>> %.o: %.c
>> $(CC) $(CFLAGS) -fPIE -c -o $@ $<
>>
>> install: all
>> - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
>> - install -m 755 $(PROG) $(SBINDIR)
>> - test -d $(INITDIR) || install -m 755 -d $(INITDIR)
>> - install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
>> - test -d $(SYSTEMDDIR)/system || install -m 755 -d
>> $(SYSTEMDDIR)/system
>> - install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
>> + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
>> $(DESTDIR)$(SBINDIR)
>> + install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
>> + test -d $(DESTDIR)$(INITDIR) || install -m 755 -d
>> $(DESTDIR)$(INITDIR)
>> + install -m 755 $(INITSCRIPT).init
>> $(DESTDIR)$(INITDIR)/$(INITSCRIPT)
>> + test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d
>> $(DESTDIR)$(SYSTEMDDIR)/system
>> + install -m 644 mcstrans.service
>> $(DESTDIR)$(SYSTEMDDIR)/system/
>>
>> clean:
>> -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~
>> \#*
>> diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
>> index 4d3cbfcb..1364cece 100644
>> --- a/mcstrans/utils/Makefile
>> +++ b/mcstrans/utils/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>> SBINDIR ?= $(PREFIX)/sbin
>> LIBSEPOLA ?= $(LIBDIR)/libsepol.a
>> @@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
>>
>> all: $(TARGETS)
>>
>> -$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
>> +$(TARGETS): ../src/mcstrans.o ../src/mls_level.o
>> $(DESTDIR)$(LIBSEPOLA)
>>
>> install: all
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 $(TARGETS) $(SBINDIR)
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
>>
>> test:
>> ./mlstrans-test-runner.py ../test/*.test
>> diff --git a/policycoreutils/hll/pp/Makefile
>> b/policycoreutils/hll/pp/Makefile
>> index 3401dcc9..ed70c449 100644
>> --- a/policycoreutils/hll/pp/Makefile
>> +++ b/policycoreutils/hll/pp/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> MANDIR = $(PREFIX)/share/man
>> LIBDIR ?= $(PREFIX)/lib
>> @@ -21,8 +21,8 @@ pp: $(PP_OBJS)
>> $(CC) $(CFLAGS) -c -o $@ $^
>>
>> install: all
>> - -mkdir -p $(HLLDIR)
>> - install -m 755 pp $(HLLDIR)
>> + -mkdir -p $(DESTDIR)$(HLLDIR)
>> + install -m 755 pp $(DESTDIR)$(HLLDIR)
>>
>> relabel:
>>
>> diff --git a/policycoreutils/load_policy/Makefile
>> b/policycoreutils/load_policy/Makefile
>> index b85833c2..00f59aba 100644
>> --- a/policycoreutils/load_policy/Makefile
>> +++ b/policycoreutils/load_policy/Makefile
>> @@ -1,6 +1,6 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> -SBINDIR ?= $(DESTDIR)/sbin
>> +PREFIX ?= /usr
>> +SBINDIR ?= /sbin
>> MANDIR ?= $(PREFIX)/share/man
>> LOCALEDIR ?= /usr/share/locale
>>
>> @@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
>> all: $(TARGETS)
>>
>> install: all
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 $(TARGETS) $(SBINDIR)
>> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
>> - install -m 644 load_policy.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
>> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
>>
>> clean:
>> -rm -f $(TARGETS) *.o
>> @@ -25,4 +25,4 @@ indent:
>> ../../scripts/Lindent $(wildcard *.[ch])
>>
>> relabel:
>> - /sbin/restorecon $(SBINDIR)/load_policy
>> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
>> diff --git a/policycoreutils/man/Makefile
>> b/policycoreutils/man/Makefile
>> index 0d91cd46..ae3d27b6 100644
>> --- a/policycoreutils/man/Makefile
>> +++ b/policycoreutils/man/Makefile
>> @@ -1,12 +1,12 @@
>> # Installation directories.
>> -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
>> +MAN5DIR ?= /usr/share/man/man5
>>
>> all:
>>
>> clean:
>>
>> install: all
>> - mkdir -p $(MAN5DIR)
>> - install -m 644 man5/*.5 $(MAN5DIR)
>> + mkdir -p $(DESTDIR)$(MAN5DIR)
>> + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
>>
>> relabel:
>> diff --git a/policycoreutils/newrole/Makefile
>> b/policycoreutils/newrole/Makefile
>> index 196af926..e687b6ab 100644
>> --- a/policycoreutils/newrole/Makefile
>> +++ b/policycoreutils/newrole/Makefile
>> @@ -1,8 +1,8 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> BINDIR ?= $(PREFIX)/bin
>> MANDIR ?= $(PREFIX)/share/man
>> -ETCDIR ?= $(DESTDIR)/etc
>> +ETCDIR ?= /etc
>> LOCALEDIR = /usr/share/locale
>> PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
>> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
>> @@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
>> $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
>>
>> install: all
>> - test -d $(BINDIR) || install -m 755 -d $(BINDIR)
>> - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
>> - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
>> - install -m $(MODE) newrole $(BINDIR)
>> - install -m 644 newrole.1 $(MANDIR)/man1/
>> + test -d $(DESTDIR)$(BINDIR) || install -m 755 -d
>> $(DESTDIR)$(BINDIR)
>> + test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d
>> $(DESTDIR)$(ETCDIR)/pam.d
>> + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man1
>> + install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
>> + install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
>> ifeq ($(PAMH), y)
>> - test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
>> + test -d $(ETCDIR)/pam.d || install -m 755 -d
>> $(DESTDIR)$(ETCDIR)/pam.d
>
> Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too.
>
>> ifeq ($(LSPP_PRIV),y)
>> - install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
>> + install -m 644 newrole-lspp.pamd
>> $(DESTDIR)$(ETCDIR)/pam.d/newrole
>> else
>> - install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
>> + install -m 644 newrole.pamd
>> $(DESTDIR)$(ETCDIR)/pam.d/newrole
>> endif
>> endif
>>
>> @@ -82,4 +82,4 @@ indent:
>> ../../scripts/Lindent $(wildcard *.[ch])
>>
>> relabel: install
>> - /sbin/restorecon $(BINDIR)/newrole
>> + /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
>> diff --git a/policycoreutils/run_init/Makefile
>> b/policycoreutils/run_init/Makefile
>> index 921f0b07..8d8eb704 100644
>> --- a/policycoreutils/run_init/Makefile
>> +++ b/policycoreutils/run_init/Makefile
>> @@ -1,9 +1,9 @@
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> SBINDIR ?= $(PREFIX)/sbin
>> MANDIR ?= $(PREFIX)/share/man
>> -ETCDIR ?= $(DESTDIR)/etc
>> +ETCDIR ?= /etc
>> LOCALEDIR ?= /usr/share/locale
>> PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
>> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
>> @@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
>>
>>
>> install: all
>> - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
>> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
>> - install -m 755 run_init $(SBINDIR)
>> - install -m 755 open_init_pty $(SBINDIR)
>> - install -m 644 run_init.8 $(MANDIR)/man8/
>> - install -m 644 open_init_pty.8 $(MANDIR)/man8/
>> + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
>> $(DESTDIR)$(SBINDIR)
>> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man8
>> + install -m 755 run_init $(DESTDIR)$(SBINDIR)
>> + install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
>> + install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
>> + install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
>> ifeq ($(PAMH), y)
>> - install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
>> + install -m 644 run_init.pamd
>> $(DESTDIR)$(ETCDIR)/pam.d/run_init
>> endif
>>
>> clean:
>> @@ -49,4 +49,4 @@ indent:
>> ../../scripts/Lindent $(wildcard *.[ch])
>>
>> relabel: install
>> - /sbin/restorecon $(SBINDIR)/run_init
>> $(SBINDIR)/open_init_pty
>> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init
>> $(DESTDIR)$(SBINDIR)/open_init_pty
>> diff --git a/policycoreutils/scripts/Makefile
>> b/policycoreutils/scripts/Makefile
>> index d9e86ffe..a988144b 100644
>> --- a/policycoreutils/scripts/Makefile
>> +++ b/policycoreutils/scripts/Makefile
>> @@ -1,6 +1,6 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> -SBINDIR ?= $(DESTDIR)/sbin
>> +PREFIX ?= /usr
>> +SBINDIR ?= /sbin
>> MANDIR ?= $(PREFIX)/share/man
>> LOCALEDIR ?= $(PREFIX)/share/locale
>>
>> @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
>> all: fixfiles
>>
>> install: all
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 fixfiles $(SBINDIR)
>> - -mkdir -p $(MANDIR)/man8
>> - install -m 644 fixfiles.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
>>
>> clean:
>>
>> diff --git a/policycoreutils/secon/Makefile
>> b/policycoreutils/secon/Makefile
>> index 8e491d74..c03f0d7d 100644
>> --- a/policycoreutils/secon/Makefile
>> +++ b/policycoreutils/secon/Makefile
>> @@ -1,5 +1,5 @@
>> # secon tool - command-line context
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> BINDIR ?= $(PREFIX)/bin
>> MANDIR ?= $(PREFIX)/share/man
>> @@ -18,13 +18,13 @@ secon: secon.o
>> install-nogui: install
>>
>> install: all
>> - install -m 755 secon $(BINDIR);
>> + install -m 755 secon $(DESTDIR)$(BINDIR);
>>
>> - test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
>> - install -m 644 secon.1 $(MANDIR)/man1
>> + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man1
>> + install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
>>
>> relabel:
>> - /sbin/restorecon $(BINDIR)/secon
>> + /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
>>
>> clean:
>> rm -f *.o core* secon *~ *.bak
>> diff --git a/policycoreutils/semodule/Makefile
>> b/policycoreutils/semodule/Makefile
>> index fffb43ac..7c257bf5 100644
>> --- a/policycoreutils/semodule/Makefile
>> +++ b/policycoreutils/semodule/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> SBINDIR ?= $(PREFIX)/sbin
>> MANDIR = $(PREFIX)/share/man
>> @@ -17,12 +17,12 @@ genhomedircon:
>> ln -sf semodule genhomedircon
>>
>> install: all
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 semodule $(SBINDIR)
>> - (cd $(SBINDIR); ln -sf semodule genhomedircon)
>> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
>> - install -m 644 semodule.8 $(MANDIR)/man8/
>> - install -m 644 genhomedircon.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 semodule $(DESTDIR)$(SBINDIR)
>> + (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
>> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
>> + install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
>>
>> relabel:
>>
>> diff --git a/policycoreutils/sestatus/Makefile
>> b/policycoreutils/sestatus/Makefile
>> index 41ca6832..130b764b 100644
>> --- a/policycoreutils/sestatus/Makefile
>> +++ b/policycoreutils/sestatus/Makefile
>> @@ -1,8 +1,8 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> SBINDIR ?= $(PREFIX)/sbin
>> MANDIR = $(PREFIX)/share/man
>> -ETCDIR ?= $(DESTDIR)/etc
>> +ETCDIR ?= /etc
>> LIBDIR ?= $(PREFIX)/lib
>>
>> CFLAGS ?= -Werror -Wall -W
>> @@ -14,14 +14,14 @@ all: sestatus
>> sestatus: sestatus.o
>>
>> install: all
>> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
>> - [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 sestatus $(SBINDIR)
>> - install -m 644 sestatus.8 $(MANDIR)/man8
>> - install -m 644 sestatus.conf.5 $(MANDIR)/man5
>> - -mkdir -p $(ETCDIR)
>> - install -m 644 sestatus.conf $(ETCDIR)
>> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
>> $(DESTDIR)$(MANDIR)/man8
>> + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p
>> $(DESTDIR)$(MANDIR)/man5
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 sestatus $(DESTDIR)$(SBINDIR)
>> + install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
>> + -mkdir -p $(DESTDIR)$(ETCDIR)
>> + install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
>>
>> clean:
>> rm -f sestatus *.o
>> diff --git a/policycoreutils/setfiles/Makefile
>> b/policycoreutils/setfiles/Makefile
>> index c08e2dd1..4e56698f 100644
>> --- a/policycoreutils/setfiles/Makefile
>> +++ b/policycoreutils/setfiles/Makefile
>> @@ -1,6 +1,6 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> -SBINDIR ?= $(DESTDIR)/sbin
>> +PREFIX ?= /usr
>> +SBINDIR ?= /sbin
>> MANDIR = $(PREFIX)/share/man
>> LIBDIR ?= $(PREFIX)/lib
>> AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
>> @@ -29,14 +29,14 @@ man:
>> @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g"
>> setfiles.8.man
>>
>> install: all
>> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 setfiles $(SBINDIR)
>> - (cd $(SBINDIR) && ln -sf setfiles restorecon)
>> - install -m 755 restorecon_xattr $(SBINDIR)
>> - install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
>> - install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
>> - install -m 644 restorecon_xattr.8
>> $(MANDIR)/man8/restorecon_xattr.8
>> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
>> $(DESTDIR)$(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 setfiles $(DESTDIR)$(SBINDIR)
>> + (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
>> + install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
>> + install -m 644 setfiles.8.man
>> $(DESTDIR)$(MANDIR)/man8/setfiles.8
>> + install -m 644 restorecon.8
>> $(DESTDIR)$(MANDIR)/man8/restorecon.8
>> + install -m 644 restorecon_xattr.8
>> $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
>>
>> clean:
>> rm -f setfiles restorecon restorecon_xattr *.o
>> setfiles.8.man
>> @@ -45,4 +45,4 @@ indent:
>> ../../scripts/Lindent $(wildcard *.[ch])
>>
>> relabel: install
>> - $(SBINDIR)/restorecon $(SBINDIR)/setfiles
>> $(SBINDIR)/restorecon_xattr
>> + $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles
>> $(DESTDIR)$(SBINDIR)/restorecon_xattr
>> diff --git a/policycoreutils/setsebool/Makefile
>> b/policycoreutils/setsebool/Makefile
>> index bc254dab..f3379be9 100644
>> --- a/policycoreutils/setsebool/Makefile
>> +++ b/policycoreutils/setsebool/Makefile
>> @@ -1,10 +1,10 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> SBINDIR ?= $(PREFIX)/sbin
>> MANDIR = $(PREFIX)/share/man
>> LIBDIR ?= $(PREFIX)/lib
>> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
>> completion/completions
>> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
>>
>> CFLAGS ?= -Werror -Wall -W
>> override LDLIBS += -lsepol -lselinux -lsemanage
>> @@ -17,12 +17,12 @@ all: setsebool
>> setsebool: $(SETSEBOOL_OBJS)
>>
>> install: all
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 setsebool $(SBINDIR)
>> - -mkdir -p $(MANDIR)/man8
>> - install -m 644 setsebool.8 $(MANDIR)/man8/
>> - -mkdir -p $(BASHCOMPLETIONDIR)
>> - install -m 644 $(BASHCOMPLETIONS)
>> $(BASHCOMPLETIONDIR)/setsebool
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 setsebool $(DESTDIR)$(SBINDIR)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
>> + install -m 644 $(BASHCOMPLETIONS)
>> $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
>>
>> relabel:
>>
>> diff --git a/python/audit2allow/Makefile
>> b/python/audit2allow/Makefile
>> index 8db8075f..02526fa7 100644
>> --- a/python/audit2allow/Makefile
>> +++ b/python/audit2allow/Makefile
>> @@ -1,7 +1,7 @@
>> PYTHON ?= python
