Discussion:
ANN: SELinux userspace 2.7-rc1 release
(too old to reply)
Stephen Smalley
2017-06-09 17:18:16 UTC
Permalink
A release candidate for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases

Please give it a test and let us know if there are any issues.

Below are some notes on this release for packagers and users of the
SELinux userspace. A git shortlog will follow in a separate email. If
you see (or encounter) other changes that you think are important to
call out for packagers and users in the final release announcement, let
us know. Also, since we have removed the older manually maintained
ChangeLog files, let us know whether you would like to see a full
ChangeLog (generated via git log) and/or shortlog for the entire
release or by individual component added to the release (and if so,
whether this ought to go into the tar files themselves or can be
separate on the download page).

1) This will be the first release with the split up policycoreutils
(see https://www.mail-archive.com/***@tycho.nsa.gov/msg02914.html
and the rest of that thread). If there are any final desired changes
to the structure, naming, etc, now is the last opportunity to get it
fixed before we make a final release with the new structure/naming.
Fedora already packages many of these components separately, although
not always with the same organization and naming scheme. Note that a
number of these components are not necessary for basic use of SELinux
and likely should not be installed by default, e.g. selinux-dbus,
selinux-gui, mcstrans, restorecond, selinux-sandbox.

2) libsepol now has binary module support for ioctl xperms rules
(module version 18), making it possible to use allowxperm rules in
modularly built refpolicy-based policies. Previously, ioctl xperms
rules were only supported in monolithic policy and in CIL modules.
This change means that refpolicy and/or policies derived from it can
begin to leverage ioctl whitelisting, which has already been leveraged
for some time in Android policies, which do not rely on binary modules.

3) This release introduces support for Infiniband object labeling,
including support for kernel policy version 31 and module version 19,
policy.conf and CIL language support, and semanage support. It appears
that the corresponding kernel support will land in Linux v4.13.

4) This release introduces support for building policies with the
extended_socket_class and cgroup_seclabel policy capabilities enabled.
The extended_socket_class policy capability allows distinctions to be
made in policy among socket address families that were previously
mapped to the generic socket class (e.g. bluetooth, nfc, and many other
socket address families that previously did not have their own distinct
security class) as well as for SCTP and ICMP/ping sockets that were
previously mapped to the rawip_socket class. This policy capability is
supported by Linux v4.11 and later. refpolicy master already includes
the class/permission definitions for this capability but does not yet
enable the capability by default (and further allow rules will be
necessary to allow access to the new socket classes; review all allow
rules on socket and rawip_socket and see whether they should be
duplicated for the new classes but do not blindly allow access to them
all). AOSP master policy also includes the class/permission
definitions for this policy capability and enables the capability by
default, and will likewise need corresponding allow rules added when
kernels >= 4.11 are used. The cgroup_seclabel policy capability allows
userspace to set labels on cgroup/cgroup2 files, enabling fine-grained
labeling of cgroup files by userspace. This policy capability is also
supported by Linux v4.11 and later. This capability is not yet defined
in any policy. Note that enabling this capability will break current
Android userspace/policy and requires introducing appropriate
file_contexts definitions for cgroup files (or a change to the Android
init program's handling of them) in order to avoid mislabeling them.

5) checkpolicy now supports for generating CIL or policy.conf from a
kernel binary policy. Sample usage is checkpolicy -M -C -b policy.N -o
policy.cil and checkpolicy -M -F -b policy.N -o policy.conf. There is
also now a secil2conf program that can generate policy.conf from CIL,
e.g. secil2conf -o policy.conf policy.cil.

6) Attribute generation and expansion has changed in several ways in
order to address kernel runtime performance issues that occur when
types have many attributes assigned to them while ensuring preservation
of attributes where desired. Binary module to CIL conversion now
ensures that duplicate attributes are not generated for the same type
set. secilc now supports -G and -X options to force expansion of
automatically generated attributes (-G) and/or attributes that have
fewer than a specified number of types (-X number). secilc will also
now more aggressively expand attributes based on whether they will
actually be used by the kernel, are needed for debugging denials by
audit2allow/why, or are needed for neverallow checking of binary
policies (in Android). New statements are supported in policy.conf
(expandattribute) and in CIL (expandtypeattribute) to support
specifying in source policy that specific attributes should always be
expanded or never be expanded in order to override the default
behaviors in checkpolicy and secilc.

7) checkpolicy/checkmodule now treats it as an error if a type is
declared as an attribute or vice versa in a require block. Such
mismatches between declarations and require statements are an error in
policy and should be corrected in policy; refpolicy master should
already be fixed.

8) A change to libsepol-internal data structures breaks the build of
setools4. This is fixed by setools4 commit
743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch. The
change was to align the libsepol structures with the kernel in order to
allow direct comparison of libsepol-generated policy files against
/sys/fs/selinux/policy after normalizing them through checkpolicy.

9) audit2why now understands type bounds failures and reports them as
such, although it does not yet provide detailed reporting. Detailed
bounds violation reporting can be obtained already by enabling expand-
check=1 in semanage.conf or by running semodule_expand (without -a) at
policy validation time.

10) libsemanage now saves the linked policy and skips re-linking
whenever possible. This significantly improves the performance and
memory overhead of semanage commands that do not affect policy modules
(setting booleans and adding, deleting, or modifying local context
mappings). Previously, libsemanage only skipped re-linking when setting
booleans as a special case, but this was found to have a bug that could
yield duplicate object context entries (e.g. portcon) in policy. That
optimization was therefore reverted and replaced with this one, which
both fixes the bug and generalizes the optimization beyond just setting
booleans. The change does bring an associated storage cost, primarily
storing an extra copy of the kernel policy file (if a concern, this
could be made optional but it seems well worth it). The first semanage
or setsebool -P command run with the new libsemanage will not
demonstrate any improvement due to needing to generate the linked
policy for the first time, but subsequent commands will leverage the
saved linked policy.
Stephen Smalley
2017-06-09 17:31:58 UTC
Permalink
Post by Stephen Smalley
https://github.com/SELinuxProject/selinux/wiki/Releases
git shortlog output for this release.

Alan Jenkins (24):
policycoreutils, python: Fix bad manpage formatting in "SEE ALSO"
restorecon manpage: link back to fixfiles
policycoreutils: let output of `fixfiles` be redirected (as normal)
policycoreutils: fixfiles should handle path arguments more robustly
policycoreutils: fixfiles: handle unexpected spaces in command
policycoreutils/setfiles: stdout messages don't need program prefix
policycoreutils/setfiles: don't scramble stdout and stderr together
policycoreutils: fixfiles: remove useless use of cat
Revert "policycoreutils: let output of `fixfiles` be redirected (as normal)"
policycoreutils: fixfiles: remove (broken) redundant code
policycoreutils: fixfiles: clarify exclude_dirs()
policycoreutils: fixfiles: fix logging about R/O filesystems
policycoreutils: fixfiles: move logit call outside of redirected function
policycoreutils: fixfiles: deprecate -l option
policycoreutils: fixfiles: tidy up usage(), manpage synopsis
policycoreutils: fixfiles: remove two unused variables
policycoreutils: fixfiles: syntax error
policycoreutils: fixfiles: usage errors are fatal
policycoreutils: fixfiles: if restorecon aborts, we should too
policycoreutils: fixfiles: refactor into the `set -u` dialect
policycoreutils: fixfiles: un-document `-R -a` option
policycoreutils: fixfiles: remove bad modes of "relabel" command
policycoreutils: fixfiles: don't ignore `-F` when run in `-C` mode
policycoreutils: fixfiles: use a consistent order for options to restorecon

Bernhard M. Wiedemann (1):
sort input files

Christian Göttsche (2):
libselinux: add security_get_checkreqprot
sestatus: show checkreqprot status

Colin Walters (1):
config: Don't finalize mount state in selinux_set_policy_root()

Dan Walsh (5):
policycoreutils/sepolicy: Add documentation for MCS separated domains
sepolicy: Add manpages for typealiased types
sepolicy: Move svirt man page out of libvirt into its own
Fix up generation of application policy
sepolicy: We should be creating _exec interfaces when we create the domtrans interface

Daniel Jurgens (10):
checkpolicy: Add support for ibpkeycon labels
libsepol: Add ibpkey ocontext handling
libsepol: Add Infiniband Pkey handling to CIL
checkpolicy: Add support for ibendportcon labels
libsepol: Add ibendport ocontext handling
libsepol: Add IB end port handling to CIL
semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
semanage: Update semanage to allow runtime labeling of ibendports
semanage: Update man pages for infiniband
semanage: Fix manpage author for ibpkey and ibendport pages.

Gary Tierney (1):
libsepol/cil: remove avrules with no affected types

Guido Trentalancia (2):
libselinux: Fix unitialized variable compiler warnings
libsemanage: Fix unitialized variable compiler warnings

James Carter (42):
libsepol/cil: Check for improper category range
libsepol/cil: Use empty list for category expression evaluated as empty
libsepol/cil: Use an empty list to represent an unknown permission
libsepol/cil: Check if identifier is NULL when verifying name
libsepol/cil: Check that permission is not an empty list
libsepol/cil: Verify alias in aliasactual statement is really an alias
libsepol/cil: Verify neither child nor parent in a bounds is an attribute
Updated libsepol ChangeLog.
Updated libsepol ChangeLog.
libsepol/cil: Exit with an error for an unknown map permission
Updated libsepol ChangeLog.
libsepol/cil: Add ability to write policy.conf file from CIL AST
secilc: Add secil2conf which creates a policy.conf from CIL policy
libsepol: Fix neverallow checking to also check the other types when self is included in a target type set.
checkpolicy: Create common function for type declares and requires
checkpolicy: Create common function for role declares and requires
checkpolicy: Create common function for user declares and requires
checkpolicy: Cleanup error messages
checkpolicy: Move common require and declare code into new function
checkpolicy: Improve check for identifier flavor mismatch
libsepol: Return +1 when declaration is followed by a require
checkpolicy: Remove uneeded return check in require_symbol()
checkpolicy: Make print_error_msg() static
policycoreutils/semodule: fix -Wwrite-strings warnings
libsepol/cil: Destroy cil_tree_node stacks when finished resolving AST
libsepol/cil: Move initialization of bitmap in __cil_permx_to_bitmap()
checkpolicy: Fix minor memory leak in checkpolicy
libsepol/cil: Allow hexadecimal numbers in Xen context rules
libsepol: Update module_to_cil to output hexadecimal for Xen rules
libsepol/cil: Use hexadecimal numbers when writing Xen rules
libsepol/cil: Add hexadecimal support for Xen ioportcon statements
libsepol: Add ability to convert binary policy to CIL
libsepol: Add ability to convert binary policy to policy.conf file
checkpolicy: Add options to convert binary policy to CIL or a policy.conf
libsepol: In module_to_cil create one attribute for each unique set
libsepol/cil: Add ability to expand some attributes in binary policy
secilc: Add options to control the expansion of attributes
libsepol/cil: Remove uneeded null checks of unused parameters
libsepol: Clean up scope handling
libsepol: Fix module_to_cil's handling of type aliases
libsepol/cil: Fix bug in cil_reset_ibpkeycon()
libsepol: Expand attributes with TYPE_FLAGS_EXPAND_ATTR_TRUE set

Jason Zaman (13):
libsepol: Add symver with explicit version to build with ld.gold
mcstrans: Fix Werror=shadow errors
mcstrans: take LIBDIR from args, dont guess
Add stub make test targets to new subdirs
mcstrans: Add utils gitignore
restorecond: Add gitignore
policycoreutils: honour LINGUAS variable
libselinux: get pcre CFLAGS/LDFLAGS from pkg-config
libselinux: PCRE_LDFLAGS is actually LDLIBS
Makefiles: drop -L/-I to system paths
restorecond: get pcre cflags/libs from pkg-config
Add includes for DESTDIR only in root Makefile
policycoreutils: make audit and pam support configurable

Jeff Vander Stoep (1):
Add attribute expansion options

Karl MacMillan (1):
libsepol compilation fixes for macOS.

Kyle Walker (1):
seobject: Handle python error returns correctly

Laurent Bigonville (8):
libselinux: Add clean-pywrap and clean-rubywrap targets
libselinux: Allow overriding libsepol.a location during build
policycoreutils: Use "new" sepolicy icon in .desktop file for sepolicy gui
Revert "libselinux: support new python3 functions"
Sandbox: Use next() over the sepolicy.info() result
policycoreutils: Make sepolicy work with python3
policycoreutils: Force GTK3.0 for sepolicy gui
policycoreutils: Use GObject introspection binding instead of python-gobject in selinux_server.py

Lokesh Mandvekar (1):
libselinux: selinux_restorecon.3 man page typo fix

Luis Ressel (1):
policycoreutils/load_policy: Drop is_selinux_enabled() check

Mike Frysinger (2):
selinux(8): fix display of man page references
man: standardize spacing with pointers in prototypes

Miroslav Grepl (2):
sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin
Fix typo in executable.py template.

Nick Kralevich (5):
label_file.h: actually use the results of compat_validate
enabled.c: Remove stdio_ext.h header
procattr.c: Use __ANDROID__ instead of ANDROID
policy_define.c: don't free memory returned from queue_head()
libselinux: add O_CLOEXEC

Nicolas Iooss (130):
policycoreutils: restorecond: use pkg-config to find dbus-glib-1 files
policycoreutils: semodule_package: do not fail with an empty fc file
libselinux: remove rpm_execcon from SWIG wrappers
libsemanage: remove ruby_semanage.so with "make clean"
libselinux, libsemanage: remove *swig_python_exception.i if its creation failed
libsemanage: semanage_seuser_key_create: copy name
libselinux,libsemanage: use Ruby to define RUBYINC
libselinux,libsemanage: link Ruby wrapper with -lruby
libsemanage: query for python site-packages dir directly
libselinux,libsemanage: link Python wrapper with Python
secilc: do not build secilc man page if it is up to date
libselinux,libsemanage: fall back to gcc in exception.sh
libselinux, libsemanage: swig: use SWIG_fail when an error occurs
libsemanage: use a macro prefixed with SEMANAGE to protect dso.h
libsepol: replace an assert with an error message
libsepol: test for ebitmap_read() negative return value
libsepol: make parsing symbol table headers more robust
sandbox: make test not fail on systems without SELinux
mcstrans: fix global "make install"
libselinux: audit2why: remove unused module_state structure
libselinux, libsemanage: use Python-specific .so extension
libsepol: do not call a NULL function in additive_scopes_to_cil()
libsepol: do not crash when a symbol does not exist
libsepol: do not crash when block->branch_list is NULL
libsepol: make scope_index_destroy() more robust
libsepol: fix unknown magic section number error message
libsepol: do not modify p->p_roles.nprim in role_set_expand
libsepol: do not check decl->symtab[i].nprim
libsepol: ebitmap: reject loading bitmaps with incorrect high bit
libsepol: check decl_id bounds before using it
libsepol: detect duplicated symbol IDs
mcstrans/utils: make "make all" use $DESTDIR
libsepol/tests: use LDFLAGS when linking
checkpolicy: remove -lfl from LDLIBS
libsepol,libsemanage: write file name in flex output
libsemanage/tests: make "make test" fail when a CUnit test fails
libsemanage/tests: make tests standalone
libsemanage/tests: test more cases of semanage_split*()
libsemanage: simplify string utilities functions
libsemanage: add semanage_str_replace() utility function
libsemanage: genhomedircon: drop ustr dependency
libsemanage: remove ustr library from Makefiles, README and pkg-config
libselinux/utils: do not create an empty /sbin directory
libsepol/tests: fix -Wsometimes-uninitialized clang warnings
libsepol/tests: fix some memory leaks
checkpolicy: free id in define_port_context()
checkpolicy: fix memory leaks in genfscon statements parsing
checkpolicy: do not leak queue elements in queue_destroy()
checkpolicy: free id where it was leaked
libsemanage: genhomedircon: remove duplicated test condition
libsemanage: increment the right index variable in for loop
checkpolicy: fix memory usage in define_bool_tunable()
libsepol: make capability index an unsigned int
libselinux: include errno.h instead of sys/errno.h
checkpolicy: always include ctypes.h
mcstransd: fix and reorder includes
libsemanage: genhomedircon: consider SEMANAGE_FCONTEXT_DIR in fcontext_matches()
semanage, sepolicy: make tests not fail on systems without SELinux
Re-link programs after libsepol.a is updated
libsepol: use constant keys in hashtab functions
libsepol: verify the right variable after calling calloc()
libsepol: remove useless assignments
libselinux: always free catalog in db_init()
libselinux: fix argument order in get_default_context_with_rolelevel() doc
checkpolicy: always free id in define_type()
checkpolicy: fix memory leaks in define_filename_trans()
checkpolicy: add a missing free(id) in define_roleattribute()
checkpolicy: do not leak memory when a class is not found in an avrule
libsepol: fix -Wwrite-strings warnings
libsemanage: make lang_ext parameter const in semanage_direct_write_langext()
policycoreutils/hll/pp: fix -Wwrite-strings warnings
mcstrans: fix -Wwrite-strings warnings
semodule_deps: hide -Wwrite-strings warnings
libsepol/tests: fix -Wwrite-strings warnings
libsemanage/tests: fix -Wwrite-strings warnings
libsepol/cil: fix type confusion in cil_copy_ast
Introduce Travis-CI tests
libsepol/cil: use __cil_ordered_lists_destroy() to free unordered_classorder_lists
libsepol/cil: free the first operand if the second one is invalid
libsepol/cil: do not leak left-hand side of an invalid constraint
libsepol/cil: free bitmaps in cil_level_equals()
libselinux, libsemanage: make PYPREFIX computation more robust
semodule_package: do not leak memory when using -u or -s
libsepol/cil: do not dereference args before checking it was not null
libsemanage: never call memcpy with a NULL value
libsemanage/tests: include libsepol headers from $DESTDIR
mcstrans: do not dereference color_str if it is NULL
libselinux: initialize temp value in SWIG wrapper to prevent freeing garbage
restorecond: add noreturn attribute to exitApp()
checkpolicy: add noreturn attribute to usage()
secilc: add noreturn attribute to usage()
mcstrans: add noreturn attribute to usage()
semodule-utils: add noreturn attribute to usage()
policycoreutils: add noreturn attribute to usage()
libsepol/cil: make reporting conflicting type transitions work
libsepol/cil: avoid freeing uninitialized values
checkpolicy: dereference rangehead after checking it was not NULL
libsepol/cil: do not dereference a NULL pointer when calloc() fails
libsepol: do not dereference a NULL pointer when stack_init() fails
libsepol: make process_boolean() fail on invalid lines
libsepol: constify sepol_genbools()'s boolpath parameter
libsepol: fix use-after-free in sepol_user_clone()
libsemanage: do not close uninitialized file descriptors
libsemanage: do not dereference a NULL pointer when calloc() fails
libsemanage: genhomedircon: fix possible double-free
libselinux: do not dereference a NULL pointer when calloc() fails
libsemanage: drop checks on semanage_module_info_destroy() value
libselinux: make process_boolean() fail on invalid lines
libselinux: ensure that 4 columns are read from /proc/mounts
libsepol: refuse to load policies with no block
libsepol: do not wrap integers when checking bound
libsepol: do not free attr_name twice
libsepol: do not leak memory when an error occurs
libsepol: correct spelling errors in module_to_cil.c comments
libsepol: cil: check cil_fill_list return value
libselinux: avoid calling strcmp() on a NULL pointer
libselinux: getsebool: always free names
policycoreutils: newrole: do not free pw strings twice
policycoreutils: newrole: always initialize pw fields
libselinux/utils: add noreturn attribute to selinux_check_access's usage
libsepol: silence false-positive -Wwrite-strings warning
libsepol/cil: do not use an uninitialized value in __cil_fqn_qualify_blocks
libselinux: close the subs file if fstat failed
libselinux: rework selabel_subs_init() to avoid use-after-free
libselinux: propagate selabel_subs_init() errors
libsepol: remove unused attribute on a used argument
libsepol: propagate calloc() failure
libsepol: use the number of elements in calloc first argument
libsepol: make role_list_destroy() do nothing when role_list is NULL
libsepol: do not use handle when it is marked unused

Nikola Forró (1):
mcstrans: fix typo in mcstransd.8 man page

Petr Lautrbach (18):
libselinux: Generate SWIG wrappers for selinux_restorecon()
libselinux: Rewrite restorecon() python method
sepolicy: Fix spelling mistakes in commands in generated manpages
policycoreutils/sepolicy: boolean.png is in help/
sepolicy: Adapt to new the semodule list output
sepolicy: Don't return filter(), use [ ] notation instead
sepolicy: Simplify policy types detection
sepolicy/generate.py: Fix string formatting
policycoreutils/sepolicy: Define our own cmp()
dbus: Use text streams in selinux_server.py
sepolicy: setools.*Query wants a list in ruletype
sepolicy: Fix several issues in 'sepolicy manpage -a'
sepolicy: info() should provide attributes for a TYPE
sepolicy/gui: Update text strings to use better gettext templates
libsepol/utils: Fix build without system sepol.h
Fix recently introduced TabError's
sepolicy/interface: Use relative python 3 imports
sepolicy: Fix sorting of port_strings in python 3

Richard Haines (4):
setfiles: Fix setfiles progress indicator
libselinux: Add permissive= entry to avc audit log
libselinux: Add selinux_check_access utility
libselinux: Remove util/selinux_restorecon.c

Sandeep Patil (1):
libselinux: replace all malloc + memset by calloc in android label backend.

