On Mon, Sep 23, 2019 at 4:11 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 9/23/19 5:58 AM, Ondrej Mosnacek wrote: > > Right now, test_policy.pp is rebuilt on every make invocation. Tweak the > > Makefile so that it is only build when it hasn't been built, it has been > > cleaned, or the source files changed. > > It also needs to be rebuilt if anything under > /usr/share/selinux/devel/include has changed e.g. upon an update of > selinux-policy-devel. I am now testing a version that always executes the `$(MAKE) -C test_policy -f $(POLDEV)/Makefile test_policy.pp` step, relying on the system Makefile to rebuild the pp as needed (there already are proper dependencies on the include files). However, the package manager on Fedora preserves the timestamps of the installed files (from package build time), which means that make doesn't always detect that the files are newer than the already built policy package. So it looks like we don't have any other choice than to always rebuild if we really need to auto-react to changing system files. > > > > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > --- > > policy/Makefile | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/policy/Makefile b/policy/Makefile > > index a5942b3..cc0f140 100644 > > --- a/policy/Makefile > > +++ b/policy/Makefile > > @@ -86,7 +86,7 @@ ifeq (x$(DISTRO),$(filter x$(DISTRO),xRHEL4 xRHEL5 xRHEL6)) > > TARGETS:=$(filter-out test_overlayfs.te test_mqueue.te test_ibpkey.te, $(TARGETS)) > > endif > > > > -all: build > > +all: test_policy/test_policy.pp > > > > expand_check: > > # Test for "expand-check = 0" in /etc/selinux/semanage.conf > > @@ -94,7 +94,7 @@ expand_check: > > (echo "ERROR: set 'expand-check = 0' in /etc/selinux/semanage.conf"; \ > > /bin/false) > > > > -build: $(TARGETS) > > +test_policy/test_policy.pp: $(TARGETS) test_policy.if > > # General policy build > > @if [ -d $(POLDEV) ]; then \ > > mkdir -p test_policy; \ > > > -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
