[gentoo-commits] proj/hardened-refpolicy:master commit in: /

Sat, 06 Feb 2021 19:20:15 -0800 

commit:     9640bce3661c84abb5bfd0aebccd60dc22a13c5e
Author:     Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Sun Jan 31 20:50:29 2021 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb  6 20:54:11 2021 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9640bce3

Rules.monolithic: ignore version mismatch

Ignore version mismatch when OUTPUT_POLICY is defined and the kernel
supports a higher policy version.
Currently Debian ships SELinux userland tools 3.1, which supports
version 32, and Linux 5.10, which supports version 33.

Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 Rules.monolithic | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Rules.monolithic b/Rules.monolithic
index 7dbc2e1c..65529d38 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -13,6 +13,11 @@ ifeq "$(kv)" ""
        kv := $(pv)
 endif
 
+# dont print version warnings if we specified a lower version than the kernel 
supports
+ifneq "$(OUTPUT_POLICY)" ""
+       kv := $(shell if test $(kv) -gt $(pv); then echo $(pv); else echo 
$(kv); fi)
+endif
+
 # load_policy(8) loads policy from 
/etc/selinux/<SELINUXTYPE>/policy/policy.$(pv)
 # It does this by reading the /etc/selinux/config file SELINUXTYPE entry to
 # form the full path. $(polbinpath) will contain this evaluated path for use as
@@ -73,7 +78,7 @@ $(polver): $(policy_conf)
        @echo "Compiling $(NAME) $(polver)"
 ifneq ($(pv),$(kv))
        @echo
-       @echo "WARNING: Policy version mismatch!  Is your OUTPUT_POLICY set 
correctly?"
+       @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))!  
Is your OUTPUT_POLICY set correctly?"
        @echo
 endif
        $(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@
@@ -86,7 +91,7 @@ $(loadpath): $(policy_conf)
        @echo "Compiling and installing $(NAME) $(loadpath)"
 ifneq ($(pv),$(kv))
        @echo
-       @echo "WARNING: Policy version mismatch!  Is your OUTPUT_POLICY set 
correctly?"
+       @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))!  
Is your OUTPUT_POLICY set correctly?"
        @echo
 endif
        @$(INSTALL) -d -m 0755 $(@D)

Reply via email to