Stephen Smalley (91):
Fix release script
scripts/release: cleanups
libsemanage: genhomedircon: only set MLS level if MLS is enabled
Updated libsemanage ChangeLog
Updated libselinux and libsepol ChangeLogs
Updated policycoreutils ChangeLog
Updated libselinux ChangeLog
Updated libselinux ChangeLog.
Updated libselinux ChangeLog
Updated policycoreutils ChangeLog
Updated libsepol ChangeLog
Updated libselinux ChangeLog
libselinux: avc_internal.c: allow building with clang
Updated libselinux ChangeLog
libsemanage: fix kernel pathname in semanage_verify_kernel()
Updated ChangeLogs
Updated policycoreutils ChangeLog
Updated libselinux ChangeLog
Updated libselinux and libsemanage ChangeLogs
Updated policycoreutils ChangeLog
Updated policycoreutils ChangeLog
libsepol: sepol_{bool|iface|user}_key_create: copy name
Updated libsepol ChangeLog
libsepol: fix checkpolicy dontaudit compiler bug
Updated libsepol ChangeLog
libselinux: fix subdir build and usage of cmdline CFLAGS
Updated libselinux ChangeLog
Updated libsemanage ChangeLog
Updated libsepol ChangeLog
Updated policycoreutils ChangeLog
Updated libselinux and libsemanage ChangeLogs
Updated secilc ChangeLog
Updated libselinux and libsemanage ChangeLog
libsepol: cil_lexer: make warnings non-fatal for building
Updated libsepol ChangeLog
Updated libsemanage ChangeLog
Updated libsepol ChangeLog
Updated libsepol ChangeLog
Move policycoreutils/gui to gui.
Move policycoreutils/mcstrans to mcstrans.
Move policycoreutils/restorecond to restorecond.
Move policycoreutils/sandbox to sandbox.
Move policycoreutils/sepolicy dbus service files to dbus.
Move policycoreutils/{sepolicy,audit2allow,semanage,scripts/chcat*} and sepolgen to python.
Move policycoreutils/semodule_{deps,expand,link} to semodule-utils.
Make it easy to omit optional components.
Build mcstrans.
mcstrans: Add .gitignore file
mcstrans: Add a relabel target.
Move sepolicy desktop and png files to gui.
Move policycoreutils/sepolgen-ifgen into python/audit2allow.
mcstrans: fix clang warnings
Update release script for the new structure.
Fix release script for packages that need prefixes.
Add VERSION files for new components
Move policycoreutils/semodule_package to semodule-utils.
restorecond: break source dependency on policycoreutils/setfiles
Fix release script
Add COPYING files for new subdirs.
semodule-utils: Drop -lselinux from Makefiles.
Drop ChangeLog files
mcstrans: Fix signed/unsigned warnings
libselinux: normalize enforce values from the kernel
checkpolicy: treat -self as an error
libsepol: do not write object_r types to policy file
libsepol,checkpolicy: convert rangetrans and filenametrans to hashtabs
libsepol: do not #include <sys/cdefs.h>
libselinux: avcstat: Clean up redundant condition
libsepol: sepol_av_to_string: clear static buffer
libsepol,libselinux,audit2allow: teach audit2why about type bounds failures
libsepol: Define extended_socket_class policy capability
libselinux: selinux_restorecon: only log no default label warning if recursive
libselinux: selinux_restorecon: only log no default label warning for caller-supplied pathname
policycoreutils/setfiles: set up a logging callback for libselinux
libselinux: disable filespec hash table stats on non-debug builds
policycoreutils: remove deprecated -o option from fixfiles verify
libsepol: Define cgroup_seclabel policy capability
python/semanage: fix export of fcontext socket entries
libsepol: do not seg fault on sepol_*_key_free(NULL)
libsemanage: revert "Skip policy module re-link when only setting booleans."
libsemanage: Save linked policy, skip re-link when possible
libselinux: Fix CFLAGS definition
checkpolicy,libsepol: drop unnecessary usage of s6_addr32
libsepol,checkpolicy: add binary module support for xperms
python/semanage: print is a function in python3
libsepol,libsemanage,libselinux: Fix fallthrough warnings from gcc 7
libsemanage: Fix snprintf warnings from gcc 7
libsepol: Fix alloc-size-larger-than warning from gcc 7
libselinux: fix selabel_lookup*() double slash bug
libselinux: always unmount selinuxfs for SELINUX=disabled
Update VERSION files for 2.7-rc1 release.

Steve Lawrence (4):
libsepol: fix pp module to cil nodecon statement
libsepol/cil: fix aliasactual resolution errors
libsepol/cil: better error message with duplicate aliases + support aliases to aliases
libsepol/cil: fix error check in new cil_resolve_name

Thomas Petazzoni (1):
libselinux/src/regex.c: support old compilers for the endian check

Tom Cherry (1):
procattr.c: Use __BIONIC__ instead of __ANDROID__

Ville Skyttä (1):
Python 3.6 invalid escape sequence deprecation fixes

Vit Mojzis (13):
policycoreutils/gui: fix system-config-selinux editing features
policycoreutils/sepolicy/gui: fix current selinux state radiobutton
python/sepolicy/sepolicy/gui: Fix getting python lib path
python/semanage/semanage: Unify argument handling
python: Fix some typos
python/sepolicy/sepolicy/gui: Reflect sepolicy changes into gui
python/sepolicy/sepolicy: Cleanup of gui code
python/sepolicy/sepolicy: optimise sepolicy gui loading
policycoreutils/setfiles: Mention customizable types in restorecon man page
policycoreutils/restorecond: Decrease loglevel of termination message
policycoreutils/hll/pp: Fix pp crash when processing base module
sepolgen: strip non-printable characters when parsing audit messages
python/sepolicy: fix obtaining domain name in HTMLManPages

William Roberts (15):
libsepol/cil: disable symver on Mac builds
libsepol: build on mac
libselinux: fix mac build warning when ANDROID_HOST=y
libselinux: fix required alignment for sha1.c on mac
libselinux/utils: add noreturn to sefcontext_compile
libselinux: support ANDROID_HOST=1 on Mac
libselinux: DISABLE_BOOL move to include headers
libselinux: add booleans.c to ANDROID_HOST=y recipe
libselinux: fix compiler flags for linux + clang
libselinux/utils: fix all the noreturn errors
Revert "libsepol: fix checkpolicy dontaudit compiler bug"
libsepol: fix checkpolicy dontaudit compiler bug
policydb.h: use AVTAB macros to avoid duplications
expand_avrule_helper: cleanup
expand_terule_helper: cleanups

cgzones (1):
fix semanage fcontext help message

dcashman (2):
libsepol: cil: cil_strpool: Allow multiple strpool users.
libsepol: cil: remove double-free.

stephensmalley (1):
Merge pull request #35 from cgzones/semanage_fcontext_description

vmojzis (1):
libselinux: fix pointer handling in realpath_not_final
Stephen Smalley
2017-06-16 16:55:09 UTC
Permalink
A second release candidate for the SELinux userspace is now available
at:
https://github.com/SELinuxProject/selinux/wiki/Releases

Please give it a test and let us know if there are any issues.

Changes from the -rc1 release:

James Carter (2):
      libsepol: Fix neverallow bug when checking conditional policy
      libsepol/cil: Fix bugs when writing policy.conf rules

Nicolas Iooss (1):
      libsepol: destroy the expanded level when
mls_semantic_level_expand() fails

Richard Haines (2):
      libsepol/cil: ibendportcon fails to resolve in CIL policy
      secilc: Update test policy and documentation for Infiniband

Stephen Smalley (1):
      Update VERSION files for 2.7-rc2 release.

Vit Mojzis (1):
      policycoreutils/fixfiles: do not dereference link files in tmp
Jason Zaman
2017-06-18 07:32:33 UTC
Permalink
There is a bug that needs to be fixed before the final release:
https://bugs.gentoo.org/show_bug.cgi?id=621762

I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.

-- Jason
Post by Stephen Smalley
A second release candidate for the SELinux userspace is now available
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
      libsepol: Fix neverallow bug when checking conditional policy
      libsepol/cil: Fix bugs when writing policy.conf rules
      libsepol: destroy the expanded level when
mls_semantic_level_expand() fails
      libsepol/cil: ibendportcon fails to resolve in CIL policy
      secilc: Update test policy and documentation for Infiniband
      Update VERSION files for 2.7-rc2 release.
      policycoreutils/fixfiles: do not dereference link files in tmp
Jason Zaman
2017-06-18 07:46:55 UTC
Permalink
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on override it
was pretty obvious.
Post by Jason Zaman
-- Jason
Post by Stephen Smalley
A second release candidate for the SELinux userspace is now available
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
      libsepol: Fix neverallow bug when checking conditional policy
      libsepol/cil: Fix bugs when writing policy.conf rules
      libsepol: destroy the expanded level when
mls_semantic_level_expand() fails
      libsepol/cil: ibendportcon fails to resolve in CIL policy
      secilc: Update test policy and documentation for Infiniband
      Update VERSION files for 2.7-rc2 release.
      policycoreutils/fixfiles: do not dereference link files in tmp
Petr Lautrbach
2017-06-20 10:54:52 UTC
Permalink
Post by Jason Zaman
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on override it
was pretty obvious.
A similar patch is needed almost for every other part when you try to
build everything from git first and then install it.

In order to that I need to apply a patch [1] and do the following steps:

ln -s ../../cil/include/cil libsepol/include/sepol/cil

make \
CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
LIBSEPOLA="`pwd`/libsepol/src/libsepol.a"

make -C libselinux \
CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" \
PYTHON=%{__python} pywrap

make \
DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \
CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
SHLIBDIR="%{buildroot}/%{_lib}" \
BINDIR="%{buildroot}%{_bindir}" \
SBINDIR="%{buildroot}%{_sbindir}" \
PYTHON=%{__python} \
install install-pywrap


[1]
https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch

Using this I preserve rpath problems pointing to DESTDIR and rpm can
simply use everything from DESTDIR for /



Petr
Post by Jason Zaman
Post by Jason Zaman
-- Jason
Post by Stephen Smalley
A second release candidate for the SELinux userspace is now available
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
libsepol: Fix neverallow bug when checking conditional policy
libsepol/cil: Fix bugs when writing policy.conf rules
libsepol: destroy the expanded level when
mls_semantic_level_expand() fails
libsepol/cil: ibendportcon fails to resolve in CIL policy
secilc: Update test policy and documentation for Infiniband
Update VERSION files for 2.7-rc2 release.
policycoreutils/fixfiles: do not dereference link files in tmp
Stephen Smalley
2017-06-20 12:14:28 UTC
Permalink
Post by Petr Lautrbach
Post by Jason Zaman
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to
testing
it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on
override it
was pretty obvious.
A similar patch is needed almost for every other part when you try
to 
build everything from git first and then install it.
ln -s ../../cil/include/cil libsepol/include/sepol/cil
make \
   CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
   LIBSEPOLA="`pwd`/libsepol/src/libsepol.a"
make -C libselinux \
   CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
   LIBSEPOLA="`pwd`/libsepol/src/libsepol.a" \
   PYTHON=%{__python} pywrap
make \
   DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \
   CFLAGS="%{optflags}" LDFLAGS="%{?__global_ldflags}" \
   SHLIBDIR="%{buildroot}/%{_lib}" \
   BINDIR="%{buildroot}%{_bindir}" \
   SBINDIR="%{buildroot}%{_sbindir}" \
   PYTHON=%{__python} \
   install install-pywrap
[1] 
https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
-without-install.patch
Using this I preserve rpath problems pointing to DESTDIR and rpm can 
simply use everything from DESTDIR for /
That seems very onerous for packagers.
So, are you advocating for reverting
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
patch cited above for upstream instead?
Petr Lautrbach
2017-06-20 13:28:44 UTC
Permalink
Post by Stephen Smalley
Post by Petr Lautrbach
Post by Jason Zaman
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to
testing
it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on
override it
was pretty obvious.
A similar patch is needed almost for every other part when you try to
build everything from git first and then install it.
...
Post by Stephen Smalley
Post by Petr Lautrbach
[1]
https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
-without-install.patch
Using this I preserve rpath problems pointing to DESTDIR and rpm can
simply use everything from DESTDIR for /
That seems very onerous for packagers.
So, are you advocating for reverting
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
patch cited above for upstream instead?
Actually it seems that fcb5d5cc7 didn't break this use case.

At the moment, we still build SELinux tools and libraries from tar balls
in Fedora so it's not affected. But since some of directories were split
I decided to build snapshot SELinux rpms [2] from one selinux src rpm
which uses the whole git snapshot.

For my use case, I'd rather see the [1] patch upstream if it's
acceptable solution. I'll rebase it against latest HEAD and sent it for
review.

[2] https://gitlab.com/bachradsusi/selinux-rpm

Petr
Petr Lautrbach
2017-06-20 13:31:22 UTC
Permalink
Post by Petr Lautrbach
Post by Stephen Smalley
Post by Petr Lautrbach
Post by Jason Zaman
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to
testing
it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on
override it
was pretty obvious.
A similar patch is needed almost for every other part when you try to
build everything from git first and then install it.
...
Post by Stephen Smalley
Post by Petr Lautrbach
[1]
https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
-without-install.patch
Using this I preserve rpath problems pointing to DESTDIR and rpm can
simply use everything from DESTDIR for /
That seems very onerous for packagers.
So, are you advocating for reverting
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
patch cited above for upstream instead?
Actually it seems that fcb5d5cc7 didn't break this use case.
I mean it was broken even before this change according to my testing.

cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
-m64 -mtune=generic -I../include -I/usr/include -D_GNU_SOURCE
-DNO_ANDROID_BACKEND -c -o load_policy.o load_policy.c
load_policy.c:15:10: fatal error: sepol/sepol.h: No such file or directory
#include <sepol/sepol.h>
^~~~~~~~~~~~~~~
Post by Petr Lautrbach
At the moment, we still build SELinux tools and libraries from tar balls
in Fedora so it's not affected. But since some of directories were split
I decided to build snapshot SELinux rpms [2] from one selinux src rpm
which uses the whole git snapshot.
For my use case, I'd rather see the [1] patch upstream if it's
acceptable solution. I'll rebase it against latest HEAD and sent it for
review.
[2] https://gitlab.com/bachradsusi/selinux-rpm
Petr
Jason Zaman
2017-06-20 14:22:02 UTC
Permalink
Post by Petr Lautrbach
Post by Stephen Smalley
Post by Petr Lautrbach
Post by Jason Zaman
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on override it
was pretty obvious.
A similar patch is needed almost for every other part when you try to
build everything from git first and then install it.
...
Post by Stephen Smalley
Post by Petr Lautrbach
[1]
https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
-without-install.patch
Using this I preserve rpath problems pointing to DESTDIR and rpm can
simply use everything from DESTDIR for /
That seems very onerous for packagers.
So, are you advocating for reverting
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
patch cited above for upstream instead?
Actually it seems that fcb5d5cc7 didn't break this use case.
At the moment, we still build SELinux tools and libraries from tar balls
in Fedora so it's not affected. But since some of directories were split
I decided to build snapshot SELinux rpms [2] from one selinux src rpm
which uses the whole git snapshot.
Ooohh.. okay i was about to ask i thought fedora packaged everything
separately. and didnt get why things were refering to libsepol and
libselinux in the same build script.

In gentoo they're all separate no matter if its git or a release, the
only thing we change is if we have to cd into a subdir with version
number or without.

the repo doesnt build very well unless you've installed the earlier deps
before building the later ones. you'll probably have a better time if
the builds are split out again or if you build and install each one
separately

There are a bunch of issues with the patch tho, it moves -L around to
the wrong places. -L should be before the objects and -l after

Also, https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch#L288
that check echos out a y above, so replacing it there will always be
false which is probably wrong. I changed it because in gentoo we dont
do automagic dependencies so it needs a good way to en/disable manually
but the default was unchanged to check if the system has the header.

But the bits in the patch with override are probably right. I'll check
through all the Makefiles and see where needs overriding and send a
patch tmrr.

-- Jason
Post by Petr Lautrbach
For my use case, I'd rather see the [1] patch upstream if it's
acceptable solution. I'll rebase it against latest HEAD and sent it for
review.
[2] https://gitlab.com/bachradsusi/selinux-rpm
Petr
Petr Lautrbach
2017-06-21 17:58:59 UTC
Permalink
Post by Jason Zaman
Post by Petr Lautrbach
Post by Stephen Smalley
Post by Petr Lautrbach
Post by Jason Zaman
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.
Yep, thats the fix, I sent a patch.
https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-libs/libselinux/
libselinux-9999.ebuild#n58
The gentoo ebuild overrides LDFLAGS on the commandline which is why the
override was required. When i first tried to repro manually i just
exported LDFLAGS and couldnt repro. once i read the docs on override it
was pretty obvious.
A similar patch is needed almost for every other part when you try to
build everything from git first and then install it.
...
Post by Stephen Smalley
Post by Petr Lautrbach
[1]
https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build
-without-install.patch
Using this I preserve rpath problems pointing to DESTDIR and rpm can
simply use everything from DESTDIR for /
That seems very onerous for packagers.
So, are you advocating for reverting
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, or are you proposing the
patch cited above for upstream instead?
Actually it seems that fcb5d5cc7 didn't break this use case.
At the moment, we still build SELinux tools and libraries from tar balls
in Fedora so it's not affected. But since some of directories were split
I decided to build snapshot SELinux rpms [2] from one selinux src rpm
which uses the whole git snapshot.
Ooohh.. okay i was about to ask i thought fedora packaged everything
separately. and didnt get why things were refering to libsepol and
libselinux in the same build script.
In gentoo they're all separate no matter if its git or a release, the
only thing we change is if we have to cd into a subdir with version
number or without.
the repo doesnt build very well unless you've installed the earlier deps
before building the later ones. you'll probably have a better time if
the builds are split out again or if you build and install each one
separately
It seems to be only working solution right now. But it's the most
complicated in regards of Fedora build systems koji and COPR. Packages
are built using mock and non-root user - a build process can't install
files to /. So one need to build libsepol package first, push it to the
buildroot so that it's installed during build of other packages, build
libselinux, push it to the buildroot, ... This quite a long and
complicated process even in COPR.
Post by Jason Zaman
There are a bunch of issues with the patch tho, it moves -L around to
the wrong places. -L should be before the objects and -l after
Also, https://gitlab.com/bachradsusi/selinux-rpm/blob/master/0001-Fix-build-without-install.patch#L288
that check echos out a y above, so replacing it there will always be
false which is probably wrong. I changed it because in gentoo we dont
do automagic dependencies so it needs a good way to en/disable manually
but the default was unchanged to check if the system has the header.
Thanks for the comment. I'll take a look at it.
Post by Jason Zaman
But the bits in the patch with override are probably right. I'll check
through all the Makefiles and see where needs overriding and send a
patch tmrr.
-- Jason
Post by Petr Lautrbach
For my use case, I'd rather see the [1] patch upstream if it's
acceptable solution. I'll rebase it against latest HEAD and sent it for
review.
[2] https://gitlab.com/bachradsusi/selinux-rpm
Petr
Stephen Smalley
2017-06-19 17:06:10 UTC
Permalink
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.
I wondering if we should actually revert
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, at least wrt removal of -L/-
I.  This seems to have broken usage of DESTDIR (except from top-level,
via 9a7763e18604c4649ff67ea6d43a730f90311592, which doesn't help people
using the individual tar balls.  And it seems like many package recipes
are relying on make DESTDIR= to work as expected.
Jason Zaman
2017-06-20 04:55:29 UTC
Permalink
Post by Stephen Smalley
Post by Jason Zaman
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS bits. I'm not sure I'll have time to get around to testing
it so just wanted to let you know before the final release.
I wondering if we should actually revert
fcb5d5cc721187b3e3a19b44155d5b824d7be7e6, at least wrt removal of -L/-
I.  This seems to have broken usage of DESTDIR (except from top-level,
via 9a7763e18604c4649ff67ea6d43a730f90311592, which doesn't help people
using the individual tar balls.  And it seems like many package recipes
are relying on make DESTDIR= to work as expected.
Thats the thing tho, DESTDIR is not supposed to affect compilation at
all. it should only affect where things are installed to. lots of other
things get confused if that changes. DESTDIR is for when rpm or portage
or whatever want to keep track of all the files installed by a package
before merging into the real / so it can uninstall them all. If you
want to do like a prefix install into /home/bin or whatever then i think
the variable is SYSROOT or something like that.

building should technically be done something like:
passing DESTDIR when you do the actual compilation bits isnt right.

# portage or rpm's building thing or whatever do this automatically
export CC CFLAGS LDLFAGS etc
make all
make DESTDIR="/wherever" install
cd /wherever/
tar cf libselinux.tar ./

https://www.gnu.org/prep/standards/html_node/DESTDIR.html
"DESTDIR should be supported only in the install* and uninstall*
targets, as those are the only targets where it is useful."

-- Jason
Petr Lautrbach
2017-06-21 18:04:02 UTC
Permalink
https://www.gnu.org/prep/standards/html_node/DESTDIR.html
DESTDIR should be supported only in the install* and uninstall*
targets, as those are the only targets where it is useful.

