[PATCH] secilc/docs: fix use of TMPDIR #240

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] secilc/docs: fix use of TMPDIR #240
@ 2020-05-15 10:51 Topi Miettinen
  2020-05-15 11:09 ` Petr Lautrbach
  0 siblings, 1 reply; 4+ messages in thread
From: Topi Miettinen @ 2020-05-15 10:51 UTC (permalink / raw)
  To: selinux; +Cc: Topi Miettinen

Environment variable TMPDIR may be already set for the user building
and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing
directories. Then when running 'make clean', there are unintended side
effects:

rm -rf /run/user/1000
rm: cannot remove '/run/user/1000/dconf/user': Permission denied
rm: cannot remove '/run/user/1000/systemd': Permission denied
rm: cannot remove '/run/user/1000/gnupg': Permission denied
rm: cannot remove '/run/user/1000/dbus-1': Is a directory
rm: cannot remove '/run/user/1000/inaccessible': Permission denied
make[1]: *** [Makefile:68: clean] Error 1

Fix by using a different name.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 secilc/docs/Makefile | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile
index 6b07ce7f..90214e0d 100644
--- a/secilc/docs/Makefile
+++ b/secilc/docs/Makefile
@@ -1,7 +1,7 @@
 CWD ?= $(shell pwd)
 HTMLDIR ?= $(CWD)/html
 PDFDIR ?= $(CWD)/pdf
-TMPDIR ?= $(CWD)/tmp
+TMP_DIR ?= $(CWD)/tmp
 TESTDIR ?= $(CWD)/../test
 
 # All the markdown files that make up the guide:
@@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \
 	cil_infiniband_statements.md \
 	cil_xen_statements.md
 
-PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST))
+PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST))
 
 PDF_OUT=CIL_Reference_Guide.pdf
 HTML_OUT=CIL_Reference_Guide.html
@@ -40,29 +40,29 @@ endif
 
 all: html pdf
 
-$(TMPDIR):
-	mkdir -p $(TMPDIR)
+$(TMP_DIR):
+	mkdir -p $(TMP_DIR)
 
-$(TMPDIR)/%.md: %.md | $(TMPDIR)
-	cp -f $< $(TMPDIR)/
+$(TMP_DIR)/%.md: %.md | $(TMP_DIR)
+	cp -f $< $(TMP_DIR)/
 	@# Substitute markdown links for conversion into PDF links
 	$(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
 
-$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil
+$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil
 	cp -f $< $@
 	@# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion.
 	$(SED) -i '1i Example Policy\n=========\n```' $@
 	echo '```' >> $@
 
-html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
+html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
 	mkdir -p $(HTMLDIR)
 	$(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT)
 
-pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
+pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
 	mkdir -p $(PDFDIR)
 	$(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT)
 
 clean:
 	rm -rf $(HTMLDIR)
 	rm -rf $(PDFDIR)
-	rm -rf $(TMPDIR)
+	rm -rf $(TMP_DIR)
-- 
2.26.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] secilc/docs: fix use of TMPDIR #240
  2020-05-15 10:51 [PATCH] secilc/docs: fix use of TMPDIR #240 Topi Miettinen
@ 2020-05-15 11:09 ` Petr Lautrbach
  2020-05-15 11:19   ` Topi Miettinen
  0 siblings, 1 reply; 4+ messages in thread
From: Petr Lautrbach @ 2020-05-15 11:09 UTC (permalink / raw)
  To: selinux; +Cc: Topi Miettinen

[-- Attachment #1: Type: text/plain, Size: 3093 bytes --]

