New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Makefile: add target rebuild-interface-db #201
Conversation
Makefile
Outdated
rebuild-interface-db: | ||
$(verbose) rm -rf $(headerdir) | ||
$(verbose) $(MAKE) install-headers | ||
$(verbose) $(SEPOLGEN_IFGEN) $(VERBOSE_FLAG) -i $(headerdir) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be reworked to have build-interface-db
and rebuild-interface-db
targets which would work like the load
and reload
targets in the Rules.monolithic
.
3421690
to
bdf6ec0
Compare
Makefile
Outdated
build-interface-db: install-headers | ||
$(verbose) $(SEPOLGEN_IFGEN) $(VERBOSE_FLAG) -i $(headerdir) | ||
|
||
rebuild-interface-db: | ||
$(verbose) rm -rf $(headerdir) | ||
$(verbose) $(MAKE) build-interface-db |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't something like this work, without having to recursively call this makefile:
build-interface-db: install-headers $(tmpdir)/load
rebuild-interface-db $(tmpdir)/load:
$(verbose) $(SEPOLGEN_IFGEN) $(VERBOSE_FLAG) -i $(headerdir)
@touch $(tmpdir)/load
If something in headerdir needs to be deleted, my preference would be not to delete everything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does not seem to be addressed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The initial design for the targets was:
build-*
: generate the interface - always runsepolgen-ifgen
, so calling the target twice generates the database twicerebuild-*
: generate the interface but assure that no leftover interfaces are in the header directory (after a re-factorization, removal of an module ...)
But since Refpolicy takes backward-compatibility serious the reasons for the rebuild-*
target probably do not apply.
Dropped the rebuild-*
target.
refpolicy/policy/modules/system/userdomain.if Line 185 in 41963e7
refpolicy/policy/modules/kernel/storage.if Line 133 in 41963e7
refpolicy/policy/modules/kernel/devices.if Line 2805 in 41963e7
refpolicy/policy/modules/kernel/devices.if Line 2883 in 41963e7
refpolicy/policy/modules/kernel/devices.if Line 2959 in 41963e7
I think it doesn't like a) quoted arguments to |
938ccc3
to
5990d9f
Compare
With the patches from SELinuxProject/selinux#247, the |
Build the policy interface database with 'sepolgen-ifgen'. This database is required for reference style policy generation by 'audit2allow --reference' Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Match the overall style and please sepolgen-ifgen Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Match the style of tunable_policy and gen_tunable statements in userdomain Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Rebuild the policy interface database with 'sepolgen-ifgen'.
This database is required for reference style policy generation by
'audit2allow --reference'