Signed-off-by: Petr Lautrbach <***@redhat.com>
---
checkpolicy/Makefile | 20 +++++++--------
checkpolicy/test/Makefile | 6 ++---
gui/Makefile | 44 ++++++++++++++++----------------
libselinux/include/Makefile | 6 ++---
libselinux/src/Makefile | 38 +++++++++++++--------------
libselinux/utils/Makefile | 6 ++---
libsemanage/include/Makefile | 6 ++---
libsemanage/src/Makefile | 32 +++++++++++------------
libsemanage/tests/Makefile | 2 +-
libsemanage/utils/Makefile | 6 ++---
libsepol/include/Makefile | 14 +++++-----
libsepol/src/Makefile | 20 +++++++--------
libsepol/utils/Makefile | 6 ++---
mcstrans/man/Makefile | 6 ++---
mcstrans/src/Makefile | 22 ++++++++--------
mcstrans/utils/Makefile | 8 +++---
policycoreutils/hll/pp/Makefile | 6 ++---
policycoreutils/load_policy/Makefile | 14 +++++-----
policycoreutils/man/Makefile | 6 ++---
policycoreutils/newrole/Makefile | 22 ++++++++--------
policycoreutils/run_init/Makefile | 20 +++++++--------
policycoreutils/scripts/Makefile | 12 ++++-----
policycoreutils/secon/Makefile | 10 ++++----
policycoreutils/semodule/Makefile | 14 +++++-----
policycoreutils/sestatus/Makefile | 20 +++++++--------
policycoreutils/setfiles/Makefile | 22 ++++++++--------
policycoreutils/setsebool/Makefile | 16 ++++++------
python/audit2allow/Makefile | 20 +++++++--------
python/chcat/Makefile | 10 ++++----
python/semanage/Makefile | 22 ++++++++--------
python/sepolgen/src/sepolgen/Makefile | 6 ++---
python/sepolgen/src/share/Makefile | 8 +++---
python/sepolicy/Makefile | 18 ++++++-------
restorecond/Makefile | 44 ++++++++++++++++----------------
sandbox/Makefile | 32 +++++++++++------------
secilc/Makefile | 14 +++++-----
semodule-utils/semodule_deps/Makefile | 12 ++++-----
semodule-utils/semodule_expand/Makefile | 10 ++++----
semodule-utils/semodule_link/Makefile | 12 ++++-----
semodule-utils/semodule_package/Makefile | 14 +++++-----
40 files changed, 313 insertions(+), 313 deletions(-)

diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile
index 68e11f2a..e4f4fa19 100644
--- a/checkpolicy/Makefile
+++ b/checkpolicy/Makefile
@@ -1,7 +1,7 @@
#
# Makefile for building the checkpolicy program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -26,9 +26,9 @@ GENERATED=lex.yy.c y.tab.c y.tab.h
all: $(TARGETS)
$(MAKE) -C test

-checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+checkpolicy: $(CHECKPOLOBJS) $(DESTDIR)$(LIBSEPOLA)

-checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)

%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
$(LEX) policy_scan.l

install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8

relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule

clean:
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
index 59fa4460..c9a8d4c5 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -1,7 +1,7 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
INCLUDEDIR ?= $(PREFIX)/include
@@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe

all: dispol dismod

-dispol: dispol.o $(LIBSEPOLA)
+dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)

-dismod: dismod.o $(LIBSEPOLA)
+dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)

clean:
-rm -f dispol dismod *.o
diff --git a/gui/Makefile b/gui/Makefile
index 4fc2c1a1..52c3cab2 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
DATADIR ?= $(PREFIX)/share
@@ -24,29 +24,29 @@ usersPage.py
all: $(TARGETS) system-config-selinux.py polgengui.py

install: all
- -mkdir -p $(MANDIR)/man8
- -mkdir -p $(SHAREDIR)
- -mkdir -p $(BINDIR)
- -mkdir -p $(DATADIR)/pixmaps
- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
- -mkdir -p $(DATADIR)/polkit-1/actions/
- install -m 755 system-config-selinux.py $(SHAREDIR)
- install -m 755 system-config-selinux $(BINDIR)
- install -m 755 polgengui.py $(SHAREDIR)
- install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 system-config-selinux.8 $(MANDIR)/man8
- install -m 644 selinux-polgengui.8 $(MANDIR)/man8
- install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
- install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps
- install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux
- install -m 644 *.desktop $(DATADIR)/system-config-selinux
- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
- install -m 644 sepolicy_256.png $(DATADIR)/pixmaps/sepolicy.png
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
+ -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
for i in 16 22 32 48 256; do \
- mkdir -p $(DESTDIR) $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
- install -m 644 sepolicy_$${i}.png $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ mkdir -p $(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
+ install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
done
- install -m 644 org.selinux.config.policy $(DATADIR)/polkit-1/actions/
+ install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
clean:

indent:
diff --git a/libselinux/include/Makefile b/libselinux/include/Makefile
index 757a6c9c..c1d3fa15 100644
--- a/libselinux/include/Makefile
+++ b/libselinux/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/selinux

all:

install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR)

relabel:

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 4306dd0e..6d65b682 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
PKG_CONFIG ?= pkg-config

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
LIBBASE ?= $(shell basename $(LIBDIR))
LIBSEPOLA ?= $(LIBDIR)/libsepol.a

@@ -156,7 +156,7 @@ selinuxswig_python_exception.i: ../include/selinux/selinux.h
$(AUDIT2WHYLOBJ): audit2why.c
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<

-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
+$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(PYLIBS)

%.o: %.c policy.h
@@ -177,26 +177,26 @@ swigify: $(SWIGIF)
$(SWIG) $<

install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)

install-pywrap: pywrap
- test -d $(PYSITEDIR)/selinux || install -m 755 -d $(PYSITEDIR)/selinux
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO) $(PYSITEDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py
+ test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYSITEDIR)/selinux
+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
+ install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
+ install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYSITEDIR)/selinux/__init__.py

install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/selinux.so

relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)

clean-pywrap:
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index 843b0e7c..882a6787 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
INCLUDEDIR ?= $(PREFIX)/include
@@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o ../src/regex.o
all: $(TARGETS)

install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)

clean:
rm -f $(TARGETS) *.o *~
diff --git a/libsemanage/include/Makefile b/libsemanage/include/Makefile
index b660660e..6e44a28a 100644
--- a/libsemanage/include/Makefile
+++ b/libsemanage/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/semanage

all:

install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard semanage/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR)

indent:
../../scripts/Lindent $(wildcard semanage/*.h)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index f01385c5..8c0b4557 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
PKG_CONFIG ?= pkg-config

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')

LIBBASE=$(shell basename $(LIBDIR))

@@ -136,26 +136,26 @@ swigify: $(SWIGIF)
$(SWIG) $<

install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- install -m 755 $(LIBSO) $(LIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
- cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+ cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)

install-pywrap: pywrap
- test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
- install -m 644 semanage.py $(PYSITEDIR)
+ test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d $(DESTDIR)$(PYSITEDIR)
+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
+ install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)


install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/semanage.so

relabel:
- /sbin/restorecon $(LIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)

clean:
-rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-parse.h conf-scan.c *.o *.lo *~
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 2ef8d30d..8103cf8f 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib

# Add your test source files here:
diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile
index 725f0eec..5b8fbb6b 100644
--- a/libsemanage/utils/Makefile
+++ b/libsemanage/utils/Makefile
@@ -1,13 +1,13 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBEXECDIR ?= $(PREFIX)/libexec
SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/

all:

install: all
- -mkdir -p $(SELINUXEXECDIR)
- install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
+ -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
+ install -m 755 semanage_migrate_store $(DESTDIR)$(SELINUXEXECDIR)

clean:

diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
index 56b7a114..49f817ce 100644
--- a/libsepol/include/Makefile
+++ b/libsepol/include/Makefile
@@ -1,17 +1,17 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/sepol
CILDIR ?= ../cil

all:

install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
- install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil

indent:
../../scripts/Lindent $(wildcard sepol/*.h)
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index 819d261b..4c7e23fa 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= $(PREFIX)/lib
RANLIB ?= ranlib
LIBBASE ?= $(shell basename $(LIBDIR))
CILDIR ?= ../cil
@@ -80,16 +80,16 @@ endif
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<

install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)

relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)

clean:
-rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED)
diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
index fba1d8a0..31932c11 100644
--- a/libsepol/utils/Makefile
+++ b/libsepol/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin

CFLAGS ?= -Wall -Werror
@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)

install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)

clean:
-rm -f $(TARGETS) *.o
diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
index 8e971192..dbd87f49 100644
--- a/mcstrans/man/Makefile
+++ b/mcstrans/man/Makefile
@@ -1,11 +1,11 @@
# Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN8DIR ?= /usr/share/man/man8

all:

install: all
- mkdir -p $(MAN8DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)

clean:
-rm -f *~ \#*
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 709e1e02..be54e349 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SBINDIR ?= $(DESTDIR)/sbin
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+SBINDIR ?= /sbin
+INITDIR ?= /etc/rc.d/init.d
+SYSTEMDDIR ?= /usr/lib/systemd

PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
@@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
all: $(PROG)

$(PROG): $(PROG_OBJS)
- $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBDIR)/libsepol.a
+ $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(DESTDIR)$(LIBDIR)/libsepol.a

%.o: %.c
$(CC) $(CFLAGS) -fPIE -c -o $@ $<

install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- install -m 755 $(PROG) $(SBINDIR)
- test -d $(INITDIR) || install -m 755 -d $(INITDIR)
- install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
- test -d $(SYSTEMDDIR)/system || install -m 755 -d $(SYSTEMDDIR)/system
- install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
+ install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(INITDIR) || install -m 755 -d $(DESTDIR)$(INITDIR)
+ install -m 755 $(INITSCRIPT).init $(DESTDIR)$(INITDIR)/$(INITSCRIPT)
+ test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 mcstrans.service $(DESTDIR)$(SYSTEMDDIR)/system/

clean:
-rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~ \#*
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
index 4d3cbfcb..1364cece 100644
--- a/mcstrans/utils/Makefile
+++ b/mcstrans/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
LIBSEPOLA ?= $(LIBDIR)/libsepol.a
@@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))

all: $(TARGETS)

-$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(DESTDIR)$(LIBSEPOLA)

install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)

test:
./mlstrans-test-runner.py ../test/*.test
diff --git a/policycoreutils/hll/pp/Makefile b/policycoreutils/hll/pp/Makefile
index 3401dcc9..ed70c449 100644
--- a/policycoreutils/hll/pp/Makefile
+++ b/policycoreutils/hll/pp/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -21,8 +21,8 @@ pp: $(PP_OBJS)
$(CC) $(CFLAGS) -c -o $@ $^

install: all
- -mkdir -p $(HLLDIR)
- install -m 755 pp $(HLLDIR)
+ -mkdir -p $(DESTDIR)$(HLLDIR)
+ install -m 755 pp $(DESTDIR)$(HLLDIR)

relabel:

diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile
index b85833c2..00f59aba 100644
--- a/policycoreutils/load_policy/Makefile
+++ b/policycoreutils/load_policy/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale

@@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)

install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/

clean:
-rm -f $(TARGETS) *.o
@@ -25,4 +25,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])

relabel:
- /sbin/restorecon $(SBINDIR)/load_policy
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
diff --git a/policycoreutils/man/Makefile b/policycoreutils/man/Makefile
index 0d91cd46..ae3d27b6 100644
--- a/policycoreutils/man/Makefile
+++ b/policycoreutils/man/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+MAN5DIR ?= /usr/share/man/man5

all:

clean:

install: all
- mkdir -p $(MAN5DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)

relabel:
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
index 196af926..e687b6ab 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LOCALEDIR = /usr/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)

install: all
- test -d $(BINDIR) || install -m 755 -d $(BINDIR)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
+ test -d $(DESTDIR)$(BINDIR) || install -m 755 -d $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
+ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
ifeq ($(PAMH), y)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ test -d $(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole-lspp.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
else
- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
endif
endif

@@ -82,4 +82,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])

relabel: install
- /sbin/restorecon $(BINDIR)/newrole
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile
index 921f0b07..8d8eb704 100644
--- a/policycoreutils/run_init/Makefile
+++ b/policycoreutils/run_init/Makefile
@@ -1,9 +1,9 @@

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LOCALEDIR ?= /usr/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c


install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 755 run_init $(SBINDIR)
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 755 run_init $(DESTDIR)$(SBINDIR)
+ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
+ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
ifeq ($(PAMH), y)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ install -m 644 run_init.pamd $(DESTDIR)$(ETCDIR)/pam.d/run_init
endif

clean:
@@ -49,4 +49,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])

relabel: install
- /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init $(DESTDIR)$(SBINDIR)/open_init_pty
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
index d9e86ffe..a988144b 100644
--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= $(PREFIX)/share/locale

@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
all: fixfiles

install: all
- -mkdir -p $(SBINDIR)
- install -m 755 fixfiles $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/

clean:

diff --git a/policycoreutils/secon/Makefile b/policycoreutils/secon/Makefile
index 8e491d74..c03f0d7d 100644
--- a/policycoreutils/secon/Makefile
+++ b/policycoreutils/secon/Makefile
@@ -1,5 +1,5 @@
# secon tool - command-line context
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
@@ -18,13 +18,13 @@ secon: secon.o
install-nogui: install

install: all
- install -m 755 secon $(BINDIR);
+ install -m 755 secon $(DESTDIR)$(BINDIR);

- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m 644 secon.1 $(MANDIR)/man1
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1

relabel:
- /sbin/restorecon $(BINDIR)/secon
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon

clean:
rm -f *.o core* secon *~ *.bak
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
index fffb43ac..7c257bf5 100644
--- a/policycoreutils/semodule/Makefile
+++ b/policycoreutils/semodule/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
@@ -17,12 +17,12 @@ genhomedircon:
ln -sf semodule genhomedircon

install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
- (cd $(SBINDIR); ln -sf semodule genhomedircon)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semodule $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/

relabel:

diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile
index 41ca6832..130b764b 100644
--- a/policycoreutils/sestatus/Makefile
+++ b/policycoreutils/sestatus/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LIBDIR ?= $(PREFIX)/lib

CFLAGS ?= -Werror -Wall -W
@@ -14,14 +14,14 @@ all: sestatus
sestatus: sestatus.o

install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
- -mkdir -p $(SBINDIR)
- install -m 755 sestatus $(SBINDIR)
- install -m 644 sestatus.8 $(MANDIR)/man8
- install -m 644 sestatus.conf.5 $(MANDIR)/man5
- -mkdir -p $(ETCDIR)
- install -m 644 sestatus.conf $(ETCDIR)
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 sestatus $(DESTDIR)$(SBINDIR)
+ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(ETCDIR)
+ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)

clean:
rm -f sestatus *.o
diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
index c08e2dd1..4e56698f 100644
--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -29,14 +29,14 @@ man:
@sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man

install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 setfiles $(SBINDIR)
- (cd $(SBINDIR) && ln -sf setfiles restorecon)
- install -m 755 restorecon_xattr $(SBINDIR)
- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
- install -m 644 restorecon_xattr.8 $(MANDIR)/man8/restorecon_xattr.8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setfiles $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
+ install -m 644 setfiles.8.man $(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 restorecon.8 $(DESTDIR)$(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon_xattr.8 $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8

clean:
rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man
@@ -45,4 +45,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])

relabel: install
- $(SBINDIR)/restorecon $(SBINDIR)/setfiles $(SBINDIR)/restorecon_xattr
+ $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles $(DESTDIR)$(SBINDIR)/restorecon_xattr
diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile
index bc254dab..f3379be9 100644
--- a/policycoreutils/setsebool/Makefile
+++ b/policycoreutils/setsebool/Makefile
@@ -1,10 +1,10 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions

CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +17,12 @@ all: setsebool
setsebool: $(SETSEBOOL_OBJS)

install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 setsebool.8 $(MANDIR)/man8/
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/setsebool
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setsebool $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool

relabel:

diff --git a/python/audit2allow/Makefile b/python/audit2allow/Makefile
index 8db8075f..02526fa7 100644
--- a/python/audit2allow/Makefile
+++ b/python/audit2allow/Makefile
@@ -1,7 +1,7 @@
PYTHON ?= python

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
@@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W

all: audit2why sepolgen-ifgen-attr-helper

-sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(LIBSEPOLA)
+sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(DESTDIR)$(LIBSEPOLA)

audit2why:
ln -sf audit2allow audit2why
@@ -22,14 +22,14 @@ test: all
@$(PYTHON) test_audit2allow.py -v

install: all
- -mkdir -p $(BINDIR)
- install -m 755 audit2allow $(BINDIR)
- (cd $(BINDIR); ln -sf audit2allow audit2why)
- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2allow.1 $(MANDIR)/man1/
- install -m 644 audit2why.1 $(MANDIR)/man1/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 audit2allow $(DESTDIR)$(BINDIR)
+ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
+ install -m 755 sepolgen-ifgen-attr-helper $(DESTDIR)$(BINDIR)
+ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man1
+ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
+ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/

clean:
rm -f *~ *.o sepolgen-ifgen-attr-helper
diff --git a/python/chcat/Makefile b/python/chcat/Makefile
index 0fd12d6d..890033e2 100644
--- a/python/chcat/Makefile
+++ b/python/chcat/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= $(PREFIX)/share/locale
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
all: chcat

install: all
- -mkdir -p $(BINDIR)
- install -m 755 chcat $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 chcat.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 chcat $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/

clean:

diff --git a/python/semanage/Makefile b/python/semanage/Makefile
index 60c36a3a..bd02e9e9 100644
--- a/python/semanage/Makefile
+++ b/python/semanage/Makefile
@@ -1,29 +1,29 @@
PYTHON ?= python

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" % sys.version_info[0:2])')
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions

TARGETS=semanage

-BASHCOMPLETIONS=semanage-bash-completion.sh
+BASHCOMPLETIONS=semanage-bash-completion.sh

all: $(TARGETS)

install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 semanage $(SBINDIR)
- install -m 644 *.8 $(MANDIR)/man8
- test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
- install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semanage $(DESTDIR)$(SBINDIR)
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
+ install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site-packages
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage

test:
@$(PYTHON) test-semanage.py -a
diff --git a/python/sepolgen/src/sepolgen/Makefile b/python/sepolgen/src/sepolgen/Makefile
index d3aa7715..12ef0827 100644
--- a/python/sepolgen/src/sepolgen/Makefile
+++ b/python/sepolgen/src/sepolgen/Makefile
@@ -1,12 +1,12 @@
PYTHON ?= python
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen

all:

install: all
- -mkdir -p $(PACKAGEDIR)
- install -m 644 *.py $(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(PACKAGEDIR)
+ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)

clean:
rm -f parser.out parsetab.py
diff --git a/python/sepolgen/src/share/Makefile b/python/sepolgen/src/share/Makefile
index abf5e451..1a7133cb 100644
--- a/python/sepolgen/src/share/Makefile
+++ b/python/sepolgen/src/share/Makefile
@@ -1,10 +1,10 @@
-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+SHAREDIR ?= /var/lib/sepolgen

all:

install: all
- -mkdir -p $(SHAREDIR)
- install -m 644 perm_map $(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 644 perm_map $(DESTDIR)$(SHAREDIR)

clean:
- rm -f *~
\ No newline at end of file
+ rm -f *~
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
index 5a56e6c8..c75dce73 100644
--- a/python/sepolicy/Makefile
+++ b/python/sepolicy/Makefile
@@ -1,13 +1,13 @@
PYTHON ?= python

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
BINDIR ?= $(PREFIX)/bin
DATADIR ?= $(PREFIX)/share
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
SHAREDIR ?= $(PREFIX)/share/sandbox
CFLAGS ?= -Wall -Werror -Wextra -W
override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
@@ -31,12 +31,12 @@ test:

install:
$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
- -mkdir -p $(MANDIR)/man8
- install -m 644 *.8 $(MANDIR)/man8
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/sepolicy
+ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy

relabel:
diff --git a/restorecond/Makefile b/restorecond/Makefile
index ada94aeb..a9a57b48 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -1,17 +1,17 @@
PKG_CONFIG ?= pkg-config

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
LIBDIR ?= $(PREFIX)/lib
MANDIR = $(PREFIX)/share/man
-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+AUTOSTARTDIR = /etc/xdg/autostart
+DBUSSERVICEDIR = /usr/share/dbus-1/services
+SYSTEMDDIR ?= /usr/lib/systemd

autostart_DATA = sealertauto.desktop
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INITDIR ?= /etc/rc.d/init.d
+SELINUXDIR = /etc/selinux

DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1)
DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
@@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)

install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecond $(SBINDIR)
- install -m 644 restorecond.8 $(MANDIR)/man8
- -mkdir -p $(INITDIR)
- install -m 755 restorecond.init $(INITDIR)/restorecond
- -mkdir -p $(SELINUXDIR)
- install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf
- install -m 644 restorecond_user.conf $(SELINUXDIR)/restorecond_user.conf
- -mkdir -p $(AUTOSTARTDIR)
- install -m 644 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop
- -mkdir -p $(DBUSSERVICEDIR)
- install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service
- -mkdir -p $(SYSTEMDDIR)/system
- install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 restorecond $(DESTDIR)$(SBINDIR)
+ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(INITDIR)
+ install -m 755 restorecond.init $(DESTDIR)$(INITDIR)/restorecond
+ -mkdir -p $(DESTDIR)$(SELINUXDIR)
+ install -m 644 restorecond.conf $(DESTDIR)$(SELINUXDIR)/restorecond.conf
+ install -m 644 restorecond_user.conf $(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
+ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
+ install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ install -m 600 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
+ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/
relabel: install
- /sbin/restorecon $(SBINDIR)/restorecond
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond

clean:
-rm -f restorecond *.o *~
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 05c3d658..9c78041c 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -1,8 +1,8 @@
PYTHON ?= python

# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
+PREFIX ?= /usr
+SYSCONFDIR ?= /etc/sysconfig
LIBDIR ?= $(PREFIX)/lib
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
@@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
seunshare: $(SEUNSHARE_OBJS)

install: all
- -mkdir -p $(BINDIR)
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 sandbox.8 $(MANDIR)/man8/
- install -m 644 seunshare.8 $(MANDIR)/man8/
- -mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.5 $(MANDIR)/man5/
- -mkdir -p $(SBINDIR)
- install -m 4755 seunshare $(SBINDIR)/
- -mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
- install -m 755 start $(SHAREDIR)
- -mkdir -p $(SYSCONFDIR)
- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sandbox $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox

test:
@$(PYTHON) test_sandbox.py -v
diff --git a/secilc/Makefile b/secilc/Makefile
index 1cac53e4..597b4a27 100644
--- a/secilc/Makefile
+++ b/secilc/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
$(XMLTO) man $(SECIL2CONF_MANPAGE).xml

install: all man
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(SECILC) $(BINDIR)
- install -m 755 $(SECIL2CONF) $(BINDIR)
- install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
- install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+ install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8

doc:
$(MAKE) -C docs
diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-utils/semodule_deps/Makefile
index 328a5030..7b106781 100644
--- a/semodule-utils/semodule_deps/Makefile
+++ b/semodule-utils/semodule_deps/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W

all: semodule_deps

-semodule_deps: semodule_deps.o $(LIBSEPOLA)
+semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA)

install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_deps $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_deps.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/

relabel:

diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-utils/semodule_expand/Makefile
index 072f2137..58d2d3cb 100644
--- a/semodule-utils/semodule_expand/Makefile
+++ b/semodule-utils/semodule_expand/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_expand
semodule_expand: semodule_expand.o

install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_expand.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/

relabel:

diff --git a/semodule-utils/semodule_link/Makefile b/semodule-utils/semodule_link/Makefile
index cc4687bd..178bea30 100644
--- a/semodule-utils/semodule_link/Makefile
+++ b/semodule-utils/semodule_link/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
+INCLUDEDIR ?= /include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_link
semodule_link: semodule_link.o

install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_link.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_link $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(PREFIX)$(MANDIR)/man8
+ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/

relabel:

diff --git a/semodule-utils/semodule_package/Makefile b/semodule-utils/semodule_package/Makefile
index 96dd7c4f..37bd0d4b 100644
--- a/semodule-utils/semodule_package/Makefile
+++ b/semodule-utils/semodule_package/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
semodule_package: semodule_package.o

install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
- install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_package $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 semodule_unpackage.8 $(DESTDIR)$(MANDIR)/man8/

relabel:
--
2.13.0
Stephen Smalley
2017-06-21 19:51:13 UTC
Permalink
Post by Jason Zaman
https://www.gnu.org/prep/standards/html_node/DESTDIR.html
DESTDIR should be supported only in the install* and uninstall*
targets, as those are the only targets where it is useful.
If you run make with DESTDIR= set before and after this change, and
compare both the output of make and the resulting directories, you'll
see there are some unexpected differences (I noted the ones I saw
below, but there may be more).

Also, as I note below, this does not fully remove all usage of DESTDIR
outside of install targets (I think it is reasonable to use it in
relabel targets too, but we're still using it elsewhere).

