summaryrefslogtreecommitdiffstats
path: root/SELinux
diff options
context:
space:
mode:
authorNathan Straz <nstraz@redhat.com>2013-08-27 16:44:19 -0500
committerNathan Straz <nstraz@redhat.com>2013-08-27 16:47:49 -0500
commitf76901b6a225e796f468354845313088df71f2f7 (patch)
tree4c47afcea18aa2393f98cb6fad47bcfaf573b1e3 /SELinux
parent3bfea1f66548c5dc3ee59d904c4fc47ce65953ce (diff)
downloadqarsh-f76901b6a225e796f468354845313088df71f2f7.tar.gz
qarsh-f76901b6a225e796f468354845313088df71f2f7.tar.xz
qarsh-f76901b6a225e796f468354845313088df71f2f7.zip
Catch errors in both make commands
Fix more errors as they are found. Takes longer to rebuild the policy, but we can start with no bad interfaces.
Diffstat (limited to 'SELinux')
-rw-r--r--SELinux/rebuild-policy.sh80
1 files changed, 63 insertions, 17 deletions
diff --git a/SELinux/rebuild-policy.sh b/SELinux/rebuild-policy.sh
index 64fce3c..f25c0e2 100644
--- a/SELinux/rebuild-policy.sh
+++ b/SELinux/rebuild-policy.sh
@@ -11,32 +11,78 @@ mark_bad()
echo $1 >> qarshd.bad-interfaces
}
+get_rule()
+{
+ head -n $1 qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//'
+}
+
lookup_rule()
{
- lineno=`grep -B1 $1 tmp/qarshd.tmp | head -n 1 | awk '{print $NF}'`;
- head -n $lineno qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//'
+ lineno=`grep -B1 $1 tmp/qarshd.tmp | awk '{print $NF; exit}'`;
+ get_rule $lineno
}
cp -a * $tmpdir
pushd $tmpdir
-make || exit 1
-
-until output=$(make load 2>&1); do
- badtype=`echo $output | perl -n -e'/libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'`
- if [ -z "$badtype" ]; then
- echo "Error not found in make.log"
+for cmd in "make" "make load"; do
+ until output=$($cmd 2>&1); do
+ badlineno=`echo "$output" | perl -n -e'/^qarshd.te":(\d+):ERROR/ && print "$1"'`
+ if [ -n "$badlineno" ]; then
+ badint=`get_rule $badlineno`
+ if [ -n "$badint" ]; then
+ mark_bad $badint
+ echo "$output" > $tmpdir/$badint.log
+ savetmp="yes"
+ continue
+ fi
+ fi
+ badtype=`echo "$output" | perl -n -e'/libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'`
+ if [ -n "$badtype" ]; then
+ badint=`lookup_rule $badtype`
+ if [ -n "$badint" ]; then
+ mark_bad $badint
+ echo "$output" > $tmpdir/$badint.log
+ savetmp="yes"
+ continue
+ else
+ echo "Interface not found from bad type $badtype"
+ exit 1
+ fi
+ fi
+ conflict=`echo "$output" | awk '/conflicting TE rule for \(qarshd_t/ { print $NF; exit }'`
+ if [ -n "$conflict" ]; then
+ badint=`lookup_rule $conflict`
+ if [ -n "$badint" ]; then
+ mark_bad $badint
+ echo "$output" > $tmpdir/$badint.log
+ savetmp="yes"
+ continue
+ else
+ echo "Interface not found from conflict type $conflict"
+ exit 1
+ fi
+ fi
+ dupe=`echo "$output" | awk '/duplicate TE rule for qarshd_t/ { print $NF; exit }'`
+ if [ -n "$dupe" ]; then
+ badint=`lookup_rule $dupe`
+ if [ -n "$badint" ]; then
+ mark_bad $badint
+ echo "$output" > $tmpdir/$badint.log
+ savetmp="yes"
+ continue
+ else
+ echo "Interface not found from duplicate type $dupe"
+ exit 1
+ fi
+ fi
+ echo "Error from $cmd not understood"
+ echo "------"
echo "$output"
+ echo "------"
+ echo "$output" > $tmpdir/$cmd.log
exit 1
- fi
- badint=`lookup_rule $badtype`
- if [ -z "$badint" ]; then
- echo "Interface not found from bad type $badtype"
- exit 1
- fi
- mark_bad $badint
- echo "$output" > $tmpdir/$badint.log
- savetmp="yes"
+ done
done
popd