Rules.monolithic: pre-compile fcontexts on install

On install pre-compile the file contexts. Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2024-02-22 17:32:50 +01:00 · 2024-02-22 17:32:50 +01:00 · 752ebc167b
parent d008f97a4d
commit 752ebc167b
2 changed files with 7 additions and 0 deletions
--- a/1
+++ b/1
@ -64,6 +64,7 @@ SEMOD_EXP ?= $(tc_usrbindir)/semodule_expand
 LOADPOLICY ?= $(tc_usrsbindir)/load_policy
 SEPOLGEN_IFGEN ?= $(tc_usrbindir)/sepolgen-ifgen
 SETFILES ?= $(tc_sbindir)/setfiles
+SEFCONTEXT_COMPILE ?= $(tc_usrsbindir)/sefcontext_compile
 XMLLINT ?= $(BINDIR)/xmllint
 SECHECK ?= $(BINDIR)/sechecker

--- a/Rules.monolithic
+++ b/Rules.monolithic
@ -232,6 +232,12 @@ $(fcpath): $(fc) $(loadpath) $(userpath)/system.users
 	$(verbose) $(INSTALL) -m 0644 $(fc) $(fcpath)
 	$(verbose) $(INSTALL) -m 0644 $(homedir_template) $(homedirpath)
 	$(verbose) $(UMASK) 022 ; $(genhomedircon) -d $(topdir) -t $(NAME)
+	$(verbose) if $(SEFCONTEXT_COMPILE) -i > /dev/null 2>&1 ; then \
+		$(SEFCONTEXT_COMPILE) $(fcpath) ;\
+		$(SEFCONTEXT_COMPILE) $(fcpath).homedirs ;\
+	else \
+		echo "$@ Pre-compiled file context not generated!  Please install the sefcontext_compile tool (commonly part of libselinux-utils)." ;\
+	fi

 ########################################
 #