On Fri, May 15, 2020 at 01:51:05PM +0300, Topi Miettinen wrote:
> Environment variable TMPDIR may be already set for the user building
> and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing
> directories. Then when running 'make clean', there are unintended side
> effects:
> 
> rm -rf /run/user/1000
> rm: cannot remove '/run/user/1000/dconf/user': Permission denied
> rm: cannot remove '/run/user/1000/systemd': Permission denied
> rm: cannot remove '/run/user/1000/gnupg': Permission denied
> rm: cannot remove '/run/user/1000/dbus-1': Is a directory
> rm: cannot remove '/run/user/1000/inaccessible': Permission denied
> make[1]: *** [Makefile:68: clean] Error 1
> 
> Fix by using a different name.
> 
> Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
> ---
>  secilc/docs/Makefile | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile
> index 6b07ce7f..90214e0d 100644
> --- a/secilc/docs/Makefile
> +++ b/secilc/docs/Makefile
> @@ -1,7 +1,7 @@
>  CWD ?= $(shell pwd)
>  HTMLDIR ?= $(CWD)/html
>  PDFDIR ?= $(CWD)/pdf
> -TMPDIR ?= $(CWD)/tmp
> +TMP_DIR ?= $(CWD)/tmp
>  TESTDIR ?= $(CWD)/../test

Maybe it would be enough to drop `?=`:

CWD = $(shell pwd)
HTMLDIR = $(CWD)/html
PDFDIR = $(CWD)/pdf
TMPDIR = $(CWD)/tmp
TESTDIR = $(CWD)/../test



>  # All the markdown files that make up the guide:
> @@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \
>  	cil_infiniband_statements.md \
>  	cil_xen_statements.md
>  
> -PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST))
> +PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST))
>  
>  PDF_OUT=CIL_Reference_Guide.pdf
>  HTML_OUT=CIL_Reference_Guide.html
> @@ -40,29 +40,29 @@ endif
>  
>  all: html pdf
>  
> -$(TMPDIR):
> -	mkdir -p $(TMPDIR)
> +$(TMP_DIR):
> +	mkdir -p $(TMP_DIR)
>  
> -$(TMPDIR)/%.md: %.md | $(TMPDIR)
> -	cp -f $< $(TMPDIR)/
> +$(TMP_DIR)/%.md: %.md | $(TMP_DIR)
> +	cp -f $< $(TMP_DIR)/
>  	@# Substitute markdown links for conversion into PDF links
>  	$(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
>  
> -$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil
> +$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil
>  	cp -f $< $@
>  	@# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion.
>  	$(SED) -i '1i Example Policy\n=========\n```' $@
>  	echo '```' >> $@
>  
> -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
> +html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
>  	mkdir -p $(HTMLDIR)
>  	$(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT)
>  
> -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
> +pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
>  	mkdir -p $(PDFDIR)
>  	$(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT)
>  
>  clean:
>  	rm -rf $(HTMLDIR)
>  	rm -rf $(PDFDIR)
> -	rm -rf $(TMPDIR)
> +	rm -rf $(TMP_DIR)
> -- 
> 2.26.2
> 

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] secilc/docs: fix use of TMPDIR #240
  2020-05-15 11:09 ` Petr Lautrbach
@ 2020-05-15 11:19   ` Topi Miettinen
  2020-05-15 11:29     ` Petr Lautrbach
  0 siblings, 1 reply; 4+ messages in thread
From: Topi Miettinen @ 2020-05-15 11:19 UTC (permalink / raw)
  To: Petr Lautrbach, selinux

On 15.5.2020 14.09, Petr Lautrbach wrote:
> On Fri, May 15, 2020 at 01:51:05PM +0300, Topi Miettinen wrote:
>> Environment variable TMPDIR may be already set for the user building
>> and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing
>> directories. Then when running 'make clean', there are unintended side
>> effects:
>>
>> rm -rf /run/user/1000
>> rm: cannot remove '/run/user/1000/dconf/user': Permission denied
>> rm: cannot remove '/run/user/1000/systemd': Permission denied
>> rm: cannot remove '/run/user/1000/gnupg': Permission denied
>> rm: cannot remove '/run/user/1000/dbus-1': Is a directory
>> rm: cannot remove '/run/user/1000/inaccessible': Permission denied
>> make[1]: *** [Makefile:68: clean] Error 1
>>
>> Fix by using a different name.
>>
>> Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
>> ---
>>   secilc/docs/Makefile | 20 ++++++++++----------
>>   1 file changed, 10 insertions(+), 10 deletions(-)
>>
>> diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile
>> index 6b07ce7f..90214e0d 100644
>> --- a/secilc/docs/Makefile
>> +++ b/secilc/docs/Makefile
>> @@ -1,7 +1,7 @@
>>   CWD ?= $(shell pwd)
>>   HTMLDIR ?= $(CWD)/html
>>   PDFDIR ?= $(CWD)/pdf
>> -TMPDIR ?= $(CWD)/tmp
>> +TMP_DIR ?= $(CWD)/tmp
>>   TESTDIR ?= $(CWD)/../test
> 
> Maybe it would be enough to drop `?=`:
> 
> CWD = $(shell pwd)
> HTMLDIR = $(CWD)/html
> PDFDIR = $(CWD)/pdf
> TMPDIR = $(CWD)/tmp
> TESTDIR = $(CWD)/../test

