fc_sort is the only/last build tool that requires a C compiler
Re-implement it in python, so that gcc dependencies can be dropped
The output of the C and the python version differ slightly in the order of equally specific file contexts
old:
/.* system_u:object_r:default_t
/sys(/.*)? system_u:object_r:sysfs_t
/mnt(/[^/]*) -l system_u:object_r:mnt_t
/mnt(/[^/]*)? -d system_u:object_r:mnt_t
/opt/.* system_u:object_r:usr_t
/var/.* system_u:object_r:var_t
/usr/.* system_u:object_r:usr_t
/srv/.* system_u:object_r:var_t
/tmp/.* <<none>>
/run/.* <<none>>
/dev/.* system_u:object_r:device_t
/etc/.* system_u:object_r:etc_t
new:
/.* system_u:object_r:default_t
/sys(/.*)? system_u:object_r:sysfs_t
/mnt(/[^/]*) -l system_u:object_r:mnt_t
/mnt(/[^/]*)? -d system_u:object_r:mnt_t
/dev/.* system_u:object_r:device_t
/etc/.* system_u:object_r:etc_t
/opt/.* system_u:object_r:usr_t
/run/.* <<none>>
/srv/.* system_u:object_r:var_t
/tmp/.* <<none>>
/usr/.* system_u:object_r:usr_t
/var/.* system_u:object_r:var_t
Writing .fc files without any mistake is quite hard. Sometimes a regular
expression pattern compiles fine but it does not match what is intended.
Add a script that detects some issues in .fc files. When this script is
used directly ("./testing/check_fc_files.py"), it checks the content of
policy/. The path to policy/ can also be provided by option -p.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
PyXML has not been required to build the policy and its documentation
since at least Python 2.6, which comes with an "xml" module.
Moreover, some support scripts requires Python 2.6 or above (and are
compatible with Python 3.4, maybe also with other versions of Python 3).
Add the minimum supported version of Python in INSTALL.
ML thread: http://oss.tresys.com/pipermail/refpolicy/2014-November/007440.html