diff options
author | Nathan Straz <nstraz@redhat.com> | 2013-08-27 16:44:19 -0500 |
---|---|---|
committer | Nathan Straz <nstraz@redhat.com> | 2013-08-27 16:47:49 -0500 |
commit | f76901b6a225e796f468354845313088df71f2f7 (patch) | |
tree | 4c47afcea18aa2393f98cb6fad47bcfaf573b1e3 /SELinux | |
parent | 3bfea1f66548c5dc3ee59d904c4fc47ce65953ce (diff) | |
download | qarsh-f76901b6a225e796f468354845313088df71f2f7.tar.gz qarsh-f76901b6a225e796f468354845313088df71f2f7.tar.xz qarsh-f76901b6a225e796f468354845313088df71f2f7.zip |
Catch errors in both make commands
Fix more errors as they are found. Takes longer to
rebuild the policy, but we can start with no bad interfaces.
Diffstat (limited to 'SELinux')
-rw-r--r-- | SELinux/rebuild-policy.sh | 80 |
1 files changed, 63 insertions, 17 deletions
diff --git a/SELinux/rebuild-policy.sh b/SELinux/rebuild-policy.sh index 64fce3c..f25c0e2 100644 --- a/SELinux/rebuild-policy.sh +++ b/SELinux/rebuild-policy.sh @@ -11,32 +11,78 @@ mark_bad() echo $1 >> qarshd.bad-interfaces } +get_rule() +{ + head -n $1 qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//' +} + lookup_rule() { - lineno=`grep -B1 $1 tmp/qarshd.tmp | head -n 1 | awk '{print $NF}'`; - head -n $lineno qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//' + lineno=`grep -B1 $1 tmp/qarshd.tmp | awk '{print $NF; exit}'`; + get_rule $lineno } cp -a * $tmpdir pushd $tmpdir -make || exit 1 - -until output=$(make load 2>&1); do - badtype=`echo $output | perl -n -e'/libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'` - if [ -z "$badtype" ]; then - echo "Error not found in make.log" +for cmd in "make" "make load"; do + until output=$($cmd 2>&1); do + badlineno=`echo "$output" | perl -n -e'/^qarshd.te":(\d+):ERROR/ && print "$1"'` + if [ -n "$badlineno" ]; then + badint=`get_rule $badlineno` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + fi + fi + badtype=`echo "$output" | perl -n -e'/libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'` + if [ -n "$badtype" ]; then + badint=`lookup_rule $badtype` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + else + echo "Interface not found from bad type $badtype" + exit 1 + fi + fi + conflict=`echo "$output" | awk '/conflicting TE rule for \(qarshd_t/ { print $NF; exit }'` + if [ -n "$conflict" ]; then + badint=`lookup_rule $conflict` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + else + echo "Interface not found from conflict type $conflict" + exit 1 + fi + fi + dupe=`echo "$output" | awk '/duplicate TE rule for qarshd_t/ { print $NF; exit }'` + if [ -n "$dupe" ]; then + badint=`lookup_rule $dupe` + if [ -n "$badint" ]; then + mark_bad $badint + echo "$output" > $tmpdir/$badint.log + savetmp="yes" + continue + else + echo "Interface not found from duplicate type $dupe" + exit 1 + fi + fi + echo "Error from $cmd not understood" + echo "------" echo "$output" + echo "------" + echo "$output" > $tmpdir/$cmd.log exit 1 - fi - badint=`lookup_rule $badtype` - if [ -z "$badint" ]; then - echo "Interface not found from bad type $badtype" - exit 1 - fi - mark_bad $badint - echo "$output" > $tmpdir/$badint.log - savetmp="yes" + done done popd |