From: Chris PeBenito <pebenito@ieee.org>
To: Ashish Mishra <ashishm@mvista.com>,
Richard Haines <richard_c_haines@btinternet.com>
Cc: selinux-refpolicy@vger.kernel.org, Paul Moore <paul@paul-moore.com>
Subject: Re: How is policy.31 created from modules under /usr/share/selinux
Date: Tue, 8 Dec 2020 10:36:37 -0500 [thread overview]
Message-ID: <2806a33b-87ad-61b1-9143-5a24d770a180@ieee.org> (raw)
In-Reply-To: <CAP2Ojcg7DgQsEHJP3TZj=Q9NjZjqb3ugw+D2UYC4qmqt-PcZWw@mail.gmail.com>
(SELinux main mail list to BCC since this is a refpolicy question.)
On 12/7/20 8:26 AM, Ashish Mishra wrote:
> 4) Further debugging I can confirm that the final binary (policy.31)
> seems to be
> using HARD-CODDED location of /etc/selinux instead of what is
> being passed as DESTDIR.
> The policy.31 is created not at custom-embedded-rootfs location.
>
> Due to this :
> - policy.31 is created in /etc/selinux/refpolicy/policy/policy.31
> instead of what i was expecting at
> /tmp/custom-embedded-rootfs/etc/selinux/refpolicy/policy/policy.31
> as DESTDIR=${ROOT} and i do get *.pp at the expected
> location of /tmp/custom-embedded-rootfs/etc/selinux/refpolicy/src/policy
> ${MAKE} -C ${ROOT}/etc/selinux/${PKG}/src/policy load
> DESTDIR=${ROOT}
I can't reproduce your issue. I use monolithic policy regularly in the way
you're using it.
Here's the Makefile variables:
From Makefile:
topdir := $(DESTDIR)/etc/selinux
installdir := $(topdir)/$(strip $(NAME))
policypath := $(installdir)/policy
From Rules.monolithic:
loadpath = $(policypath)/$(notdir $(polver))
$(notdir $(polver)) is "policy.31" and NAME is what you have in build.conf, e.g.
"refopolicy".
Then the install target for monolithic looks like this (with "echo"s removed):
$(loadpath): $(policy_conf)
@$(INSTALL) -d -m 0755 $(@D)
$(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@
--
Chris PeBenito
next prev parent reply other threads:[~2020-12-08 15:37 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-05 19:19 How is policy.31 created from modules under /usr/share/selinux Ashish Mishra
2020-12-06 15:29 ` Richard Haines
2020-12-06 16:30 ` Ashish Mishra
2020-12-06 17:15 ` Richard Haines
2020-12-07 1:21 ` Ashish Mishra
2020-12-07 12:39 ` Richard Haines
2020-12-07 13:26 ` Ashish Mishra
2020-12-08 15:36 ` Chris PeBenito [this message]
2020-12-08 15:58 ` Ashish Mishra
2020-12-09 9:53 ` Richard Haines
2020-12-09 14:12 ` Ashish Mishra
2020-12-09 14:37 ` Richard Haines
2020-12-09 15:07 ` Steve Lawrence
2020-12-09 16:13 ` Richard Haines
2020-12-09 22:02 ` Chris PeBenito
2020-12-13 17:06 ` Ashish Mishra
2020-12-14 15:16 ` Chris PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2806a33b-87ad-61b1-9143-5a24d770a180@ieee.org \
--to=pebenito@ieee.org \
--cc=ashishm@mvista.com \
--cc=paul@paul-moore.com \
--cc=richard_c_haines@btinternet.com \
--cc=selinux-refpolicy@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).