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> BINDIR ?= $(PREFIX)/bin
>> LIBDIR ?= $(PREFIX)/lib
>> MANDIR ?= $(PREFIX)/share/man
>> @@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W
>>
>> all: audit2why sepolgen-ifgen-attr-helper
>>
>> -sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
>> $(LIBSEPOLA)
>> +sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
>> $(DESTDIR)$(LIBSEPOLA)
>>
>> audit2why:
>> ln -sf audit2allow audit2why
>> @@ -22,14 +22,14 @@ test: all
>> @$(PYTHON) test_audit2allow.py -v
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 audit2allow $(BINDIR)
>> - (cd $(BINDIR); ln -sf audit2allow audit2why)
>> - install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
>> - install -m 755 sepolgen-ifgen $(BINDIR)
>> - -mkdir -p $(MANDIR)/man1
>> - install -m 644 audit2allow.1 $(MANDIR)/man1/
>> - install -m 644 audit2why.1 $(MANDIR)/man1/
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 audit2allow $(DESTDIR)$(BINDIR)
>> + (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
>> + install -m 755 sepolgen-ifgen-attr-helper
>> $(DESTDIR)$(BINDIR)
>> + install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man1
>> + install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
>> + install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
>>
>> clean:
>> rm -f *~ *.o sepolgen-ifgen-attr-helper
>> diff --git a/python/chcat/Makefile b/python/chcat/Makefile
>> index 0fd12d6d..890033e2 100644
>> --- a/python/chcat/Makefile
>> +++ b/python/chcat/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> BINDIR ?= $(PREFIX)/bin
>> MANDIR ?= $(PREFIX)/share/man
>> LOCALEDIR ?= $(PREFIX)/share/locale
>> @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
>> all: chcat
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 chcat $(BINDIR)
>> - -mkdir -p $(MANDIR)/man8
>> - install -m 644 chcat.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 chcat $(DESTDIR)$(BINDIR)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
>>
>> clean:
>>
>> diff --git a/python/semanage/Makefile b/python/semanage/Makefile
>> index 60c36a3a..bd02e9e9 100644
>> --- a/python/semanage/Makefile
>> +++ b/python/semanage/Makefile
>> @@ -1,29 +1,29 @@
>> PYTHON ?= python
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>> SBINDIR ?= $(PREFIX)/sbin
>> MANDIR = $(PREFIX)/share/man
>> PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" %
>> sys.version_info[0:2])')
>> PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
>> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
>> completion/completions
>> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
>>
>> TARGETS=semanage
>>
>> -BASHCOMPLETIONS=semanage-bash-completion.sh
>> +BASHCOMPLETIONS=semanage-bash-completion.sh
>>
>> all: $(TARGETS)
>>
>> install: all
>> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 semanage $(SBINDIR)
>> - install -m 644 *.8 $(MANDIR)/man8
>> - test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d
>> $(PYTHONLIBDIR)/site-packages
>> - install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
>> - -mkdir -p $(BASHCOMPLETIONDIR)
>> - install -m 644 $(BASHCOMPLETIONS)
>> $(BASHCOMPLETIONDIR)/semanage
>> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
>> $(DESTDIR)$(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 semanage $(DESTDIR)$(SBINDIR)
>> + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
>> + test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install
>> -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
>> + install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site-
>> packages
>> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
>> + install -m 644 $(BASHCOMPLETIONS)
>> $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
>>
>> test:
>> @$(PYTHON) test-semanage.py -a
>> diff --git a/python/sepolgen/src/sepolgen/Makefile
>> b/python/sepolgen/src/sepolgen/Makefile
>> index d3aa7715..12ef0827 100644
>> --- a/python/sepolgen/src/sepolgen/Makefile
>> +++ b/python/sepolgen/src/sepolgen/Makefile
>> @@ -1,12 +1,12 @@
>> PYTHON ?= python
>> PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig
>> import *; print(get_python_lib(1))")
>> -PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
>> +PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen
>>
>> all:
>>
>> install: all
>> - -mkdir -p $(PACKAGEDIR)
>> - install -m 644 *.py $(PACKAGEDIR)
>> + -mkdir -p $(DESTDIR)$(PACKAGEDIR)
>> + install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
>>
>> clean:
>> rm -f parser.out parsetab.py
>> diff --git a/python/sepolgen/src/share/Makefile
>> b/python/sepolgen/src/share/Makefile
>> index abf5e451..1a7133cb 100644
>> --- a/python/sepolgen/src/share/Makefile
>> +++ b/python/sepolgen/src/share/Makefile
>> @@ -1,10 +1,10 @@
>> -SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
>> +SHAREDIR ?= /var/lib/sepolgen
>>
>> all:
>>
>> install: all
>> - -mkdir -p $(SHAREDIR)
>> - install -m 644 perm_map $(SHAREDIR)
>> + -mkdir -p $(DESTDIR)$(SHAREDIR)
>> + install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
>>
>> clean:
>> - rm -f *~
>> \ No newline at end of file
>> + rm -f *~
>> diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
>> index 5a56e6c8..c75dce73 100644
>> --- a/python/sepolicy/Makefile
>> +++ b/python/sepolicy/Makefile
>> @@ -1,13 +1,13 @@
>> PYTHON ?= python
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> LIBDIR ?= $(PREFIX)/lib
>> BINDIR ?= $(PREFIX)/bin
>> DATADIR ?= $(PREFIX)/share
>> MANDIR ?= $(PREFIX)/share/man
>> LOCALEDIR ?= /usr/share/locale
>> -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
>> completion/completions
>> +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
>> SHAREDIR ?= $(PREFIX)/share/sandbox
>> CFLAGS ?= -Wall -Werror -Wextra -W
>> override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
>> @@ -31,12 +31,12 @@ test:
>>
>> install:
>> $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --
>> root $(DESTDIR)`
>> - [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
>> - install -m 755 sepolicy.py $(BINDIR)/sepolicy
>> - (cd $(BINDIR); ln -sf sepolicy sepolgen)
>> - -mkdir -p $(MANDIR)/man8
>> - install -m 644 *.8 $(MANDIR)/man8
>> - -mkdir -p $(BASHCOMPLETIONDIR)
>> - install -m 644 $(BASHCOMPLETIONS)
>> $(BASHCOMPLETIONDIR)/sepolicy
>> + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
>> + (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
>> + install -m 644 $(BASHCOMPLETIONS)
>> $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
>>
>> relabel:
>> diff --git a/restorecond/Makefile b/restorecond/Makefile
>> index ada94aeb..a9a57b48 100644
>> --- a/restorecond/Makefile
>> +++ b/restorecond/Makefile
>> @@ -1,17 +1,17 @@
>> PKG_CONFIG ?= pkg-config
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> SBINDIR ?= $(PREFIX)/sbin
>> LIBDIR ?= $(PREFIX)/lib
>> MANDIR = $(PREFIX)/share/man
>> -AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
>> -DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
>> -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
>> +AUTOSTARTDIR = /etc/xdg/autostart
>> +DBUSSERVICEDIR = /usr/share/dbus-1/services
>> +SYSTEMDDIR ?= /usr/lib/systemd
>>
>> autostart_DATA = sealertauto.desktop
>> -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
>> -SELINUXDIR = $(DESTDIR)/etc/selinux
>> +INITDIR ?= /etc/rc.d/init.d
>> +SELINUXDIR = /etc/selinux
>>
>> DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1)
>> DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
>> @@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o
>> utmpwatcher.o stringslist.o user.o watch.o
>> $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
>>
>> install: all
>> - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
>> - -mkdir -p $(SBINDIR)
>> - install -m 755 restorecond $(SBINDIR)
>> - install -m 644 restorecond.8 $(MANDIR)/man8
>> - -mkdir -p $(INITDIR)
>> - install -m 755 restorecond.init $(INITDIR)/restorecond
>> - -mkdir -p $(SELINUXDIR)
>> - install -m 644 restorecond.conf
>> $(SELINUXDIR)/restorecond.conf
>> - install -m 644 restorecond_user.conf
>> $(SELINUXDIR)/restorecond_user.conf
>> - -mkdir -p $(AUTOSTARTDIR)
>> - install -m 644 restorecond.desktop
>> $(AUTOSTARTDIR)/restorecond.desktop
>> - -mkdir -p $(DBUSSERVICEDIR)
>> - install -m 600
>> org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restor
>> econd.service
>> - -mkdir -p $(SYSTEMDDIR)/system
>> - install -m 644 restorecond.service $(SYSTEMDDIR)/system/
>> + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
>> $(DESTDIR)$(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 755 restorecond $(DESTDIR)$(SBINDIR)
>> + install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(INITDIR)
>> + install -m 755 restorecond.init
>> $(DESTDIR)$(INITDIR)/restorecond
>> + -mkdir -p $(DESTDIR)$(SELINUXDIR)
>> + install -m 644 restorecond.conf
>> $(DESTDIR)$(SELINUXDIR)/restorecond.conf
>> + install -m 644 restorecond_user.conf
>> $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
>> + -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
>> + install -m 644 restorecond.desktop
>> $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
>> + -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
>> + install -m 600
>> org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.seli
>> nux.Restorecond.service
>> + -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
>> + install -m 644 restorecond.service
>> $(DESTDIR)$(SYSTEMDDIR)/system/
>> relabel: install
>> - /sbin/restorecon $(SBINDIR)/restorecond
>> + /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
>>
>> clean:
>> -rm -f restorecond *.o *~
>> diff --git a/sandbox/Makefile b/sandbox/Makefile
>> index 05c3d658..9c78041c 100644
>> --- a/sandbox/Makefile
>> +++ b/sandbox/Makefile
>> @@ -1,8 +1,8 @@
>> PYTHON ?= python
>>
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> -SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
>> +PREFIX ?= /usr
>> +SYSCONFDIR ?= /etc/sysconfig
>> LIBDIR ?= $(PREFIX)/lib
>> BINDIR ?= $(PREFIX)/bin
>> SBINDIR ?= $(PREFIX)/sbin
>> @@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
>> seunshare: $(SEUNSHARE_OBJS)
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 sandbox $(BINDIR)
>> - -mkdir -p $(MANDIR)/man8
>> - install -m 644 sandbox.8 $(MANDIR)/man8/
>> - install -m 644 seunshare.8 $(MANDIR)/man8/
>> - -mkdir -p $(MANDIR)/man5
>> - install -m 644 sandbox.5 $(MANDIR)/man5/
>> - -mkdir -p $(SBINDIR)
>> - install -m 4755 seunshare $(SBINDIR)/
>> - -mkdir -p $(SHAREDIR)
>> - install -m 755 sandboxX.sh $(SHAREDIR)
>> - install -m 755 start $(SHAREDIR)
>> - -mkdir -p $(SYSCONFDIR)
>> - install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 sandbox $(DESTDIR)$(BINDIR)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
>> + install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man5
>> + install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
>> + -mkdir -p $(DESTDIR)$(SBINDIR)
>> + install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
>> + -mkdir -p $(DESTDIR)$(SHAREDIR)
>> + install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
>> + install -m 755 start $(DESTDIR)$(SHAREDIR)
>> + -mkdir -p $(DESTDIR)$(SYSCONFDIR)
>> + install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
>>
>> test:
>> @$(PYTHON) test_sandbox.py -v
>> diff --git a/secilc/Makefile b/secilc/Makefile
>> index 1cac53e4..597b4a27 100644
>> --- a/secilc/Makefile
>> +++ b/secilc/Makefile
>> @@ -1,4 +1,4 @@
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> BINDIR ?= $(PREFIX)/bin
>> MANDIR ?= $(PREFIX)/share/man
>> LIBDIR ?= $(PREFIX)/lib
>> @@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
>> $(XMLTO) man $(SECIL2CONF_MANPAGE).xml
>>
>> install: all man
>> - -mkdir -p $(BINDIR)
>> - -mkdir -p $(MANDIR)/man8
>> - install -m 755 $(SECILC) $(BINDIR)
>> - install -m 755 $(SECIL2CONF) $(BINDIR)
>> - install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
>> - install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + -mkdir -p $(DESTDIR)$(MANDIR)/man8
>> + install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
>> + install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
>> + install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 $(SECIL2CONF_MANPAGE)
>> $(DESTDIR)$(MANDIR)/man8
>>
>> doc:
>> $(MAKE) -C docs
>> diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-
>> utils/semodule_deps/Makefile
>> index 328a5030..7b106781 100644
>> --- a/semodule-utils/semodule_deps/Makefile
>> +++ b/semodule-utils/semodule_deps/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> BINDIR ?= $(PREFIX)/bin
>> LIBDIR ?= $(PREFIX)/lib
>> @@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W
>>
>> all: semodule_deps
>>
>> -semodule_deps: semodule_deps.o $(LIBSEPOLA)
>> +semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA)
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 semodule_deps $(BINDIR)
>> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
>> - install -m 644 semodule_deps.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
>> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/
>>
>> relabel:
>>
>> diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-
>> utils/semodule_expand/Makefile
>> index 072f2137..58d2d3cb 100644
>> --- a/semodule-utils/semodule_expand/Makefile
>> +++ b/semodule-utils/semodule_expand/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> BINDIR ?= $(PREFIX)/bin
>> LIBDIR ?= $(PREFIX)/lib
>> @@ -13,10 +13,10 @@ all: semodule_expand
>> semodule_expand: semodule_expand.o
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 semodule_expand $(BINDIR)
>> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
>> - install -m 644 semodule_expand.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
>> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/
>>
>> relabel:
>>
>> diff --git a/semodule-utils/semodule_link/Makefile b/semodule-
>> utils/semodule_link/Makefile
>> index cc4687bd..178bea30 100644
>> --- a/semodule-utils/semodule_link/Makefile
>> +++ b/semodule-utils/semodule_link/Makefile
>> @@ -1,6 +1,6 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> -INCLUDEDIR ?= $(PREFIX)/include
>> +PREFIX ?= /usr
>> +INCLUDEDIR ?= /include
>> BINDIR ?= $(PREFIX)/bin
>> MANDIR ?= $(PREFIX)/share/man
>> LIBDIR ?= $(PREFIX)/lib
>> @@ -13,10 +13,10 @@ all: semodule_link
>> semodule_link: semodule_link.o
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 semodule_link $(BINDIR)
>> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
>> - install -m 644 semodule_link.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 semodule_link $(DESTDIR)$(BINDIR)
>> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
>> $(PREFIX)$(MANDIR)/man8
>
> Missing $(DESTDIR) in the final install location above.
