From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Thu, 6 Mar 2014 21:05:23 +0100 Subject: [refpolicy] [PATCH] Fix parallel build of the policy In-Reply-To: <53187B01.9010409@tresys.com> References: <1392765993-20635-1-git-send-email-nicolas.iooss@m4x.org> <53187B01.9010409@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com 2014-03-06 14:41 GMT+01:00 Christopher J. PeBenito : > On 02/18/2014 06:26 PM, Nicolas Iooss wrote: > > Before this commit, "make -j2" would execute twice at the same time the > rules > > written to build tmp/all_post.conf because these rules were applied > every time > > tmp/all_post.conf, tmp/all_attrs_types.conf and tmp/only_te_rules.conf > needed > > to be built. However, executing twice in parallel such line is buggy: > > > > $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> \ > > tmpdir)/all_post.conf > > > > This is why "make" reports following error for parallel builds: > > > > Compiling refpolicy-patched base module > > /usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod > > /usr/bin/checkmodule: loading policy configuration from base.conf > > policy/modules/kernel/ubac.te":710:ERROR 'syntax error' at token > > 'fs_use_trans' on line 26520: > > fs_use_trans devtmpfs system_u:object_r:device_t:s0; > > > > /usr/bin/checkmodule: error(s) encountered while parsing > configuration > > make: *** [tmp/base.mod] Error 1 > > > > This commit fixes this bug by splitting the rules in 3 different > targets, in > > both monolithic and modular builds. > > How much testing did you do to ensure there are no changes to the output > files? It looks like its ok, but changing how the source files are > constructed requires solid testing first. > > I've written the attached shell script to check that the built and installed files are not changed by my patch. I've written how I used this script in a comment at the beginning of the file, in hope anyone can reproduce my tests and compare their results with mine. On my system, "make bare && make -j4 conf" prints twice "Updating policy/modules.conf and policy/booleans.conf" and "python -E support/sedoctool.py -b policy/booleans.conf -m policy/modules.conf -x doc/policy.xml". The patch does not change anything about it. That's why I've used "make conf" and not "make -j$NJOBS conf" in my script. Executing "make bare && make conf && make -j4 policy && make -j4 install install-appconfig install-headers install-docs install-src" is also kind of broken: the content of /etc/selinux/refpolicy/src/policy can't be predicted after this. More precisely, I've seen that /etc/selinux/refpolicy/src/policy/file_contexts and /etc/selinux/refpolicy/src/policy/homedir_template may not be installed when building the monolithic configuration. This is due to the fact that "install-src" target in Makefile hasn't got any dependency and hence the "cp -R . $(srcpath)/policy" command may be executed before all of the generated files are created. That's why "make install-src" is also on a distinct line in the script. If that matters, I'm using make version 4.0. Thanks Nicolas -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20140306/b3387206/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: test-refpolicy-patch.sh Type: application/x-sh Size: 3292 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140306/b3387206/attachment.sh