Lastly, there was trailing whitespace.
Post by Jason Zaman
---
 checkpolicy/Makefile                     | 20 +++++++--------
 checkpolicy/test/Makefile                |  6 ++---
 gui/Makefile                             | 44 ++++++++++++++++----
------------
 libselinux/include/Makefile              |  6 ++---
 libselinux/src/Makefile                  | 38 +++++++++++++---------
-----
 libselinux/utils/Makefile                |  6 ++---
 libsemanage/include/Makefile             |  6 ++---
 libsemanage/src/Makefile                 | 32 +++++++++++-----------
-
 libsemanage/tests/Makefile               |  2 +-
 libsemanage/utils/Makefile               |  6 ++---
 libsepol/include/Makefile                | 14 +++++-----
 libsepol/src/Makefile                    | 20 +++++++--------
 libsepol/utils/Makefile                  |  6 ++---
 mcstrans/man/Makefile                    |  6 ++---
 mcstrans/src/Makefile                    | 22 ++++++++--------
 mcstrans/utils/Makefile                  |  8 +++---
 policycoreutils/hll/pp/Makefile          |  6 ++---
 policycoreutils/load_policy/Makefile     | 14 +++++-----
 policycoreutils/man/Makefile             |  6 ++---
 policycoreutils/newrole/Makefile         | 22 ++++++++--------
 policycoreutils/run_init/Makefile        | 20 +++++++--------
 policycoreutils/scripts/Makefile         | 12 ++++-----
 policycoreutils/secon/Makefile           | 10 ++++----
 policycoreutils/semodule/Makefile        | 14 +++++-----
 policycoreutils/sestatus/Makefile        | 20 +++++++--------
 policycoreutils/setfiles/Makefile        | 22 ++++++++--------
 policycoreutils/setsebool/Makefile       | 16 ++++++------
 python/audit2allow/Makefile              | 20 +++++++--------
 python/chcat/Makefile                    | 10 ++++----
 python/semanage/Makefile                 | 22 ++++++++--------
 python/sepolgen/src/sepolgen/Makefile    |  6 ++---
 python/sepolgen/src/share/Makefile       |  8 +++---
 python/sepolicy/Makefile                 | 18 ++++++-------
 restorecond/Makefile                     | 44 ++++++++++++++++----
------------
 sandbox/Makefile                         | 32 +++++++++++-----------
-
 secilc/Makefile                          | 14 +++++-----
 semodule-utils/semodule_deps/Makefile    | 12 ++++-----
 semodule-utils/semodule_expand/Makefile  | 10 ++++----
 semodule-utils/semodule_link/Makefile    | 12 ++++-----
 semodule-utils/semodule_package/Makefile | 14 +++++-----
 40 files changed, 313 insertions(+), 313 deletions(-)
diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile
index 68e11f2a..e4f4fa19 100644
--- a/checkpolicy/Makefile
+++ b/checkpolicy/Makefile
@@ -1,7 +1,7 @@
 #
 # Makefile for building the checkpolicy program
 #
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
@@ -26,9 +26,9 @@ GENERATED=lex.yy.c y.tab.c y.tab.h
 all:  $(TARGETS)
  $(MAKE) -C test
 
-checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+checkpolicy: $(CHECKPOLOBJS) $(DESTDIR)$(LIBSEPOLA)
Hmm...seems like we're still using DESTDIR for more than just install.
So either the patch or the patch description isn't quite right.
The original usage of make DESTDIR in selinux was to support building
and installing to a private directory, so we wanted it to affect more
than just install. If we truly make this transition to conform to the
GNU standards, then we still need a clean way of building and
installing to a private directory for local testing. The top-level
Makefile has a workaround currently of automatically defining CFLAGS
and LDFLAGS when DESTDIR is defined, but that has a side effect: it
suppresses any non-override CFLAGS and LDFLAGS definitions in the
Makefiles, so then we no longer get all of the warning options enabled
in such local builds like we used to do. All of this leaves me
wondering about whether we ought to just revert the earlier changes and
preserve our usage of DESTDIR, even if it doesn't correspond to GNU.
Post by Jason Zaman
 
-checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)
 
 %.o: %.c 
@@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
  $(LEX) policy_scan.l
 
 install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
 
 relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
 
  -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c
y.tab.h lex.yy.c
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
index 59fa4460..c9a8d4c5 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -1,7 +1,7 @@
 #
 # Makefile for building the dispol program
 #
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
@@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
 
 all: dispol dismod
 
-dispol: dispol.o $(LIBSEPOLA)
+dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)
 
-dismod: dismod.o $(LIBSEPOLA)
+dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)
Ditto
Post by Jason Zaman
 
  -rm -f dispol dismod *.o 
diff --git a/gui/Makefile b/gui/Makefile
index 4fc2c1a1..52c3cab2 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 SHAREDIR ?= $(PREFIX)/share/system-config-selinux
 DATADIR ?= $(PREFIX)/share
@@ -24,29 +24,29 @@ usersPage.py
 all: $(TARGETS) system-config-selinux.py polgengui.py
 
 install: all
- -mkdir -p $(MANDIR)/man8
- -mkdir -p $(SHAREDIR)
- -mkdir -p $(BINDIR)
- -mkdir -p $(DATADIR)/pixmaps
- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
- -mkdir -p $(DATADIR)/polkit-1/actions/
- install -m 755 system-config-selinux.py $(SHAREDIR)
- install -m 755 system-config-selinux $(BINDIR)
- install -m 755 polgengui.py $(SHAREDIR)
- install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 system-config-selinux.8 $(MANDIR)/man8
- install -m 644 selinux-polgengui.8 $(MANDIR)/man8
- install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
- install -m 644 system-config-selinux.png
$(DATADIR)/icons/hicolor/24x24/apps
- install -m 644 system-config-selinux.png $(DATADIR)/system-
config-selinux
- install -m 644 *.desktop $(DATADIR)/system-config-selinux
This one seems to have been dropped accidentally rather than augmented
with $(DESTDIR).
Post by Jason Zaman
- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
- install -m 644 sepolicy_256.png
$(DATADIR)/pixmaps/sepolicy.png
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py
$(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/system-config-selinux
+ -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png
$(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
  for i in 16 22 32 48 256; do \
- mkdir -p $(DESTDIR)
$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
- install -m 644 sepolicy_$${i}.png
$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ mkdir -p
$(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
+ install -m 644 sepolicy_$${i}.png
$(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
  done
- install -m 644 org.selinux.config.policy $(DATADIR)/polkit-
1/actions/
+ install -m 644 org.selinux.config.policy
$(DESTDIR)$(DATADIR)/polkit-1/actions/
 
diff --git a/libselinux/include/Makefile
b/libselinux/include/Makefile
index 757a6c9c..c1d3fa15 100644
--- a/libselinux/include/Makefile
+++ b/libselinux/include/Makefile
@@ -1,12 +1,12 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCDIR ?= $(PREFIX)/include/selinux
 
 
 install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR)
 
 
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 4306dd0e..6d65b682 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
 PKG_CONFIG ?= pkg-config
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
 INCLUDEDIR ?= $(PREFIX)/include
 PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
 PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
 PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
imp.get_suffixes() if t == imp.C_EXTENSION][0])')
 RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
RbConfig::CONFIG["rubyhdrdir"]')
 RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
 LIBBASE ?= $(shell basename $(LIBDIR))
 LIBSEPOLA ?= $(LIBDIR)/libsepol.a
 
../include/selinux/selinux.h
 $(AUDIT2WHYLOBJ): audit2why.c
  $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC
 
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
+$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
$(PYLIBS)
Here again with using DESTDIR outside of install.
Post by Jason Zaman
 
 %.o:  %.c policy.h
@@ -177,26 +177,26 @@ swigify: $(SWIGIF)
  $(SWIG) $<
 
 install: all 
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
$(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
$(DESTDIR)$(LIBDIR)/$(TARGET)
 
 install-pywrap: pywrap
- test -d $(PYSITEDIR)/selinux || install -m 755 -d
$(PYSITEDIR)/selinux
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO)
$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py
+ test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d
$(DESTDIR)$(PYSITEDIR)/selinux
+ install -m 755 $(SWIGSO)
$(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
+ install -m 755 $(AUDIT2WHYSO)
$(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
+ install -m 644 $(SWIGPYOUT)
$(DESTDIR)$(PYSITEDIR)/selinux/__init__.py
 
 install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) 
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
$(DESTDIR)$(RUBYINSTALL) 
+ install -m 755 $(SWIGRUBYSO)
$(DESTDIR)$(RUBYINSTALL)/selinux.so
 
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
 
  -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index 843b0e7c..882a6787 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
 INCLUDEDIR ?= $(PREFIX)/include
@@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o
../src/regex.o
 all: $(TARGETS)
 
 install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
 
  rm -f $(TARGETS) *.o *~
diff --git a/libsemanage/include/Makefile
b/libsemanage/include/Makefile
index b660660e..6e44a28a 100644
--- a/libsemanage/include/Makefile
+++ b/libsemanage/include/Makefile
@@ -1,12 +1,12 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCDIR ?= $(PREFIX)/include/semanage
 
 
 install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard semanage/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR)
 
  ../../scripts/Lindent $(wildcard semanage/*.h)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index f01385c5..8c0b4557 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
 PKG_CONFIG ?= pkg-config
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
 INCLUDEDIR ?= $(PREFIX)/include
 PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
 PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
 PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
imp.get_suffixes() if t == imp.C_EXTENSION][0])')
 RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
RbConfig::CONFIG["rubyhdrdir"]')
 RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
 
 LIBBASE=$(shell basename $(LIBDIR))
 
@@ -136,26 +136,26 @@ swigify: $(SWIGIF)
  $(SWIG) $<
 
 install: all 
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- install -m 755 $(LIBSO) $(LIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
  test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644
-D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
- cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+ cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
 
 install-pywrap: pywrap 
- test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
- install -m 644 semanage.py $(PYSITEDIR)
+ test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d
$(DESTDIR)$(PYSITEDIR)
+ install -m 755 $(SWIGSO)
$(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
+ install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)
 
 
 install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) 
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
$(DESTDIR)$(RUBYINSTALL) 
+ install -m 755 $(SWIGRUBYSO)
$(DESTDIR)$(RUBYINSTALL)/semanage.so
 
- /sbin/restorecon $(LIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
 
 clean: 
  -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
$(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-
parse.h conf-scan.c *.o *.lo *~
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 2ef8d30d..8103cf8f 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
 
diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile
index 725f0eec..5b8fbb6b 100644
--- a/libsemanage/utils/Makefile
+++ b/libsemanage/utils/Makefile
@@ -1,13 +1,13 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBEXECDIR ?= $(PREFIX)/libexec
 SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
 
 
 install: all
- -mkdir -p $(SELINUXEXECDIR)
- install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
+ -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
+ install -m 755 semanage_migrate_store
$(DESTDIR)$(SELINUXEXECDIR)
 
 
diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
index 56b7a114..49f817ce 100644
--- a/libsepol/include/Makefile
+++ b/libsepol/include/Makefile
@@ -1,17 +1,17 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCDIR ?= $(PREFIX)/include/sepol
 CILDIR ?= ../cil
 
 
 install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- test -d $(INCDIR)/policydb || install -m 755 -d
$(INCDIR)/policydb
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
- install -m 644 $(wildcard sepol/policydb/*.h)
$(INCDIR)/policydb
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
$(INCDIR)/cil
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d
$(DESTDIR)$(INCDIR)/policydb
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d
$(DESTDIR)$(INCDIR)/cil
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h)
$(DESTDIR)$(INCDIR)/policydb
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
$(DESTDIR)$(INCDIR)/cil
 
  ../../scripts/Lindent $(wildcard sepol/*.h)
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index 819d261b..4c7e23fa 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= $(PREFIX)/lib
This yields a change in the default install location for libsepol.so.1
(/lib -> /usr/lib).
Post by Jason Zaman
 RANLIB ?= ranlib
 LIBBASE ?= $(shell basename $(LIBDIR))
 CILDIR ?= ../cil
@@ -80,16 +80,16 @@ endif
 
 install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO)
$(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
$(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
$(DESTDIR)$(LIBDIR)/$(TARGET)
 
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
 
 clean: 
  -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
$(TARGET) $(CIL_GENERATED)
diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
index fba1d8a0..31932c11 100644
--- a/libsepol/utils/Makefile
+++ b/libsepol/utils/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 
 CFLAGS ?= -Wall -Werror
@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
 all: $(TARGETS)
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
 
  -rm -f $(TARGETS) *.o 
diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
index 8e971192..dbd87f49 100644
--- a/mcstrans/man/Makefile
+++ b/mcstrans/man/Makefile
@@ -1,11 +1,11 @@
 # Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN8DIR ?= /usr/share/man/man8
 
 
 install: all
- mkdir -p $(MAN8DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
 
  -rm -f *~ \#*
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 709e1e02..be54e349 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -1,9 +1,9 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
-SBINDIR ?= $(DESTDIR)/sbin
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+SBINDIR ?= /sbin
+INITDIR ?= /etc/rc.d/init.d
+SYSTEMDDIR ?= /usr/lib/systemd
 
 PROG_SRC=mcstrans.c  mcscolor.c  mcstransd.c  mls_level.c
 PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
@@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE
-D_FILE_OFFSET_BITS=64
 all: $(PROG)
 
 $(PROG): $(PROG_OBJS)
$(LIBDIR)/libsepol.a
$(DESTDIR)$(LIBDIR)/libsepol.a
 
 %.o:  %.c 
 
 install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- install -m 755 $(PROG) $(SBINDIR)
- test -d $(INITDIR) || install -m 755 -d $(INITDIR)
- install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
- test -d $(SYSTEMDDIR)/system || install -m 755 -d
$(SYSTEMDDIR)/system
- install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
$(DESTDIR)$(SBINDIR)
+ install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(INITDIR) || install -m 755 -d
$(DESTDIR)$(INITDIR)
+ install -m 755 $(INITSCRIPT).init
$(DESTDIR)$(INITDIR)/$(INITSCRIPT)
+ test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d
$(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 mcstrans.service
$(DESTDIR)$(SYSTEMDDIR)/system/
 
 clean: 
  -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~
\#*
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
index 4d3cbfcb..1364cece 100644
--- a/mcstrans/utils/Makefile
+++ b/mcstrans/utils/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
 LIBSEPOLA ?= $(LIBDIR)/libsepol.a
@@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
 
 all: $(TARGETS)
 
-$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+$(TARGETS): ../src/mcstrans.o ../src/mls_level.o
$(DESTDIR)$(LIBSEPOLA)
 
 install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
 
  ./mlstrans-test-runner.py ../test/*.test
diff --git a/policycoreutils/hll/pp/Makefile
b/policycoreutils/hll/pp/Makefile
index 3401dcc9..ed70c449 100644
--- a/policycoreutils/hll/pp/Makefile
+++ b/policycoreutils/hll/pp/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 MANDIR = $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
@@ -21,8 +21,8 @@ pp: $(PP_OBJS)
 
 install: all
- -mkdir -p $(HLLDIR)
- install -m 755 pp $(HLLDIR)
+ -mkdir -p $(DESTDIR)$(HLLDIR)
+ install -m 755 pp $(DESTDIR)$(HLLDIR)
 
 
diff --git a/policycoreutils/load_policy/Makefile
b/policycoreutils/load_policy/Makefile
index b85833c2..00f59aba 100644
--- a/policycoreutils/load_policy/Makefile
+++ b/policycoreutils/load_policy/Makefile
@@ -1,6 +1,6 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 
@@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
 all: $(TARGETS)
 
 install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
 
  -rm -f $(TARGETS) *.o 
  ../../scripts/Lindent $(wildcard *.[ch])
 
- /sbin/restorecon $(SBINDIR)/load_policy 
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy 
diff --git a/policycoreutils/man/Makefile
b/policycoreutils/man/Makefile
index 0d91cd46..ae3d27b6 100644
--- a/policycoreutils/man/Makefile
+++ b/policycoreutils/man/Makefile
@@ -1,12 +1,12 @@
 # Installation directories.
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+MAN5DIR ?= /usr/share/man/man5
 
 
 
 install: all
- mkdir -p $(MAN5DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
 
diff --git a/policycoreutils/newrole/Makefile
b/policycoreutils/newrole/Makefile
index 196af926..e687b6ab 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
 LOCALEDIR = /usr/share/locale
 PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
 AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
 
 install: all
- test -d $(BINDIR)      || install -m 755 -d $(BINDIR)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
+ test -d $(DESTDIR)$(BINDIR)      || install -m 755 -d
$(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d
$(DESTDIR)$(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man1
+ install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
+ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
 ifeq ($(PAMH), y)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ test -d $(ETCDIR)/pam.d || install -m 755 -d
$(DESTDIR)$(ETCDIR)/pam.d
Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too.
Post by Jason Zaman
 ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole-lspp.pamd
$(DESTDIR)$(ETCDIR)/pam.d/newrole
 else
- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole.pamd
$(DESTDIR)$(ETCDIR)/pam.d/newrole
 endif
 endif
 
  ../../scripts/Lindent $(wildcard *.[ch])
 
 relabel: install
- /sbin/restorecon $(BINDIR)/newrole
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff --git a/policycoreutils/run_init/Makefile
b/policycoreutils/run_init/Makefile
index 921f0b07..8d8eb704 100644
--- a/policycoreutils/run_init/Makefile
+++ b/policycoreutils/run_init/Makefile
@@ -1,9 +1,9 @@
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
 LOCALEDIR ?= /usr/share/locale
 PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
 AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
 
 
 install: all
- test -d $(SBINDIR)      || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 755 run_init $(SBINDIR)
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ test -d $(DESTDIR)$(SBINDIR)      || install -m 755 -d
$(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 755 run_init $(DESTDIR)$(SBINDIR)
+ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
+ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
 ifeq ($(PAMH), y)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ install -m 644 run_init.pamd
$(DESTDIR)$(ETCDIR)/pam.d/run_init
 endif
 
  ../../scripts/Lindent $(wildcard *.[ch])
 
 relabel: install
- /sbin/restorecon $(SBINDIR)/run_init
$(SBINDIR)/open_init_pty
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init
$(DESTDIR)$(SBINDIR)/open_init_pty
diff --git a/policycoreutils/scripts/Makefile
b/policycoreutils/scripts/Makefile
index d9e86ffe..a988144b 100644
--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
@@ -1,6 +1,6 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= $(PREFIX)/share/locale
 
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
 all: fixfiles
 
 install: all
- -mkdir -p $(SBINDIR)
- install -m 755 fixfiles $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
 
 
diff --git a/policycoreutils/secon/Makefile
b/policycoreutils/secon/Makefile
index 8e491d74..c03f0d7d 100644
--- a/policycoreutils/secon/Makefile
+++ b/policycoreutils/secon/Makefile
@@ -1,5 +1,5 @@
 # secon tool - command-line context
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
@@ -18,13 +18,13 @@ secon: secon.o
 install-nogui: install
 
 install: all
- install -m 755 secon $(BINDIR);
+ install -m 755 secon $(DESTDIR)$(BINDIR);
 
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m 644 secon.1 $(MANDIR)/man1
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man1
+ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
 
- /sbin/restorecon $(BINDIR)/secon
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
 
  rm -f *.o core* secon *~ *.bak
diff --git a/policycoreutils/semodule/Makefile
b/policycoreutils/semodule/Makefile
index fffb43ac..7c257bf5 100644
--- a/policycoreutils/semodule/Makefile
+++ b/policycoreutils/semodule/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR = $(PREFIX)/share/man
  ln -sf semodule genhomedircon
 
 install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
- (cd $(SBINDIR); ln -sf semodule genhomedircon)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semodule $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
 
 
diff --git a/policycoreutils/sestatus/Makefile
b/policycoreutils/sestatus/Makefile
index 41ca6832..130b764b 100644
--- a/policycoreutils/sestatus/Makefile
+++ b/policycoreutils/sestatus/Makefile
@@ -1,8 +1,8 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR = $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
 LIBDIR ?= $(PREFIX)/lib
 
 CFLAGS ?= -Werror -Wall -W
@@ -14,14 +14,14 @@ all: sestatus
 sestatus: sestatus.o
 
 install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
- -mkdir -p $(SBINDIR)
- install -m 755 sestatus $(SBINDIR)
- install -m 644 sestatus.8 $(MANDIR)/man8
- install -m 644 sestatus.conf.5 $(MANDIR)/man5
- -mkdir -p $(ETCDIR)
- install -m 644 sestatus.conf $(ETCDIR)
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 sestatus $(DESTDIR)$(SBINDIR)
+ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(ETCDIR)
+ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
 
  rm -f sestatus *.o
diff --git a/policycoreutils/setfiles/Makefile
b/policycoreutils/setfiles/Makefile
index c08e2dd1..4e56698f 100644
--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
@@ -1,6 +1,6 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
 MANDIR = $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
 AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
setfiles.8.man
 
 install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 setfiles $(SBINDIR)
- (cd $(SBINDIR) && ln -sf setfiles restorecon)
- install -m 755 restorecon_xattr $(SBINDIR)
- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
- install -m 644 restorecon_xattr.8
$(MANDIR)/man8/restorecon_xattr.8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setfiles $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
+ install -m 644 setfiles.8.man
$(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 restorecon.8
$(DESTDIR)$(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon_xattr.8
$(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
 
  rm -f setfiles restorecon restorecon_xattr *.o
setfiles.8.man
  ../../scripts/Lindent $(wildcard *.[ch])
 
 relabel: install
- $(SBINDIR)/restorecon $(SBINDIR)/setfiles
$(SBINDIR)/restorecon_xattr
+ $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles
$(DESTDIR)$(SBINDIR)/restorecon_xattr
diff --git a/policycoreutils/setsebool/Makefile
b/policycoreutils/setsebool/Makefile
index bc254dab..f3379be9 100644
--- a/policycoreutils/setsebool/Makefile
+++ b/policycoreutils/setsebool/Makefile
@@ -1,10 +1,10 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR = $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
 
