Rules.monolithic: ignore version mismatch

Ignore version mismatch when OUTPUT_POLICY is defined and the kernel
supports a higher policy version.
Currently Debian ships SELinux userland tools 3.1, which supports
version 32, and Linux 5.10, which supports version 33.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>

1 files changed, 7 insertions, 2 deletions

diff --git a/Rules.monolithic b/Rules.monolithic
index 7dbc2e1c..65529d38 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -13,6 +13,11 @@ ifeq "$(kv)" ""
 	kv := $(pv)
 endif
 
+# dont print version warnings if we specified a lower version than the kernel supports
+ifneq "$(OUTPUT_POLICY)" ""
+	kv := $(shell if test $(kv) -gt $(pv); then echo $(pv); else echo $(kv); fi)
+endif
+
 # load_policy(8) loads policy from /etc/selinux/<SELINUXTYPE>/policy/policy.$(pv)
 # It does this by reading the /etc/selinux/config file SELINUXTYPE entry to
 # form the full path. $(polbinpath) will contain this evaluated path for use as
@@ -73,7 +78,7 @@ $(polver): $(policy_conf)
 	@echo "Compiling $(NAME) $(polver)"
 ifneq ($(pv),$(kv))
 	@echo
-	@echo "WARNING: Policy version mismatch!  Is your OUTPUT_POLICY set correctly?"
+	@echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))!  Is your OUTPUT_POLICY set correctly?"
 	@echo
 endif
 	$(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@
@@ -86,7 +91,7 @@ $(loadpath): $(policy_conf)
 	@echo "Compiling and installing $(NAME) $(loadpath)"
 ifneq ($(pv),$(kv))
 	@echo
-	@echo "WARNING: Policy version mismatch!  Is your OUTPUT_POLICY set correctly?"
+	@echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))!  Is your OUTPUT_POLICY set correctly?"
 	@echo
 endif
 	@$(INSTALL) -d -m 0755 $(@D)