From 3bf7fd504c7a365fe747ed279efbc9736464cbe9 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 6 Jun 2013 09:27:40 -0400 Subject: [PATCH] Use python libselinux bindings to determine policy version. This eliminates the hardcoded /selinux in Rules.monolithic, which broke when the filesystem mount was moved to /sys/fs/selinux. --- Makefile | 1 + Rules.monolithic | 2 +- support/policyvers.py | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 support/policyvers.py diff --git a/Makefile b/Makefile index 85d4cfb42..ec7b5cba8 100644 --- a/Makefile +++ b/Makefile @@ -97,6 +97,7 @@ support := support genxml := $(PYTHON) -E $(support)/segenxml.py gendoc := $(PYTHON) -E $(support)/sedoctool.py genperm := $(PYTHON) -E $(support)/genclassperms.py +policyvers := $(PYTHON) -E $(support)/policyvers.py fcsort := $(tmpdir)/fc_sort setbools := $(AWK) -f $(support)/set_bools_tuns.awk get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed diff --git a/Rules.monolithic b/Rules.monolithic index 7c4d03555..808a5398a 100644 --- a/Rules.monolithic +++ b/Rules.monolithic @@ -5,7 +5,7 @@ # determine the policy version and current kernel version if possible pv := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') -kv := $(shell cat /selinux/policyvers) +kv := $(shell $(policyvers)) # dont print version warnings if we are unable to determine # the currently running kernel's policy version diff --git a/support/policyvers.py b/support/policyvers.py new file mode 100644 index 000000000..74b8de0a0 --- /dev/null +++ b/support/policyvers.py @@ -0,0 +1,3 @@ +#!/usr/bin/python +import selinux +print selinux.security_policyvers()