 CFLAGS ?= -Werror -Wall -W
 override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +17,12 @@ all: setsebool
 setsebool: $(SETSEBOOL_OBJS)
 
 install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 setsebool.8 $(MANDIR)/man8/
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/setsebool
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setsebool $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
 
 
diff --git a/python/audit2allow/Makefile
b/python/audit2allow/Makefile
index 8db8075f..02526fa7 100644
--- a/python/audit2allow/Makefile
+++ b/python/audit2allow/Makefile
@@ -1,7 +1,7 @@
 PYTHON ?= python
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR ?= $(PREFIX)/share/man
@@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W
 
 all: audit2why sepolgen-ifgen-attr-helper
 
-sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
$(LIBSEPOLA)
+sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
$(DESTDIR)$(LIBSEPOLA)
 
  ln -sf audit2allow audit2why
@@ -22,14 +22,14 @@ test: all
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 audit2allow $(BINDIR)
- (cd $(BINDIR); ln -sf audit2allow audit2why)
- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2allow.1 $(MANDIR)/man1/
- install -m 644 audit2why.1 $(MANDIR)/man1/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 audit2allow $(DESTDIR)$(BINDIR)
+ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
+ install -m 755 sepolgen-ifgen-attr-helper
$(DESTDIR)$(BINDIR)
+ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man1
+ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
+ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
 
  rm -f *~ *.o sepolgen-ifgen-attr-helper
diff --git a/python/chcat/Makefile b/python/chcat/Makefile
index 0fd12d6d..890033e2 100644
--- a/python/chcat/Makefile
+++ b/python/chcat/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= $(PREFIX)/share/locale
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
 all: chcat
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 chcat $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 chcat.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 chcat $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
 
 
diff --git a/python/semanage/Makefile b/python/semanage/Makefile
index 60c36a3a..bd02e9e9 100644
--- a/python/semanage/Makefile
+++ b/python/semanage/Makefile
@@ -1,29 +1,29 @@
 PYTHON ?= python
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
 SBINDIR ?= $(PREFIX)/sbin
 MANDIR = $(PREFIX)/share/man
 PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" %
sys.version_info[0:2])')
 PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
 
 TARGETS=semanage
 
-BASHCOMPLETIONS=semanage-bash-completion.sh 
+BASHCOMPLETIONS=semanage-bash-completion.sh
 
 all: $(TARGETS)
 
 install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 semanage $(SBINDIR)
- install -m 644 *.8 $(MANDIR)/man8
- test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d
$(PYTHONLIBDIR)/site-packages
- install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/semanage
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semanage $(DESTDIR)$(SBINDIR)
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install
-m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
+ install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site-
packages
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
 
diff --git a/python/sepolgen/src/sepolgen/Makefile
b/python/sepolgen/src/sepolgen/Makefile
index d3aa7715..12ef0827 100644
--- a/python/sepolgen/src/sepolgen/Makefile
+++ b/python/sepolgen/src/sepolgen/Makefile
@@ -1,12 +1,12 @@
 PYTHON ?= python
 PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig
import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen
 
 
 install: all
- -mkdir -p $(PACKAGEDIR)
- install -m 644 *.py $(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(PACKAGEDIR)
+ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
 
  rm -f parser.out parsetab.py
diff --git a/python/sepolgen/src/share/Makefile
b/python/sepolgen/src/share/Makefile
index abf5e451..1a7133cb 100644
--- a/python/sepolgen/src/share/Makefile
+++ b/python/sepolgen/src/share/Makefile
@@ -1,10 +1,10 @@
-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+SHAREDIR ?= /var/lib/sepolgen
 
 
 install: all
- -mkdir -p $(SHAREDIR)
- install -m 644 perm_map $(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
 
- rm -f *~
\ No newline at end of file
+ rm -f *~
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
index 5a56e6c8..c75dce73 100644
--- a/python/sepolicy/Makefile
+++ b/python/sepolicy/Makefile
@@ -1,13 +1,13 @@
 PYTHON ?= python
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 LIBDIR ?= $(PREFIX)/lib
 BINDIR ?= $(PREFIX)/bin
 DATADIR ?= $(PREFIX)/share
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
 SHAREDIR ?= $(PREFIX)/share/sandbox
 CFLAGS ?= -Wall -Werror -Wextra -W
 override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
 
  $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --
root $(DESTDIR)`
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
- -mkdir -p $(MANDIR)/man8
- install -m 644 *.8 $(MANDIR)/man8
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/sepolicy
+ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
 
diff --git a/restorecond/Makefile b/restorecond/Makefile
index ada94aeb..a9a57b48 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -1,17 +1,17 @@
 PKG_CONFIG ?= pkg-config
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 SBINDIR ?= $(PREFIX)/sbin
 LIBDIR ?= $(PREFIX)/lib
 MANDIR = $(PREFIX)/share/man
-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+AUTOSTARTDIR = /etc/xdg/autostart
+DBUSSERVICEDIR = /usr/share/dbus-1/services
+SYSTEMDDIR ?= /usr/lib/systemd
 
 autostart_DATA = sealertauto.desktop
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INITDIR ?= /etc/rc.d/init.d
+SELINUXDIR = /etc/selinux
 
 DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1)
 DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
@@ -39,23 +39,23 @@ restorecond:  restore.o restorecond.o
utmpwatcher.o stringslist.o user.o watch.o
 
 install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecond $(SBINDIR)
- install -m 644 restorecond.8 $(MANDIR)/man8
- -mkdir -p $(INITDIR)
- install -m 755 restorecond.init $(INITDIR)/restorecond
- -mkdir -p $(SELINUXDIR)
- install -m 644 restorecond.conf
$(SELINUXDIR)/restorecond.conf
- install -m 644 restorecond_user.conf
$(SELINUXDIR)/restorecond_user.conf
- -mkdir -p $(AUTOSTARTDIR)
- install -m 644 restorecond.desktop
$(AUTOSTARTDIR)/restorecond.desktop
- -mkdir -p $(DBUSSERVICEDIR)
- install -m 600
org.selinux.Restorecond.service  $(DBUSSERVICEDIR)/org.selinux.Restor
econd.service
- -mkdir -p $(SYSTEMDDIR)/system
- install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 restorecond $(DESTDIR)$(SBINDIR)
+ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(INITDIR)
+ install -m 755 restorecond.init
$(DESTDIR)$(INITDIR)/restorecond
+ -mkdir -p $(DESTDIR)$(SELINUXDIR)
+ install -m 644 restorecond.conf
$(DESTDIR)$(SELINUXDIR)/restorecond.conf
+ install -m 644 restorecond_user.conf
$(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
+ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
+ install -m 644 restorecond.desktop
$(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ install -m 600
org.selinux.Restorecond.service  $(DESTDIR)$(DBUSSERVICEDIR)/org.seli
nux.Restorecond.service
+ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 restorecond.service
$(DESTDIR)$(SYSTEMDDIR)/system/
 relabel: install
- /sbin/restorecon $(SBINDIR)/restorecond 
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond 
 
  -rm -f restorecond *.o *~
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 05c3d658..9c78041c 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -1,8 +1,8 @@
 PYTHON ?= python
 
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
+PREFIX ?= /usr
+SYSCONFDIR ?= /etc/sysconfig
 LIBDIR ?= $(PREFIX)/lib
 BINDIR ?= $(PREFIX)/bin
 SBINDIR ?= $(PREFIX)/sbin
@@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
 seunshare: $(SEUNSHARE_OBJS)
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 sandbox.8 $(MANDIR)/man8/
- install -m 644 seunshare.8 $(MANDIR)/man8/
- -mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.5 $(MANDIR)/man5/
- -mkdir -p $(SBINDIR)
- install -m 4755 seunshare $(SBINDIR)/
- -mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
- install -m 755 start $(SHAREDIR)
- -mkdir -p $(SYSCONFDIR)
- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sandbox $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
 
diff --git a/secilc/Makefile b/secilc/Makefile
index 1cac53e4..597b4a27 100644
--- a/secilc/Makefile
+++ b/secilc/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
@@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
  $(XMLTO) man $(SECIL2CONF_MANPAGE).xml
 
 install: all man
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(SECILC) $(BINDIR)
- install -m 755 $(SECIL2CONF) $(BINDIR)
- install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
- install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+ install -m 644 $(SECIL2CONF_MANPAGE)
$(DESTDIR)$(MANDIR)/man8
 
  $(MAKE) -C docs
diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-
utils/semodule_deps/Makefile
index 328a5030..7b106781 100644
--- a/semodule-utils/semodule_deps/Makefile
+++ b/semodule-utils/semodule_deps/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
@@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W
 
 all: semodule_deps
 
-semodule_deps:  semodule_deps.o $(LIBSEPOLA)
+semodule_deps:  semodule_deps.o $(DESTDIR)$(LIBSEPOLA)
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_deps $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_deps.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/
 
 
diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-
utils/semodule_expand/Makefile
index 072f2137..58d2d3cb 100644
--- a/semodule-utils/semodule_expand/Makefile
+++ b/semodule-utils/semodule_expand/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_expand
 semodule_expand:  semodule_expand.o 
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_expand.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/
 
 
diff --git a/semodule-utils/semodule_link/Makefile b/semodule-
utils/semodule_link/Makefile
index cc4687bd..178bea30 100644
--- a/semodule-utils/semodule_link/Makefile
+++ b/semodule-utils/semodule_link/Makefile
@@ -1,6 +1,6 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
+INCLUDEDIR ?= /include
 BINDIR ?= $(PREFIX)/bin
 MANDIR ?= $(PREFIX)/share/man
 LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_link
 semodule_link:  semodule_link.o 
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_link.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_link $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(PREFIX)$(MANDIR)/man8
Missing $(DESTDIR) in the final install location above.
Post by Jason Zaman
+ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
 
 
diff --git a/semodule-utils/semodule_package/Makefile b/semodule-
utils/semodule_package/Makefile
index 96dd7c4f..37bd0d4b 100644
--- a/semodule-utils/semodule_package/Makefile
+++ b/semodule-utils/semodule_package/Makefile
@@ -1,5 +1,5 @@
 # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
 INCLUDEDIR ?= $(PREFIX)/include
 BINDIR ?= $(PREFIX)/bin
 LIBDIR ?= $(PREFIX)/lib
@@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
 semodule_package:  semodule_package.o 
 
 install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
- install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_package $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 semodule_unpackage.8
$(DESTDIR)$(MANDIR)/man8/
 
 
Petr Lautrbach
2017-06-22 16:25:52 UTC
Permalink
Post by Stephen Smalley
Hmm...seems like we're still using DESTDIR for more than just install.
So either the patch or the patch description isn't quite right.
The original usage of make DESTDIR in selinux was to support building
and installing to a private directory, so we wanted it to affect more
than just install. If we truly make this transition to conform to the
GNU standards, then we still need a clean way of building and
installing to a private directory for local testing. The top-level
Makefile has a workaround currently of automatically defining CFLAGS
and LDFLAGS when DESTDIR is defined, but that has a side effect: it
suppresses any non-override CFLAGS and LDFLAGS definitions in the
Makefiles, so then we no longer get all of the warning options enabled
in such local builds like we used to do. All of this leaves me
wondering about whether we ought to just revert the earlier changes and
preserve our usage of DESTDIR, even if it doesn't correspond to GNU.
PREFIX could be used for the case you described and DESTDIR would be
used just for installing to a different root directory.


The difference could be seen in .pc files:

$ make DESTDIR=/selinux-DESTDIR
LIBSEPOLA=/selinux-DESTDIR/usr/lib/libsepol.a install install-pywrap
install-rubywrap

$ head -n 2 /selinux-DESTDIR/usr/lib/pkgconfig/libsepol.pc
prefix=//usr
exec_prefix=${prefix}

vs

$ make PREFIX=/selinux-PREFIX install install-pywrap install-rubywrap

$ head -n 2 /selinux-PREFIX/usr/lib/pkgconfig/libsepol.pc
prefix=/selinux-PREFIX/usr
exec_prefix=${prefix}

I've got two work-in-progress patches for that:

https://github.com/bachradsusi/SELinuxProject-selinux/commit/03d7e6a3802aa5376fe6162f6e7f9a6314f2b028
https://github.com/bachradsusi/SELinuxProject-selinux/commit/ddf070fa82a4331b8fe2d82f61929c1120a12630

