[selinux-policy: 427/3172] change modules.conf behavior to be in line with behavior which will be used in the future for base m

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:41:39 UTC 2010 

commit 19db6ba5a9d2bcdd2be16bae005c8f64775b27ec
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Jun 28 17:31:18 2005 +0000

    change modules.conf behavior to be in line with behavior which will be used in the future for base module

 refpolicy/Makefile |   29 +++++++++++++++++++----------
 1 files changed, 19 insertions(+), 10 deletions(-)
---
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 09661b4..bc1c474 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -121,7 +121,7 @@ APPCONF = config/appconfig
 M4SUPPORT = $(wildcard $(POLDIR)/support/*.spt)
 
 GLOBALTUN := $(POLDIR)/global_tunables
-MOD_DISABLE := $(POLDIR)/modules.conf
+MOD_CONF := $(POLDIR)/modules.conf
 TUNABLES := $(POLDIR)/tunables.conf
 
 APPDIR := $(CONTEXTPATH)
@@ -129,7 +129,6 @@ APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context
 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
 USER_FILES := $(POLDIR)/users 
 
-DISABLEMOD := $(foreach mod,$(shell egrep -v '^[[:blank:]]*\#' $(MOD_DISABLE)),$(subst ./,,$(shell find -iname $(mod).te)))
 ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
 
 GENERATED_TE := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te.in)))
@@ -139,7 +138,10 @@ GENERATED_FC := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.fc.in
 # sort here since it removes duplicates, which can happen
 # when a generated file is already generated
 DETECTED_MODS := $(sort $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te)) $(GENERATED_TE))
-ALL_MODULES := $(filter-out $(DISABLEMOD),$(DETECTED_MODS))
+
+MODON = on
+ENABLEMOD := $(foreach mod,$(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(MODON)") print $$1 }' $(MOD_CONF)),$(subst ./,,$(shell find -iname $(mod).te)))
+ALL_MODULES := $(filter $(ENABLEMOD),$(DETECTED_MODS))
 
 PRE_TE_FILES := $(addprefix $(FLASKDIR)/,security_classes initial_sids access_vectors) $(M4SUPPORT) $(POLDIR)/mls
 ALL_INTERFACES := $(ALL_MODULES:.te=.if)
@@ -240,10 +242,16 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(ALL_TE_FILES)
 	$(QUIET) $(SETTUN) $(TUNABLES) >> $@
 
 tmp/all_interfaces.conf: $(M4SUPPORT) $(ALL_INTERFACES)
+ifeq ($(ALL_INTERFACES),)
+	$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
+endif
 	@test -d tmp || mkdir -p tmp
 	$(QUIET) m4 $^ | sed -e s/dollarsstar/\$$\*/g > $@
 
 tmp/all_te_files.conf: $(ALL_TE_FILES)
+ifeq ($(ALL_TE_FILES),)
+	$(error No enabled modules! $(notdir $(MOD_CONF)) may need to be generated by using "make conf")
+endif
 	@test -d tmp || mkdir -p tmp
 	$(QUIET) cat $^ > $@
 
@@ -345,11 +353,11 @@ relabel:  $(FC) $(SETFILES)
 #
 # Create config files
 #
-conf: $(MOD_DISABLE) $(TUNABLES) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
+conf: $(MOD_CONF) $(TUNABLES) $(GENERATED_TE) $(GENERATED_IF) $(GENERATED_FC)
 
-$(MOD_DISABLE) $(TUNABLES): $(POLXML)
-	@echo "Creating $(MOD_DISABLE) and $(TUNABLES)"
-	$(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(TUNABLES) -m ../$(MOD_DISABLE) -x ../$(POLXML)
+$(MOD_CONF) $(TUNABLES): $(POLXML)
+	@echo "Updating $(MOD_CONF) and $(TUNABLES)"
+	$(QUIET) cd $(DOCS) && ../$(GENDOC) -t ../$(TUNABLES) -m ../$(MOD_CONF) -x ../$(POLXML)
 
 ########################################
 #
@@ -358,8 +366,9 @@ $(MOD_DISABLE) $(TUNABLES): $(POLXML)
 
 # minimal dependencies here, because we don't want to rebuild 
 # this and its dependents every time the dependencies
-# change
-$(POLXML): $(ALL_INTERFACES)
+# change.  Also use all .if files here, rather then just the
+# enabled modules.
+$(POLXML): $(DETECTED_MODS:.te=.if)
 	@echo "Creating $@"
 	@mkdir -p tmp
 	$(QUIET) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
@@ -476,7 +485,7 @@ bare: clean
 	rm -f $(POLXML)
 	rm -f $(SUPPORT)/*.pyc
 	rm -f $(FCSORT)
-	rm -f $(MOD_DISABLE)
+	rm -f $(MOD_CONF)
 	rm -f $(TUNABLES)
 	rm -fR $(HTMLDIR)
 ifneq ($(GENERATED_TE),)

More information about the scm-commits mailing list