>
>> + install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
>>
>> relabel:
>>
>> diff --git a/semodule-utils/semodule_package/Makefile b/semodule-
>> utils/semodule_package/Makefile
>> index 96dd7c4f..37bd0d4b 100644
>> --- a/semodule-utils/semodule_package/Makefile
>> +++ b/semodule-utils/semodule_package/Makefile
>> @@ -1,5 +1,5 @@
>> # Installation directories.
>> -PREFIX ?= $(DESTDIR)/usr
>> +PREFIX ?= /usr
>> INCLUDEDIR ?= $(PREFIX)/include
>> BINDIR ?= $(PREFIX)/bin
>> LIBDIR ?= $(PREFIX)/lib
>> @@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
>> semodule_package: semodule_package.o
>>
>> install: all
>> - -mkdir -p $(BINDIR)
>> - install -m 755 semodule_package $(BINDIR)
>> - install -m 755 semodule_unpackage $(BINDIR)
>> - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
>> - install -m 644 semodule_package.8 $(MANDIR)/man8/
>> - install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
>> + -mkdir -p $(DESTDIR)$(BINDIR)
>> + install -m 755 semodule_package $(DESTDIR)$(BINDIR)
>> + install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
>> + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
>> $(DESTDIR)$(MANDIR)/man8
>> + install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
>> + install -m 644 semodule_unpackage.8
>> $(DESTDIR)$(MANDIR)/man8/
>>
>> relabel:
>>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [PATCH] Use DESTDIR only in install targets
2017-06-22 16:25 ` Petr Lautrbach
@ 2017-06-22 16:45 ` Stephen Smalley
0 siblings, 0 replies; 24+ messages in thread
From: Stephen Smalley @ 2017-06-22 16:45 UTC (permalink / raw)
To: Petr Lautrbach, selinux
On Thu, 2017-06-22 at 18:25 +0200, Petr Lautrbach wrote:
> On 06/21/2017 09:51 PM, Stephen Smalley wrote:
> > Hmm...seems like we're still using DESTDIR for more than just
> > install.
> > So either the patch or the patch description isn't quite right.
> > The original usage of make DESTDIR in selinux was to support
> > building
> > and installing to a private directory, so we wanted it to affect
> > more
> > than just install. If we truly make this transition to conform to
> > the
> > GNU standards, then we still need a clean way of building and
> > installing to a private directory for local testing. The top-level
> > Makefile has a workaround currently of automatically defining
> > CFLAGS
> > and LDFLAGS when DESTDIR is defined, but that has a side effect: it
> > suppresses any non-override CFLAGS and LDFLAGS definitions in the
> > Makefiles, so then we no longer get all of the warning options
> > enabled
> > in such local builds like we used to do. All of this leaves me
> > wondering about whether we ought to just revert the earlier changes
> > and
> > preserve our usage of DESTDIR, even if it doesn't correspond to
> > GNU.
>
> PREFIX could be used for the case you described and DESTDIR would be
> used just for installing to a different root directory.
Doesn't help with the CFLAGS/LDFLAGS issue; prior to fcb5d5cc7211, the
Makefiles would automatically add -I$(INCLUDEDIR)and -L(LIBDIR) and
therefore build with the private copies of the headers and libraries
rather than the system ones. Since that commit, we have to separately
specify CFLAGS/LDFLAGS, which in turn suppresses any non-override
CFLAGS/LDFLAGS definitions (which suppresses many warnings on such
builds).
Also, I could be wrong but I thought prefix meant something else in the
GNU standards too, e.g. the prefix for files used by the program at
runtime, not necessarily the compilation. So I think we are out of
spec on both DESTDIR and PREFIX. Whether or not that matters I'm not
sure. What exactly is the problem with keeping -I$(INCLUDEDIR) and
-L(LIBDIR) in the Makefiles? I saw the gentoo issue but I'm not clear
on exactly what breaks and why.
>
>
> The difference could be seen in .pc files:
>
> $ make DESTDIR=/selinux-DESTDIR
> LIBSEPOLA=/selinux-DESTDIR/usr/lib/libsepol.a install install-pywrap
> install-rubywrap
>
> $ head -n 2 /selinux-DESTDIR/usr/lib/pkgconfig/libsepol.pc
> prefix=//usr
> exec_prefix=${prefix}
>
> vs
>
> $ make PREFIX=/selinux-PREFIX install install-pywrap install-
> rubywrap
>
> $ head -n 2 /selinux-PREFIX/usr/lib/pkgconfig/libsepol.pc
> prefix=/selinux-PREFIX/usr
> exec_prefix=${prefix}
>
> I've got two work-in-progress patches for that:
>
> https://github.com/bachradsusi/SELinuxProject-selinux/commit/03d7e6a3
> 802aa5376fe6162f6e7f9a6314f2b028
> https://github.com/bachradsusi/SELinuxProject-selinux/commit/ddf070fa
> 82a4331b8fe2d82f61929c1120a12630
>
> They need more testing and some enhancements but for the first look
> they
> seem to work. At least structure of directories seem to be same.
>
>
>
> > >
> > > -checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
> > > +checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)
> > >
> > > %.o: %.c
> > > $(CC) $(CFLAGS) -o $@ -c $<
> > > @@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
> > > $(LEX) policy_scan.l
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - -mkdir -p $(MANDIR)/man8
> > > - install -m 755 $(TARGETS) $(BINDIR)
> > > - install -m 644 checkpolicy.8 $(MANDIR)/man8
> > > - install -m 644 checkmodule.8 $(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
> > > + install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
> > >
> > > relabel: install
> > > - /sbin/restorecon $(BINDIR)/checkpolicy
> > > - /sbin/restorecon $(BINDIR)/checkmodule
> > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
> > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
> > >
> > > clean:
> > > -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS)
> > > y.tab.c
> > > y.tab.h lex.yy.c
> > > diff --git a/checkpolicy/test/Makefile
> > > b/checkpolicy/test/Makefile
> > > index 59fa4460..c9a8d4c5 100644
> > > --- a/checkpolicy/test/Makefile
> > > +++ b/checkpolicy/test/Makefile
> > > @@ -1,7 +1,7 @@
> > > #
> > > # Makefile for building the dispol program
> > > #
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > BINDIR ?= $(PREFIX)/bin
> > > LIBDIR ?= $(PREFIX)/lib
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > @@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
> > >
> > > all: dispol dismod
> > >
> > > -dispol: dispol.o $(LIBSEPOLA)
> > > +dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)
> > >
> > > -dismod: dismod.o $(LIBSEPOLA)
> > > +dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)
> >
> > Ditto
> >
> > >
> > > clean:
> > > -rm -f dispol dismod *.o
> > > diff --git a/gui/Makefile b/gui/Makefile
> > > index 4fc2c1a1..52c3cab2 100644
> > > --- a/gui/Makefile
> > > +++ b/gui/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= ${DESTDIR}/usr
> > > +PREFIX ?= /usr
> > > BINDIR ?= $(PREFIX)/bin
> > > SHAREDIR ?= $(PREFIX)/share/system-config-selinux
> > > DATADIR ?= $(PREFIX)/share
> > > @@ -24,29 +24,29 @@ usersPage.py
> > > all: $(TARGETS) system-config-selinux.py polgengui.py
> > >
> > > install: all
> > > - -mkdir -p $(MANDIR)/man8
> > > - -mkdir -p $(SHAREDIR)
> > > - -mkdir -p $(BINDIR)
> > > - -mkdir -p $(DATADIR)/pixmaps
> > > - -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
> > > - -mkdir -p $(DATADIR)/polkit-1/actions/
> > > - install -m 755 system-config-selinux.py $(SHAREDIR)
> > > - install -m 755 system-config-selinux $(BINDIR)
> > > - install -m 755 polgengui.py $(SHAREDIR)
> > > - install -m 644 $(TARGETS) $(SHAREDIR)
> > > - install -m 644 system-config-selinux.8 $(MANDIR)/man8
> > > - install -m 644 selinux-polgengui.8 $(MANDIR)/man8
> > > - install -m 644 system-config-selinux.png
> > > $(DATADIR)/pixmaps
> > > - install -m 644 system-config-selinux.png
> > > $(DATADIR)/icons/hicolor/24x24/apps
> > > - install -m 644 system-config-selinux.png
> > > $(DATADIR)/system-
> > > config-selinux
> > > - install -m 644 *.desktop $(DATADIR)/system-config-
> > > selinux
> >
> > This one seems to have been dropped accidentally rather than
> > augmented
> > with $(DESTDIR).
> >
> > > - -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
> > > - install -m 644 sepolicy_256.png
> > > $(DATADIR)/pixmaps/sepolicy.png
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(SHAREDIR)
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
> > > + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
> > > + -mkdir -p $(DESTDIR)$(SYSCONFDIR)
> > > + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
> > > + install -m 755 system-config-selinux.py
> > > $(DESTDIR)$(SHAREDIR)
> > > + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
> > > + install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
> > > + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
> > > + install -m 644 system-config-selinux.8
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 selinux-polgengui.8
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 system-config-selinux.png
> > > $(DESTDIR)$(DATADIR)/pixmaps
> > > + install -m 644 system-config-selinux.png
> > > $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
> > > + install -m 644 system-config-selinux.png
> > > $(DESTDIR)$(DATADIR)/system-config-selinux
> > > + -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
> > > + install -m 644 sepolicy_256.png
> > > $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
> > > for i in 16 22 32 48 256; do \
> > > - mkdir -p $(DESTDIR)
> > > $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
> > > - install -m 644 sepolicy_$${i}.png
> > > $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
> > > + mkdir -p
> > > $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
> > > + install -m 644 sepolicy_$${i}.png
> > > $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png;
> > > \
> > > done
> > > - install -m 644 org.selinux.config.policy
> > > $(DATADIR)/polkit-
> > > 1/actions/
> > > + install -m 644 org.selinux.config.policy
> > > $(DESTDIR)$(DATADIR)/polkit-1/actions/
> > > clean:
> > >
> > > indent:
> > > diff --git a/libselinux/include/Makefile
> > > b/libselinux/include/Makefile
> > > index 757a6c9c..c1d3fa15 100644
> > > --- a/libselinux/include/Makefile
> > > +++ b/libselinux/include/Makefile
> > > @@ -1,12 +1,12 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCDIR ?= $(PREFIX)/include/selinux
> > >
> > > all:
> > >
> > > install: all
> > > - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
> > > - install -m 644 $(wildcard selinux/*.h) $(INCDIR)
> > > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
> > > $(DESTDIR)$(INCDIR)
> > > + install -m 644 $(wildcard selinux/*.h)
> > > $(DESTDIR)$(INCDIR)
> > >
> > > relabel:
> > >
> > > diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> > > index 4306dd0e..6d65b682 100644
> > > --- a/libselinux/src/Makefile
> > > +++ b/libselinux/src/Makefile
> > > @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
> > > PKG_CONFIG ?= pkg-config
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > > -SHLIBDIR ?= $(DESTDIR)/lib
> > > +SHLIBDIR ?= /lib
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
> > > PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
> > > -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
> > > print(site.getsitepackages()[0])')
> > > +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
> > > print(site.getsitepackages()[0])')
> > > PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t
> > > in
> > > imp.get_suffixes() if t == imp.C_EXTENSION][0])')
> > > RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
> > > RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
> > > RbConfig::CONFIG["rubyhdrdir"]')
> > > RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
> > > RbConfig::CONFIG["libdir"] + " -lruby"')
> > > -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
> > > RbConfig::CONFIG["vendorarchdir"]')
> > > +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
> > > RbConfig::CONFIG["vendorarchdir"]')
> > > LIBBASE ?= $(shell basename $(LIBDIR))
> > > LIBSEPOLA ?= $(LIBDIR)/libsepol.a
> > >
> > > @@ -156,7 +156,7 @@ selinuxswig_python_exception.i:
> > > ../include/selinux/selinux.h
> > > $(AUDIT2WHYLOBJ): audit2why.c
> > > $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC
> > > -DSHARED -c -o $@ $<
> > >
> > > -$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
> > > +$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
> > > $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^
> > > -lselinux
> > > $(PYLIBS)
> >
> > Here again with using DESTDIR outside of install.