They need more testing and some enhancements but for the first look they
seem to work. At least structure of directories seem to be same.
Post by Stephen Smalley
Post by Petr Lautrbach
-checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)
%.o: %.c
@@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
$(LEX) policy_scan.l
install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c
y.tab.h lex.yy.c
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
index 59fa4460..c9a8d4c5 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -1,7 +1,7 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
INCLUDEDIR ?= $(PREFIX)/include
@@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
all: dispol dismod
-dispol: dispol.o $(LIBSEPOLA)
+dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)
-dismod: dismod.o $(LIBSEPOLA)
+dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)
Ditto
Post by Petr Lautrbach
-rm -f dispol dismod *.o
diff --git a/gui/Makefile b/gui/Makefile
index 4fc2c1a1..52c3cab2 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
DATADIR ?= $(PREFIX)/share
@@ -24,29 +24,29 @@ usersPage.py
all: $(TARGETS) system-config-selinux.py polgengui.py
install: all
- -mkdir -p $(MANDIR)/man8
- -mkdir -p $(SHAREDIR)
- -mkdir -p $(BINDIR)
- -mkdir -p $(DATADIR)/pixmaps
- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
- -mkdir -p $(DATADIR)/polkit-1/actions/
- install -m 755 system-config-selinux.py $(SHAREDIR)
- install -m 755 system-config-selinux $(BINDIR)
- install -m 755 polgengui.py $(SHAREDIR)
- install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 system-config-selinux.8 $(MANDIR)/man8
- install -m 644 selinux-polgengui.8 $(MANDIR)/man8
- install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
- install -m 644 system-config-selinux.png
$(DATADIR)/icons/hicolor/24x24/apps
- install -m 644 system-config-selinux.png $(DATADIR)/system-
config-selinux
- install -m 644 *.desktop $(DATADIR)/system-config-selinux
This one seems to have been dropped accidentally rather than augmented
with $(DESTDIR).
Post by Petr Lautrbach
- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
- install -m 644 sepolicy_256.png
$(DATADIR)/pixmaps/sepolicy.png
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py
$(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/system-config-selinux
+ -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png
$(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
for i in 16 22 32 48 256; do \
- mkdir -p $(DESTDIR)
$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
- install -m 644 sepolicy_$${i}.png
$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ mkdir -p
$(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
+ install -m 644 sepolicy_$${i}.png
$(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
done
- install -m 644 org.selinux.config.policy $(DATADIR)/polkit-
1/actions/
+ install -m 644 org.selinux.config.policy
$(DESTDIR)$(DATADIR)/polkit-1/actions/
diff --git a/libselinux/include/Makefile
b/libselinux/include/Makefile
index 757a6c9c..c1d3fa15 100644
--- a/libselinux/include/Makefile
+++ b/libselinux/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/selinux
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 4306dd0e..6d65b682 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
LIBBASE ?= $(shell basename $(LIBDIR))
LIBSEPOLA ?= $(LIBDIR)/libsepol.a
../include/selinux/selinux.h
$(AUDIT2WHYLOBJ): audit2why.c
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
+$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
$(PYLIBS)
Here again with using DESTDIR outside of install.
Post by Petr Lautrbach
%.o: %.c policy.h
@@ -177,26 +177,26 @@ swigify: $(SWIGIF)
$(SWIG) $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
$(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
$(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
- test -d $(PYSITEDIR)/selinux || install -m 755 -d
$(PYSITEDIR)/selinux
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO)
$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py
+ test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755 -d
$(DESTDIR)$(PYSITEDIR)/selinux
+ install -m 755 $(SWIGSO)
$(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
+ install -m 755 $(AUDIT2WHYSO)
$(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
+ install -m 644 $(SWIGPYOUT)
$(DESTDIR)$(PYSITEDIR)/selinux/__init__.py
install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
$(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO)
$(DESTDIR)$(RUBYINSTALL)/selinux.so
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index 843b0e7c..882a6787 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
INCLUDEDIR ?= $(PREFIX)/include
@@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o
../src/regex.o
all: $(TARGETS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
rm -f $(TARGETS) *.o *~
diff --git a/libsemanage/include/Makefile
b/libsemanage/include/Makefile
index b660660e..6e44a28a 100644
--- a/libsemanage/include/Makefile
+++ b/libsemanage/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/semanage
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard semanage/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR)
../../scripts/Lindent $(wildcard semanage/*.h)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index f01385c5..8c0b4557 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in
imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
LIBBASE=$(shell basename $(LIBDIR))
@@ -136,26 +136,26 @@ swigify: $(SWIGIF)
$(SWIG) $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- install -m 755 $(LIBSO) $(LIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644
-D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
- cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+ cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
install-pywrap: pywrap
- test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
- install -m 644 semanage.py $(PYSITEDIR)
+ test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d
$(DESTDIR)$(PYSITEDIR)
+ install -m 755 $(SWIGSO)
$(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
+ install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)
install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
$(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO)
$(DESTDIR)$(RUBYINSTALL)/semanage.so
- /sbin/restorecon $(LIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
-rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
$(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-
parse.h conf-scan.c *.o *.lo *~
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 2ef8d30d..8103cf8f 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile
index 725f0eec..5b8fbb6b 100644
--- a/libsemanage/utils/Makefile
+++ b/libsemanage/utils/Makefile
@@ -1,13 +1,13 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBEXECDIR ?= $(PREFIX)/libexec
SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
install: all
- -mkdir -p $(SELINUXEXECDIR)
- install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
+ -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
+ install -m 755 semanage_migrate_store
$(DESTDIR)$(SELINUXEXECDIR)
diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
index 56b7a114..49f817ce 100644
--- a/libsepol/include/Makefile
+++ b/libsepol/include/Makefile
@@ -1,17 +1,17 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/sepol
CILDIR ?= ../cil
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- test -d $(INCDIR)/policydb || install -m 755 -d
$(INCDIR)/policydb
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
- install -m 644 $(wildcard sepol/policydb/*.h)
$(INCDIR)/policydb
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
$(INCDIR)/cil
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d
$(DESTDIR)$(INCDIR)/policydb
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d
$(DESTDIR)$(INCDIR)/cil
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h)
$(DESTDIR)$(INCDIR)/policydb
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
$(DESTDIR)$(INCDIR)/cil
../../scripts/Lindent $(wildcard sepol/*.h)
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index 819d261b..4c7e23fa 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= $(PREFIX)/lib
This yields a change in the default install location for libsepol.so.1
(/lib -> /usr/lib).
Post by Petr Lautrbach
RANLIB ?= ranlib
LIBBASE ?= $(shell basename $(LIBDIR))
CILDIR ?= ../cil
@@ -80,16 +80,16 @@ endif
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO)
$(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
$(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
$(DESTDIR)$(LIBDIR)/$(TARGET)
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
-rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED)
diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
index fba1d8a0..31932c11 100644
--- a/libsepol/utils/Makefile
+++ b/libsepol/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
CFLAGS ?= -Wall -Werror
@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
-rm -f $(TARGETS) *.o
diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
index 8e971192..dbd87f49 100644
--- a/mcstrans/man/Makefile
+++ b/mcstrans/man/Makefile
@@ -1,11 +1,11 @@
# Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN8DIR ?= /usr/share/man/man8
install: all
- mkdir -p $(MAN8DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
-rm -f *~ \#*
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 709e1e02..be54e349 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SBINDIR ?= $(DESTDIR)/sbin
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+SBINDIR ?= /sbin
+INITDIR ?= /etc/rc.d/init.d
+SYSTEMDDIR ?= /usr/lib/systemd
PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
@@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE
-D_FILE_OFFSET_BITS=64
all: $(PROG)
$(PROG): $(PROG_OBJS)
$(LIBDIR)/libsepol.a
$(DESTDIR)$(LIBDIR)/libsepol.a
%.o: %.c
install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- install -m 755 $(PROG) $(SBINDIR)
- test -d $(INITDIR) || install -m 755 -d $(INITDIR)
- install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
- test -d $(SYSTEMDDIR)/system || install -m 755 -d
$(SYSTEMDDIR)/system
- install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
$(DESTDIR)$(SBINDIR)
+ install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(INITDIR) || install -m 755 -d
$(DESTDIR)$(INITDIR)
+ install -m 755 $(INITSCRIPT).init
$(DESTDIR)$(INITDIR)/$(INITSCRIPT)
+ test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d
$(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 mcstrans.service
$(DESTDIR)$(SYSTEMDDIR)/system/
-rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~
\#*
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
index 4d3cbfcb..1364cece 100644
--- a/mcstrans/utils/Makefile
+++ b/mcstrans/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
LIBSEPOLA ?= $(LIBDIR)/libsepol.a
@@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
-$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+$(TARGETS): ../src/mcstrans.o ../src/mls_level.o
$(DESTDIR)$(LIBSEPOLA)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
./mlstrans-test-runner.py ../test/*.test
diff --git a/policycoreutils/hll/pp/Makefile
b/policycoreutils/hll/pp/Makefile
index 3401dcc9..ed70c449 100644
--- a/policycoreutils/hll/pp/Makefile
+++ b/policycoreutils/hll/pp/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -21,8 +21,8 @@ pp: $(PP_OBJS)
install: all
- -mkdir -p $(HLLDIR)
- install -m 755 pp $(HLLDIR)
+ -mkdir -p $(DESTDIR)$(HLLDIR)
+ install -m 755 pp $(DESTDIR)$(HLLDIR)
diff --git a/policycoreutils/load_policy/Makefile
b/policycoreutils/load_policy/Makefile
index b85833c2..00f59aba 100644
--- a/policycoreutils/load_policy/Makefile
+++ b/policycoreutils/load_policy/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
-rm -f $(TARGETS) *.o
../../scripts/Lindent $(wildcard *.[ch])
- /sbin/restorecon $(SBINDIR)/load_policy
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
diff --git a/policycoreutils/man/Makefile
b/policycoreutils/man/Makefile
index 0d91cd46..ae3d27b6 100644
--- a/policycoreutils/man/Makefile
+++ b/policycoreutils/man/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+MAN5DIR ?= /usr/share/man/man5
install: all
- mkdir -p $(MAN5DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
diff --git a/policycoreutils/newrole/Makefile
b/policycoreutils/newrole/Makefile
index 196af926..e687b6ab 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LOCALEDIR = /usr/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
install: all
- test -d $(BINDIR) || install -m 755 -d $(BINDIR)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
+ test -d $(DESTDIR)$(BINDIR) || install -m 755 -d
$(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d
$(DESTDIR)$(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man1
+ install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
+ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
ifeq ($(PAMH), y)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ test -d $(ETCDIR)/pam.d || install -m 755 -d
$(DESTDIR)$(ETCDIR)/pam.d
Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too.
Post by Petr Lautrbach
ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole-lspp.pamd
$(DESTDIR)$(ETCDIR)/pam.d/newrole
else
- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole.pamd
$(DESTDIR)$(ETCDIR)/pam.d/newrole
endif
endif
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(BINDIR)/newrole
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff --git a/policycoreutils/run_init/Makefile
b/policycoreutils/run_init/Makefile
index 921f0b07..8d8eb704 100644
--- a/policycoreutils/run_init/Makefile
+++ b/policycoreutils/run_init/Makefile
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LOCALEDIR ?= /usr/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 755 run_init $(SBINDIR)
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
$(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 755 run_init $(DESTDIR)$(SBINDIR)
+ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
+ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
ifeq ($(PAMH), y)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ install -m 644 run_init.pamd
$(DESTDIR)$(ETCDIR)/pam.d/run_init
endif
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(SBINDIR)/run_init
$(SBINDIR)/open_init_pty
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init
$(DESTDIR)$(SBINDIR)/open_init_pty
diff --git a/policycoreutils/scripts/Makefile
b/policycoreutils/scripts/Makefile
index d9e86ffe..a988144b 100644
--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= $(PREFIX)/share/locale
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
all: fixfiles
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 fixfiles $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
diff --git a/policycoreutils/secon/Makefile
b/policycoreutils/secon/Makefile
index 8e491d74..c03f0d7d 100644
--- a/policycoreutils/secon/Makefile
+++ b/policycoreutils/secon/Makefile
@@ -1,5 +1,5 @@
# secon tool - command-line context
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
@@ -18,13 +18,13 @@ secon: secon.o
install-nogui: install
install: all
- install -m 755 secon $(BINDIR);
+ install -m 755 secon $(DESTDIR)$(BINDIR);
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m 644 secon.1 $(MANDIR)/man1
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man1
+ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
- /sbin/restorecon $(BINDIR)/secon
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
rm -f *.o core* secon *~ *.bak
diff --git a/policycoreutils/semodule/Makefile
b/policycoreutils/semodule/Makefile
index fffb43ac..7c257bf5 100644
--- a/policycoreutils/semodule/Makefile
+++ b/policycoreutils/semodule/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
ln -sf semodule genhomedircon
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
- (cd $(SBINDIR); ln -sf semodule genhomedircon)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semodule $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
diff --git a/policycoreutils/sestatus/Makefile
b/policycoreutils/sestatus/Makefile
index 41ca6832..130b764b 100644
--- a/policycoreutils/sestatus/Makefile
+++ b/policycoreutils/sestatus/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
@@ -14,14 +14,14 @@ all: sestatus
sestatus: sestatus.o
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
- -mkdir -p $(SBINDIR)
- install -m 755 sestatus $(SBINDIR)
- install -m 644 sestatus.8 $(MANDIR)/man8
- install -m 644 sestatus.conf.5 $(MANDIR)/man5
- -mkdir -p $(ETCDIR)
- install -m 644 sestatus.conf $(ETCDIR)
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 sestatus $(DESTDIR)$(SBINDIR)
+ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(ETCDIR)
+ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
rm -f sestatus *.o
diff --git a/policycoreutils/setfiles/Makefile
b/policycoreutils/setfiles/Makefile
index c08e2dd1..4e56698f 100644
--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g"
setfiles.8.man
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 setfiles $(SBINDIR)
- (cd $(SBINDIR) && ln -sf setfiles restorecon)
- install -m 755 restorecon_xattr $(SBINDIR)
- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
- install -m 644 restorecon_xattr.8
$(MANDIR)/man8/restorecon_xattr.8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setfiles $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
+ install -m 644 setfiles.8.man
$(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 restorecon.8
$(DESTDIR)$(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon_xattr.8
$(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
rm -f setfiles restorecon restorecon_xattr *.o
setfiles.8.man
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- $(SBINDIR)/restorecon $(SBINDIR)/setfiles
$(SBINDIR)/restorecon_xattr
+ $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles
$(DESTDIR)$(SBINDIR)/restorecon_xattr
diff --git a/policycoreutils/setsebool/Makefile
b/policycoreutils/setsebool/Makefile
index bc254dab..f3379be9 100644
--- a/policycoreutils/setsebool/Makefile
+++ b/policycoreutils/setsebool/Makefile
@@ -1,10 +1,10 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +17,12 @@ all: setsebool
setsebool: $(SETSEBOOL_OBJS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 setsebool.8 $(MANDIR)/man8/
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/setsebool
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setsebool $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
diff --git a/python/audit2allow/Makefile
b/python/audit2allow/Makefile
index 8db8075f..02526fa7 100644
--- a/python/audit2allow/Makefile
+++ b/python/audit2allow/Makefile
@@ -1,7 +1,7 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
@@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W
all: audit2why sepolgen-ifgen-attr-helper
-sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
$(LIBSEPOLA)
+sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
$(DESTDIR)$(LIBSEPOLA)
ln -sf audit2allow audit2why
@@ -22,14 +22,14 @@ test: all
@$(PYTHON) test_audit2allow.py -v
install: all
- -mkdir -p $(BINDIR)
- install -m 755 audit2allow $(BINDIR)
- (cd $(BINDIR); ln -sf audit2allow audit2why)
- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2allow.1 $(MANDIR)/man1/
- install -m 644 audit2why.1 $(MANDIR)/man1/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 audit2allow $(DESTDIR)$(BINDIR)
+ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
+ install -m 755 sepolgen-ifgen-attr-helper
$(DESTDIR)$(BINDIR)
+ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man1
+ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
+ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
rm -f *~ *.o sepolgen-ifgen-attr-helper
diff --git a/python/chcat/Makefile b/python/chcat/Makefile
index 0fd12d6d..890033e2 100644
--- a/python/chcat/Makefile
+++ b/python/chcat/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= $(PREFIX)/share/locale
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
all: chcat
install: all
- -mkdir -p $(BINDIR)
- install -m 755 chcat $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 chcat.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 chcat $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
diff --git a/python/semanage/Makefile b/python/semanage/Makefile
index 60c36a3a..bd02e9e9 100644
--- a/python/semanage/Makefile
+++ b/python/semanage/Makefile
@@ -1,29 +1,29 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
PYLIBVER ?= $(shell $(PYTHON) -c 'import sys;print("python%d.%d" %
sys.version_info[0:2])')
PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
TARGETS=semanage
-BASHCOMPLETIONS=semanage-bash-completion.sh
+BASHCOMPLETIONS=semanage-bash-completion.sh
all: $(TARGETS)
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 semanage $(SBINDIR)
- install -m 644 *.8 $(MANDIR)/man8
- test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d
$(PYTHONLIBDIR)/site-packages
- install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/semanage
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semanage $(DESTDIR)$(SBINDIR)
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages || install
-m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
+ install -m 755 seobject.py $(DESTDIR)$(PYTHONLIBDIR)/site-
packages
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
@$(PYTHON) test-semanage.py -a
diff --git a/python/sepolgen/src/sepolgen/Makefile
b/python/sepolgen/src/sepolgen/Makefile
index d3aa7715..12ef0827 100644
--- a/python/sepolgen/src/sepolgen/Makefile
+++ b/python/sepolgen/src/sepolgen/Makefile
@@ -1,12 +1,12 @@
PYTHON ?= python
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig
import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen
install: all
- -mkdir -p $(PACKAGEDIR)
- install -m 644 *.py $(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(PACKAGEDIR)
+ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
rm -f parser.out parsetab.py
diff --git a/python/sepolgen/src/share/Makefile
b/python/sepolgen/src/share/Makefile
index abf5e451..1a7133cb 100644
--- a/python/sepolgen/src/share/Makefile
+++ b/python/sepolgen/src/share/Makefile
@@ -1,10 +1,10 @@
-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+SHAREDIR ?= /var/lib/sepolgen
install: all
- -mkdir -p $(SHAREDIR)
- install -m 644 perm_map $(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
- rm -f *~
\ No newline at end of file
+ rm -f *~
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
index 5a56e6c8..c75dce73 100644
--- a/python/sepolicy/Makefile
+++ b/python/sepolicy/Makefile
@@ -1,13 +1,13 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
BINDIR ?= $(PREFIX)/bin
DATADIR ?= $(PREFIX)/share
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
SHAREDIR ?= $(PREFIX)/share/sandbox
CFLAGS ?= -Wall -Werror -Wextra -W
override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --
root $(DESTDIR)`
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
- -mkdir -p $(MANDIR)/man8
- install -m 644 *.8 $(MANDIR)/man8
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/sepolicy
+ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
diff --git a/restorecond/Makefile b/restorecond/Makefile
index ada94aeb..a9a57b48 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -1,17 +1,17 @@
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
LIBDIR ?= $(PREFIX)/lib
MANDIR = $(PREFIX)/share/man
-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+AUTOSTARTDIR = /etc/xdg/autostart
+DBUSSERVICEDIR = /usr/share/dbus-1/services
+SYSTEMDDIR ?= /usr/lib/systemd
autostart_DATA = sealertauto.desktop
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INITDIR ?= /etc/rc.d/init.d
+SELINUXDIR = /etc/selinux
DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1)
DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
@@ -39,23 +39,23 @@ restorecond: restore.o restorecond.o
utmpwatcher.o stringslist.o user.o watch.o
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecond $(SBINDIR)
- install -m 644 restorecond.8 $(MANDIR)/man8
- -mkdir -p $(INITDIR)
- install -m 755 restorecond.init $(INITDIR)/restorecond
- -mkdir -p $(SELINUXDIR)
- install -m 644 restorecond.conf
$(SELINUXDIR)/restorecond.conf
- install -m 644 restorecond_user.conf
$(SELINUXDIR)/restorecond_user.conf
- -mkdir -p $(AUTOSTARTDIR)
- install -m 644 restorecond.desktop
$(AUTOSTARTDIR)/restorecond.desktop
- -mkdir -p $(DBUSSERVICEDIR)
- install -m 600
org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restor
econd.service
- -mkdir -p $(SYSTEMDDIR)/system
- install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 restorecond $(DESTDIR)$(SBINDIR)
+ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(INITDIR)
+ install -m 755 restorecond.init
$(DESTDIR)$(INITDIR)/restorecond
+ -mkdir -p $(DESTDIR)$(SELINUXDIR)
+ install -m 644 restorecond.conf
$(DESTDIR)$(SELINUXDIR)/restorecond.conf
+ install -m 644 restorecond_user.conf
$(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
+ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
+ install -m 644 restorecond.desktop
$(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ install -m 600
org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.seli
nux.Restorecond.service
+ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 restorecond.service
$(DESTDIR)$(SYSTEMDDIR)/system/
relabel: install
- /sbin/restorecon $(SBINDIR)/restorecond
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
-rm -f restorecond *.o *~
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 05c3d658..9c78041c 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -1,8 +1,8 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
+PREFIX ?= /usr
+SYSCONFDIR ?= /etc/sysconfig
LIBDIR ?= $(PREFIX)/lib
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
@@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
seunshare: $(SEUNSHARE_OBJS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 sandbox.8 $(MANDIR)/man8/
- install -m 644 seunshare.8 $(MANDIR)/man8/
- -mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.5 $(MANDIR)/man5/
- -mkdir -p $(SBINDIR)
- install -m 4755 seunshare $(SBINDIR)/
- -mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
- install -m 755 start $(SHAREDIR)
- -mkdir -p $(SYSCONFDIR)
- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sandbox $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
@$(PYTHON) test_sandbox.py -v
diff --git a/secilc/Makefile b/secilc/Makefile
index 1cac53e4..597b4a27 100644
--- a/secilc/Makefile
+++ b/secilc/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -41,12 +41,12 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
$(XMLTO) man $(SECIL2CONF_MANPAGE).xml
install: all man
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(SECILC) $(BINDIR)
- install -m 755 $(SECIL2CONF) $(BINDIR)
- install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
- install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+ install -m 644 $(SECIL2CONF_MANPAGE)
$(DESTDIR)$(MANDIR)/man8
$(MAKE) -C docs
diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-
utils/semodule_deps/Makefile
index 328a5030..7b106781 100644
--- a/semodule-utils/semodule_deps/Makefile
+++ b/semodule-utils/semodule_deps/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W
all: semodule_deps
-semodule_deps: semodule_deps.o $(LIBSEPOLA)
+semodule_deps: semodule_deps.o $(DESTDIR)$(LIBSEPOLA)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_deps $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_deps.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/
diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-
utils/semodule_expand/Makefile
index 072f2137..58d2d3cb 100644
--- a/semodule-utils/semodule_expand/Makefile
+++ b/semodule-utils/semodule_expand/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_expand
semodule_expand: semodule_expand.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_expand.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/
diff --git a/semodule-utils/semodule_link/Makefile b/semodule-
utils/semodule_link/Makefile
index cc4687bd..178bea30 100644
--- a/semodule-utils/semodule_link/Makefile
+++ b/semodule-utils/semodule_link/Makefile
@@ -1,6 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
+INCLUDEDIR ?= /include
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_link
semodule_link: semodule_link.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_link.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_link $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(PREFIX)$(MANDIR)/man8
Missing $(DESTDIR) in the final install location above.
Post by Petr Lautrbach
+ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
diff --git a/semodule-utils/semodule_package/Makefile b/semodule-
utils/semodule_package/Makefile
index 96dd7c4f..37bd0d4b 100644
--- a/semodule-utils/semodule_package/Makefile
+++ b/semodule-utils/semodule_package/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
BINDIR ?= $(PREFIX)/bin
LIBDIR ?= $(PREFIX)/lib
@@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
semodule_package: semodule_package.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
- install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_package $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 semodule_unpackage.8
$(DESTDIR)$(MANDIR)/man8/
Stephen Smalley
2017-06-22 16:45:48 UTC
Permalink
Post by Stephen Smalley
Hmm...seems like we're still using DESTDIR for more than just install.
So either the patch or the patch description isn't quite right.
The original usage of make DESTDIR in selinux was to support
building
and installing to a private directory, so we wanted it to affect more
than just install.  If we truly make this transition to conform to
the
GNU standards, then we still need a clean way of building and
installing to a private directory for local testing.  The top-level
Makefile has a workaround currently of automatically defining CFLAGS
and LDFLAGS when DESTDIR is defined, but that has a side effect: it
suppresses any non-override CFLAGS and LDFLAGS definitions in the
Makefiles, so then we no longer get all of the warning options enabled
in such local builds like we used to do.  All of this leaves me
wondering about whether we ought to just revert the earlier changes and
preserve our usage of DESTDIR, even if it doesn't correspond to GNU.
PREFIX could be used for the case you described and DESTDIR would be 
used just for installing to a different root directory.
Doesn't help with the CFLAGS/LDFLAGS issue; prior to fcb5d5cc7211, the
Makefiles would automatically add -I$(INCLUDEDIR)and -L(LIBDIR) and
therefore build with the private copies of the headers and libraries
rather than the system ones. Since that commit, we have to separately
specify CFLAGS/LDFLAGS, which in turn suppresses any non-override
CFLAGS/LDFLAGS definitions (which suppresses many warnings on such
builds).

Also, I could be wrong but I thought prefix meant something else in the
GNU standards too, e.g. the prefix for files used by the program at
runtime, not necessarily the compilation. So I think we are out of
spec on both DESTDIR and PREFIX. Whether or not that matters I'm not
sure. What exactly is the problem with keeping -I$(INCLUDEDIR) and
-L(LIBDIR) in the Makefiles? I saw the gentoo issue but I'm not clear
on exactly what breaks and why.
     $ make DESTDIR=/selinux-DESTDIR 
LIBSEPOLA=/selinux-DESTDIR/usr/lib/libsepol.a install install-pywrap 
install-rubywrap
     $ head -n 2 /selinux-DESTDIR/usr/lib/pkgconfig/libsepol.pc
     prefix=//usr
     exec_prefix=${prefix}
vs
     $ make PREFIX=/selinux-PREFIX install install-pywrap install-
rubywrap
     $ head -n 2 /selinux-PREFIX/usr/lib/pkgconfig/libsepol.pc
     prefix=/selinux-PREFIX/usr
     exec_prefix=${prefix}
https://github.com/bachradsusi/SELinuxProject-selinux/commit/03d7e6a3
802aa5376fe6162f6e7f9a6314f2b028
https://github.com/bachradsusi/SELinuxProject-selinux/commit/ddf070fa
82a4331b8fe2d82f61929c1120a12630
They need more testing and some enhancements but for the first look
they 
seem to work. At least structure of directories seem to be same.
Post by Stephen Smalley
Post by Petr Lautrbach
  
-checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+checkmodule: $(CHECKMODOBJS) $(DESTDIR)$(LIBSEPOLA)
  
  %.o: %.c
@@ -46,15 +46,15 @@ lex.yy.c: policy_scan.l y.tab.c
   $(LEX) policy_scan.l
  
  install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
  
  relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
  
   -rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS)
y.tab.c
y.tab.h lex.yy.c
diff --git a/checkpolicy/test/Makefile
b/checkpolicy/test/Makefile
index 59fa4460..c9a8d4c5 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -1,7 +1,7 @@
  #
  # Makefile for building the dispol program
  #
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  BINDIR ?= $(PREFIX)/bin
  LIBDIR ?= $(PREFIX)/lib
  INCLUDEDIR ?= $(PREFIX)/include
@@ -11,9 +11,9 @@ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
  
  all: dispol dismod
  
-dispol: dispol.o $(LIBSEPOLA)
+dispol: dispol.o $(DESTDIR)$(LIBSEPOLA)
  
-dismod: dismod.o $(LIBSEPOLA)
+dismod: dismod.o $(DESTDIR)$(LIBSEPOLA)
Ditto
Post by Petr Lautrbach
  
   -rm -f dispol dismod *.o
diff --git a/gui/Makefile b/gui/Makefile
index 4fc2c1a1..52c3cab2 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= /usr
  BINDIR ?= $(PREFIX)/bin
  SHAREDIR ?= $(PREFIX)/share/system-config-selinux
  DATADIR ?= $(PREFIX)/share
@@ -24,29 +24,29 @@ usersPage.py
  all: $(TARGETS) system-config-selinux.py polgengui.py
  
  install: all
- -mkdir -p $(MANDIR)/man8
- -mkdir -p $(SHAREDIR)
- -mkdir -p $(BINDIR)
- -mkdir -p $(DATADIR)/pixmaps
- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
- -mkdir -p $(DATADIR)/polkit-1/actions/
- install -m 755 system-config-selinux.py $(SHAREDIR)
- install -m 755 system-config-selinux $(BINDIR)
- install -m 755 polgengui.py $(SHAREDIR)
- install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 system-config-selinux.8 $(MANDIR)/man8
- install -m 644 selinux-polgengui.8 $(MANDIR)/man8
- install -m 644 system-config-selinux.png
$(DATADIR)/pixmaps
- install -m 644 system-config-selinux.png
$(DATADIR)/icons/hicolor/24x24/apps
- install -m 644 system-config-selinux.png
$(DATADIR)/system-
config-selinux
- install -m 644 *.desktop $(DATADIR)/system-config-
selinux
This one seems to have been dropped accidentally rather than
augmented
with $(DESTDIR).
Post by Petr Lautrbach
- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
- install -m 644 sepolicy_256.png
$(DATADIR)/pixmaps/sepolicy.png
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py
$(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png
$(DESTDIR)$(DATADIR)/system-config-selinux
+ -mkdir -p $(DESTDIR) $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png
$(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
   for i in 16 22 32 48 256; do \
- mkdir -p $(DESTDIR)
$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
- install -m 644 sepolicy_$${i}.png
$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ mkdir -p
$(DESTDIR)/$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
+ install -m 644 sepolicy_$${i}.png
$(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
   done
- install -m 644 org.selinux.config.policy
$(DATADIR)/polkit-
1/actions/
+ install -m 644 org.selinux.config.policy
$(DESTDIR)$(DATADIR)/polkit-1/actions/
  
diff --git a/libselinux/include/Makefile
b/libselinux/include/Makefile
index 757a6c9c..c1d3fa15 100644
--- a/libselinux/include/Makefile
+++ b/libselinux/include/Makefile
@@ -1,12 +1,12 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCDIR ?= $(PREFIX)/include/selinux
  
  
  install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard selinux/*.h)
$(DESTDIR)$(INCDIR)
  
  
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 4306dd0e..6d65b682 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
  PKG_CONFIG ?= pkg-config
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
  INCLUDEDIR ?= $(PREFIX)/include
  PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
  PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
  PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t
in
imp.get_suffixes() if t == imp.C_EXTENSION][0])')
  RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
RbConfig::CONFIG["rubyhdrdir"]')
  RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
  LIBBASE ?= $(shell basename $(LIBDIR))
  LIBSEPOLA ?= $(LIBDIR)/libsepol.a
  
../include/selinux/selinux.h
  $(AUDIT2WHYLOBJ): audit2why.c
   $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC
  
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
+$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(DESTDIR)$(LIBSEPOLA)
-lselinux
$(PYLIBS)
Here again with using DESTDIR outside of install.
Post by Petr Lautrbach
  
  %.o:  %.c policy.h
@@ -177,26 +177,26 @@ swigify: $(SWIGIF)
   $(SWIG) $<
  
  install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- ln -sf --relative $(SHLIBDIR)/$(LIBSO)
$(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
$(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755
-d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
$(DESTDIR)$(LIBDIR)/$(TARGET)
  
  install-pywrap: pywrap
- test -d $(PYSITEDIR)/selinux || install -m 755 -d
$(PYSITEDIR)/selinux
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO)
$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT)
$(PYSITEDIR)/selinux/__init__.py
+ test -d $(DESTDIR)$(PYSITEDIR)/selinux || install -m 755
-d
$(DESTDIR)$(PYSITEDIR)/selinux
+ install -m 755 $(SWIGSO)
$(DESTDIR)$(PYSITEDIR)/_selinux$(PYCEXT)
+ install -m 755 $(AUDIT2WHYSO)
$(DESTDIR)$(PYSITEDIR)/selinux/audit2why$(PYCEXT)
+ install -m 644 $(SWIGPYOUT)
$(DESTDIR)$(PYSITEDIR)/selinux/__init__.py
  
  install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d
$(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
$(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO)
$(DESTDIR)$(RUBYINSTALL)/selinux.so
  
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
  
   -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ)
$(AUDIT2WHYSO)
diff --git a/libselinux/utils/Makefile
b/libselinux/utils/Makefile
index 843b0e7c..882a6787 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
  SBINDIR ?= $(PREFIX)/sbin
  INCLUDEDIR ?= $(PREFIX)/include
@@ -63,8 +63,8 @@ sefcontext_compile: sefcontext_compile.o
../src/regex.o
  all: $(TARGETS)
  
  install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
  
   rm -f $(TARGETS) *.o *~
diff --git a/libsemanage/include/Makefile
b/libsemanage/include/Makefile
index b660660e..6e44a28a 100644
--- a/libsemanage/include/Makefile
+++ b/libsemanage/include/Makefile
@@ -1,12 +1,12 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCDIR ?= $(PREFIX)/include/semanage
  
  
  install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard semanage/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard semanage/*.h)
$(DESTDIR)$(INCDIR)
  
