From: Ondrej Mosnacek <omosnace@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH testsuite] policy: do not rebuild policy package if already built
Date: Tue, 24 Sep 2019 12:51:18 +0200 [thread overview]
Message-ID: <CAFqZXNtagT7TDgV4D88juWK7qVTEgkcjm6UL6zKsPm8gd7yyWg@mail.gmail.com> (raw)
In-Reply-To: <b74cd6c5-0f63-80d8-99c0-967dc638279c@tycho.nsa.gov>
On Mon, Sep 23, 2019 at 4:11 PM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On 9/23/19 5:58 AM, Ondrej Mosnacek wrote:
> > Right now, test_policy.pp is rebuilt on every make invocation. Tweak the
> > Makefile so that it is only build when it hasn't been built, it has been
> > cleaned, or the source files changed.
>
> It also needs to be rebuilt if anything under
> /usr/share/selinux/devel/include has changed e.g. upon an update of
> selinux-policy-devel.
I am now testing a version that always executes the `$(MAKE) -C
test_policy -f $(POLDEV)/Makefile test_policy.pp` step, relying on the
system Makefile to rebuild the pp as needed (there already are proper
dependencies on the include files). However, the package manager on
Fedora preserves the timestamps of the installed files (from package
build time), which means that make doesn't always detect that the
files are newer than the already built policy package.
So it looks like we don't have any other choice than to always rebuild
if we really need to auto-react to changing system files.
>
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> > policy/Makefile | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/policy/Makefile b/policy/Makefile
> > index a5942b3..cc0f140 100644
> > --- a/policy/Makefile
> > +++ b/policy/Makefile
> > @@ -86,7 +86,7 @@ ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6))
> > TARGETS:=$(filter-out test_overlayfs.te test_mqueue.te test_ibpkey.te, $(TARGETS))
> > endif
> >
> > -all: build
> > +all: test_policy/test_policy.pp
> >
> > expand_check:
> > # Test for "expand-check = 0" in /etc/selinux/semanage.conf
> > @@ -94,7 +94,7 @@ expand_check:
> > (echo "ERROR: set 'expand-check = 0' in /etc/selinux/semanage.conf"; \
> > /bin/false)
> >
> > -build: $(TARGETS)
> > +test_policy/test_policy.pp: $(TARGETS) test_policy.if
> > # General policy build
> > @if [ -d $(POLDEV) ]; then \
> > mkdir -p test_policy; \
> >
>
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
next prev parent reply other threads:[~2019-09-24 10:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-23 9:58 [PATCH testsuite] policy: do not rebuild policy package if already built Ondrej Mosnacek
2019-09-23 10:01 ` Ondrej Mosnacek
2019-09-23 14:11 ` Stephen Smalley
2019-09-24 10:51 ` Ondrej Mosnacek [this message]
2019-09-24 13:58 ` Stephen Smalley
2019-09-24 17:24 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFqZXNtagT7TDgV4D88juWK7qVTEgkcjm6UL6zKsPm8gd7yyWg@mail.gmail.com \
--to=omosnace@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).