From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 14 Mar 2014 08:50:03 -0400
Subject: [refpolicy] [PATCH] Fix parallel build of the policy
In-Reply-To: <1392765993-20635-1-git-send-email-nicolas.iooss@m4x.org>
References: <1392765993-20635-1-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <5322FAFB.5020505@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/18/2014 06:26 PM, Nicolas Iooss wrote:
> Before this commit, "make -j2" would execute twice at the same time the rules
> written to build tmp/all_post.conf because these rules were applied every time
> tmp/all_post.conf, tmp/all_attrs_types.conf and tmp/only_te_rules.conf needed
> to be built. However, executing twice in parallel such line is buggy:
> 
>     $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> \
>         tmpdir)/all_post.conf
> 
> This is why "make" reports following error for parallel builds:
> 
>     Compiling refpolicy-patched base module
>     /usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod
>     /usr/bin/checkmodule:  loading policy configuration from base.conf
>     policy/modules/kernel/ubac.te":710:ERROR 'syntax error' at token
>     'fs_use_trans' on line 26520:
>     fs_use_trans devtmpfs system_u:object_r:device_t:s0;
> 
>     /usr/bin/checkmodule:  error(s) encountered while parsing configuration
>     make: *** [tmp/base.mod] Error 1
> 
> This commit fixes this bug by splitting the rules in 3 different targets, in
> both monolithic and modular builds.

Merged.

> ---
>  Rules.modular    | 24 ++++++++++++++----------
>  Rules.monolithic | 24 ++++++++++++++----------
>  2 files changed, 28 insertions(+), 20 deletions(-)
> 
> diff --git a/Rules.modular b/Rules.modular
> index 58e94da..2c5f5ff 100644
> --- a/Rules.modular
> +++ b/Rules.modular
> @@ -157,17 +157,21 @@ $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf
>  
>  # extract attributes and put them first. extract post te stuff
>  # like genfscon and put last.
> -$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> -	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf
> -	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
> +$(tmpdir)/all_attrs_types.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(get_type_attr_decl) $^ | $(SORT) > $@
> +
> +$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> +	$(verbose) cat $(tmpdir)/post_te_files.conf > $@
>  # these have to run individually because order matters:
> -	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf
> +	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $@ || true
> +
> +$(tmpdir)/only_te_rules.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(comment_move_decl) $^ > $@
>  
>  ########################################
>  #
> diff --git a/Rules.monolithic b/Rules.monolithic
> index 7e77c03..b635952 100644
> --- a/Rules.monolithic
> +++ b/Rules.monolithic
> @@ -144,17 +144,21 @@ $(tmpdir)/post_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf
>  
>  # extract attributes and put them first. extract post te stuff
>  # like genfscon and put last.
> -$(tmpdir)/all_attrs_types.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> -	$(verbose) $(get_type_attr_decl) $(tmpdir)/all_te_files.conf | $(SORT) > $(tmpdir)/all_attrs_types.conf
> -	$(verbose) cat $(tmpdir)/post_te_files.conf > $(tmpdir)/all_post.conf
> +$(tmpdir)/all_attrs_types.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(get_type_attr_decl) $^ | $(SORT) > $@
> +
> +$(tmpdir)/all_post.conf: $(tmpdir)/all_te_files.conf $(tmpdir)/post_te_files.conf
> +	$(verbose) cat $(tmpdir)/post_te_files.conf > $@
>  # these have to run individually because order matters:
> -	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
> -	$(verbose) $(comment_move_decl) $(tmpdir)/all_te_files.conf > $(tmpdir)/only_te_rules.conf
> +	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) '^fs_use_(xattr|task|trans)' $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^genfscon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^portcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^netifcon $(tmpdir)/all_te_files.conf >> $@ || true
> +	$(verbose) $(GREP) ^nodecon $(tmpdir)/all_te_files.conf >> $@ || true
> +
> +$(tmpdir)/only_te_rules.conf: $(tmpdir)/all_te_files.conf
> +	$(verbose) $(comment_move_decl) $^ > $@
>  
>  ########################################
>  #
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com