> >
> > >
> > > %.o: %.c policy.h
> > > @@ -177,26 +177,26 @@ swigify: $(SWIGIF)
> > > $(SWIG) $<
> > >
> > > install: all
> > > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> > > - install -m 644 $(LIBA) $(LIBDIR)
> > > - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> > > - install -m 755 $(LIBSO) $(SHLIBDIR)
> > > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
> > > $(LIBDIR)/pkgconfig
> > > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> > > - ln -sf --relative $(SHLIBDIR)/$(LIBSO)
> > > $(LIBDIR)/$(TARGET)
> > > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
> > > $(DESTDIR)$(LIBDIR)
> > > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
> > > + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
> > > $(DESTDIR)$(SHLIBDIR)
> > > + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
> > > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755
> > > -d
> > > $(DESTDIR)$(LIBDIR)/pkgconfig
> > > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
> > > + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
> > > $(DESTDIR)$(LIBDIR)/$(TARGET)
> > >
> > > install-pywrap: pywrap
> > > - test -d $(PYSITEDIR)/selinux || install -m 755 -d
> > > $(PYSITEDIR)/selinux
> > > - install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
> > > - install -m 755 $(AUDIT2WHYSO)
> > > $(PYSITEDIR)/selinux/audit2why$(PYCEXT)
> > > - install -m 644 $(SWIGPYOUT)
> > > $(PYSITEDIR)/selinux/__init__.py
> > > + test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755
> > > -d
> > > $(DESTDIR)$(PYSITEDIR)/selinux
> > > + install -m 755 $(SWIGSO)
> > > $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
> > > + install -m 755 $(AUDIT2WHYSO)
> > > $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
> > > + install -m 644 $(SWIGPYOUT)
> > > $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py
> > >
> > > install-rubywrap: rubywrap
> > > - test -d $(RUBYINSTALL) || install -m 755 -d
> > > $(RUBYINSTALL)
> > > - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
> > > + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
> > > $(DESTDIR)$(RUBYINSTALL)
> > > + install -m 755 $(SWIGRUBYSO)
> > > $(DESTDIR)$(RUBYINSTALL)/selinux.so
> > >
> > > relabel:
> > > - /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> > > + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
> > >
> > > clean-pywrap:
> > > -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ)
> > > $(AUDIT2WHYSO)
> > > diff --git a/libselinux/utils/Makefile
> > > b/libselinux/utils/Makefile
> > > index 843b0e7c..882a6787 100644
> > > --- a/libselinux/utils/Makefile
> > > +++ b/libselinux/utils/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > > SBINDIR ?= $(PREFIX)/sbin
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > @@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o
> > > ../src/regex.o
> > > all: $(TARGETS)
> > >
> > > install: all
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 $(TARGETS) $(SBINDIR)
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
> > >
> > > clean:
> > > rm -f $(TARGETS) *.o *~
> > > diff --git a/libsemanage/include/Makefile
> > > b/libsemanage/include/Makefile
> > > index b660660e..6e44a28a 100644
> > > --- a/libsemanage/include/Makefile
> > > +++ b/libsemanage/include/Makefile
> > > @@ -1,12 +1,12 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCDIR ?= $(PREFIX)/include/semanage
> > >
> > > all:
> > >
> > > install: all
> > > - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
> > > - install -m 644 $(wildcard semanage/*.h) $(INCDIR)
> > > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
> > > $(DESTDIR)$(INCDIR)
> > > + install -m 644 $(wildcard semanage/*.h)
> > > $(DESTDIR)$(INCDIR)
> > >
> > > indent:
> > > ../../scripts/Lindent $(wildcard semanage/*.h)
> > > diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
> > > index f01385c5..8c0b4557 100644
> > > --- a/libsemanage/src/Makefile
> > > +++ b/libsemanage/src/Makefile
> > > @@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
> > > PKG_CONFIG ?= pkg-config
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > > -SHLIBDIR ?= $(DESTDIR)/lib
> > > +SHLIBDIR ?= /lib
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
> > > PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
> > > -PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
> > > print(site.getsitepackages()[0])')
> > > +PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
> > > print(site.getsitepackages()[0])')
> > > PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t
> > > in
> > > imp.get_suffixes() if t == imp.C_EXTENSION][0])')
> > > RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
> > > RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
> > > RbConfig::CONFIG["rubyhdrdir"]')
> > > RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
> > > RbConfig::CONFIG["libdir"] + " -lruby"')
> > > -RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
> > > RbConfig::CONFIG["vendorarchdir"]')
> > > +RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
> > > RbConfig::CONFIG["vendorarchdir"]')
> > >
> > > LIBBASE=$(shell basename $(LIBDIR))
> > >
> > > @@ -136,26 +136,26 @@ swigify: $(SWIGIF)
> > > $(SWIG) $<
> > >
> > > install: all
> > > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> > > - install -m 644 $(LIBA) $(LIBDIR)
> > > - install -m 755 $(LIBSO) $(LIBDIR)
> > > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
> > > $(LIBDIR)/pkgconfig
> > > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> > > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
> > > $(DESTDIR)$(LIBDIR)
> > > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
> > > + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
> > > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755
> > > -d
> > > $(DESTDIR)$(LIBDIR)/pkgconfig
> > > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
> > > test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m
> > > 644
> > > -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
> > > - cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
> > > + cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
> > >
> > > install-pywrap: pywrap
> > > - test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
> > > - install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
> > > - install -m 644 semanage.py $(PYSITEDIR)
> > > + test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d
> > > $(DESTDIR)$(PYSITEDIR)
> > > + install -m 755 $(SWIGSO)
> > > $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
> > > + install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)
> > >
> > >
> > > install-rubywrap: rubywrap
> > > - test -d $(RUBYINSTALL) || install -m 755 -d
> > > $(RUBYINSTALL)
> > > - install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
> > > + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
> > > $(DESTDIR)$(RUBYINSTALL)
> > > + install -m 755 $(SWIGRUBYSO)
> > > $(DESTDIR)$(RUBYINSTALL)/semanage.so
> > >
> > > relabel:
> > > - /sbin/restorecon $(LIBDIR)/$(LIBSO)
> > > + /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
> > >
> > > clean:
> > > -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
> > > $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-
> > > parse.h conf-scan.c *.o *.lo *~
> > > diff --git a/libsemanage/tests/Makefile
> > > b/libsemanage/tests/Makefile
> > > index 2ef8d30d..8103cf8f 100644
> > > --- a/libsemanage/tests/Makefile
> > > +++ b/libsemanage/tests/Makefile
> > > @@ -1,4 +1,4 @@
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > >
> > > # Add your test source files here:
> > > diff --git a/libsemanage/utils/Makefile
> > > b/libsemanage/utils/Makefile
> > > index 725f0eec..5b8fbb6b 100644
> > > --- a/libsemanage/utils/Makefile
> > > +++ b/libsemanage/utils/Makefile
> > > @@ -1,13 +1,13 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBEXECDIR ?= $(PREFIX)/libexec
> > > SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
> > >
> > > all:
> > >
> > > install: all
> > > - -mkdir -p $(SELINUXEXECDIR)
> > > - install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
> > > + -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
> > > + install -m 755 semanage_migrate_store
> > > $(DESTDIR)$(SELINUXEXECDIR)
> > >
> > > clean:
> > >
> > > diff --git a/libsepol/include/Makefile
> > > b/libsepol/include/Makefile
> > > index 56b7a114..49f817ce 100644
> > > --- a/libsepol/include/Makefile
> > > +++ b/libsepol/include/Makefile
> > > @@ -1,17 +1,17 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCDIR ?= $(PREFIX)/include/sepol
> > > CILDIR ?= ../cil
> > >
> > > all:
> > >
> > > install: all
> > > - test -d $(INCDIR) || install -m 755 -d $(INCDIR)
> > > - test -d $(INCDIR)/policydb || install -m 755 -d
> > > $(INCDIR)/policydb
> > > - test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
> > > - install -m 644 $(wildcard sepol/*.h) $(INCDIR)
> > > - install -m 644 $(wildcard sepol/policydb/*.h)
> > > $(INCDIR)/policydb
> > > - install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
> > > $(INCDIR)/cil
> > > + test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
> > > $(DESTDIR)$(INCDIR)
> > > + test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755
> > > -d
> > > $(DESTDIR)$(INCDIR)/policydb
> > > + test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d
> > > $(DESTDIR)$(INCDIR)/cil
> > > + install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
> > > + install -m 644 $(wildcard sepol/policydb/*.h)
> > > $(DESTDIR)$(INCDIR)/policydb
> > > + install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
> > > $(DESTDIR)$(INCDIR)/cil
> > >
> > > indent:
> > > ../../scripts/Lindent $(wildcard sepol/*.h)
> > > diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
> > > index 819d261b..4c7e23fa 100644
> > > --- a/libsepol/src/Makefile
> > > +++ b/libsepol/src/Makefile
> > > @@ -1,8 +1,8 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > LIBDIR ?= $(PREFIX)/lib
> > > -SHLIBDIR ?= $(DESTDIR)/lib
> > > +SHLIBDIR ?= $(PREFIX)/lib
> >
> > This yields a change in the default install location for
> > libsepol.so.1
> > (/lib -> /usr/lib).
> >
> > > RANLIB ?= ranlib
> > > LIBBASE ?= $(shell basename $(LIBDIR))
> > > CILDIR ?= ../cil
> > > @@ -80,16 +80,16 @@ endif
> > > $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
> > >
> > > install: all
> > > - test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> > > - install -m 644 $(LIBA) $(LIBDIR)
> > > - test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> > > - install -m 755 $(LIBSO) $(SHLIBDIR)
> > > - test -d $(LIBDIR)/pkgconfig || install -m 755 -d
> > > $(LIBDIR)/pkgconfig
> > > - install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
> > > - $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO)
> > > $(LIBDIR)/$(TARGET)
> > > + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
> > > $(DESTDIR)$(LIBDIR)
> > > + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
> > > + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
> > > $(DESTDIR)$(SHLIBDIR)
> > > + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
> > > + test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755
> > > -d
> > > $(DESTDIR)$(LIBDIR)/pkgconfig
> > > + install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
> > > + $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
> > > $(DESTDIR)$(LIBDIR)/$(TARGET)
> > >
> > > relabel:
> > > - /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> > > + /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
> > >
> > > clean:
> > > -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA)
> > > $(LIBSO)
> > > $(TARGET) $(CIL_GENERATED)
> > > diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
> > > index fba1d8a0..31932c11 100644
> > > --- a/libsepol/utils/Makefile
> > > +++ b/libsepol/utils/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > BINDIR ?= $(PREFIX)/bin
> > >
> > > CFLAGS ?= -Wall -Werror
> > > @@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard
> > > *.c)))
> > > all: $(TARGETS)
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 $(TARGETS) $(BINDIR)
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
> > >
> > > clean:
> > > -rm -f $(TARGETS) *.o
> > > diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
> > > index 8e971192..dbd87f49 100644
> > > --- a/mcstrans/man/Makefile
> > > +++ b/mcstrans/man/Makefile
> > > @@ -1,11 +1,11 @@
> > > # Installation directories.
