On Wed, Apr 12, 2023 at 10:56 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> The Makefile rule responsible for building flask.h and
> av_permissions.h only lists flask.h as a target which means that
> av_permissions.h is only generated when flash.h needs to be
Typo: flash.h -> flask.h
> generated. This patch fixes this by adding av_permissions.h as a
> target to the rule.
>
> Fixes: 8753f6bec352 ("selinux: generate flask headers during kernel build")
> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> ---
> security/selinux/Makefile | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/Makefile b/security/selinux/Makefile
> index 103c2776478a..df35d4ec46f0 100644
> --- a/security/selinux/Makefile
> +++ b/security/selinux/Makefile
> @@ -26,5 +26,5 @@ quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
> cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h
>
> targets += flask.h av_permissions.h
> -$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE
> +$(obj)/flask.h $(obj)/av_permissions.h: scripts/selinux/genheaders/genheaders FORCE
I had something like this in my patch originally, but then I couldn't
come up with a scenario where it would matter, so I dropped it... Are
you sure it's really needed? (See also the "$(addprefix
$(obj)/,$(selinux-y)): $(obj)/flask.h" rule above.)
If it is, then I think you want to use "grouped targets" instead:
$(obj)/flask.h $(obj)/av_permissions.h &: [...]
See:
https://www.gnu.org/software/make/manual/html_node/Multiple-Targets.html
> $(call if_changed,flask)
> --
> 2.40.0
>
--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
