On Wed, May 16, 2018 at 8:48 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 05/16/2018 03:31 AM, Petr Lautrbach wrote: >> On Tue, May 15, 2018 at 05:03:42PM -0400, Paul Moore wrote: >>> From: Paul Moore <paul@xxxxxxxxxxxxxx> >>> >>> If expand-check is non-zero in semanage.conf the policy load will likely fail, >>> try to provide a more helpful error to users running the tests. >>> >>> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> >>> --- >>> policy/Makefile | 12 ++++++++++-- >>> 1 file changed, 10 insertions(+), 2 deletions(-) >>> >>> diff --git a/policy/Makefile b/policy/Makefile >>> index 8ed5e46..cc022e3 100644 >>> --- a/policy/Makefile >>> +++ b/policy/Makefile >>> @@ -87,6 +87,14 @@ build: $(BUILD_TARGET) >>> load: $(LOAD_TARGET) >>> unload: $(UNLOAD_TARGET) >>> >>> +expand_check: >>> + # Test for "expand-check = 0" in /etc/selinux/semanage.conf >>> + @cat /etc/selinux/semanage.conf | \ >>> + sed -n 's/^[ \t]*expand-check[ \t]*=[ \t]*0/OK/p' | \ >>> + grep -q "OK" || \ >>> + (echo "ERROR: set 'expand-check = 0' in semanage.conf"; \ >>> + /bin/false) >>> + >> >> You can use grep directly: Yes, you're correct. I have an old habit of using sed for regex processing as I used to work on a lot of systems where grep didn't handle regular expressions. Fixed. > And you should probably put the full path for the file in the error message. I figured that comment above (it is displayed when running 'make test') was enough, but adding the full path couldn't hurt. Fixed, and pushed to selinux-testsuite/master. Thanks to both of you for the quick review. -- paul moore www.paul-moore.com