> > > -MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
> > > +MAN8DIR ?= /usr/share/man/man8
> > >
> > > all:
> > >
> > > install: all
> > > - mkdir -p $(MAN8DIR)
> > > - install -m 644 man8/*.8 $(MAN8DIR)
> > > + mkdir -p $(DESTDIR)$(MAN8DIR)
> > > + install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
> > >
> > > clean:
> > > -rm -f *~ \#*
> > > diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
> > > index 709e1e02..be54e349 100644
> > > --- a/mcstrans/src/Makefile
> > > +++ b/mcstrans/src/Makefile
> > > @@ -1,9 +1,9 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > > -SBINDIR ?= $(DESTDIR)/sbin
> > > -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
> > > -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
> > > +SBINDIR ?= /sbin
> > > +INITDIR ?= /etc/rc.d/init.d
> > > +SYSTEMDDIR ?= /usr/lib/systemd
> > >
> > > PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
> > > PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
> > > @@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE
> > > -D_FILE_OFFSET_BITS=64
> > > all: $(PROG)
> > >
> > > $(PROG): $(PROG_OBJS)
> > > - $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre
> > > $(LIBDIR)/libsepol.a
> > > + $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre
> > > $(DESTDIR)$(LIBDIR)/libsepol.a
> > >
> > > %.o: %.c
> > > $(CC) $(CFLAGS) -fPIE -c -o $@ $<
> > >
> > > install: all
> > > - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
> > > - install -m 755 $(PROG) $(SBINDIR)
> > > - test -d $(INITDIR) || install -m 755 -d $(INITDIR)
> > > - install -m 755 $(INITSCRIPT).init
> > > $(INITDIR)/$(INITSCRIPT)
> > > - test -d $(SYSTEMDDIR)/system || install -m 755 -d
> > > $(SYSTEMDDIR)/system
> > > - install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
> > > + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
> > > $(DESTDIR)$(SBINDIR)
> > > + install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
> > > + test -d $(DESTDIR)$(INITDIR) || install -m 755 -d
> > > $(DESTDIR)$(INITDIR)
> > > + install -m 755 $(INITSCRIPT).init
> > > $(DESTDIR)$(INITDIR)/$(INITSCRIPT)
> > > + test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755
> > > -d
> > > $(DESTDIR)$(SYSTEMDDIR)/system
> > > + install -m 644 mcstrans.service
> > > $(DESTDIR)$(SYSTEMDDIR)/system/
> > >
> > > clean:
> > > -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS)
> > > *~
> > > \#*
> > > diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
> > > index 4d3cbfcb..1364cece 100644
> > > --- a/mcstrans/utils/Makefile
> > > +++ b/mcstrans/utils/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > > SBINDIR ?= $(PREFIX)/sbin
> > > LIBSEPOLA ?= $(LIBDIR)/libsepol.a
> > > @@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard
> > > *.c)))
> > >
> > > all: $(TARGETS)
> > >
> > > -$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
> > > +$(TARGETS): ../src/mcstrans.o ../src/mls_level.o
> > > $(DESTDIR)$(LIBSEPOLA)
> > >
> > > install: all
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 $(TARGETS) $(SBINDIR)
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
> > >
> > > test:
> > > ./mlstrans-test-runner.py ../test/*.test
> > > diff --git a/policycoreutils/hll/pp/Makefile
> > > b/policycoreutils/hll/pp/Makefile
> > > index 3401dcc9..ed70c449 100644
> > > --- a/policycoreutils/hll/pp/Makefile
> > > +++ b/policycoreutils/hll/pp/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > MANDIR = $(PREFIX)/share/man
> > > LIBDIR ?= $(PREFIX)/lib
> > > @@ -21,8 +21,8 @@ pp: $(PP_OBJS)
> > > $(CC) $(CFLAGS) -c -o $@ $^
> > >
> > > install: all
> > > - -mkdir -p $(HLLDIR)
> > > - install -m 755 pp $(HLLDIR)
> > > + -mkdir -p $(DESTDIR)$(HLLDIR)
> > > + install -m 755 pp $(DESTDIR)$(HLLDIR)
> > >
> > > relabel:
> > >
> > > diff --git a/policycoreutils/load_policy/Makefile
> > > b/policycoreutils/load_policy/Makefile
> > > index b85833c2..00f59aba 100644
> > > --- a/policycoreutils/load_policy/Makefile
> > > +++ b/policycoreutils/load_policy/Makefile
> > > @@ -1,6 +1,6 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > -SBINDIR ?= $(DESTDIR)/sbin
> > > +PREFIX ?= /usr
> > > +SBINDIR ?= /sbin
> > > MANDIR ?= $(PREFIX)/share/man
> > > LOCALEDIR ?= /usr/share/locale
> > >
> > > @@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard
> > > *.c)))
> > > all: $(TARGETS)
> > >
> > > install: all
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 $(TARGETS) $(SBINDIR)
> > > - test -d $(MANDIR)/man8 || install -m 755 -d
> > > $(MANDIR)/man8
> > > - install -m 644 load_policy.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
> > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
> > >
> > > clean:
> > > -rm -f $(TARGETS) *.o
> > > @@ -25,4 +25,4 @@ indent:
> > > ../../scripts/Lindent $(wildcard *.[ch])
> > >
> > > relabel:
> > > - /sbin/restorecon $(SBINDIR)/load_policy
> > > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
> > > diff --git a/policycoreutils/man/Makefile
> > > b/policycoreutils/man/Makefile
> > > index 0d91cd46..ae3d27b6 100644
> > > --- a/policycoreutils/man/Makefile
> > > +++ b/policycoreutils/man/Makefile
> > > @@ -1,12 +1,12 @@
> > > # Installation directories.
> > > -MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
> > > +MAN5DIR ?= /usr/share/man/man5
> > >
> > > all:
> > >
> > > clean:
> > >
> > > install: all
> > > - mkdir -p $(MAN5DIR)
> > > - install -m 644 man5/*.5 $(MAN5DIR)
> > > + mkdir -p $(DESTDIR)$(MAN5DIR)
> > > + install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
> > >
> > > relabel:
> > > diff --git a/policycoreutils/newrole/Makefile
> > > b/policycoreutils/newrole/Makefile
> > > index 196af926..e687b6ab 100644
> > > --- a/policycoreutils/newrole/Makefile
> > > +++ b/policycoreutils/newrole/Makefile
> > > @@ -1,8 +1,8 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > BINDIR ?= $(PREFIX)/bin
> > > MANDIR ?= $(PREFIX)/share/man
> > > -ETCDIR ?= $(DESTDIR)/etc
> > > +ETCDIR ?= /etc
> > > LOCALEDIR = /usr/share/locale
> > > PAMH ?= $(shell test -f /usr/include/security/pam_appl.h &&
> > > echo y)
> > > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
> > > @@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
> > > $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
> > >
> > > install: all
> > > - test -d $(BINDIR) || install -m 755 -d $(BINDIR)
> > > - test -d $(ETCDIR)/pam.d || install -m 755 -d
> > > $(ETCDIR)/pam.d
> > > - test -d $(MANDIR)/man1 || install -m 755 -d
> > > $(MANDIR)/man1
> > > - install -m $(MODE) newrole $(BINDIR)
> > > - install -m 644 newrole.1 $(MANDIR)/man1/
> > > + test -d $(DESTDIR)$(BINDIR) || install -m 755 -d
> > > $(DESTDIR)$(BINDIR)
> > > + test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d
> > > $(DESTDIR)$(ETCDIR)/pam.d
> > > + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man1
> > > + install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
> > > + install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
> > > ifeq ($(PAMH), y)
> > > - test -d $(ETCDIR)/pam.d || install -m 755 -d
> > > $(ETCDIR)/pam.d
> > > + test -d $(ETCDIR)/pam.d || install -m 755 -d
> > > $(DESTDIR)$(ETCDIR)/pam.d
> >
> > Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too.
> >
> > > ifeq ($(LSPP_PRIV),y)
> > > - install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
> > > + install -m 644 newrole-lspp.pamd
> > > $(DESTDIR)$(ETCDIR)/pam.d/newrole
> > > else
> > > - install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
> > > + install -m 644 newrole.pamd
> > > $(DESTDIR)$(ETCDIR)/pam.d/newrole
> > > endif
> > > endif
> > >
> > > @@ -82,4 +82,4 @@ indent:
> > > ../../scripts/Lindent $(wildcard *.[ch])
> > >
> > > relabel: install
> > > - /sbin/restorecon $(BINDIR)/newrole
> > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
> > > diff --git a/policycoreutils/run_init/Makefile
> > > b/policycoreutils/run_init/Makefile
> > > index 921f0b07..8d8eb704 100644
> > > --- a/policycoreutils/run_init/Makefile
> > > +++ b/policycoreutils/run_init/Makefile
> > > @@ -1,9 +1,9 @@
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > SBINDIR ?= $(PREFIX)/sbin
> > > MANDIR ?= $(PREFIX)/share/man
> > > -ETCDIR ?= $(DESTDIR)/etc
> > > +ETCDIR ?= /etc
> > > LOCALEDIR ?= /usr/share/locale
> > > PAMH ?= $(shell test -f /usr/include/security/pam_appl.h &&
> > > echo y)
> > > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
> > > @@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
> > >
> > >
> > > install: all
> > > - test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
> > > - test -d $(MANDIR)/man8 || install -m 755 -d
> > > $(MANDIR)/man8
> > > - install -m 755 run_init $(SBINDIR)
> > > - install -m 755 open_init_pty $(SBINDIR)
> > > - install -m 644 run_init.8 $(MANDIR)/man8/
> > > - install -m 644 open_init_pty.8 $(MANDIR)/man8/
> > > + test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
> > > $(DESTDIR)$(SBINDIR)
> > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 755 run_init $(DESTDIR)$(SBINDIR)
> > > + install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
> > > + install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
> > > + install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
> > > ifeq ($(PAMH), y)
> > > - install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
> > > + install -m 644 run_init.pamd
> > > $(DESTDIR)$(ETCDIR)/pam.d/run_init
> > > endif
> > >
> > > clean:
> > > @@ -49,4 +49,4 @@ indent:
> > > ../../scripts/Lindent $(wildcard *.[ch])
> > >
> > > relabel: install
> > > - /sbin/restorecon $(SBINDIR)/run_init
> > > $(SBINDIR)/open_init_pty
> > > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init
> > > $(DESTDIR)$(SBINDIR)/open_init_pty
> > > diff --git a/policycoreutils/scripts/Makefile
> > > b/policycoreutils/scripts/Makefile
> > > index d9e86ffe..a988144b 100644
> > > --- a/policycoreutils/scripts/Makefile
> > > +++ b/policycoreutils/scripts/Makefile
> > > @@ -1,6 +1,6 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > -SBINDIR ?= $(DESTDIR)/sbin
> > > +PREFIX ?= /usr
> > > +SBINDIR ?= /sbin
> > > MANDIR ?= $(PREFIX)/share/man
> > > LOCALEDIR ?= $(PREFIX)/share/locale
> > >
> > > @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
> > > all: fixfiles
> > >
> > > install: all
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 fixfiles $(SBINDIR)
> > > - -mkdir -p $(MANDIR)/man8
> > > - install -m 644 fixfiles.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
> > >
> > > clean:
> > >
> > > diff --git a/policycoreutils/secon/Makefile
> > > b/policycoreutils/secon/Makefile
> > > index 8e491d74..c03f0d7d 100644
> > > --- a/policycoreutils/secon/Makefile
> > > +++ b/policycoreutils/secon/Makefile
> > > @@ -1,5 +1,5 @@
> > > # secon tool - command-line context
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > BINDIR ?= $(PREFIX)/bin
> > > MANDIR ?= $(PREFIX)/share/man
> > > @@ -18,13 +18,13 @@ secon: secon.o
> > > install-nogui: install
> > >
> > > install: all
> > > - install -m 755 secon $(BINDIR);
> > > + install -m 755 secon $(DESTDIR)$(BINDIR);
> > >
> > > - test -d $(MANDIR)/man1 || install -m 755 -d
> > > $(MANDIR)/man1
> > > - install -m 644 secon.1 $(MANDIR)/man1
> > > + test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man1
> > > + install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
> > >
> > > relabel:
> > > - /sbin/restorecon $(BINDIR)/secon
> > > + /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
> > >
> > > clean:
> > > rm -f *.o core* secon *~ *.bak
> > > diff --git a/policycoreutils/semodule/Makefile
> > > b/policycoreutils/semodule/Makefile
> > > index fffb43ac..7c257bf5 100644
> > > --- a/policycoreutils/semodule/Makefile
> > > +++ b/policycoreutils/semodule/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > SBINDIR ?= $(PREFIX)/sbin
> > > MANDIR = $(PREFIX)/share/man
> > > @@ -17,12 +17,12 @@ genhomedircon:
> > > ln -sf semodule genhomedircon
> > >
> > > install: all
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 semodule $(SBINDIR)
> > > - (cd $(SBINDIR); ln -sf semodule genhomedircon)
> > > - test -d $(MANDIR)/man8 || install -m 755 -d
> > > $(MANDIR)/man8
> > > - install -m 644 semodule.8 $(MANDIR)/man8/
> > > - install -m 644 genhomedircon.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 semodule $(DESTDIR)$(SBINDIR)
> > > + (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
> > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
> > > + install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
> > >
> > > relabel:
> > >
> > > diff --git a/policycoreutils/sestatus/Makefile
> > > b/policycoreutils/sestatus/Makefile
> > > index 41ca6832..130b764b 100644
> > > --- a/policycoreutils/sestatus/Makefile
> > > +++ b/policycoreutils/sestatus/Makefile
> > > @@ -1,8 +1,8 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > SBINDIR ?= $(PREFIX)/sbin
> > > MANDIR = $(PREFIX)/share/man
> > > -ETCDIR ?= $(DESTDIR)/etc
> > > +ETCDIR ?= /etc
> > > LIBDIR ?= $(PREFIX)/lib
> > >
> > > CFLAGS ?= -Werror -Wall -W
> > > @@ -14,14 +14,14 @@ all: sestatus
> > > sestatus: sestatus.o
> > >
> > > install: all
> > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> > > - [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 sestatus $(SBINDIR)
> > > - install -m 644 sestatus.8 $(MANDIR)/man8
> > > - install -m 644 sestatus.conf.5 $(MANDIR)/man5
> > > - -mkdir -p $(ETCDIR)
> > > - install -m 644 sestatus.conf $(ETCDIR)
> > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> > > $(DESTDIR)$(MANDIR)/man8
> > > + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p
> > > $(DESTDIR)$(MANDIR)/man5
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 sestatus $(DESTDIR)$(SBINDIR)
> > > + install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
