SEFlow: documentation for the macro "provide

documentation for the macro "provide_sandbox"

You can setup a sandbox to safely test the interactions of the different types defined in the policy by issuing the command

make sandbox-population

It is defined in the file build.m4.

m4 code:

define(`provide_sandbox',
`define(`_policy_documented_possibility_increments',
`The
linked_to_documentation(`provide_sandbox')
macro can be used as a facility to test the security contexts
without interfering with the running system.
')dnl
define(`_policy_makefile_increments',`
SANDBOX=$(TMPDIR)/seflow-sandbox

SANDBOXED=\
	/usr/bin/gcc\
	/lib/libc.so.6\
	/lib/ld-linux.so.2

$(SANDBOX): Makefile
	mkdir -p $(SANDBOX)/usr/bin $(SANDBOX)/lib $(SANDBOX)/tmp

sandbox-population: $(SANDBOX)
	for file in $(SANDBOXED);do cp $$file $(SANDBOX)$$file;done
	echo "#include<stdio.h>">$(SANDBOX)/tmp/hello.c
	echo "int main(){printf(\"I am GPL-licensed!\\n\");}"\
		>>$(SANDBOX)/tmp/hello.c
	/usr/sbin/setfilecon gpl_compiled_u:gpl_compiled_r:gpl_compiled_t\
		$(SANDBOX)/usr/bin/gcc
	/usr/sbin/setfilecon gpl_u:gpl_r:gpl_t $(SANDBOX)/tmp/hello.c
'_policy_makefile_increments)')