RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #103 from fishilico/validate_modular_fc 

Make "validate" target verify file contexts
This commit is contained in:
Chris PeBenito 2017-02-28 19:49:33 -05:00 committed by GitHub
parent 40ef165744 2e2088b401
commit 2f3691e4c8
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Rules.modular
View File

@ -5,6 +5,7 @@
all_modules := $(base_mods) $(mod_mods) $(off_mods)
all_interfaces := $(all_modules:.te=.if)
all_mod_fc := $(addprefix $(tmpdir)/,$(notdir $(all_modules:.te=.mod.fc)))
base_pkg := $(builddir)base.pp
base_fc := $(builddir)base.fc
@ -30,7 +31,7 @@ vpath %.te $(all_layers)
vpath %.if $(all_layers)
vpath %.fc $(all_layers)
.SECONDARY: $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod)) $(addprefix $(tmpdir)/,$(mod_pkgs:.pp=.mod.fc))
.SECONDARY: $(all_mod_fc:.mod.fc=.mod) $(all_mod_fc)
########################################
#
@ -85,6 +86,9 @@ $(builddir)%.pp: $(tmpdir)/%.mod $(tmpdir)/%.mod.fc
@test -d $(builddir) || mkdir -p $(builddir)
$(verbose) $(SEMOD_PKG) -o $@ -m $< -f $<.fc
$(tmpdir)/all_mods.fc: $(all_mod_fc)
$(verbose) cat $^ > $@
########################################
#
# Create a base module package
@ -198,10 +202,12 @@ $(appdir)/customizable_types: $(base_conf)
#
# Validate linking and expanding of modules
#
validate: $(base_pkg) $(mod_pkgs)
validate: $(base_pkg) $(mod_pkgs) $(tmpdir)/all_mods.fc
@echo "Validating policy linking."
$(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $^
$(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $(base_pkg) $(mod_pkgs)
$(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin
@echo "Validating policy file contexts."
$(verbose) $(SETFILES) -q -c $(tmpdir)/policy.bin $(tmpdir)/all_mods.fc
@echo "Success."
########################################

2
policy/modules/kernel/devices.fc
View File

@ -185,7 +185,7 @@ ifdef(`distro_suse', `
ifdef(`distro_debian',`
# this is a static /dev dir "backup mount"
# if you want to disable udev, you'll have to boot permissive and relabel!
# if you want to disable udev, you will have to boot permissive and relabel!
/dev/\.static -d gen_context(system_u:object_r:device_t,s0)
/dev/\.static/dev -d gen_context(system_u:object_r:device_t,s0)
/dev/\.static/dev/(.*)? <<none>>