That could work, assuming that the higher level Makefiles or builders 
don't use the variables.

Other approaches could be to rework build process to use 'mktemp -d' and 
immediately removing the temporary directory, or generating the 
temporary files with a prefix (%.md -> %.sedded) in the build directory.

-Topi

> 
> 
> 
>>   # All the markdown files that make up the guide:
>> @@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \
>>   	cil_infiniband_statements.md \
>>   	cil_xen_statements.md
>>   
>> -PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST))
>> +PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST))
>>   
>>   PDF_OUT=CIL_Reference_Guide.pdf
>>   HTML_OUT=CIL_Reference_Guide.html
>> @@ -40,29 +40,29 @@ endif
>>   
>>   all: html pdf
>>   
>> -$(TMPDIR):
>> -	mkdir -p $(TMPDIR)
>> +$(TMP_DIR):
>> +	mkdir -p $(TMP_DIR)
>>   
>> -$(TMPDIR)/%.md: %.md | $(TMPDIR)
>> -	cp -f $< $(TMPDIR)/
>> +$(TMP_DIR)/%.md: %.md | $(TMP_DIR)
>> +	cp -f $< $(TMP_DIR)/
>>   	@# Substitute markdown links for conversion into PDF links
>>   	$(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
>>   
>> -$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil
>> +$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil
>>   	cp -f $< $@
>>   	@# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion.
>>   	$(SED) -i '1i Example Policy\n=========\n```' $@
>>   	echo '```' >> $@
>>   
>> -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
>> +html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
>>   	mkdir -p $(HTMLDIR)
>>   	$(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT)
>>   
>> -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
>> +pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
>>   	mkdir -p $(PDFDIR)
>>   	$(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT)
>>   
>>   clean:
>>   	rm -rf $(HTMLDIR)
>>   	rm -rf $(PDFDIR)
>> -	rm -rf $(TMPDIR)
>> +	rm -rf $(TMP_DIR)
>> -- 
>> 2.26.2
>>
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] secilc/docs: fix use of TMPDIR #240
  2020-05-15 11:19   ` Topi Miettinen
@ 2020-05-15 11:29     ` Petr Lautrbach
  0 siblings, 0 replies; 4+ messages in thread
From: Petr Lautrbach @ 2020-05-15 11:29 UTC (permalink / raw)
  To: selinux; +Cc: Topi Miettinen

[-- Attachment #1: Type: text/plain, Size: 4292 bytes --]

