diff options
| author | Nathan Straz <nstraz@redhat.com> | 2013-08-27 09:37:04 -0500 |
|---|---|---|
| committer | Nathan Straz <nstraz@redhat.com> | 2013-08-27 09:37:04 -0500 |
| commit | 3bfea1f66548c5dc3ee59d904c4fc47ce65953ce (patch) | |
| tree | 2f6708375cbc47bfb76fcd721befbfefd215fef1 /SELinux | |
| parent | 3fac041e593c3581953e6294736e2db2ad53b709 (diff) | |
| download | qarsh-3bfea1f66548c5dc3ee59d904c4fc47ce65953ce.tar.gz qarsh-3bfea1f66548c5dc3ee59d904c4fc47ce65953ce.tar.xz qarsh-3bfea1f66548c5dc3ee59d904c4fc47ce65953ce.zip | |
Rebuild policy in a temp directory
Avoid hitting an AVC from rebuilding in the doc directory.
The logs are saved if we find more bad interfaces.
Diffstat (limited to 'SELinux')
| -rw-r--r-- | SELinux/rebuild-policy.sh | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/SELinux/rebuild-policy.sh b/SELinux/rebuild-policy.sh index c500efe..64fce3c 100644 --- a/SELinux/rebuild-policy.sh +++ b/SELinux/rebuild-policy.sh @@ -2,6 +2,8 @@ # # Try really hard to rebuild SELinux policy # +tmpdir=$(mktemp -d -t qarshd-rebuild-policy.XXXX) +savetmp="" mark_bad() { @@ -15,13 +17,16 @@ lookup_rule() head -n $lineno qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//' } +cp -a * $tmpdir +pushd $tmpdir + make || exit 1 -until make load > make.log 2>&1; do - badtype=`cat make.log | perl -n -e'/^libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'` +until output=$(make load 2>&1); do + badtype=`echo $output | perl -n -e'/libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'` if [ -z "$badtype" ]; then echo "Error not found in make.log" - cat make.log + echo "$output" exit 1 fi badint=`lookup_rule $badtype` @@ -30,6 +35,13 @@ until make load > make.log 2>&1; do exit 1 fi mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" done +popd -rm -f make.log +if [ -z "$savetmp" ]; then + rm -rf $tmpdir +else + echo "Saved policy rebuild logs in $tmpdir" +fi |