   ../../scripts/Lindent $(wildcard semanage/*.h)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index f01385c5..8c0b4557 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -8,17 +8,17 @@ RUBYPREFIX ?= $(notdir $(RUBY))
  PKG_CONFIG ?= pkg-config
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
  INCLUDEDIR ?= $(PREFIX)/include
  PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
  PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
+PYSITEDIR ?= $(shell $(PYTHON) -c 'import site;
print(site.getsitepackages()[0])')
  PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t
in
imp.get_suffixes() if t == imp.C_EXTENSION][0])')
  RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" +
RbConfig::CONFIG["rubyarchhdrdir"] + " -I" +
RbConfig::CONFIG["rubyhdrdir"]')
  RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" +
RbConfig::CONFIG["libdir"] + " -lruby"')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts
RbConfig::CONFIG["vendorarchdir"]')
  
  LIBBASE=$(shell basename $(LIBDIR))
  
@@ -136,26 +136,26 @@ swigify: $(SWIGIF)
   $(SWIG) $<
  
  install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- install -m 755 $(LIBSO) $(LIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755
-d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
   test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m
644
-D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
- cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+ cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
  
  install-pywrap: pywrap
- test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
- install -m 644 semanage.py $(PYSITEDIR)
+ test -d $(DESTDIR)$(PYSITEDIR) || install -m 755 -d
$(DESTDIR)$(PYSITEDIR)
+ install -m 755 $(SWIGSO)
$(DESTDIR)$(PYSITEDIR)/_semanage$(PYCEXT)
+ install -m 644 semanage.py $(DESTDIR)$(PYSITEDIR)
  
  
  install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d
$(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d
$(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO)
$(DESTDIR)$(RUBYINSTALL)/semanage.so
  
- /sbin/restorecon $(LIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
  
   -rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO)
$(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-
parse.h conf-scan.c *.o *.lo *~
diff --git a/libsemanage/tests/Makefile
b/libsemanage/tests/Makefile
index 2ef8d30d..8103cf8f 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
  
diff --git a/libsemanage/utils/Makefile
b/libsemanage/utils/Makefile
index 725f0eec..5b8fbb6b 100644
--- a/libsemanage/utils/Makefile
+++ b/libsemanage/utils/Makefile
@@ -1,13 +1,13 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBEXECDIR ?= $(PREFIX)/libexec
  SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
  
  
  install: all
- -mkdir -p $(SELINUXEXECDIR)
- install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
+ -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
+ install -m 755 semanage_migrate_store
$(DESTDIR)$(SELINUXEXECDIR)
  
  
diff --git a/libsepol/include/Makefile
b/libsepol/include/Makefile
index 56b7a114..49f817ce 100644
--- a/libsepol/include/Makefile
+++ b/libsepol/include/Makefile
@@ -1,17 +1,17 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCDIR ?= $(PREFIX)/include/sepol
  CILDIR ?= ../cil
  
  
  install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- test -d $(INCDIR)/policydb || install -m 755 -d
$(INCDIR)/policydb
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
- install -m 644 $(wildcard sepol/policydb/*.h)
$(INCDIR)/policydb
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
$(INCDIR)/cil
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d
$(DESTDIR)$(INCDIR)
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755
-d
$(DESTDIR)$(INCDIR)/policydb
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d
$(DESTDIR)$(INCDIR)/cil
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h)
$(DESTDIR)$(INCDIR)/policydb
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h)
$(DESTDIR)$(INCDIR)/cil
  
   ../../scripts/Lindent $(wildcard sepol/*.h)
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index 819d261b..4c7e23fa 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -1,8 +1,8 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= $(PREFIX)/lib
This yields a change in the default install location for
libsepol.so.1
(/lib -> /usr/lib).
Post by Petr Lautrbach
  RANLIB ?= ranlib
  LIBBASE ?= $(shell basename $(LIBDIR))
  CILDIR ?= ../cil
@@ -80,16 +80,16 @@ endif
  
  install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d
$(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO)
$(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d
$(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d
$(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755
-d
$(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
$(DESTDIR)$(LIBDIR)/$(TARGET)
  
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
  
   -rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA)
$(LIBSO)
$(TARGET) $(CIL_GENERATED)
diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
index fba1d8a0..31932c11 100644
--- a/libsepol/utils/Makefile
+++ b/libsepol/utils/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  BINDIR ?= $(PREFIX)/bin
  
  CFLAGS ?= -Wall -Werror
@@ -12,8 +12,8 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
  all: $(TARGETS)
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
  
   -rm -f $(TARGETS) *.o
diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
index 8e971192..dbd87f49 100644
--- a/mcstrans/man/Makefile
+++ b/mcstrans/man/Makefile
@@ -1,11 +1,11 @@
  # Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN8DIR ?= /usr/share/man/man8
  
  
  install: all
- mkdir -p $(MAN8DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
  
   -rm -f *~ \#*
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 709e1e02..be54e349 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -1,9 +1,9 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
-SBINDIR ?= $(DESTDIR)/sbin
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+SBINDIR ?= /sbin
+INITDIR ?= /etc/rc.d/init.d
+SYSTEMDDIR ?= /usr/lib/systemd
  
  PROG_SRC=mcstrans.c  mcscolor.c  mcstransd.c  mls_level.c
  PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
@@ -15,18 +15,18 @@ override CFLAGS += -D_GNU_SOURCE
-D_FILE_OFFSET_BITS=64
  all: $(PROG)
  
  $(PROG): $(PROG_OBJS)
$(LIBDIR)/libsepol.a
$(DESTDIR)$(LIBDIR)/libsepol.a
  
  %.o:  %.c
  
  install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- install -m 755 $(PROG) $(SBINDIR)
- test -d $(INITDIR) || install -m 755 -d $(INITDIR)
- install -m 755 $(INITSCRIPT).init
$(INITDIR)/$(INITSCRIPT)
- test -d $(SYSTEMDDIR)/system || install -m 755 -d
$(SYSTEMDDIR)/system
- install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d
$(DESTDIR)$(SBINDIR)
+ install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(INITDIR) || install -m 755 -d
$(DESTDIR)$(INITDIR)
+ install -m 755 $(INITSCRIPT).init
$(DESTDIR)$(INITDIR)/$(INITSCRIPT)
+ test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755
-d
$(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 mcstrans.service
$(DESTDIR)$(SYSTEMDDIR)/system/
  
   -rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS)
*~
\#*
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
index 4d3cbfcb..1364cece 100644
--- a/mcstrans/utils/Makefile
+++ b/mcstrans/utils/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
  SBINDIR ?= $(PREFIX)/sbin
  LIBSEPOLA ?= $(LIBDIR)/libsepol.a
@@ -12,11 +12,11 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
  
  all: $(TARGETS)
  
-$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+$(TARGETS): ../src/mcstrans.o ../src/mls_level.o
$(DESTDIR)$(LIBSEPOLA)
  
  install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
  
   ./mlstrans-test-runner.py ../test/*.test
diff --git a/policycoreutils/hll/pp/Makefile
b/policycoreutils/hll/pp/Makefile
index 3401dcc9..ed70c449 100644
--- a/policycoreutils/hll/pp/Makefile
+++ b/policycoreutils/hll/pp/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  MANDIR = $(PREFIX)/share/man
  LIBDIR ?= $(PREFIX)/lib
@@ -21,8 +21,8 @@ pp: $(PP_OBJS)
  
  install: all
- -mkdir -p $(HLLDIR)
- install -m 755 pp $(HLLDIR)
+ -mkdir -p $(DESTDIR)$(HLLDIR)
+ install -m 755 pp $(DESTDIR)$(HLLDIR)
  
  
diff --git a/policycoreutils/load_policy/Makefile
b/policycoreutils/load_policy/Makefile
index b85833c2..00f59aba 100644
--- a/policycoreutils/load_policy/Makefile
+++ b/policycoreutils/load_policy/Makefile
@@ -1,6 +1,6 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
  MANDIR ?= $(PREFIX)/share/man
  LOCALEDIR ?= /usr/share/locale
  
@@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
  all: $(TARGETS)
  
  install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d
$(MANDIR)/man8
- install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
  
   -rm -f $(TARGETS) *.o
   ../../scripts/Lindent $(wildcard *.[ch])
  
- /sbin/restorecon $(SBINDIR)/load_policy
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
diff --git a/policycoreutils/man/Makefile
b/policycoreutils/man/Makefile
index 0d91cd46..ae3d27b6 100644
--- a/policycoreutils/man/Makefile
+++ b/policycoreutils/man/Makefile
@@ -1,12 +1,12 @@
  # Installation directories.
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+MAN5DIR ?= /usr/share/man/man5
  
  
  
  install: all
- mkdir -p $(MAN5DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
  
diff --git a/policycoreutils/newrole/Makefile
b/policycoreutils/newrole/Makefile
index 196af926..e687b6ab 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -1,8 +1,8 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  BINDIR ?= $(PREFIX)/bin
  MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
  LOCALEDIR = /usr/share/locale
  PAMH ?= $(shell test -f /usr/include/security/pam_appl.h &&
echo y)
  AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
  
  install: all
- test -d $(BINDIR)      || install -m 755 -d $(BINDIR)
- test -d $(ETCDIR)/pam.d || install -m 755 -d
$(ETCDIR)/pam.d
- test -d $(MANDIR)/man1 || install -m 755 -d
$(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
+ test -d $(DESTDIR)$(BINDIR)      || install -m 755 -d
$(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d
$(DESTDIR)$(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man1
+ install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
+ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
  ifeq ($(PAMH), y)
- test -d $(ETCDIR)/pam.d || install -m 755 -d
$(ETCDIR)/pam.d
+ test -d $(ETCDIR)/pam.d || install -m 755 -d
$(DESTDIR)$(ETCDIR)/pam.d
Need to prefix the first $(ETCDIR)/pam.d with $(DESTDIR) too.
Post by Petr Lautrbach
  ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole-lspp.pamd
$(DESTDIR)$(ETCDIR)/pam.d/newrole
  else
- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole.pamd
$(DESTDIR)$(ETCDIR)/pam.d/newrole
  endif
  endif
  
   ../../scripts/Lindent $(wildcard *.[ch])
  
  relabel: install
- /sbin/restorecon $(BINDIR)/newrole
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff --git a/policycoreutils/run_init/Makefile
b/policycoreutils/run_init/Makefile
index 921f0b07..8d8eb704 100644
--- a/policycoreutils/run_init/Makefile
+++ b/policycoreutils/run_init/Makefile
@@ -1,9 +1,9 @@
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
  LOCALEDIR ?= /usr/share/locale
  PAMH ?= $(shell test -f /usr/include/security/pam_appl.h &&
echo y)
  AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
  
  
  install: all
- test -d $(SBINDIR)      || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d
$(MANDIR)/man8
- install -m 755 run_init $(SBINDIR)
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ test -d $(DESTDIR)$(SBINDIR)      || install -m 755 -d
$(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 755 run_init $(DESTDIR)$(SBINDIR)
+ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
+ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
  ifeq ($(PAMH), y)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ install -m 644 run_init.pamd
$(DESTDIR)$(ETCDIR)/pam.d/run_init
  endif
  
   ../../scripts/Lindent $(wildcard *.[ch])
  
  relabel: install
- /sbin/restorecon $(SBINDIR)/run_init
$(SBINDIR)/open_init_pty
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init
$(DESTDIR)$(SBINDIR)/open_init_pty
diff --git a/policycoreutils/scripts/Makefile
b/policycoreutils/scripts/Makefile
index d9e86ffe..a988144b 100644
--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
@@ -1,6 +1,6 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
  MANDIR ?= $(PREFIX)/share/man
  LOCALEDIR ?= $(PREFIX)/share/locale
  
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
  all: fixfiles
  
  install: all
- -mkdir -p $(SBINDIR)
- install -m 755 fixfiles $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
  
  
diff --git a/policycoreutils/secon/Makefile
b/policycoreutils/secon/Makefile
index 8e491d74..c03f0d7d 100644
--- a/policycoreutils/secon/Makefile
+++ b/policycoreutils/secon/Makefile
@@ -1,5 +1,5 @@
  # secon tool - command-line context
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  BINDIR ?= $(PREFIX)/bin
  MANDIR ?= $(PREFIX)/share/man
@@ -18,13 +18,13 @@ secon: secon.o
  install-nogui: install
  
  install: all
- install -m 755 secon $(BINDIR);
+ install -m 755 secon $(DESTDIR)$(BINDIR);
  
- test -d $(MANDIR)/man1 || install -m 755 -d
$(MANDIR)/man1
- install -m 644 secon.1 $(MANDIR)/man1
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man1
+ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
  
- /sbin/restorecon $(BINDIR)/secon
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
  
   rm -f *.o core* secon *~ *.bak
diff --git a/policycoreutils/semodule/Makefile
b/policycoreutils/semodule/Makefile
index fffb43ac..7c257bf5 100644
--- a/policycoreutils/semodule/Makefile
+++ b/policycoreutils/semodule/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR = $(PREFIX)/share/man
   ln -sf semodule genhomedircon
  
  install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
- (cd $(SBINDIR); ln -sf semodule genhomedircon)
- test -d $(MANDIR)/man8 || install -m 755 -d
$(MANDIR)/man8
- install -m 644 semodule.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semodule $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
  
  
diff --git a/policycoreutils/sestatus/Makefile
b/policycoreutils/sestatus/Makefile
index 41ca6832..130b764b 100644
--- a/policycoreutils/sestatus/Makefile
+++ b/policycoreutils/sestatus/Makefile
@@ -1,8 +1,8 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR = $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
+ETCDIR ?= /etc
  LIBDIR ?= $(PREFIX)/lib
  
  CFLAGS ?= -Werror -Wall -W
@@ -14,14 +14,14 @@ all: sestatus
  sestatus: sestatus.o
  
  install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
- -mkdir -p $(SBINDIR)
- install -m 755 sestatus $(SBINDIR)
- install -m 644 sestatus.8 $(MANDIR)/man8
- install -m 644 sestatus.conf.5 $(MANDIR)/man5
- -mkdir -p $(ETCDIR)
- install -m 644 sestatus.conf $(ETCDIR)
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 sestatus $(DESTDIR)$(SBINDIR)
+ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(ETCDIR)
+ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
  
   rm -f sestatus *.o
diff --git a/policycoreutils/setfiles/Makefile
b/policycoreutils/setfiles/Makefile
index c08e2dd1..4e56698f 100644
--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
@@ -1,6 +1,6 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
  MANDIR = $(PREFIX)/share/man
  LIBDIR ?= $(PREFIX)/lib
  AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
setfiles.8.man
  
  install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 setfiles $(SBINDIR)
- (cd $(SBINDIR) && ln -sf setfiles restorecon)
- install -m 755 restorecon_xattr $(SBINDIR)
- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
- install -m 644 restorecon_xattr.8
$(MANDIR)/man8/restorecon_xattr.8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setfiles $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
+ install -m 644 setfiles.8.man
$(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 restorecon.8
$(DESTDIR)$(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon_xattr.8
$(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
  
   rm -f setfiles restorecon restorecon_xattr *.o
setfiles.8.man
   ../../scripts/Lindent $(wildcard *.[ch])
  
  relabel: install
- $(SBINDIR)/restorecon $(SBINDIR)/setfiles
$(SBINDIR)/restorecon_xattr
+ $(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles
$(DESTDIR)$(SBINDIR)/restorecon_xattr
diff --git a/policycoreutils/setsebool/Makefile
b/policycoreutils/setsebool/Makefile
index bc254dab..f3379be9 100644
--- a/policycoreutils/setsebool/Makefile
+++ b/policycoreutils/setsebool/Makefile
@@ -1,10 +1,10 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR = $(PREFIX)/share/man
  LIBDIR ?= $(PREFIX)/lib
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
  
  CFLAGS ?= -Werror -Wall -W
  override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +17,12 @@ all: setsebool
  setsebool: $(SETSEBOOL_OBJS)
  
  install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 setsebool.8 $(MANDIR)/man8/
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/setsebool
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setsebool $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
  
  
diff --git a/python/audit2allow/Makefile
b/python/audit2allow/Makefile
index 8db8075f..02526fa7 100644
--- a/python/audit2allow/Makefile
+++ b/python/audit2allow/Makefile
@@ -1,7 +1,7 @@
  PYTHON ?= python
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  BINDIR ?= $(PREFIX)/bin
  LIBDIR ?= $(PREFIX)/lib
  MANDIR ?= $(PREFIX)/share/man
@@ -13,7 +13,7 @@ CFLAGS ?= -Werror -Wall -W
  
  all: audit2why sepolgen-ifgen-attr-helper
  
-sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
$(LIBSEPOLA)
+sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o
$(DESTDIR)$(LIBSEPOLA)
  
   ln -sf audit2allow audit2why
@@ -22,14 +22,14 @@ test: all
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 audit2allow $(BINDIR)
- (cd $(BINDIR); ln -sf audit2allow audit2why)
- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2allow.1 $(MANDIR)/man1/
- install -m 644 audit2why.1 $(MANDIR)/man1/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 audit2allow $(DESTDIR)$(BINDIR)
+ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
+ install -m 755 sepolgen-ifgen-attr-helper
$(DESTDIR)$(BINDIR)
+ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man1
+ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
+ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
  
   rm -f *~ *.o sepolgen-ifgen-attr-helper
diff --git a/python/chcat/Makefile b/python/chcat/Makefile
index 0fd12d6d..890033e2 100644
--- a/python/chcat/Makefile
+++ b/python/chcat/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  BINDIR ?= $(PREFIX)/bin
  MANDIR ?= $(PREFIX)/share/man
  LOCALEDIR ?= $(PREFIX)/share/locale
@@ -8,10 +8,10 @@ LOCALEDIR ?= $(PREFIX)/share/locale
  all: chcat
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 chcat $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 chcat.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 chcat $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
  
  
diff --git a/python/semanage/Makefile b/python/semanage/Makefile
index 60c36a3a..bd02e9e9 100644
--- a/python/semanage/Makefile
+++ b/python/semanage/Makefile
@@ -1,29 +1,29 @@
  PYTHON ?= python
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR = $(PREFIX)/share/man
  PYLIBVER ?= $(shell $(PYTHON) -c 'import
sys;print("python%d.%d" %
sys.version_info[0:2])')
  PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
  
  TARGETS=semanage
  
-BASHCOMPLETIONS=semanage-bash-completion.sh
+BASHCOMPLETIONS=semanage-bash-completion.sh
  
  all: $(TARGETS)
  
  install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 semanage $(SBINDIR)
- install -m 644 *.8 $(MANDIR)/man8
- test -d $(PYTHONLIBDIR)/site-packages || install -m 755
-d
$(PYTHONLIBDIR)/site-packages
- install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/semanage
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semanage $(DESTDIR)$(SBINDIR)
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ test -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages ||
install
-m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/site-packages
+ install -m 755 seobject.py
$(DESTDIR)$(PYTHONLIBDIR)/site-
packages
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
  
diff --git a/python/sepolgen/src/sepolgen/Makefile
b/python/sepolgen/src/sepolgen/Makefile
index d3aa7715..12ef0827 100644
--- a/python/sepolgen/src/sepolgen/Makefile
+++ b/python/sepolgen/src/sepolgen/Makefile
@@ -1,12 +1,12 @@
  PYTHON ?= python
  PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig
import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+PACKAGEDIR ?= $(PYTHONLIBDIR)/sepolgen
  
  
  install: all
- -mkdir -p $(PACKAGEDIR)
- install -m 644 *.py $(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(PACKAGEDIR)
+ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
  
   rm -f parser.out parsetab.py
diff --git a/python/sepolgen/src/share/Makefile
b/python/sepolgen/src/share/Makefile
index abf5e451..1a7133cb 100644
--- a/python/sepolgen/src/share/Makefile
+++ b/python/sepolgen/src/share/Makefile
@@ -1,10 +1,10 @@
-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+SHAREDIR ?= /var/lib/sepolgen
  
  
  install: all
- -mkdir -p $(SHAREDIR)
- install -m 644 perm_map $(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
  
- rm -f *~
\ No newline at end of file
+ rm -f *~
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
index 5a56e6c8..c75dce73 100644
--- a/python/sepolicy/Makefile
+++ b/python/sepolicy/Makefile
@@ -1,13 +1,13 @@
  PYTHON ?= python
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  LIBDIR ?= $(PREFIX)/lib
  BINDIR ?= $(PREFIX)/bin
  DATADIR ?= $(PREFIX)/share
  MANDIR ?= $(PREFIX)/share/man
  LOCALEDIR ?= /usr/share/locale
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-
completion/completions
+BASHCOMPLETIONDIR ?= /usr/share/bash-completion/completions
  SHAREDIR ?= $(PREFIX)/share/sandbox
  CFLAGS ?= -Wall -Werror -Wextra -W
  override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
  
   $(PYTHON) setup.py install `test -n "$(DESTDIR)" &&
echo --
root $(DESTDIR)`
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
- -mkdir -p $(MANDIR)/man8
- install -m 644 *.8 $(MANDIR)/man8
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS)
$(BASHCOMPLETIONDIR)/sepolicy
+ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p
$(DESTDIR)$(BINDIR)
+ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS)
$(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
  
diff --git a/restorecond/Makefile b/restorecond/Makefile
index ada94aeb..a9a57b48 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -1,17 +1,17 @@
  PKG_CONFIG ?= pkg-config
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  SBINDIR ?= $(PREFIX)/sbin
  LIBDIR ?= $(PREFIX)/lib
  MANDIR = $(PREFIX)/share/man
-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+AUTOSTARTDIR = /etc/xdg/autostart
+DBUSSERVICEDIR = /usr/share/dbus-1/services
+SYSTEMDDIR ?= /usr/lib/systemd
  
  autostart_DATA = sealertauto.desktop
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SELINUXDIR = $(DESTDIR)/etc/selinux
+INITDIR ?= /etc/rc.d/init.d
+SELINUXDIR = /etc/selinux
  
  DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-
glib-1)
  DBUSLIB = $(shell $(PKG_CONFIG) --libs dbus-glib-1)
@@ -39,23 +39,23 @@ restorecond:  restore.o restorecond.o
utmpwatcher.o stringslist.o user.o watch.o
  
  install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecond $(SBINDIR)
- install -m 644 restorecond.8 $(MANDIR)/man8
- -mkdir -p $(INITDIR)
- install -m 755 restorecond.init $(INITDIR)/restorecond
- -mkdir -p $(SELINUXDIR)
- install -m 644 restorecond.conf
$(SELINUXDIR)/restorecond.conf
- install -m 644 restorecond_user.conf
$(SELINUXDIR)/restorecond_user.conf
- -mkdir -p $(AUTOSTARTDIR)
- install -m 644 restorecond.desktop
$(AUTOSTARTDIR)/restorecond.desktop
- -mkdir -p $(DBUSSERVICEDIR)
- install -m 600
org.selinux.Restorecond.service  $(DBUSSERVICEDIR)/org.selinux.Re
stor
econd.service
- -mkdir -p $(SYSTEMDDIR)/system
- install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p
$(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 restorecond $(DESTDIR)$(SBINDIR)
+ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(INITDIR)
+ install -m 755 restorecond.init
$(DESTDIR)$(INITDIR)/restorecond
+ -mkdir -p $(DESTDIR)$(SELINUXDIR)
+ install -m 644 restorecond.conf
$(DESTDIR)$(SELINUXDIR)/restorecond.conf
+ install -m 644 restorecond_user.conf
$(DESTDIR)$(SELINUXDIR)/restorecond_user.conf
+ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
+ install -m 644 restorecond.desktop
$(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ install -m 600
org.selinux.Restorecond.service  $(DESTDIR)$(DBUSSERVICEDIR)/org.
seli
nux.Restorecond.service
+ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 restorecond.service
$(DESTDIR)$(SYSTEMDDIR)/system/
  relabel: install
- /sbin/restorecon $(SBINDIR)/restorecond
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
  
   -rm -f restorecond *.o *~
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 05c3d658..9c78041c 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -1,8 +1,8 @@
  PYTHON ?= python
  
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
+PREFIX ?= /usr
+SYSCONFDIR ?= /etc/sysconfig
  LIBDIR ?= $(PREFIX)/lib
  BINDIR ?= $(PREFIX)/bin
  SBINDIR ?= $(PREFIX)/sbin
@@ -18,20 +18,20 @@ all: sandbox seunshare sandboxX.sh start
  seunshare: $(SEUNSHARE_OBJS)
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 sandbox.8 $(MANDIR)/man8/
- install -m 644 seunshare.8 $(MANDIR)/man8/
- -mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.5 $(MANDIR)/man5/
- -mkdir -p $(SBINDIR)
- install -m 4755 seunshare $(SBINDIR)/
- -mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
- install -m 755 start $(SHAREDIR)
- -mkdir -p $(SYSCONFDIR)
- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sandbox $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf
$(DESTDIR)$(SYSCONFDIR)/sandbox
  
diff --git a/secilc/Makefile b/secilc/Makefile
index 1cac53e4..597b4a27 100644
--- a/secilc/Makefile
+++ b/secilc/Makefile
@@ -1,4 +1,4 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  BINDIR ?= $(PREFIX)/bin
  MANDIR ?= $(PREFIX)/share/man
  LIBDIR ?= $(PREFIX)/lib
$(SECIL2CONF_MANPAGE).xml
   $(XMLTO) man $(SECIL2CONF_MANPAGE).xml
  
  install: all man
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(SECILC) $(BINDIR)
- install -m 755 $(SECIL2CONF) $(BINDIR)
- install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
- install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ install -m 644 $(SECILC_MANPAGE)
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 $(SECIL2CONF_MANPAGE)
$(DESTDIR)$(MANDIR)/man8
  
   $(MAKE) -C docs
diff --git a/semodule-utils/semodule_deps/Makefile b/semodule-
utils/semodule_deps/Makefile
index 328a5030..7b106781 100644
--- a/semodule-utils/semodule_deps/Makefile
+++ b/semodule-utils/semodule_deps/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  BINDIR ?= $(PREFIX)/bin
  LIBDIR ?= $(PREFIX)/lib
@@ -10,13 +10,13 @@ CFLAGS ?= -Werror -Wall -W
  
  all: semodule_deps
  
-semodule_deps:  semodule_deps.o $(LIBSEPOLA)
+semodule_deps:  semodule_deps.o $(DESTDIR)$(LIBSEPOLA)
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_deps $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d
$(MANDIR)/man8
- install -m 644 semodule_deps.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_deps $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_deps.8 $(DESTDIR)$(MANDIR)/man8/
  
  
diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-
utils/semodule_expand/Makefile
index 072f2137..58d2d3cb 100644
--- a/semodule-utils/semodule_expand/Makefile
+++ b/semodule-utils/semodule_expand/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  BINDIR ?= $(PREFIX)/bin
  LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_expand
  semodule_expand:  semodule_expand.o
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d
$(MANDIR)/man8
- install -m 644 semodule_expand.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_expand.8
$(DESTDIR)$(MANDIR)/man8/
  
  
diff --git a/semodule-utils/semodule_link/Makefile b/semodule-
utils/semodule_link/Makefile
index cc4687bd..178bea30 100644
--- a/semodule-utils/semodule_link/Makefile
+++ b/semodule-utils/semodule_link/Makefile
@@ -1,6 +1,6 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
+INCLUDEDIR ?= /include
  BINDIR ?= $(PREFIX)/bin
  MANDIR ?= $(PREFIX)/share/man
  LIBDIR ?= $(PREFIX)/lib
@@ -13,10 +13,10 @@ all: semodule_link
  semodule_link:  semodule_link.o
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d
$(MANDIR)/man8
- install -m 644 semodule_link.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_link $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(PREFIX)$(MANDIR)/man8
Missing $(DESTDIR) in the final install location above.
Post by Petr Lautrbach
+ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
  
  
diff --git a/semodule-utils/semodule_package/Makefile b/semodule-
utils/semodule_package/Makefile
index 96dd7c4f..37bd0d4b 100644
--- a/semodule-utils/semodule_package/Makefile
+++ b/semodule-utils/semodule_package/Makefile
@@ -1,5 +1,5 @@
  # Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
  INCLUDEDIR ?= $(PREFIX)/include
  BINDIR ?= $(PREFIX)/bin
  LIBDIR ?= $(PREFIX)/lib
@@ -13,12 +13,12 @@ all: semodule_package semodule_unpackage
  semodule_package:  semodule_package.o
  
  install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
- install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d
$(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_package $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d
$(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_package.8
$(DESTDIR)$(MANDIR)/man8/
+ install -m 644 semodule_unpackage.8
$(DESTDIR)$(MANDIR)/man8/
  
  
Stephen Smalley
2017-06-23 17:07:28 UTC
Permalink
A third release candidate for the SELinux userspace is now available
at:
https://github.com/SELinuxProject/selinux/wiki/Releases

Please give it a test and let us know if there are any issues.

Changes from the -rc2 release:

Jason Zaman (2):
      libselinux utils: override LD{FLAGS, LIBS} for libselinux.so in
Makefile
      Makefiles: override *FLAGS and *LIBS

Nicolas Iooss (3):
      libsemanage/tests: fix linking
      gui: do not create /etc
      python/sepolicy: remove definition of SYSCONFDIR

Patrick Steinhardt (3):
      libsepol: replace non-standard use of __BEGIN_DECLS
      libselinux: avoid redefining _FORTIFY_SOURCE
      genhomedircon: avoid use of non-standard `getpwent_r`

Petr Lautrbach (1):
      mcstrans: Allow overriding libsepol.a location during build

Stephen Smalley (2):
      Fix BINDIR/SBINDIR/... variables in Makefiles
      Update VERSION files for 2.7-rc3 release.
Stephen Smalley
2017-06-30 17:53:28 UTC
Permalink
A fourth (and hopefully final) release candidate for the SELinux
userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases

Please give it a test and let us know if there are any issues.
Barring any significant further changes, a final 2.7 release is likely
the week of July 10th.

Changes from the -rc3 release:

Laurent Bigonville (1):
      Fix consistency of PYTHONLIBDIR variable across modules

Nicolas Iooss (3):
      Travis-CI: update the list of Ruby's and Python's versions
      libsepol/tests: override CPPFLAGS too
      Travis-CI: test defining CFLAGS, LDFLAGS, etc. on make command
line

Stephen Smalley (2):
      libselinux,libsemanage: fix RUBYLIBS definition
      Update VERSION files for 2.7-rc4 release.
Jason Zaman
2017-07-09 10:12:29 UTC
Permalink
https://bugs.gentoo.org/show_bug.cgi?id=621062
I'm fairly short on time lately. Does the patch in this bug seem right?
If it does can you apply it before the final release?

Thanks,
Jason
Post by Stephen Smalley
A fourth (and hopefully final) release candidate for the SELinux
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
Barring any significant further changes, a final 2.7 release is likely
the week of July 10th.
      Fix consistency of PYTHONLIBDIR variable across modules
      Travis-CI: update the list of Ruby's and Python's versions
      libsepol/tests: override CPPFLAGS too
      Travis-CI: test defining CFLAGS, LDFLAGS, etc. on make command
line
      libselinux,libsemanage: fix RUBYLIBS definition
      Update VERSION files for 2.7-rc4 release.
Stephen Smalley
2017-07-18 16:14:56 UTC
Permalink
A fifth release candidate for the SELinux userspace is now available
at:
https://github.com/SELinuxProject/selinux/wiki/Releases

Please give it a test and let us know if there are any issues.

Changes from the -rc4 release:

Stephen Smalley (4):
      open_init_pty: Do not make stdin and stdout non-blocking
      Revert "open_init_pty: Do not make stdin and stdout non-blocking"
      open_init_pty: restore stdin/stdout to blocking upon exit
      Update VERSION files for 2.7-rc5
Stephen Smalley
2017-08-04 18:57:20 UTC
Permalink
The 20170804 / 2.7 release for the SELinux userspace release is now
available from:
https://github.com/SELinuxProject/selinux/wiki/Releases

Below are some notes on this release for packagers and users of the
SELinux userspace.  git log and git shortlog output for all changes
since the 20161014 / 2.6 release are linked from the release page.
Thanks to all the contributors to this release!

If you notice corrections or additional items that should be added to
the release notes (below and also linked from the releases page), reply
to this message with your suggested changes/additions and we'll add
them to the one linked from the releases page too.

* This is the first release with the split up policycoreutils (see
https://www.mail-archive.com/***@tycho.nsa.gov/msg02914.html and
the rest of that thread). Fedora already packages many of these
components separately, although not always with the same organization
and naming scheme.  Note that a number of these components are not
necessary for basic use of SELinux and likely should not be installed
by default, e.g. selinux-dbus, selinux-gui, mcstrans, restorecond,
selinux-sandbox.

* libsepol now has binary module support for ioctl xperms rules
(module version 18), making it possible to use allowxperm rules in
modularly built refpolicy-based policies. Previously, ioctl xperms
rules were only supported in monolithic policy and in CIL modules. 
This change means that refpolicy and/or policies derived from it can
begin to leverage ioctl whitelisting, which has already been leveraged
for some time in Android policies, which do not rely on binary modules.

* This release introduces support for Infiniband object labeling,
including support for kernel policy version 31 and module version 19,
policy.conf and CIL language support, and semanage support.  The
corresponding kernel support was introduced in Linux v4.13.

* This release introduces support for building policies with the
extended_socket_class, cgroup_seclabel, and nnp_nosuid_transition
policy
capabilities enabled:

** The extended_socket_class policy capability allows distinctions to
be made in policy among socket address families that were previously
mapped to the generic socket class (e.g. bluetooth, nfc, and many
other socket address families that previously did not have their own
distinct security class) as well as for SCTP and ICMP/ping sockets
that were previously mapped to the rawip_socket class.  This policy
capability is supported by Linux v4.11 and later. Enabling this
capability
in policy requires reviewing existing rules on socket and rawip_socket
classes to determine whether they should be duplicated for the new
classes.

** The cgroup_seclabel policy capability allows userspace to set
labels on cgroup/cgroup2 files, enabling fine-grained labeling of
cgroup files by userspace.  This policy capability is also supported
by Linux v4.11 and later. Note that enabling this capability will
break current Android userspace/policy and requires introducing
appropriate file_contexts definitions for cgroup files (or a change to
the Android init program's handling of them) in order to avoid
mislabeling them.

** The nnp_nosuid_transition policy capability enables SELinux domain
transitions to occur under no_new_privs (NNP) or on nosuid mounts if
the corresponding permission (nnp_transition for NNP,
nosuid_transition for nosuid; both in the newly defined process2
security class / access vector) is allowed between the old and new
contexts.  This change was motivated by the increasing use of NNP by
systemd for confining system services and the desire to be able to
leverage NNP/nosuid-provided protections in combination with SELinux
rather than having to make undesirable tradeoffs in security. With
this policy capability enabled and the corresponding permissions
allowed where required, it should be possible to use upstream systemd
unit files without modification on SELinux-enabled systems.
NB: Allowing nnp_transition between two contexts opens up the
potential for the old context to subvert the new context by
installing seccomp filters before the execve.  Allowing
nosuid_transition between two contexts opens up the potential for
a context transition to occur on a file from an untrusted
filesystem (e.g. removable media or remote filesystem).  Use with
care.

* checkpolicy now supports generating CIL or policy.conf from a
kernel binary policy.  Sample usage is checkpolicy -M -C -b policy.N -o
policy.cil and checkpolicy -M -F -b policy.N -o policy.conf.  There is
also now a secil2conf program that can generate policy.conf from CIL,
e.g. secil2conf -o policy.conf policy.cil.

* Attribute generation and expansion has changed in several ways in
order to address kernel runtime performance issues that occur when
types have many attributes assigned to them while ensuring preservation
of attributes where desired.  Binary module to CIL conversion now
ensures that duplicate attributes are not generated for the same type
set. secilc now supports -G and -X options to force expansion of
automatically generated attributes (-G) and/or attributes that have
fewer than a specified number of types (-X number).  secilc will also
now more aggressively expand attributes based on whether they will
actually be used by the kernel, are needed for debugging denials by
audit2allow/why, or are needed for neverallow checking of binary
policies (in Android).  New statements are supported in policy.conf
(expandattribute) and in CIL (expandtypeattribute) to support
specifying in source policy that specific attributes should always be
expanded or never be expanded in order to override the default
behaviors in checkpolicy and secilc.

* checkpolicy/checkmodule now treats it as an error if a type is
declared as an attribute or vice versa in a require block.  Such
mismatches between declarations and require statements are an error in
policy and should be corrected in policy; refpolicy master should
already be fixed.

* A change to libsepol-internal data structures breaks the build of
setools4.  This is fixed by setools4 commit
743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch.  The
change was to align the libsepol structures with the kernel in order to
allow direct comparison of libsepol-generated policy files against
/sys/fs/selinux/policy after normalizing them through checkpolicy.

* audit2why now understands type bounds failures and reports them as
such, although it does not yet provide detailed reporting.  Detailed
bounds violation reporting can be obtained already by enabling expand-
check=1 in semanage.conf or by running semodule_expand (without -a) at
policy validation time.

* libsemanage now saves the linked policy and skips re-linking
whenever possible.  This significantly improves the performance and
memory overhead of semanage commands that do not affect policy modules
(setting booleans and adding, deleting, or modifying local context
mappings). Previously, libsemanage only skipped re-linking when setting
booleans as a special case, but this was found to have a bug that could
yield duplicate object context entries (e.g. portcon) in policy.  That
optimization was therefore reverted and replaced with this one, which
both fixes the bug and generalizes the optimization beyond just setting
booleans.  The change does bring an associated storage cost, primarily
storing an extra copy of the kernel policy file (if a concern, this
could be made optional but it seems well worth it). The first semanage
or setsebool -P command run with the new libsemanage will not
demonstrate any improvement due to needing to generate the linked
policy for the first time, but subsequent commands will leverage the
saved linked policy.

* libsemanage no longer depends on ustr.

* libselinux/utils Makefile now uses SBINDIR instead of USRBINDIR.

* mcstrans/utils Makefile now uses SBINDIR instead of BINDIR.

* Some packages (libselinux, checkpolicy, selinux-python,
semodule-utils and mcstrans) require LIBSEPOLA to be set to the
absolute path to libsepol.a when building with DESTDIR set.

* policycoreutils make install no longer creates a symlink from
/usr/sbin/load_policy to /sbin/load_policy.
Dominick Grift
2017-08-04 19:21:39 UTC
Permalink
Post by Stephen Smalley
The 20170804 / 2.7 release for the SELinux userspace release is now
https://github.com/SELinuxProject/selinux/wiki/Releases
Thanks for bringing us this new release!
Post by Stephen Smalley
Below are some notes on this release for packagers and users of the
SELinux userspace.  git log and git shortlog output for all changes
since the 20161014 / 2.6 release are linked from the release page.
Thanks to all the contributors to this release!
If you notice corrections or additional items that should be added to
the release notes (below and also linked from the releases page), reply
to this message with your suggested changes/additions and we'll add
them to the one linked from the releases page too.
* This is the first release with the split up policycoreutils (see
the rest of that thread). Fedora already packages many of these
components separately, although not always with the same organization
and naming scheme.  Note that a number of these components are not
necessary for basic use of SELinux and likely should not be installed
by default, e.g. selinux-dbus, selinux-gui, mcstrans, restorecond,
selinux-sandbox.
* libsepol now has binary module support for ioctl xperms rules
(module version 18), making it possible to use allowxperm rules in
modularly built refpolicy-based policies. Previously, ioctl xperms
rules were only supported in monolithic policy and in CIL modules. 
This change means that refpolicy and/or policies derived from it can
begin to leverage ioctl whitelisting, which has already been leveraged
for some time in Android policies, which do not rely on binary modules.
* This release introduces support for Infiniband object labeling,
including support for kernel policy version 31 and module version 19,
policy.conf and CIL language support, and semanage support.  The
corresponding kernel support was introduced in Linux v4.13.
* This release introduces support for building policies with the
extended_socket_class, cgroup_seclabel, and nnp_nosuid_transition
policy
** The extended_socket_class policy capability allows distinctions to
be made in policy among socket address families that were previously
mapped to the generic socket class (e.g. bluetooth, nfc, and many
other socket address families that previously did not have their own
distinct security class) as well as for SCTP and ICMP/ping sockets
that were previously mapped to the rawip_socket class.  This policy
capability is supported by Linux v4.11 and later. Enabling this
capability
in policy requires reviewing existing rules on socket and rawip_socket
classes to determine whether they should be duplicated for the new
classes.
** The cgroup_seclabel policy capability allows userspace to set
labels on cgroup/cgroup2 files, enabling fine-grained labeling of
cgroup files by userspace.  This policy capability is also supported
by Linux v4.11 and later. Note that enabling this capability will
break current Android userspace/policy and requires introducing
appropriate file_contexts definitions for cgroup files (or a change to
the Android init program's handling of them) in order to avoid
mislabeling them.
** The nnp_nosuid_transition policy capability enables SELinux domain
transitions to occur under no_new_privs (NNP) or on nosuid mounts if
the corresponding permission (nnp_transition for NNP,
nosuid_transition for nosuid; both in the newly defined process2
security class / access vector) is allowed between the old and new
contexts.  This change was motivated by the increasing use of NNP by
systemd for confining system services and the desire to be able to
leverage NNP/nosuid-provided protections in combination with SELinux
rather than having to make undesirable tradeoffs in security. With
this policy capability enabled and the corresponding permissions
allowed where required, it should be possible to use upstream systemd
unit files without modification on SELinux-enabled systems.
NB: Allowing nnp_transition between two contexts opens up the
potential for the old context to subvert the new context by
installing seccomp filters before the execve.  Allowing
nosuid_transition between two contexts opens up the potential for
a context transition to occur on a file from an untrusted
filesystem (e.g. removable media or remote filesystem).  Use with
care.
Linux support is expected with 4.14
Post by Stephen Smalley
* checkpolicy now supports generating CIL or policy.conf from a
kernel binary policy.  Sample usage is checkpolicy -M -C -b policy.N -o
policy.cil and checkpolicy -M -F -b policy.N -o policy.conf.  There is
also now a secil2conf program that can generate policy.conf from CIL,
e.g. secil2conf -o policy.conf policy.cil.
* Attribute generation and expansion has changed in several ways in
order to address kernel runtime performance issues that occur when
types have many attributes assigned to them while ensuring preservation
of attributes where desired.  Binary module to CIL conversion now
ensures that duplicate attributes are not generated for the same type
set. secilc now supports -G and -X options to force expansion of
automatically generated attributes (-G) and/or attributes that have
fewer than a specified number of types (-X number).  secilc will also
now more aggressively expand attributes based on whether they will
actually be used by the kernel, are needed for debugging denials by
audit2allow/why, or are needed for neverallow checking of binary
policies (in Android).  New statements are supported in policy.conf
(expandattribute) and in CIL (expandtypeattribute) to support
specifying in source policy that specific attributes should always be
expanded or never be expanded in order to override the default
behaviors in checkpolicy and secilc.
This statement (expandtypeattribute) should probably be documented in the secilc docs:

https://github.com/SELinuxProject/selinux/tree/master/secilc/docs
Post by Stephen Smalley
* checkpolicy/checkmodule now treats it as an error if a type is
declared as an attribute or vice versa in a require block.  Such
mismatches between declarations and require statements are an error in
policy and should be corrected in policy; refpolicy master should
already be fixed.
* A change to libsepol-internal data structures breaks the build of
setools4.  This is fixed by setools4 commit
743d2a0eaaae7d99302dd3099549ca7ad868eab on the master branch.  The
change was to align the libsepol structures with the kernel in order to
allow direct comparison of libsepol-generated policy files against
/sys/fs/selinux/policy after normalizing them through checkpolicy.
* audit2why now understands type bounds failures and reports them as
such, although it does not yet provide detailed reporting.  Detailed
bounds violation reporting can be obtained already by enabling expand-
check=1 in semanage.conf or by running semodule_expand (without -a) at
policy validation time.
* libsemanage now saves the linked policy and skips re-linking
whenever possible.  This significantly improves the performance and
memory overhead of semanage commands that do not affect policy modules
(setting booleans and adding, deleting, or modifying local context
mappings). Previously, libsemanage only skipped re-linking when setting
booleans as a special case, but this was found to have a bug that could
yield duplicate object context entries (e.g. portcon) in policy.  That
optimization was therefore reverted and replaced with this one, which
both fixes the bug and generalizes the optimization beyond just setting
booleans.  The change does bring an associated storage cost, primarily
storing an extra copy of the kernel policy file (if a concern, this
could be made optional but it seems well worth it). The first semanage
or setsebool -P command run with the new libsemanage will not
demonstrate any improvement due to needing to generate the linked
policy for the first time, but subsequent commands will leverage the
saved linked policy.
* libsemanage no longer depends on ustr.
* libselinux/utils Makefile now uses SBINDIR instead of USRBINDIR.
* mcstrans/utils Makefile now uses SBINDIR instead of BINDIR.
* Some packages (libselinux, checkpolicy, selinux-python,
semodule-utils and mcstrans) require LIBSEPOLA to be set to the
absolute path to libsepol.a when building with DESTDIR set.
* policycoreutils make install no longer creates a symlink from
/usr/sbin/load_policy to /sbin/load_policy.
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
Loading...