On Thu, Jan 14, 2010 at 12:44 PM, Stephen Smalley <[email protected]> wrote: > On Thu, 2010-01-14 at 15:35 -0500, Stephen Smalley wrote: >> I guess I'm not being clear. Most of the work presently done by 'load' >> can be done during make all/install. In particular, everything except >> for running semodule -i can be done during make all, and then make >> install should just copy test_policy.pp (the output of make all) to >> the /opt/ltp tree. Then test_selinux.sh only needs to run semodule >> -i /path/to/test_policy.pp before the tests and semodule -r test_policy >> afterward. We can also avoid copying test_policy.te to the system >> policy devel directory altogether. Something like this patch (and >> Makefile.selinux can then be removed altogether): > > Oops, wrong variable expansion syntax in test_selinux.sh. Corrected > patch is below. This one actually runs ;) > > Index: testscripts/test_selinux.sh > =================================================================== > RCS file: /cvsroot/ltp/ltp/testscripts/test_selinux.sh,v > retrieving revision 1.15 > diff -u -r1.15 test_selinux.sh > --- testscripts/test_selinux.sh 13 Jan 2010 18:50:53 -0000 1.15 > +++ testscripts/test_selinux.sh 14 Jan 2010 20:41:22 -0000 > @@ -89,11 +89,10 @@ > config_allow_domain_fd_use 0 > > # build and install the test policy... > -echo "building and installing test_policy module..." > -cd $POLICYDIR > -make load > +echo "installing test_policy module..." > +$SEMODULE -i $POLICYDIR/test_policy.pp > if [ $? != 0 ]; then > - echo "Failed to build and load test_policy module, aborting test run." > + echo "Failed to install load test_policy module, aborting test run." > config_unset_expandcheck > exit 1 > else > @@ -126,8 +125,7 @@ > /usr/bin/chcon -t $SAVEBINTYPE $LTPROOT/testcases/bin > > echo "Removing test_policy module..." > -cd $POLICYDIR > -make cleanup 2>&1 > +$SEMODULE -r test_policy > if [ $? != 0 ]; then > echo "Failed to remove test_policy module." > exit 1 > Index: testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > =================================================================== > RCS file: > /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile,v > retrieving revision 1.17 > diff -u -r1.17 Makefile > --- testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 > Jan 2010 12:40:58 -0000 1.17 > +++ testcases/kernel/security/selinux-testsuite/refpolicy/Makefile 14 > Jan 2010 20:41:22 -0000 > @@ -39,10 +39,11 @@ > > CHECKPOLICY ?= $(DESTDIR)/usr/bin/checkpolicy > CHECKPOLICY_VERS ?= $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > +POLICY_DEVEL_DIR ?= $(DESTDIR)/usr/share/selinux/devel > > INSTALL_DIR := > testcases/kernel/security/selinux-testsuite/refpolicy > > -INSTALL_TARGETS := Makefile.selinux > +INSTALL_TARGETS := test_policy.pp > > TEST_POLICY_DIR := $(abs_srcdir)/policy_files > > @@ -63,8 +64,17 @@ > POLICY_FILES := test_global.te \ > $(filter-out test_global.te,$(notdir $(wildcard > $(TEST_POLICY_DIR)/*.te))) > > +all: test_policy.pp > + > +test_policy.pp: test_policy.te > + @set -e; if [ -d "$(POLICY_DEVEL_DIR)" ]; then \ > + $(MAKE) -f $(POLICY_DEVEL_DIR)/Makefile test_policy.pp; \ > + else \ > + echo "ERROR: You must have selinux-policy?-devel? installed."; \ > + false; \ > + fi > + > test_policy.te: $(addprefix $(TEST_POLICY_DIR)/,$(POLICY_FILES)) > (cd "$(TEST_POLICY_DIR)" && cat $(POLICY_FILES)) > $@ > > include $(top_srcdir)/include/mk/generic_leaf_target.mk > -include $(abs_srcdir)/Makefile.selinux
Cool! This is a lot easier than I originally thought it would be. Everything specified with all should be specified instead with the MAKE_TARGETS variable. This is because it adds everything in MAKE_TARGETS to variables (CLEAN_TARGETS, INSTALL_TARGETS), which then handle it appropriately via clean and install. All I have to do after this is resolve the (semodule?) security bit enabling for the tests, and we'll be in good shape for all build, install, and test scenarios with selinux. Thanks! -Garrett ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
