RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

policycoreutils: add semodule flag for ignoring cached CIL 

Providing --ignore-module-cache will cause the recompilating of all HLL
modules, and recaching of the resulting CIL files.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
This commit is contained in:
Yuli Khodorkovskiy 2014-02-27 11:56:34 -05:00 committed by Steve Lawrence
parent cae4a4c951
commit 241f9d2d03
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policycoreutils/semodule/semodule.8
View File

@ -70,6 +70,9 @@ prints help message and quit
.B \-P,\-\-preserve_tunables
Preserve tunables in policy
.TP
.B \-C,\-\-ignore-module-cache
Recompile CIL modules built from HLL files
.TP
.B \-p,\-\-path
Use an alternate path for the policy root
.TP

10
policycoreutils/semodule/semodule.c
View File

@ -47,6 +47,7 @@ static int no_reload;
static int build;
static int disable_dontaudit;
static int preserve_tunables;
static int ignore_module_cache;
static uint16_t priority;
static semanage_handle_t *sh = NULL;
@ -121,6 +122,7 @@ static void usage(char *progname)
printf(" -v,--verbose be verbose\n");
printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
printf(" -P,--preserve_tunables Preserve tunables in policy\n");
printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n");
printf(" -p,--path use an alternate path for the policy root\n");
}
@ -166,6 +168,7 @@ static void parse_command_line(int argc, char **argv)
{"build", 0, NULL, 'B'},
{"disable_dontaudit", 0, NULL, 'D'},
{"preserve_tunables", 0, NULL, 'P'},
{"ignore-module-cache", 0, NULL, 'C'},
{"priority", required_argument, NULL, 'X'},
{"enable", required_argument, NULL, 'e'},
{"disable", required_argument, NULL, 'd'},
@ -178,7 +181,7 @@ static void parse_command_line(int argc, char **argv)
no_reload = 0;
priority = 400;
while ((i =
getopt_long(argc, argv, "s:b:hi:l::vqr:u:RnNBDPX:e:d:p:", opts,
getopt_long(argc, argv, "s:b:hi:l::vqr:u:RnNBDCPX:e:d:p:", opts,
NULL)) != -1) {
switch (i) {
case 'b':
@ -228,6 +231,9 @@ static void parse_command_line(int argc, char **argv)
case 'P':
preserve_tunables = 1;
break;
case 'C':
ignore_module_cache = 1;
break;
case 'X':
set_mode(PRIORITY_M, optarg);
break;
@ -575,6 +581,8 @@ cleanup_disable:
semanage_set_disable_dontaudit(sh, 0);
if (preserve_tunables)
semanage_set_preserve_tunables(sh, 1);
if (ignore_module_cache)
semanage_set_ignore_module_cache(sh, 1);
result = semanage_commit(sh);
}