diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2021-01-31 21:50:29 +0100 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2021-02-06 12:54:11 -0800 |
commit | 9640bce3661c84abb5bfd0aebccd60dc22a13c5e (patch) | |
tree | 6811d674fb62108fa2bdb713e5a677902eea5843 /Rules.monolithic | |
parent | genhomedircon: improve error messages for min uid search (diff) | |
download | hardened-refpolicy-9640bce3661c84abb5bfd0aebccd60dc22a13c5e.tar.gz hardened-refpolicy-9640bce3661c84abb5bfd0aebccd60dc22a13c5e.tar.bz2 hardened-refpolicy-9640bce3661c84abb5bfd0aebccd60dc22a13c5e.zip |
Rules.monolithic: ignore version mismatch
Ignore version mismatch when OUTPUT_POLICY is defined and the kernel
supports a higher policy version.
Currently Debian ships SELinux userland tools 3.1, which supports
version 32, and Linux 5.10, which supports version 33.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'Rules.monolithic')
-rw-r--r-- | Rules.monolithic | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/Rules.monolithic b/Rules.monolithic index 7dbc2e1c..65529d38 100644 --- a/Rules.monolithic +++ b/Rules.monolithic @@ -13,6 +13,11 @@ ifeq "$(kv)" "" kv := $(pv) endif +# dont print version warnings if we specified a lower version than the kernel supports +ifneq "$(OUTPUT_POLICY)" "" + kv := $(shell if test $(kv) -gt $(pv); then echo $(pv); else echo $(kv); fi) +endif + # load_policy(8) loads policy from /etc/selinux/<SELINUXTYPE>/policy/policy.$(pv) # It does this by reading the /etc/selinux/config file SELINUXTYPE entry to # form the full path. $(polbinpath) will contain this evaluated path for use as @@ -73,7 +78,7 @@ $(polver): $(policy_conf) @echo "Compiling $(NAME) $(polver)" ifneq ($(pv),$(kv)) @echo - @echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?" + @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))! Is your OUTPUT_POLICY set correctly?" @echo endif $(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@ @@ -86,7 +91,7 @@ $(loadpath): $(policy_conf) @echo "Compiling and installing $(NAME) $(loadpath)" ifneq ($(pv),$(kv)) @echo - @echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?" + @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))! Is your OUTPUT_POLICY set correctly?" @echo endif @$(INSTALL) -d -m 0755 $(@D) |