1 |
commit: 9640bce3661c84abb5bfd0aebccd60dc22a13c5e |
2 |
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> |
3 |
AuthorDate: Sun Jan 31 20:50:29 2021 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 6 20:54:11 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9640bce3 |
7 |
|
8 |
Rules.monolithic: ignore version mismatch |
9 |
|
10 |
Ignore version mismatch when OUTPUT_POLICY is defined and the kernel |
11 |
supports a higher policy version. |
12 |
Currently Debian ships SELinux userland tools 3.1, which supports |
13 |
version 32, and Linux 5.10, which supports version 33. |
14 |
|
15 |
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> |
16 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
17 |
|
18 |
Rules.monolithic | 9 +++++++-- |
19 |
1 file changed, 7 insertions(+), 2 deletions(-) |
20 |
|
21 |
diff --git a/Rules.monolithic b/Rules.monolithic |
22 |
index 7dbc2e1c..65529d38 100644 |
23 |
--- a/Rules.monolithic |
24 |
+++ b/Rules.monolithic |
25 |
@@ -13,6 +13,11 @@ ifeq "$(kv)" "" |
26 |
kv := $(pv) |
27 |
endif |
28 |
|
29 |
+# dont print version warnings if we specified a lower version than the kernel supports |
30 |
+ifneq "$(OUTPUT_POLICY)" "" |
31 |
+ kv := $(shell if test $(kv) -gt $(pv); then echo $(pv); else echo $(kv); fi) |
32 |
+endif |
33 |
+ |
34 |
# load_policy(8) loads policy from /etc/selinux/<SELINUXTYPE>/policy/policy.$(pv) |
35 |
# It does this by reading the /etc/selinux/config file SELINUXTYPE entry to |
36 |
# form the full path. $(polbinpath) will contain this evaluated path for use as |
37 |
@@ -73,7 +78,7 @@ $(polver): $(policy_conf) |
38 |
@echo "Compiling $(NAME) $(polver)" |
39 |
ifneq ($(pv),$(kv)) |
40 |
@echo |
41 |
- @echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?" |
42 |
+ @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))! Is your OUTPUT_POLICY set correctly?" |
43 |
@echo |
44 |
endif |
45 |
$(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@ |
46 |
@@ -86,7 +91,7 @@ $(loadpath): $(policy_conf) |
47 |
@echo "Compiling and installing $(NAME) $(loadpath)" |
48 |
ifneq ($(pv),$(kv)) |
49 |
@echo |
50 |
- @echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?" |
51 |
+ @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))! Is your OUTPUT_POLICY set correctly?" |
52 |
@echo |
53 |
endif |
54 |
@$(INSTALL) -d -m 0755 $(@D) |