[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH for-4.8] flask: build policy in different locations

The flask policy can be build twice -- one for hypervisor and one for
tools.

Before this patch, everything is built inside tools/flask/policy
directory.  It is possible to have a race to write to the same output
file when running parallel builds.

Prepend output file names with FLASK_BUILD_DIR. Hypervisor and tools
build will set that variable to different directories, so that we can
be safe from races.

Adjust other bits of the build system as needed.

Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 .gitignore                         |  2 ++
 tools/flask/policy/Makefile        |  2 ++
 tools/flask/policy/Makefile.common | 12 ++++++++----
 xen/xsm/flask/Makefile             |  7 ++++---
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6e5955e..a2f34a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -285,6 +285,8 @@ xen/xsm/flask/include/av_permissions.h
 xen/xsm/flask/include/class_to_string.h
 xen/xsm/flask/include/flask.h
 xen/xsm/flask/include/initial_sid_to_string.h
+xen/xsm/flask/policy.*
+xen/xsm/flask/xenpolicy-*
 tools/flask/policy/policy.conf
 tools/flask/policy/xenpolicy-*
 xen/xen
diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile
index bead199..2fa8392 100644
--- a/tools/flask/policy/Makefile
+++ b/tools/flask/policy/Makefile
@@ -1,4 +1,6 @@
 XEN_ROOT=$(CURDIR)/../../..
 include $(XEN_ROOT)/tools/Rules.mk
 
+FLASK_BUILD_DIR=$(CURDIR)
+
 include $(CURDIR)/Makefile.common
diff --git a/tools/flask/policy/Makefile.common 
b/tools/flask/policy/Makefile.common
index 312dec9..6d3ae3b 100644
--- a/tools/flask/policy/Makefile.common
+++ b/tools/flask/policy/Makefile.common
@@ -3,6 +3,10 @@
 
 XEN_ROOT=$(CURDIR)/../../..
 
+ifeq ($(FLASK_BUILD_DIR),)
+$(error FLASK_BUILD_DIR not set)
+endif
+
 ########################################
 #
 # Configurable portions of the Makefile
@@ -31,7 +35,7 @@ OUTPUT_POLICY ?= $(BEST_POLICY_VER)
 #
 ########################################
 
-POLICY_FILENAME = xenpolicy-$(shell $(MAKE) -C $(XEN_ROOT)/xen xenversion 
--no-print-directory)
+POLICY_FILENAME = $(FLASK_BUILD_DIR)/xenpolicy-$(shell $(MAKE) -C 
$(XEN_ROOT)/xen xenversion --no-print-directory)
 POLICY_LOADPATH = /boot
 
 # List of policy versions supported by the hypervisor
@@ -114,14 +118,14 @@ install: $(POLICY_FILENAME)
        $(INSTALL_DIR) $(DESTDIR)/$(POLICY_LOADPATH)
        $(INSTALL_DATA) $^ $(DESTDIR)/$(POLICY_LOADPATH)
 
-$(POLICY_FILENAME): policy.conf
+$(POLICY_FILENAME): $(FLASK_BUILD_DIR)/policy.conf
        $(CHECKPOLICY) $(CHECKPOLICY_PARAM) $^ -o $@
 
-policy.conf: $(POLICY_SECTIONS) $(MOD_CONF)
+$(FLASK_BUILD_DIR)/policy.conf: $(POLICY_SECTIONS) $(MOD_CONF)
        $(M4) $(M4PARAM) $(POLICY_SECTIONS) > $@
 
 clean:
-       $(RM) tmp policy.conf $(POLICY_FILENAME)
+       $(RM) $(FLASK_BUILD_DIR)/tmp $(FLASK_BUILD_DIR)/policy.conf 
$(POLICY_FILENAME)
 
 distclean: clean
 
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index 0ed7d7b..898cc20 100644
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -29,10 +29,11 @@ $(AV_H_FILES): $(AV_H_DEPEND)
 
 obj-$(CONFIG_XSM_POLICY) += policy.o
 
-POLICY_SRC := $(XEN_ROOT)/tools/flask/policy/xenpolicy-$(XEN_FULLVERSION)
+FLASK_BUILD_DIR := $(CURDIR)
+POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION)
 
 policy.bin: FORCE
-       $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C 
$(XEN_ROOT)/tools/flask/policy
+       $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C 
$(XEN_ROOT)/tools/flask/policy FLASK_BUILD_DIR=$(FLASK_BUILD_DIR)
        cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@
 
 policy.c: policy.bin gen-policy.py
@@ -40,4 +41,4 @@ policy.c: policy.bin gen-policy.py
 
 .PHONY: clean
 clean::
-       rm -f $(ALL_H_FILES) *.o $(DEPS) policy.c policy.bin
+       rm -f $(ALL_H_FILES) *.o $(DEPS) policy.* $(POLICY_SRC)
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.