[refpolicy] [PATCH] Fix parallel build of the policy

Christopher J. PeBenito cpebenito at tresys.com
Thu Mar 6 08:41:21 EST 2014


On 02/18/2014 06:26 PM, Nicolas Iooss wrote:
> Before this commit, "make -j2" would execute twice at the same time the rules
> written to build tmp/all_post.conf because these rules were applied every time
> tmp/all_post.conf, tmp/all_attrs_types.conf and tmp/only_te_rules.conf needed
> to be built. However, executing twice in parallel such line is buggy:
> 
>     $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> \
>         tmpdir)/all_post.conf
> 
> This is why "make" reports following error for parallel builds:
> 
>     Compiling refpolicy-patched base module
>     /usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod
>     /usr/bin/checkmodule:  loading policy configuration from base.conf
>     policy/modules/kernel/ubac.te":710:ERROR 'syntax error' at token
>     'fs_use_trans' on line 26520:
>     fs_use_trans devtmpfs system_u:object_r:device_t:s0;
> 
>     /usr/bin/checkmodule:  error(s) encountered while parsing configuration
>     make: *** [tmp/base.mod] Error 1
> 
> This commit fixes this bug by splitting the rules in 3 different targets, in
> both monolithic and modular builds.

How much testing did you do to ensure there are no changes to the output files?  It looks like its ok, but changing how the source files are constructed requires solid testing first.


> ---
>  Rules.modular    | 24 ++++++++++++++----------
>  Rules.monolithic | 24 ++++++++++++++----------
>  2 files changed, 28 insertions(+), 20 deletions(-)
> 
> diff --git a/Rules.modular b/Rules.modular
> index 58e94da..2c5f5ff 100644
> --- a/Rules.modular
> +++ b/Rules.modular
> @@ -157,17 +157,21 @@ $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf
>  
>  # extract attributes and put them first. extract post te stuff
>  # like genfscon and put last.
> -$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> -	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf
> -	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
> +$(tmpdir)/all_attrs_types.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(get_type_attr_decl) $^ | $(SORT) > $@
> +
> +$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> +	$(verbose) cat $(tmpdir)/post_te_files.conf > $@
>  # these have to run individually because order matters:
> -	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf
> +	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $@ || true
> +
> +$(tmpdir)/only_te_rules.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(comment_move_decl) $^ > $@
>  
>  ########################################
>  #
> diff --git a/Rules.monolithic b/Rules.monolithic
> index 7e77c03..b635952 100644
> --- a/Rules.monolithic
> +++ b/Rules.monolithic
> @@ -144,17 +144,21 @@ $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf
>  
>  # extract attributes and put them first. extract post te stuff
>  # like genfscon and put last.
> -$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> -	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf
> -	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
> +$(tmpdir)/all_attrs_types.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(get_type_attr_decl) $^ | $(SORT) > $@
> +
> +$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> +	$(verbose) cat $(tmpdir)/post_te_files.conf > $@
>  # these have to run individually because order matters:
> -	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf
> +	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $@ || true
> +
> +$(tmpdir)/only_te_rules.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(comment_move_decl) $^ > $@
>  
>  ########################################
>  #
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com


More information about the refpolicy mailing list