1# Installation directories.
2PREFIX ?= $(DESTDIR)/usr
3BINDIR ?= $(PREFIX)/bin
4MANDIR ?= $(PREFIX)/share/man
5ETCDIR ?= $(DESTDIR)/etc
6LOCALEDIR = /usr/share/locale
7PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
8AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
9# Enable capabilities to permit newrole to generate audit records.
10# This will make newrole a setuid root program.
11# The capabilities used are: CAP_AUDIT_WRITE.
12AUDIT_LOG_PRIV ?= n
13# Enable capabilities to permit newrole to utilitize the pam_namespace module.
14# This will make newrole a setuid root program.
15# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and
16# CAP_DAC_OVERRIDE.
17NAMESPACE_PRIV ?= n
18# If LSPP_PRIV is y, then newrole will be made into setuid root program.
19# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y.
20LSPP_PRIV ?= n
21VERSION = $(shell cat ../VERSION)
22
23CFLAGS ?= -Werror -Wall -W
24EXTRA_OBJS =
25override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
26LDLIBS += -lselinux -L$(PREFIX)/lib
27ifeq ($(PAMH), /usr/include/security/pam_appl.h)
28	override CFLAGS += -DUSE_PAM
29	EXTRA_OBJS += hashtab.o
30	LDLIBS += -lpam -lpam_misc
31else
32	override CFLAGS += -D_XOPEN_SOURCE=500
33	LDLIBS += -lcrypt
34endif
35ifeq ($(AUDITH), /usr/include/libaudit.h)
36	override CFLAGS += -DUSE_AUDIT
37	LDLIBS += -laudit
38endif
39ifeq ($(LSPP_PRIV),y)
40	override AUDIT_LOG_PRIV=y
41	override NAMESPACE_PRIV=y
42endif
43ifeq ($(AUDIT_LOG_PRIV),y)
44	override CFLAGS += -DAUDIT_LOG_PRIV
45	IS_SUID=y
46endif
47ifeq ($(NAMESPACE_PRIV),y)
48	override CFLAGS += -DNAMESPACE_PRIV
49	IS_SUID=y
50endif
51ifeq ($(IS_SUID),y)
52	MODE := 4555
53	LDLIBS += -lcap-ng
54else
55	MODE := 0555
56endif
57
58all: newrole
59
60newrole: newrole.o $(EXTRA_OBJS)
61	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
62
63install: all
64	test -d $(BINDIR)      || install -m 755 -d $(BINDIR)
65	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
66	test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
67	install -m $(MODE) newrole $(BINDIR)
68	install -m 644 newrole.1 $(MANDIR)/man1/
69ifeq ($(PAMH), /usr/include/security/pam_appl.h)
70	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
71ifeq ($(LSPP_PRIV),y)
72	install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
73else
74	install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
75endif
76endif
77
78clean:
79	rm -f newrole *.o
80
81indent:
82	../../scripts/Lindent $(wildcard *.[ch])
83
84relabel: install
85	/sbin/restorecon $(BINDIR)/newrole
86