commit: e51e839b198fb014732315fa4b8398134a31c3a8
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Tue Feb 18 23:26:33 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Mar 17 08:19:25 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e51e839b
Fix parallel build of the policy
Before this commit, "make -j2" would execute twice at the same time the rules
written to build tmp/all_post.conf because these rules were applied every time
tmp/all_post.conf, tmp/all_attrs_types.conf and tmp/only_te_rules.conf needed
to be built. However, executing twice in parallel such line is buggy:
$(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> \
tmpdir)/all_post.conf
This is why "make" reports following error for parallel builds:
Compiling refpolicy-patched base module
/usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod
/usr/bin/checkmodule: loading policy configuration from base.conf
policy/modules/kernel/ubac.te":710:ERROR 'syntax error' at token
'fs_use_trans' on line 26520:
fs_use_trans devtmpfs system_u:object_r:device_t:s0;
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/base.mod] Error 1
This commit fixes this bug by splitting the rules in 3 different targets, in
both monolithic and modular builds.
---
Rules.modular | 24 ++++++++++++++----------
Rules.monolithic | 24 ++++++++++++++----------
2 files changed, 28 insertions(+), 20 deletions(-)
diff --git a/Rules.modular b/Rules.modular
index 58e94da..2c5f5ff 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -157,17 +157,21 @@ $(tmpdir)/post_te_files.conf: $(m4support)
$(tmpdir)/generated_definitions.conf
# extract attributes and put them first. extract post te stuff
# like genfscon and put last.
-$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf
$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf
$(tmpdir)/post_te_files.conf
- $(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT)
> $(tmpdir)/all_attrs_types.conf
- $(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
+$(tmpdir)/all_attrs_types.conf: $(tmpdir)/all_te_files.conf
+ $(verbose) $(get_type_attr_decl) $^ | $(SORT) > $@
+
+$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf
$(tmpdir)/post_te_files.conf
+ $(verbose) cat $(tmpdir)/post_te_files.conf > $@
# these have to run individually because order matters:
- $(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) '^fs_use_(xattr|task|trans)'
$(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf >
$(tmpdir)/only_te_rules.conf
+ $(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) '^fs_use_(xattr|task|trans)'
$(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $@ || true
+
+$(tmpdir)/only_te_rules.conf: $(tmpdir)/all_te_files.conf
+ $(verbose) $(comment_move_decl) $^ > $@
########################################
#
diff --git a/Rules.monolithic b/Rules.monolithic
index 7e77c03..b635952 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -144,17 +144,21 @@ $(tmpdir)/post_te_files.conf: $(m4support)
$(tmpdir)/generated_definitions.conf
# extract attributes and put them first. extract post te stuff
# like genfscon and put last.
-$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf
$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf
$(tmpdir)/post_te_files.conf
- $(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT)
> $(tmpdir)/all_attrs_types.conf
- $(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
+$(tmpdir)/all_attrs_types.conf: $(tmpdir)/all_te_files.conf
+ $(verbose) $(get_type_attr_decl) $^ | $(SORT) > $@
+
+$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf
$(tmpdir)/post_te_files.conf
+ $(verbose) cat $(tmpdir)/post_te_files.conf > $@
# these have to run individually because order matters:
- $(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) '^fs_use_(xattr|task|trans)'
$(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >>
$(tmpdir)/all_post.conf || true
- $(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf >
$(tmpdir)/only_te_rules.conf
+ $(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) '^fs_use_(xattr|task|trans)'
$(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $@ || true
+ $(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $@ || true
+
+$(tmpdir)/only_te_rules.conf: $(tmpdir)/all_te_files.conf
+ $(verbose) $(comment_move_decl) $^ > $@
########################################
#