> > > + -mkdir -p $(DESTDIR)$(ETCDIR)
> > > + install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
> > >
> > > clean:
> > > rm -f sestatus *.o
> > > diff --git a/policycoreutils/setfiles/Makefile
> > > b/policycoreutils/setfiles/Makefile
> > > index c08e2dd1..4e56698f 100644
> > > --- a/policycoreutils/setfiles/Makefile
> > > +++ b/policycoreutils/setfiles/Makefile
> > > @@ -1,6 +1,6 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > -SBINDIR ?= $(DESTDIR)/sbin
> > > +PREFIX ?= /usr
> > > +SBINDIR ?= /sbin
> > > MANDIR = $(PREFIX)/share/man
> > > LIBDIR ?= $(PREFIX)/lib
> > > AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
> > > @@ -29,14 +29,14 @@ man:
> > > @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g"
> > > setfiles.8.man
> > >
> > > install: all
> > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 setfiles $(SBINDIR)
> > > - (cd $(SBINDIR) && ln -sf setfiles restorecon)
> > > - install -m 755 restorecon_xattr $(SBINDIR)
> > > - install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
> > > - install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
> > > - install -m 644 restorecon_xattr.8
> > > $(MANDIR)/man8/restorecon_xattr.8
> > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> > > $(DESTDIR)$(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 setfiles $(DESTDIR)$(SBINDIR)
> > > + (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
> > > + install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
> > > + install -m 644 setfiles.8.man
> > > $(DESTDIR)$(MANDIR)/man8/setfiles.8
> > > + install -m 644 restorecon.8
> > > $(DESTDIR)$(MANDIR)/man8/restorecon.8
> > > + install -m 644 restorecon_xattr.8
> > > $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
> > >
> > > clean:
> > > rm -f setfiles restorecon restorecon_xattr *.o
> > > setfiles.8.man
> > > @@ -45,4 +45,4 @@ indent:
> > > ../../scripts/Lindent $(wildcard *.[ch])
> > >
> > > relabel: install
> > > - $(SBINDIR)/restorecon $(SBINDIR)/setfiles
> > > $(SBINDIR)/restorecon_xattr
> > > + $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles
> > > $(DESTDIR)$(SBINDIR)/restorecon_xattr
> > > diff --git a/policycoreutils/setsebool/Makefile
> > > b/policycoreutils/setsebool/Makefile
> > > index bc254dab..f3379be9 100644
> > > --- a/policycoreutils/setsebool/Makefile
> > > +++ b/policycoreutils/setsebool/Makefile
> > > @@ -1,10 +1,10 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > SBINDIR ?= $(PREFIX)/sbin
> > > MANDIR = $(PREFIX)/share/man
> > > LIBDIR ?= $(PREFIX)/lib
> > > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
> > > completion/completions
> > > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
> > >
> > > CFLAGS ?= -Werror -Wall -W
> > > override LDLIBS += -lsepol -lselinux -lsemanage
> > > @@ -17,12 +17,12 @@ all: setsebool
> > > setsebool: $(SETSEBOOL_OBJS)
> > >
> > > install: all
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 setsebool $(SBINDIR)
> > > - -mkdir -p $(MANDIR)/man8
> > > - install -m 644 setsebool.8 $(MANDIR)/man8/
> > > - -mkdir -p $(BASHCOMPLETIONDIR)
> > > - install -m 644 $(BASHCOMPLETIONS)
> > > $(BASHCOMPLETIONDIR)/setsebool
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 setsebool $(DESTDIR)$(SBINDIR)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
> > > + install -m 644 $(BASHCOMPLETIONS)
> > > $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
> > >
> > > relabel:
> > >
> > > diff --git a/python/audit2allow/Makefile
> > > b/python/audit2allow/Makefile
> > > index 8db8075f..02526fa7 100644
> > > --- a/python/audit2allow/Makefile
> > > +++ b/python/audit2allow/Makefile
> > > @@ -1,7 +1,7 @@
> > > PYTHON ?= python
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > BINDIR ?= $(PREFIX)/bin
> > > LIBDIR ?= $(PREFIX)/lib
> > > MANDIR ?= $(PREFIX)/share/man
> > > @@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W
> > >
> > > all: audit2why sepolgen-ifgen-attr-helper
> > >
> > > -sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
> > > $(LIBSEPOLA)
> > > +sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
> > > $(DESTDIR)$(LIBSEPOLA)
> > >
> > > audit2why:
> > > ln -sf audit2allow audit2why
> > > @@ -22,14 +22,14 @@ test: all
> > > @$(PYTHON) test_audit2allow.py -v
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 audit2allow $(BINDIR)
> > > - (cd $(BINDIR); ln -sf audit2allow audit2why)
> > > - install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
> > > - install -m 755 sepolgen-ifgen $(BINDIR)
> > > - -mkdir -p $(MANDIR)/man1
> > > - install -m 644 audit2allow.1 $(MANDIR)/man1/
> > > - install -m 644 audit2why.1 $(MANDIR)/man1/
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 audit2allow $(DESTDIR)$(BINDIR)
> > > + (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
> > > + install -m 755 sepolgen-ifgen-attr-helper
> > > $(DESTDIR)$(BINDIR)
> > > + install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man1
> > > + install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
> > > + install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
> > >
> > > clean:
> > > rm -f *~ *.o sepolgen-ifgen-attr-helper
> > > diff --git a/python/chcat/Makefile b/python/chcat/Makefile
> > > index 0fd12d6d..890033e2 100644
> > > --- a/python/chcat/Makefile
> > > +++ b/python/chcat/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > BINDIR ?= $(PREFIX)/bin
> > > MANDIR ?= $(PREFIX)/share/man
> > > LOCALEDIR ?= $(PREFIX)/share/locale
> > > @@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
> > > all: chcat
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 chcat $(BINDIR)
> > > - -mkdir -p $(MANDIR)/man8
> > > - install -m 644 chcat.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 chcat $(DESTDIR)$(BINDIR)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
> > >
> > > clean:
> > >
> > > diff --git a/python/semanage/Makefile b/python/semanage/Makefile
> > > index 60c36a3a..bd02e9e9 100644
> > > --- a/python/semanage/Makefile
> > > +++ b/python/semanage/Makefile
> > > @@ -1,29 +1,29 @@
> > > PYTHON ?= python
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > > SBINDIR ?= $(PREFIX)/sbin
> > > MANDIR = $(PREFIX)/share/man
> > > PYLIBVER ?= $(shell $(PYTHON) -c 'import
> > > sys;print("python%d.%d" %
> > > sys.version_info[0:2])')
> > > PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
> > > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
> > > completion/completions
> > > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
> > >
> > > TARGETS=semanage
> > >
> > > -BASHCOMPLETIONS=semanage-bash-completion.sh
> > > +BASHCOMPLETIONS=semanage-bash-completion.sh
> > >
> > > all: $(TARGETS)
> > >
> > > install: all
> > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 semanage $(SBINDIR)
> > > - install -m 644 *.8 $(MANDIR)/man8
> > > - test -d $(PYTHONLIBDIR)/site-packages || install -m 755
> > > -d
> > > $(PYTHONLIBDIR)/site-packages
> > > - install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
> > > - -mkdir -p $(BASHCOMPLETIONDIR)
> > > - install -m 644 $(BASHCOMPLETIONS)
> > > $(BASHCOMPLETIONDIR)/semanage
> > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> > > $(DESTDIR)$(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 semanage $(DESTDIR)$(SBINDIR)
> > > + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
> > > + test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages ||
> > > install
> > > -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
> > > + install -m 755 seobject.py
> > > $(DESTDIR)$(PYTHONLIBDIR)/site-
> > > packages
> > > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
> > > + install -m 644 $(BASHCOMPLETIONS)
> > > $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
> > >
> > > test:
> > > @$(PYTHON) test-semanage.py -a
> > > diff --git a/python/sepolgen/src/sepolgen/Makefile
> > > b/python/sepolgen/src/sepolgen/Makefile
> > > index d3aa7715..12ef0827 100644
> > > --- a/python/sepolgen/src/sepolgen/Makefile
> > > +++ b/python/sepolgen/src/sepolgen/Makefile
> > > @@ -1,12 +1,12 @@
> > > PYTHON ?= python
> > > PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig
> > > import *; print(get_python_lib(1))")
> > > -PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
> > > +PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen
> > >
> > > all:
> > >
> > > install: all
> > > - -mkdir -p $(PACKAGEDIR)
> > > - install -m 644 *.py $(PACKAGEDIR)
> > > + -mkdir -p $(DESTDIR)$(PACKAGEDIR)
> > > + install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
> > >
> > > clean:
> > > rm -f parser.out parsetab.py
> > > diff --git a/python/sepolgen/src/share/Makefile
> > > b/python/sepolgen/src/share/Makefile
> > > index abf5e451..1a7133cb 100644
> > > --- a/python/sepolgen/src/share/Makefile
> > > +++ b/python/sepolgen/src/share/Makefile
> > > @@ -1,10 +1,10 @@
> > > -SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
> > > +SHAREDIR ?= /var/lib/sepolgen
> > >
> > > all:
> > >
> > > install: all
> > > - -mkdir -p $(SHAREDIR)
> > > - install -m 644 perm_map $(SHAREDIR)
> > > + -mkdir -p $(DESTDIR)$(SHAREDIR)
> > > + install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
> > >
> > > clean:
> > > - rm -f *~
> > > \ No newline at end of file
> > > + rm -f *~
> > > diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
> > > index 5a56e6c8..c75dce73 100644
> > > --- a/python/sepolicy/Makefile
> > > +++ b/python/sepolicy/Makefile
> > > @@ -1,13 +1,13 @@
> > > PYTHON ?= python
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > LIBDIR ?= $(PREFIX)/lib
> > > BINDIR ?= $(PREFIX)/bin
> > > DATADIR ?= $(PREFIX)/share
> > > MANDIR ?= $(PREFIX)/share/man
> > > LOCALEDIR ?= /usr/share/locale
> > > -BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
> > > completion/completions
> > > +BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
> > > SHAREDIR ?= $(PREFIX)/share/sandbox
> > > CFLAGS ?= -Wall -Werror -Wextra -W
> > > override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
> > > @@ -31,12 +31,12 @@ test:
> > >
> > > install:
> > > $(PYTHON) setup.py install `test -n "$(DESTDIR)" &&
> > > echo --
> > > root $(DESTDIR)`
> > > - [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
> > > - install -m 755 sepolicy.py $(BINDIR)/sepolicy
> > > - (cd $(BINDIR); ln -sf sepolicy sepolgen)
> > > - -mkdir -p $(MANDIR)/man8
> > > - install -m 644 *.8 $(MANDIR)/man8
> > > - -mkdir -p $(BASHCOMPLETIONDIR)
> > > - install -m 644 $(BASHCOMPLETIONS)
> > > $(BASHCOMPLETIONDIR)/sepolicy
> > > + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p
> > > $(DESTDIR)$(BINDIR)
> > > + install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
> > > + (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
> > > + install -m 644 $(BASHCOMPLETIONS)
> > > $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
> > >
> > > relabel:
> > > diff --git a/restorecond/Makefile b/restorecond/Makefile
> > > index ada94aeb..a9a57b48 100644
> > > --- a/restorecond/Makefile
> > > +++ b/restorecond/Makefile
> > > @@ -1,17 +1,17 @@
> > > PKG_CONFIG ?= pkg-config
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > SBINDIR ?= $(PREFIX)/sbin
> > > LIBDIR ?= $(PREFIX)/lib
> > > MANDIR = $(PREFIX)/share/man
> > > -AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
> > > -DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
> > > -SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
> > > +AUTOSTARTDIR = /etc/xdg/autostart
> > > +DBUSSERVICEDIR = /usr/share/dbus-1/services
> > > +SYSTEMDDIR ?= /usr/lib/systemd
> > >
> > > autostart_DATA = sealertauto.desktop
> > > -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
> > > -SELINUXDIR = $(DESTDIR)/etc/selinux
> > > +INITDIR ?= /etc/rc.d/init.d
> > > +SELINUXDIR = /etc/selinux
> > >
> > > DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-
> > > glib-1)
> > > DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
> > > @@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o
> > > utmpwatcher.o stringslist.o user.o watch.o
> > > $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
> > >
> > > install: all
> > > - [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 755 restorecond $(SBINDIR)
> > > - install -m 644 restorecond.8 $(MANDIR)/man8
> > > - -mkdir -p $(INITDIR)
> > > - install -m 755 restorecond.init $(INITDIR)/restorecond
> > > - -mkdir -p $(SELINUXDIR)
> > > - install -m 644 restorecond.conf
> > > $(SELINUXDIR)/restorecond.conf
> > > - install -m 644 restorecond_user.conf
> > > $(SELINUXDIR)/restorecond_user.conf
> > > - -mkdir -p $(AUTOSTARTDIR)
> > > - install -m 644 restorecond.desktop
> > > $(AUTOSTARTDIR)/restorecond.desktop
> > > - -mkdir -p $(DBUSSERVICEDIR)
> > > - install -m 600
> > > org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Re
> > > stor
> > > econd.service
> > > - -mkdir -p $(SYSTEMDDIR)/system
> > > - install -m 644 restorecond.service $(SYSTEMDDIR)/system/
> > > + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
> > > $(DESTDIR)$(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 755 restorecond $(DESTDIR)$(SBINDIR)
> > > + install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(INITDIR)
> > > + install -m 755 restorecond.init
> > > $(DESTDIR)$(INITDIR)/restorecond
> > > + -mkdir -p $(DESTDIR)$(SELINUXDIR)
> > > + install -m 644 restorecond.conf
> > > $(DESTDIR)$(SELINUXDIR)/restorecond.conf
> > > + install -m 644 restorecond_user.conf
> > > $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
> > > + -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
> > > + install -m 644 restorecond.desktop
> > > $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
> > > + -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
> > > + install -m 600
> > > org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.
