# Installation directories.
PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
LOCALEDIR = /usr/share/locale
PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
# Enable capabilities to permit newrole to generate audit records.
# This will make newrole a setuid root program.
# The capabilities used are: CAP_AUDIT_WRITE.
AUDIT_LOG_PRIV ?= n
# Enable capabilities to permit newrole to utilitize the pam_namespace module.
# This will make newrole a setuid root program.
# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and
# CAP_DAC_OVERRIDE.
NAMESPACE_PRIV ?= n
# If LSPP_PRIV is y, then newrole will be made into setuid root program.
# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y.
LSPP_PRIV ?= n
VERSION = $(shell cat ../VERSION)
CFLAGS ?= -Werror -Wall -W
EXTRA_OBJS =
override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
LDLIBS += -lselinux -L$(PREFIX)/lib
ifeq ($(PAMH), /usr/include/security/pam_appl.h)
override CFLAGS += -DUSE_PAM
EXTRA_OBJS += hashtab.o
LDLIBS += -lpam -lpam_misc
else
override CFLAGS += -D_XOPEN_SOURCE=500
LDLIBS += -lcrypt
endif
ifeq ($(AUDITH), /usr/include/libaudit.h)
override CFLAGS += -DUSE_AUDIT
LDLIBS += -laudit
endif
ifeq ($(LSPP_PRIV),y)
override AUDIT_LOG_PRIV=y
override NAMESPACE_PRIV=y
endif
ifeq ($(AUDIT_LOG_PRIV),y)
override CFLAGS += -DAUDIT_LOG_PRIV
IS_SUID=y
endif
ifeq ($(NAMESPACE_PRIV),y)
override CFLAGS += -DNAMESPACE_PRIV
IS_SUID=y
endif
ifeq ($(IS_SUID),y)
MODE := 4555
LDLIBS += -lcap-ng
else
MODE := 0555
endif
all: newrole
newrole: newrole.o $(EXTRA_OBJS)
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
test -d $(BINDIR) || install -m 755 -d $(BINDIR)
test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
install -m $(MODE) newrole $(BINDIR)
install -m 644 newrole.1 $(MANDIR)/man1/
ifeq ($(PAMH), /usr/include/security/pam_appl.h)
test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
ifeq ($(LSPP_PRIV),y)
install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
else
install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
endif
endif
clean:
rm -f newrole *.o
indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
/sbin/restorecon $(BINDIR)/newrole