On 11/27/19 8:46 AM, Ondrej Mosnacek wrote:
Modify all Makefiles to allow overriding the path to the selinuxfs
mountpoint via the SELINUXFS variable and use it in the Travis script to
allow more stuff to be built (namely the extended_socket_class subdir).
This patch also drops the auto-detection of selinuxfs mount from
policy/Makefile in favor of overriding it via the variable if it differs
from the usual /sys/fs/selinux/.
Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
Thanks, applied.
---
.travis.yml | 8 ++++----
policy/Makefile | 2 +-
tests/Makefile | 5 +++--
3 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index d1e5056..2c8e416 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -51,15 +51,15 @@ before_install:
- bash travis-ci/setup-policy-fedora.sh
- bash travis-ci/setup-policy-refpolicy.sh
# establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs)
- - sudo mkdir -p /tmp/fake-selinuxfs
- - sudo mount -t tmpfs tmpfs /tmp/fake-selinuxfs
+ - mkdir -p /tmp/fake-selinuxfs/policy_capabilities
+ - echo 1 > /tmp/fake-selinuxfs/policy_capabilities/extended_socket_class
- echo 999 >/tmp/fake-selinuxfs/policyvers
script:
- tools/check-syntax -f && git diff --exit-code
- |
bash travis-ci/enable-policy.sh targeted &&
- make PREFIX=/usr/local POLDEV=/usr/share/selinux/targeted
+ make SELINUXFS=/tmp/fake-selinuxfs PREFIX=/usr/local POLDEV=/usr/share/selinux/targeted
- |
bash travis-ci/enable-policy.sh refpolicy &&
- make PREFIX=/usr/local POLDEV=/usr/share/selinux/refpolicy
+ make SELINUXFS=/tmp/fake-selinuxfs PREFIX=/usr/local POLDEV=/usr/share/selinux/refpolicy
diff --git a/policy/Makefile b/policy/Makefile
index 87b2856..dda2e16 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -3,6 +3,7 @@ PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
POLDEV ?= $(PREFIX)/share/selinux/devel
+SELINUXFS ?= /sys/fs/selinux
SEMODULE = $(SBINDIR)/semodule
CHECKPOLICY = $(BINDIR)/checkpolicy
CHECKMODULE = $(BINDIR)/checkmodule
@@ -11,7 +12,6 @@ DISTRO=$(shell ../tests/os_detect)
POL_VERS := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
MOD_POL_VERS := $(shell $(CHECKMODULE) -V |cut -f 2 -d '-')
-SELINUXFS := $(shell cat /proc/mounts | grep selinuxfs | cut -f 2 -d ' ')
MAX_KERNEL_POLICY := $(shell cat $(SELINUXFS)/policyvers)
TARGETS = \
diff --git a/tests/Makefile b/tests/Makefile
index 1cdb1ac..0d33fbf 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -1,5 +1,6 @@
INCLUDEDIR ?= /usr/include
POLDEV ?= /usr/share/selinux/devel
+SELINUXFS ?= /sys/fs/selinux
export CFLAGS+=-g -O0 -Wall -D_GNU_SOURCE
@@ -19,11 +20,11 @@ SUBDIRS += cap_userns
endif
endif
-ifeq ($(shell grep -q icmp_socket $(POLDEV)/include/support/all_perms.spt && grep -q 1 /sys/fs/selinux/policy_capabilities/extended_socket_class && echo true),true)
+ifeq ($(shell grep -q icmp_socket $(POLDEV)/include/support/all_perms.spt && grep -q 1 $(SELINUXFS)/policy_capabilities/extended_socket_class && echo true),true)
SUBDIRS += extended_socket_class
endif
-ifeq ($(shell grep -q corenet_sctp_bind_all_nodes $(POLDEV)/include/kernel/corenetwork.if && grep -q 1 /sys/fs/selinux/policy_capabilities/extended_socket_class && echo true),true)
+ifeq ($(shell grep -q corenet_sctp_bind_all_nodes $(POLDEV)/include/kernel/corenetwork.if && grep -q 1 $(SELINUXFS)/policy_capabilities/extended_socket_class && echo true),true)
ifneq ($(shell ./kvercmp $$(uname -r) 4.20.17),-1)
SUBDIRS += sctp
endif
