From: Tyler Hicks <code@tyhicks.com>
To: Fan Wu <wufan@kernel.org>
Cc: Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Deven Bowers <deven.desai@linux.microsoft.com>,
Shyam Saini <shyamsaini@linux.microsoft.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] ipe: Search for the boot policy file in the source tree
Date: Wed, 22 Jan 2025 00:57:40 -0600 [thread overview]
Message-ID: <20250122065740.545042-1-code@tyhicks.com> (raw)
Resolve CONFIG_IPE_BOOT_POLICY relative file paths in the source tree if
the file was not found within the object tree and is not an absolute path.
This fixes an IPE build failure that occurs when using an output directory,
such as with the `O=/tmp/build` make option, during a build with the
CONFIG_IPE_BOOT_POLICY option set to a path that's relative to the kernel
source tree. For example,
$ grep CONFIG_IPE_BOOT_POLICY /tmp/build/.config
CONFIG_IPE_BOOT_POLICY="ipe-boot-policy"
$ touch ipe-boot-policy
$ make O=/tmp/build
make[1]: Entering directory '/tmp/build'
GEN Makefile
UPD include/config/kernel.release
UPD include/generated/utsrelease.h
CALL scripts/checksyscalls.sh
CC init/version.o
AR init/built-in.a
CC kernel/sys.o
AR kernel/built-in.a
IPE_POL ipe-boot-policy
An error occurred during policy conversion: : No such file or directory
make[5]: *** [security/ipe/Makefile:14: security/ipe/boot_policy.c] Error 2
make[4]: *** [scripts/Makefile.build:440: security/ipe] Error 2
make[3]: *** [scripts/Makefile.build:440: security] Error 2
make[2]: *** [Makefile:1989: .] Error 2
make[1]: *** [Makefile:251: __sub-make] Error 2
make[1]: Leaving directory '/tmp/build'
make: *** [Makefile:251: __sub-make] Error 2
Fixes: ba199dc909a2 ("scripts: add boot policy generation program")
Cc: stable@vger.kernel.org
Signed-off-by: Tyler Hicks <code@tyhicks.com>
---
security/ipe/Makefile | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/ipe/Makefile b/security/ipe/Makefile
index 2ffabfa63fe9..b54d7b7c9e6d 100644
--- a/security/ipe/Makefile
+++ b/security/ipe/Makefile
@@ -10,8 +10,10 @@ quiet_cmd_polgen = IPE_POL $(2)
targets += boot_policy.c
-$(obj)/boot_policy.c: scripts/ipe/polgen/polgen $(CONFIG_IPE_BOOT_POLICY) FORCE
- $(call if_changed,polgen,$(CONFIG_IPE_BOOT_POLICY))
+boot-pol := $(if $(wildcard $(CONFIG_IPE_BOOT_POLICY)),,$(srctree)/)$(CONFIG_IPE_BOOT_POLICY)
+
+$(obj)/boot_policy.c: scripts/ipe/polgen/polgen $(boot-pol) FORCE
+ $(call if_changed,polgen,$(boot-pol))
obj-$(CONFIG_SECURITY_IPE) += \
boot_policy.o \
--
2.34.1
next reply other threads:[~2025-01-22 6:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-22 6:57 Tyler Hicks [this message]
2025-01-22 18:41 ` [PATCH] ipe: Search for the boot policy file in the source tree Fan Wu
2025-01-23 1:38 ` Tyler Hicks
2025-01-23 5:01 ` Fan Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250122065740.545042-1-code@tyhicks.com \
--to=code@tyhicks.com \
--cc=deven.desai@linux.microsoft.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=shyamsaini@linux.microsoft.com \
--cc=wufan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).