From: Wei Liu <wei.liu2@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
Wei Liu <wei.liu2@citrix.com>
Subject: [PATCH for-4.8] flask: build policy in different locations
Date: Fri, 28 Oct 2016 16:17:17 +0100 [thread overview]
Message-ID: <1477667837-31397-1-git-send-email-wei.liu2@citrix.com> (raw)
The flask policy can be build twice -- one for hypervisor and one for
tools.
Before this patch, everything is built inside tools/flask/policy
directory. It is possible to have a race to write to the same output
file when running parallel builds.
Prepend output file names with FLASK_BUILD_DIR. Hypervisor and tools
build will set that variable to different directories, so that we can
be safe from races.
Adjust other bits of the build system as needed.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
---
.gitignore | 2 ++
tools/flask/policy/Makefile | 2 ++
tools/flask/policy/Makefile.common | 12 ++++++++----
xen/xsm/flask/Makefile | 7 ++++---
4 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/.gitignore b/.gitignore
index 6e5955e..a2f34a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -285,6 +285,8 @@ xen/xsm/flask/include/av_permissions.h
xen/xsm/flask/include/class_to_string.h
xen/xsm/flask/include/flask.h
xen/xsm/flask/include/initial_sid_to_string.h
+xen/xsm/flask/policy.*
+xen/xsm/flask/xenpolicy-*
tools/flask/policy/policy.conf
tools/flask/policy/xenpolicy-*
xen/xen
diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile
index bead199..2fa8392 100644
--- a/tools/flask/policy/Makefile
+++ b/tools/flask/policy/Makefile
@@ -1,4 +1,6 @@
XEN_ROOT=$(CURDIR)/../../..
include $(XEN_ROOT)/tools/Rules.mk
+FLASK_BUILD_DIR=$(CURDIR)
+
include $(CURDIR)/Makefile.common
diff --git a/tools/flask/policy/Makefile.common b/tools/flask/policy/Makefile.common
index 312dec9..6d3ae3b 100644
--- a/tools/flask/policy/Makefile.common
+++ b/tools/flask/policy/Makefile.common
@@ -3,6 +3,10 @@
XEN_ROOT=$(CURDIR)/../../..
+ifeq ($(FLASK_BUILD_DIR),)
+$(error FLASK_BUILD_DIR not set)
+endif
+
########################################
#
# Configurable portions of the Makefile
@@ -31,7 +35,7 @@ OUTPUT_POLICY ?= $(BEST_POLICY_VER)
#
########################################
-POLICY_FILENAME = xenpolicy-$(shell $(MAKE) -C $(XEN_ROOT)/xen xenversion --no-print-directory)
+POLICY_FILENAME = $(FLASK_BUILD_DIR)/xenpolicy-$(shell $(MAKE) -C $(XEN_ROOT)/xen xenversion --no-print-directory)
POLICY_LOADPATH = /boot
# List of policy versions supported by the hypervisor
@@ -114,14 +118,14 @@ install: $(POLICY_FILENAME)
$(INSTALL_DIR) $(DESTDIR)/$(POLICY_LOADPATH)
$(INSTALL_DATA) $^ $(DESTDIR)/$(POLICY_LOADPATH)
-$(POLICY_FILENAME): policy.conf
+$(POLICY_FILENAME): $(FLASK_BUILD_DIR)/policy.conf
$(CHECKPOLICY) $(CHECKPOLICY_PARAM) $^ -o $@
-policy.conf: $(POLICY_SECTIONS) $(MOD_CONF)
+$(FLASK_BUILD_DIR)/policy.conf: $(POLICY_SECTIONS) $(MOD_CONF)
$(M4) $(M4PARAM) $(POLICY_SECTIONS) > $@
clean:
- $(RM) tmp policy.conf $(POLICY_FILENAME)
+ $(RM) $(FLASK_BUILD_DIR)/tmp $(FLASK_BUILD_DIR)/policy.conf $(POLICY_FILENAME)
distclean: clean
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index 0ed7d7b..898cc20 100644
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -29,10 +29,11 @@ $(AV_H_FILES): $(AV_H_DEPEND)
obj-$(CONFIG_XSM_POLICY) += policy.o
-POLICY_SRC := $(XEN_ROOT)/tools/flask/policy/xenpolicy-$(XEN_FULLVERSION)
+FLASK_BUILD_DIR := $(CURDIR)
+POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION)
policy.bin: FORCE
- $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C $(XEN_ROOT)/tools/flask/policy
+ $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C $(XEN_ROOT)/tools/flask/policy FLASK_BUILD_DIR=$(FLASK_BUILD_DIR)
cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@
policy.c: policy.bin gen-policy.py
@@ -40,4 +41,4 @@ policy.c: policy.bin gen-policy.py
.PHONY: clean
clean::
- rm -f $(ALL_H_FILES) *.o $(DEPS) policy.c policy.bin
+ rm -f $(ALL_H_FILES) *.o $(DEPS) policy.* $(POLICY_SRC)
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next reply other threads:[~2016-10-28 15:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-28 15:17 Wei Liu [this message]
2016-10-28 15:32 ` [PATCH for-4.8] flask: build policy in different locations Jan Beulich
2016-10-28 15:39 ` Wei Liu
2016-11-02 10:16 ` Wei Liu
2016-11-03 15:17 ` Daniel De Graaf
2016-11-03 15:22 ` Wei Liu
2016-11-04 14:25 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1477667837-31397-1-git-send-email-wei.liu2@citrix.com \
--to=wei.liu2@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.jackson@eu.citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).