search

SELinuxProject / refpolicy

SELinux Reference Policy v2
https://github.com/SELinuxProject/refpolicy/wiki
GNU General Public License v2.0
308 stars 138 forks source link

Incorrect path using DESTDIR= and LOCAL_ROOT= #810

Closed iam-TJ closed 1 month ago

iam-TJ commented 1 month ago

Apologies if this wrangling of Makefile variables is not supposed to be done, but...

I'm attempting to use refpolicy to (learn how to) generate a very small base policy for installation into an intrd.img to cover just busybox .

I have an out-of-tree directory that is the base directory of the to-be-created initrd.img where the install target should generate the policy. For now I'm simply attempting to build and install the unchanged refpolicy. After make ... conf && make ... base the make ... install results in:

make DESTDIR=~/Lab/linux/selinux/test_initrd LOCAL_ROOT=~/Lab/linux/selinux/base install
Installing experimental base.pp policy package.
install -m 0644 /home/tj/Lab/linux/selinux/base/base.pp /home/tj/Lab/linux/test_initrd//usr/share/selinux/experimental
make: *** No rule to make target '/home/tj/Lab/linux/test_initrd//usr/share/selinux/experimental//home/tj/Lab/linux/selinux/base/abrt.pp', needed by 'install'.  Stop.

Notice the target path includes LOCAL_ROOT where it should presumably be /home/tj/Lab/linux/test_initrd//usr/share/selinux/experimental/abrt.pp

I've tried to do some make --print-data-base ... tracing and I think the issue is likely caused in Rules.modular where it does:

# policy packages to install
instpkg := $(addprefix $(modpkgdir)/,$(notdir $(base_pkg)) $(mod_pkgs))
iam-TJ commented 1 month ago

After some experimentation this change generates what appears to be correct output (all the *.pp files in $(DEST_DIR)/usr/share/selinux/$(NAME)/ ) but not sure if this will break the usual expected output in any way.

$ git diff
diff --git a/Rules.modular b/Rules.modular
index c731ea01d..b17e3af4c 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -21,7 +21,8 @@ base_te_files := $(base_mods)
 base_post_te_files := $(user_files) $(poldir)/constraints
 base_fc_files := $(base_mods:.te=.fc)

-mod_pkgs := $(addprefix $(builddir),$(notdir $(mod_mods:.te=.pp)))
+#mod_pkgs := $(addprefix $(builddir),$(notdir $(mod_mods:.te=.pp)))
+mod_pkgs := $(notdir $(mod_mods:.te=.pp))

 # policy packages to install
 instpkg := $(addprefix $(modpkgdir)/,$(notdir $(base_pkg)) $(mod_pkgs))
pebenito commented 1 month ago

To propose a change, please submit a pull request. We can look at the artifacts of the github actions and compare output.