> > > seli
> > > nux.Restorecond.service
> > > + -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
> > > + install -m 644 restorecond.service
> > > $(DESTDIR)$(SYSTEMDDIR)/system/
> > > relabel: install
> > > - /sbin/restorecon $(SBINDIR)/restorecond
> > > + /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
> > >
> > > clean:
> > > -rm -f restorecond *.o *~
> > > diff --git a/sandbox/Makefile b/sandbox/Makefile
> > > index 05c3d658..9c78041c 100644
> > > --- a/sandbox/Makefile
> > > +++ b/sandbox/Makefile
> > > @@ -1,8 +1,8 @@
> > > PYTHON ?= python
> > >
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > -SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
> > > +PREFIX ?= /usr
> > > +SYSCONFDIR ?= /etc/sysconfig
> > > LIBDIR ?= $(PREFIX)/lib
> > > BINDIR ?= $(PREFIX)/bin
> > > SBINDIR ?= $(PREFIX)/sbin
> > > @@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
> > > seunshare: $(SEUNSHARE_OBJS)
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 sandbox $(BINDIR)
> > > - -mkdir -p $(MANDIR)/man8
> > > - install -m 644 sandbox.8 $(MANDIR)/man8/
> > > - install -m 644 seunshare.8 $(MANDIR)/man8/
> > > - -mkdir -p $(MANDIR)/man5
> > > - install -m 644 sandbox.5 $(MANDIR)/man5/
> > > - -mkdir -p $(SBINDIR)
> > > - install -m 4755 seunshare $(SBINDIR)/
> > > - -mkdir -p $(SHAREDIR)
> > > - install -m 755 sandboxX.sh $(SHAREDIR)
> > > - install -m 755 start $(SHAREDIR)
> > > - -mkdir -p $(SYSCONFDIR)
> > > - install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 sandbox $(DESTDIR)$(BINDIR)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
> > > + install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man5
> > > + install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
> > > + -mkdir -p $(DESTDIR)$(SBINDIR)
> > > + install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
> > > + -mkdir -p $(DESTDIR)$(SHAREDIR)
> > > + install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
> > > + install -m 755 start $(DESTDIR)$(SHAREDIR)
> > > + -mkdir -p $(DESTDIR)$(SYSCONFDIR)
> > > + install -m 644 sandbox.conf
> > > $(DESTDIR)$(SYSCONFDIR)/sandbox
> > >
> > > test:
> > > @$(PYTHON) test_sandbox.py -v
> > > diff --git a/secilc/Makefile b/secilc/Makefile
> > > index 1cac53e4..597b4a27 100644
> > > --- a/secilc/Makefile
> > > +++ b/secilc/Makefile
> > > @@ -1,4 +1,4 @@
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > BINDIR ?= $(PREFIX)/bin
> > > MANDIR ?= $(PREFIX)/share/man
> > > LIBDIR ?= $(PREFIX)/lib
> > > @@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE):
> > > $(SECIL2CONF_MANPAGE).xml
> > > $(XMLTO) man $(SECIL2CONF_MANPAGE).xml
> > >
> > > install: all man
> > > - -mkdir -p $(BINDIR)
> > > - -mkdir -p $(MANDIR)/man8
> > > - install -m 755 $(SECILC) $(BINDIR)
> > > - install -m 755 $(SECIL2CONF) $(BINDIR)
> > > - install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
> > > - install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + -mkdir -p $(DESTDIR)$(MANDIR)/man8
> > > + install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
> > > + install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
> > > + install -m 644 $(SECILC_MANPAGE)
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 $(SECIL2CONF_MANPAGE)
> > > $(DESTDIR)$(MANDIR)/man8
> > >
> > > doc:
> > > $(MAKE) -C docs
> > > diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-
> > > utils/semodule_deps/Makefile
> > > index 328a5030..7b106781 100644
> > > --- a/semodule-utils/semodule_deps/Makefile
> > > +++ b/semodule-utils/semodule_deps/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > BINDIR ?= $(PREFIX)/bin
> > > LIBDIR ?= $(PREFIX)/lib
> > > @@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W
> > >
> > > all: semodule_deps
> > >
> > > -semodule_deps: semodule_deps.o $(LIBSEPOLA)
> > > +semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA)
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 semodule_deps $(BINDIR)
> > > - test -d $(MANDIR)/man8 || install -m 755 -d
> > > $(MANDIR)/man8
> > > - install -m 644 semodule_deps.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
> > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/
> > >
> > > relabel:
> > >
> > > diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-
> > > utils/semodule_expand/Makefile
> > > index 072f2137..58d2d3cb 100644
> > > --- a/semodule-utils/semodule_expand/Makefile
> > > +++ b/semodule-utils/semodule_expand/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > BINDIR ?= $(PREFIX)/bin
> > > LIBDIR ?= $(PREFIX)/lib
> > > @@ -13,10 +13,10 @@ all: semodule_expand
> > > semodule_expand: semodule_expand.o
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 semodule_expand $(BINDIR)
> > > - test -d $(MANDIR)/man8 || install -m 755 -d
> > > $(MANDIR)/man8
> > > - install -m 644 semodule_expand.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
> > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 semodule_expand.8
> > > $(DESTDIR)$(MANDIR)/man8/
> > >
> > > relabel:
> > >
> > > diff --git a/semodule-utils/semodule_link/Makefile b/semodule-
> > > utils/semodule_link/Makefile
> > > index cc4687bd..178bea30 100644
> > > --- a/semodule-utils/semodule_link/Makefile
> > > +++ b/semodule-utils/semodule_link/Makefile
> > > @@ -1,6 +1,6 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > -INCLUDEDIR ?= $(PREFIX)/include
> > > +PREFIX ?= /usr
> > > +INCLUDEDIR ?= /include
> > > BINDIR ?= $(PREFIX)/bin
> > > MANDIR ?= $(PREFIX)/share/man
> > > LIBDIR ?= $(PREFIX)/lib
> > > @@ -13,10 +13,10 @@ all: semodule_link
> > > semodule_link: semodule_link.o
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 semodule_link $(BINDIR)
> > > - test -d $(MANDIR)/man8 || install -m 755 -d
> > > $(MANDIR)/man8
> > > - install -m 644 semodule_link.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 semodule_link $(DESTDIR)$(BINDIR)
> > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> > > $(PREFIX)$(MANDIR)/man8
> >
> > Missing $(DESTDIR) in the final install location above.
> >
> > > + install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
> > >
> > > relabel:
> > >
> > > diff --git a/semodule-utils/semodule_package/Makefile b/semodule-
> > > utils/semodule_package/Makefile
> > > index 96dd7c4f..37bd0d4b 100644
> > > --- a/semodule-utils/semodule_package/Makefile
> > > +++ b/semodule-utils/semodule_package/Makefile
> > > @@ -1,5 +1,5 @@
> > > # Installation directories.
> > > -PREFIX ?= $(DESTDIR)/usr
> > > +PREFIX ?= /usr
> > > INCLUDEDIR ?= $(PREFIX)/include
> > > BINDIR ?= $(PREFIX)/bin
> > > LIBDIR ?= $(PREFIX)/lib
> > > @@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
> > > semodule_package: semodule_package.o
> > >
> > > install: all
> > > - -mkdir -p $(BINDIR)
> > > - install -m 755 semodule_package $(BINDIR)
> > > - install -m 755 semodule_unpackage $(BINDIR)
> > > - test -d $(MANDIR)/man8 || install -m 755 -d
> > > $(MANDIR)/man8
> > > - install -m 644 semodule_package.8 $(MANDIR)/man8/
> > > - install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
> > > + -mkdir -p $(DESTDIR)$(BINDIR)
> > > + install -m 755 semodule_package $(DESTDIR)$(BINDIR)
> > > + install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
> > > + test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
> > > $(DESTDIR)$(MANDIR)/man8
> > > + install -m 644 semodule_package.8
> > > $(DESTDIR)$(MANDIR)/man8/
> > > + install -m 644 semodule_unpackage.8
> > > $(DESTDIR)$(MANDIR)/man8/
> > >
> > > relabel:
> > >
^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc3 release candidate
2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley
2017-06-09 17:31 ` Stephen Smalley
2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley
@ 2017-06-23 17:07 ` Stephen Smalley
2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley
2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley
3 siblings, 1 reply; 24+ messages in thread
From: Stephen Smalley @ 2017-06-23 17:07 UTC (permalink / raw)
To: selinux
A third release candidate for the SELinux userspace is now available
at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Changes from the -rc2 release:
Jason Zaman (2):
libselinux utils: override LD{FLAGS, LIBS} for libselinux.so in
Makefile
Makefiles: override *FLAGS and *LIBS
Nicolas Iooss (3):
libsemanage/tests: fix linking
gui: do not create /etc
python/sepolicy: remove definition of SYSCONFDIR
Patrick Steinhardt (3):
libsepol: replace non-standard use of __BEGIN_DECLS
libselinux: avoid redefining _FORTIFY_SOURCE
genhomedircon: avoid use of non-standard `getpwent_r`
Petr Lautrbach (1):
mcstrans: Allow overriding libsepol.a location during build
Stephen Smalley (2):
Fix BINDIR/SBINDIR/... variables in Makefiles
Update VERSION files for 2.7-rc3 release.
^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc4 release candidate
2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley
@ 2017-06-30 17:53 ` Stephen Smalley
2017-07-09 10:12 ` Jason Zaman
2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley
0 siblings, 2 replies; 24+ messages in thread
From: Stephen Smalley @ 2017-06-30 17:53 UTC (permalink / raw)
To: selinux
A fourth (and hopefully final) release candidate for the SELinux
userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Barring any significant further changes, a final 2.7 release is likely
the week of July 10th.
Changes from the -rc3 release:
Laurent Bigonville (1):
Fix consistency of PYTHONLIBDIR variable across modules
Nicolas Iooss (3):
Travis-CI: update the list of Ruby's and Python's versions
libsepol/tests: override CPPFLAGS too
Travis-CI: test defining CFLAGS, LDFLAGS, etc. on make command
line
Stephen Smalley (2):
libselinux,libsemanage: fix RUBYLIBS definition
Update VERSION files for 2.7-rc4 release.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace 2.7-rc4 release candidate
2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley
@ 2017-07-09 10:12 ` Jason Zaman
2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley
1 sibling, 0 replies; 24+ messages in thread
From: Jason Zaman @ 2017-07-09 10:12 UTC (permalink / raw)
To: Stephen Smalley; +Cc: selinux
https://bugs.gentoo.org/show_bug.cgi?id=621062
I'm fairly short on time lately. Does the patch in this bug seem right?
If it does can you apply it before the final release?
Thanks,
Jason
On Fri, Jun 30, 2017 at 01:53:28PM -0400, Stephen Smalley wrote:
> A fourth (and hopefully final) release candidate for the SELinux
> userspace is now available at:
> https://github.com/SELinuxProject/selinux/wiki/Releases
>
> Please give it a test and let us know if there are any issues.
> Barring any significant further changes, a final 2.7 release is likely
> the week of July 10th.
>
> Changes from the -rc3 release:
>
> Laurent Bigonville (1):
> Fix consistency of PYTHONLIBDIR variable across modules
>
> Nicolas Iooss (3):
> Travis-CI: update the list of Ruby's and Python's versions
> libsepol/tests: override CPPFLAGS too
> Travis-CI: test defining CFLAGS, LDFLAGS, etc. on make command
> line
>
> Stephen Smalley (2):
> libselinux,libsemanage: fix RUBYLIBS definition
> Update VERSION files for 2.7-rc4 release.
>
>
>
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc5 release candidate
2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley
2017-07-09 10:12 ` Jason Zaman
@ 2017-07-18 16:14 ` Stephen Smalley
2017-07-28 19:47 ` ANN: SELinux userspace 2.7-rc6 " Stephen Smalley
1 sibling, 1 reply; 24+ messages in thread
From: Stephen Smalley @ 2017-07-18 16:14 UTC (permalink / raw)
To: selinux
A fifth release candidate for the SELinux userspace is now available
at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Changes from the -rc4 release:
Stephen Smalley (4):
open_init_pty: Do not make stdin and stdout non-blocking
Revert "open_init_pty: Do not make stdin and stdout non-blocking"
open_init_pty: restore stdin/stdout to blocking upon exit
Update VERSION files for 2.7-rc5
^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace 2.7-rc6 release candidate
2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley
@ 2017-07-28 19:47 ` Stephen Smalley
0 siblings, 0 replies; 24+ messages in thread
From: Stephen Smalley @ 2017-07-28 19:47 UTC (permalink / raw)
To: selinux
A sixth release candidate for the SELinux userspace is now available
at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Changes from the -rc5 release:
Dan Cashman (1):
libsepol: cil: enable cpp compilation of cil.h.
Petr Lautrbach (4):
sepolicy: Fix minor typo in 'transition -s' test
sepolicy: Fix syntax errors in 'manpage -w'
sepolicy: Make manpage and transition faster
sepolicy: File labels used to be sorted in a man page
Stephen Smalley (2):
libsepol: Define nnp_nosuid_transition policy capability
Update VERSION files for 2.7-rc6
Tom Cherry (1):
libselinux: fix thread safety issues with lookup_common()
^ permalink raw reply [flat|nested] 24+ messages in thread
* ANN: SELinux userspace release 20170804 / 2.7
2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley
` (2 preceding siblings ...)
2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley
@ 2017-08-04 18:57 ` Stephen Smalley
2017-08-04 19:21 ` Dominick Grift
3 siblings, 1 reply; 24+ messages in thread
From: Stephen Smalley @ 2017-08-04 18:57 UTC (permalink / raw)
To: selinux
The 20170804 / 2.7 release for the SELinux userspace release is now
available from:
https://github.com/SELinuxProject/selinux/wiki/Releases
Below are some notes on this release for packagers and users of the
SELinux userspace. git log and git shortlog output for all changes
since the 20161014 / 2.6 release are linked from the release page.
Thanks to all the contributors to this release!
If you notice corrections or additional items that should be added to
the release notes (below and also linked from the releases page), reply
to this message with your suggested changes/additions and we'll add
them to the one linked from the releases page too.
* This is the first release with the split up policycoreutils (see
https://www.mail-archive.com/selinux@tycho.nsa.gov/msg02914.html and
the rest of that thread). Fedora already packages many of these
components separately, although not always with the same organization
and naming scheme. Note that a number of these components are not
necessary for basic use of SELinux and likely should not be installed
by default, e.g. selinux-dbus, selinux-gui, mcstrans, restorecond,
selinux-sandbox.
* libsepol now has binary module support for ioctl xperms rules
(module version 18), making it possible to use allowxperm rules in
modularly built refpolicy-based policies. Previously, ioctl xperms
rules were only supported in monolithic policy and in CIL modules.
This change means that refpolicy and/or policies derived from it can
begin to leverage ioctl whitelisting, which has already been leveraged
for some time in Android policies, which do not rely on binary modules.
* This release introduces support for Infiniband object labeling,
including support for kernel policy version 31 and module version 19,
policy.conf and CIL language support, and semanage support. The
corresponding kernel support was introduced in Linux v4.13.
* This release introduces support for building policies with the
extended_socket_class, cgroup_seclabel, and nnp_nosuid_transition
policy
capabilities enabled:
** The extended_socket_class policy capability allows distinctions to
be made in policy among socket address families that were previously
mapped to the generic socket class (e.g. bluetooth, nfc, and many
other socket address families that previously did not have their own
distinct security class) as well as for SCTP and ICMP/ping sockets
that were previously mapped to the rawip_socket class. This policy
capability is supported by Linux v4.11 and later. Enabling this
capability
in policy requires reviewing existing rules on socket and rawip_socket
classes to determine whether they should be duplicated for the new
classes.