On Fri, May 15, 2020 at 02:19:37PM +0300, Topi Miettinen wrote:
> On 15.5.2020 14.09, Petr Lautrbach wrote:
> > On Fri, May 15, 2020 at 01:51:05PM +0300, Topi Miettinen wrote:
> > > Environment variable TMPDIR may be already set for the user building
> > > and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing
> > > directories. Then when running 'make clean', there are unintended side
> > > effects:
> > > 
> > > rm -rf /run/user/1000
> > > rm: cannot remove '/run/user/1000/dconf/user': Permission denied
> > > rm: cannot remove '/run/user/1000/systemd': Permission denied
> > > rm: cannot remove '/run/user/1000/gnupg': Permission denied
> > > rm: cannot remove '/run/user/1000/dbus-1': Is a directory
> > > rm: cannot remove '/run/user/1000/inaccessible': Permission denied
> > > make[1]: *** [Makefile:68: clean] Error 1
> > > 
> > > Fix by using a different name.
> > > 
> > > Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
> > > ---
> > >   secilc/docs/Makefile | 20 ++++++++++----------
> > >   1 file changed, 10 insertions(+), 10 deletions(-)
> > > 
> > > diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile
> > > index 6b07ce7f..90214e0d 100644
> > > --- a/secilc/docs/Makefile
> > > +++ b/secilc/docs/Makefile
> > > @@ -1,7 +1,7 @@
> > >   CWD ?= $(shell pwd)
> > >   HTMLDIR ?= $(CWD)/html
> > >   PDFDIR ?= $(CWD)/pdf
> > > -TMPDIR ?= $(CWD)/tmp
> > > +TMP_DIR ?= $(CWD)/tmp
> > >   TESTDIR ?= $(CWD)/../test
> > 
> > Maybe it would be enough to drop `?=`:
> > 
> > CWD = $(shell pwd)
> > HTMLDIR = $(CWD)/html
> > PDFDIR = $(CWD)/pdf
> > TMPDIR = $(CWD)/tmp
> > TESTDIR = $(CWD)/../test
> 
> That could work, assuming that the higher level Makefiles or builders don't
> use the variables.

Higher level Makefiles don't use it. I'm not sure about builders but given that
this is a subdirectory of secilc and ../Makefile doesn't use I doubt that's the
case - Fedora, Arch and Debian don't use it.

It would be broken by your change anyway as you renamed TMPDIR to TMP_DIR.

> Other approaches could be to rework build process to use 'mktemp -d' and
> immediately removing the temporary directory, or generating the temporary
> files with a prefix (%.md -> %.sedded) in the build directory.
> 

Lets start with the simple step which fixes your problem, and if there's
demand to make it more robust, it can be enhanced later.


>
> > 
> > 
> > 
> > >   # All the markdown files that make up the guide:
> > > @@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \
> > >   	cil_infiniband_statements.md \
> > >   	cil_xen_statements.md
> > > -PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST))
> > > +PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST))
> > >   PDF_OUT=CIL_Reference_Guide.pdf
> > >   HTML_OUT=CIL_Reference_Guide.html
> > > @@ -40,29 +40,29 @@ endif
> > >   all: html pdf
> > > -$(TMPDIR):
> > > -	mkdir -p $(TMPDIR)
> > > +$(TMP_DIR):
> > > +	mkdir -p $(TMP_DIR)
> > > -$(TMPDIR)/%.md: %.md | $(TMPDIR)
> > > -	cp -f $< $(TMPDIR)/
> > > +$(TMP_DIR)/%.md: %.md | $(TMP_DIR)
> > > +	cp -f $< $(TMP_DIR)/
> > >   	@# Substitute markdown links for conversion into PDF links
> > >   	$(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
> > > -$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil
> > > +$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil
> > >   	cp -f $< $@
> > >   	@# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion.
> > >   	$(SED) -i '1i Example Policy\n=========\n```' $@
> > >   	echo '```' >> $@
> > > -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
> > > +html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
> > >   	mkdir -p $(HTMLDIR)
> > >   	$(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT)
> > > -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
> > > +pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil
> > >   	mkdir -p $(PDFDIR)
> > >   	$(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT)
> > >   clean:
> > >   	rm -rf $(HTMLDIR)
> > >   	rm -rf $(PDFDIR)
> > > -	rm -rf $(TMPDIR)
> > > +	rm -rf $(TMP_DIR)
> > > -- 
> > > 2.26.2
> > > 
> > 
> 

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-05-15 11:30 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-15 10:51 [PATCH] secilc/docs: fix use of TMPDIR #240 Topi Miettinen
2020-05-15 11:09 ` Petr Lautrbach
2020-05-15 11:19   ` Topi Miettinen
2020-05-15 11:29     ` Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.