** The cgroup_seclabel policy capability allows userspace to set
labels on cgroup/cgroup2 files, enabling fine-grained labeling of
cgroup files by userspace. This policy capability is also supported
by Linux v4.11 and later. Note that enabling this capability will
break current Android userspace/policy and requires introducing
appropriate file_contexts definitions for cgroup files (or a change to
the Android init program's handling of them) in order to avoid
mislabeling them.
** The nnp_nosuid_transition policy capability enables SELinux domain
transitions to occur under no_new_privs (NNP) or on nosuid mounts if
the corresponding permission (nnp_transition for NNP,
nosuid_transition for nosuid; both in the newly defined process2
security class / access vector) is allowed between the old and new
contexts. This change was motivated by the increasing use of NNP by
systemd for confining system services and the desire to be able to
leverage NNP/nosuid-provided protections in combination with SELinux
rather than having to make undesirable tradeoffs in security. With
this policy capability enabled and the corresponding permissions
allowed where required, it should be possible to use upstream systemd
unit files without modification on SELinux-enabled systems.
NB: Allowing nnp_transition between two contexts opens up the
potential for the old context to subvert the new context by
installing seccomp filters before the execve. Allowing
nosuid_transition between two contexts opens up the potential for
a context transition to occur on a file from an untrusted
filesystem (e.g. removable media or remote filesystem). Use with
care.
* checkpolicy now supports generating CIL or policy.conf from a
kernel binary policy. Sample usage is checkpolicy -M -C -b policy.N -o
policy.cil and checkpolicy -M -F -b policy.N -o policy.conf. There is
also now a secil2conf program that can generate policy.conf from CIL,
e.g. secil2conf -o policy.conf policy.cil.
* Attribute generation and expansion has changed in several ways in
order to address kernel runtime performance issues that occur when
types have many attributes assigned to them while ensuring preservation
of attributes where desired. Binary module to CIL conversion now
ensures that duplicate attributes are not generated for the same type
set. secilc now supports -G and -X options to force expansion of
automatically generated attributes (-G) and/or attributes that have
fewer than a specified number of types (-X number). secilc will also
now more aggressively expand attributes based on whether they will
actually be used by the kernel, are needed for debugging denials by
audit2allow/why, or are needed for neverallow checking of binary
policies (in Android). New statements are supported in policy.conf
(expandattribute) and in CIL (expandtypeattribute) to support
specifying in source policy that specific attributes should always be
expanded or never be expanded in order to override the default
behaviors in checkpolicy and secilc.
* checkpolicy/checkmodule now treats it as an error if a type is
declared as an attribute or vice versa in a require block. Such
mismatches between declarations and require statements are an error in
policy and should be corrected in policy; refpolicy master should
already be fixed.
* A change to libsepol-internal data structures breaks the build of
setools4. This is fixed by setools4 commit
743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch. The
change was to align the libsepol structures with the kernel in order to
allow direct comparison of libsepol-generated policy files against
/sys/fs/selinux/policy after normalizing them through checkpolicy.
* audit2why now understands type bounds failures and reports them as
such, although it does not yet provide detailed reporting. Detailed
bounds violation reporting can be obtained already by enabling expand-
check=1 in semanage.conf or by running semodule_expand (without -a) at
policy validation time.
* libsemanage now saves the linked policy and skips re-linking
whenever possible. This significantly improves the performance and
memory overhead of semanage commands that do not affect policy modules
(setting booleans and adding, deleting, or modifying local context
mappings). Previously, libsemanage only skipped re-linking when setting
booleans as a special case, but this was found to have a bug that could
yield duplicate object context entries (e.g. portcon) in policy. That
optimization was therefore reverted and replaced with this one, which
both fixes the bug and generalizes the optimization beyond just setting
booleans. The change does bring an associated storage cost, primarily
storing an extra copy of the kernel policy file (if a concern, this
could be made optional but it seems well worth it). The first semanage
or setsebool -P command run with the new libsemanage will not
demonstrate any improvement due to needing to generate the linked
policy for the first time, but subsequent commands will leverage the
saved linked policy.
* libsemanage no longer depends on ustr.
* libselinux/utils Makefile now uses SBINDIR instead of USRBINDIR.
* mcstrans/utils Makefile now uses SBINDIR instead of BINDIR.
* Some packages (libselinux, checkpolicy, selinux-python,
semodule-utils and mcstrans) require LIBSEPOLA to be set to the
absolute path to libsepol.a when building with DESTDIR set.
* policycoreutils make install no longer creates a symlink from
/usr/sbin/load_policy to /sbin/load_policy.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: ANN: SELinux userspace release 20170804 / 2.7
2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley
@ 2017-08-04 19:21 ` Dominick Grift
0 siblings, 0 replies; 24+ messages in thread
From: Dominick Grift @ 2017-08-04 19:21 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 9138 bytes --]
On Fri, Aug 04, 2017 at 02:57:20PM -0400, Stephen Smalley wrote:
> The 20170804 / 2.7 release for the SELinux userspace release is now
> available from:
> https://github.com/SELinuxProject/selinux/wiki/Releases
Thanks for bringing us this new release!
>
> Below are some notes on this release for packagers and users of the
> SELinux userspace. git log and git shortlog output for all changes
> since the 20161014 / 2.6 release are linked from the release page.
> Thanks to all the contributors to this release!
>
> If you notice corrections or additional items that should be added to
> the release notes (below and also linked from the releases page), reply
> to this message with your suggested changes/additions and we'll add
> them to the one linked from the releases page too.
>
> * This is the first release with the split up policycoreutils (see
> https://www.mail-archive.com/selinux@tycho.nsa.gov/msg02914.html and
> the rest of that thread). Fedora already packages many of these
> components separately, although not always with the same organization
> and naming scheme. Note that a number of these components are not
> necessary for basic use of SELinux and likely should not be installed
> by default, e.g. selinux-dbus, selinux-gui, mcstrans, restorecond,
> selinux-sandbox.
>
> * libsepol now has binary module support for ioctl xperms rules
> (module version 18), making it possible to use allowxperm rules in
> modularly built refpolicy-based policies. Previously, ioctl xperms
> rules were only supported in monolithic policy and in CIL modules.
> This change means that refpolicy and/or policies derived from it can
> begin to leverage ioctl whitelisting, which has already been leveraged
> for some time in Android policies, which do not rely on binary modules.
>
> * This release introduces support for Infiniband object labeling,
> including support for kernel policy version 31 and module version 19,
> policy.conf and CIL language support, and semanage support. The
> corresponding kernel support was introduced in Linux v4.13.
>
> * This release introduces support for building policies with the
> extended_socket_class, cgroup_seclabel, and nnp_nosuid_transition
> policy
> capabilities enabled:
>
> ** The extended_socket_class policy capability allows distinctions to
> be made in policy among socket address families that were previously
> mapped to the generic socket class (e.g. bluetooth, nfc, and many
> other socket address families that previously did not have their own
> distinct security class) as well as for SCTP and ICMP/ping sockets
> that were previously mapped to the rawip_socket class. This policy
> capability is supported by Linux v4.11 and later. Enabling this
> capability
> in policy requires reviewing existing rules on socket and rawip_socket
> classes to determine whether they should be duplicated for the new
> classes.
>
> ** The cgroup_seclabel policy capability allows userspace to set
> labels on cgroup/cgroup2 files, enabling fine-grained labeling of
> cgroup files by userspace. This policy capability is also supported
> by Linux v4.11 and later. Note that enabling this capability will
> break current Android userspace/policy and requires introducing
> appropriate file_contexts definitions for cgroup files (or a change to
> the Android init program's handling of them) in order to avoid
> mislabeling them.
>
> ** The nnp_nosuid_transition policy capability enables SELinux domain
> transitions to occur under no_new_privs (NNP) or on nosuid mounts if
> the corresponding permission (nnp_transition for NNP,
> nosuid_transition for nosuid; both in the newly defined process2
> security class / access vector) is allowed between the old and new
> contexts. This change was motivated by the increasing use of NNP by
> systemd for confining system services and the desire to be able to
> leverage NNP/nosuid-provided protections in combination with SELinux
> rather than having to make undesirable tradeoffs in security. With
> this policy capability enabled and the corresponding permissions
> allowed where required, it should be possible to use upstream systemd
> unit files without modification on SELinux-enabled systems.
> NB: Allowing nnp_transition between two contexts opens up the
> potential for the old context to subvert the new context by
> installing seccomp filters before the execve. Allowing
> nosuid_transition between two contexts opens up the potential for
> a context transition to occur on a file from an untrusted
> filesystem (e.g. removable media or remote filesystem). Use with
> care.
Linux support is expected with 4.14
>
> * checkpolicy now supports generating CIL or policy.conf from a
> kernel binary policy. Sample usage is checkpolicy -M -C -b policy.N -o
> policy.cil and checkpolicy -M -F -b policy.N -o policy.conf. There is
> also now a secil2conf program that can generate policy.conf from CIL,
> e.g. secil2conf -o policy.conf policy.cil.
>
> * Attribute generation and expansion has changed in several ways in
> order to address kernel runtime performance issues that occur when
> types have many attributes assigned to them while ensuring preservation
> of attributes where desired. Binary module to CIL conversion now
> ensures that duplicate attributes are not generated for the same type
> set. secilc now supports -G and -X options to force expansion of
> automatically generated attributes (-G) and/or attributes that have
> fewer than a specified number of types (-X number). secilc will also
> now more aggressively expand attributes based on whether they will
> actually be used by the kernel, are needed for debugging denials by
> audit2allow/why, or are needed for neverallow checking of binary
> policies (in Android). New statements are supported in policy.conf
> (expandattribute) and in CIL (expandtypeattribute) to support
> specifying in source policy that specific attributes should always be
> expanded or never be expanded in order to override the default
> behaviors in checkpolicy and secilc.
This statement (expandtypeattribute) should probably be documented in the secilc docs:
https://github.com/SELinuxProject/selinux/tree/master/secilc/docs
>
> * checkpolicy/checkmodule now treats it as an error if a type is
> declared as an attribute or vice versa in a require block. Such
> mismatches between declarations and require statements are an error in
> policy and should be corrected in policy; refpolicy master should
> already be fixed.
>
> * A change to libsepol-internal data structures breaks the build of
> setools4. This is fixed by setools4 commit
> 743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch. The
> change was to align the libsepol structures with the kernel in order to
> allow direct comparison of libsepol-generated policy files against
> /sys/fs/selinux/policy after normalizing them through checkpolicy.
>
> * audit2why now understands type bounds failures and reports them as
> such, although it does not yet provide detailed reporting. Detailed
> bounds violation reporting can be obtained already by enabling expand-
> check=1 in semanage.conf or by running semodule_expand (without -a) at
> policy validation time.
>
> * libsemanage now saves the linked policy and skips re-linking
> whenever possible. This significantly improves the performance and
> memory overhead of semanage commands that do not affect policy modules
> (setting booleans and adding, deleting, or modifying local context
> mappings). Previously, libsemanage only skipped re-linking when setting
> booleans as a special case, but this was found to have a bug that could
> yield duplicate object context entries (e.g. portcon) in policy. That
> optimization was therefore reverted and replaced with this one, which
> both fixes the bug and generalizes the optimization beyond just setting
> booleans. The change does bring an associated storage cost, primarily
> storing an extra copy of the kernel policy file (if a concern, this
> could be made optional but it seems well worth it). The first semanage
> or setsebool -P command run with the new libsemanage will not
> demonstrate any improvement due to needing to generate the linked
> policy for the first time, but subsequent commands will leverage the
> saved linked policy.
>
> * libsemanage no longer depends on ustr.
>
> * libselinux/utils Makefile now uses SBINDIR instead of USRBINDIR.
>
> * mcstrans/utils Makefile now uses SBINDIR instead of BINDIR.
>
> * Some packages (libselinux, checkpolicy, selinux-python,
> semodule-utils and mcstrans) require LIBSEPOLA to be set to the
> absolute path to libsepol.a when building with DESTDIR set.
>
> * policycoreutils make install no longer creates a symlink from
> /usr/sbin/load_policy to /sbin/load_policy.
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2017-08-04 19:21 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-09 17:18 ANN: SELinux userspace 2.7-rc1 release Stephen Smalley
2017-06-09 17:31 ` Stephen Smalley
2017-06-16 16:55 ` ANN: SELinux userspace 2.7-rc2 release Stephen Smalley
2017-06-18 7:32 ` Jason Zaman
2017-06-18 7:46 ` Jason Zaman
2017-06-20 10:54 ` Petr Lautrbach
2017-06-20 12:14 ` Stephen Smalley
2017-06-20 13:28 ` Petr Lautrbach
2017-06-20 13:31 ` Petr Lautrbach
2017-06-20 14:22 ` Jason Zaman
2017-06-21 17:58 ` Petr Lautrbach
2017-06-19 17:06 ` Stephen Smalley
2017-06-20 4:55 ` Jason Zaman
2017-06-21 18:04 ` [PATCH] Use DESTDIR only in install targets Petr Lautrbach
2017-06-21 19:51 ` Stephen Smalley
2017-06-22 16:25 ` Petr Lautrbach
2017-06-22 16:45 ` Stephen Smalley
2017-06-23 17:07 ` ANN: SELinux userspace 2.7-rc3 release candidate Stephen Smalley
2017-06-30 17:53 ` ANN: SELinux userspace 2.7-rc4 " Stephen Smalley
2017-07-09 10:12 ` Jason Zaman
2017-07-18 16:14 ` ANN: SELinux userspace 2.7-rc5 " Stephen Smalley
2017-07-28 19:47 ` ANN: SELinux userspace 2.7-rc6 " Stephen Smalley
2017-08-04 18:57 ` ANN: SELinux userspace release 20170804 / 2.7 Stephen Smalley
2017-08-04 19:21 ` Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.