]> xenbits.xensource.com Git - xen.git/commitdiff
projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a0e9899)
flask: build policy in different locations
authorWei Liu <wei.liu2@citrix.com>
Fri, 28 Oct 2016 15:17:17 +0000 (16:17 +0100)
committerWei Liu <wei.liu2@citrix.com>
Fri, 4 Nov 2016 14:08:10 +0000 (14:08 +0000)
The flask policy can be build twice -- one for hypervisor and one for
tools.

Before this patch, everything is built inside tools/flask/policy
directory.  It is possible to have a race to write to the same output
file when running parallel builds.

Prepend output file names with FLASK_BUILD_DIR. Hypervisor and tools
build will set that variable to different directories, so that we can
be safe from races.

Adjust other bits of the build system as needed.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
.gitignore patch | blob | blame | history
tools/flask/policy/Makefile patch | blob | blame | history
tools/flask/policy/Makefile.common patch | blob | blame | history
xen/xsm/flask/Makefile patch | blob | blame | history

diff --git a/.gitignore b/.gitignore
index 6e5955e47024ab0ab1e2ae72bebf23b2505c0f2e..a2f34a14cbff2d80850246dab505a6be6cde59fe 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -285,6 +285,8 @@ xen/xsm/flask/include/av_permissions.h
 xen/xsm/flask/include/class_to_string.h
 xen/xsm/flask/include/flask.h
 xen/xsm/flask/include/initial_sid_to_string.h
+xen/xsm/flask/policy.*
+xen/xsm/flask/xenpolicy-*
 tools/flask/policy/policy.conf
 tools/flask/policy/xenpolicy-*
 xen/xen
diff --git a/tools/flask/policy/Makefile b/tools/flask/policy/Makefile
index bead199ea40855eab7115c876ab023dbef3e7031..2fa83920794e449bc0bef71b0ca182c6a5c6db69 100644 (file)
--- a/tools/flask/policy/Makefile
+++ b/tools/flask/policy/Makefile
@@ -1,4 +1,6 @@
 XEN_ROOT=$(CURDIR)/../../..
 include $(XEN_ROOT)/tools/Rules.mk
 
+FLASK_BUILD_DIR=$(CURDIR)
+
 include $(CURDIR)/Makefile.common
diff --git a/tools/flask/policy/Makefile.common b/tools/flask/policy/Makefile.common
index 312dec9cabda2fb97bb7dca14be99644df8db9ce..bb85ded4f5f31b88c3ef45b7ab6c922a5e2bad05 100644 (file)
--- a/tools/flask/policy/Makefile.common
+++ b/tools/flask/policy/Makefile.common
@@ -3,6 +3,10 @@
 
 XEN_ROOT=$(CURDIR)/../../..
 
+ifeq ($(FLASK_BUILD_DIR),)
+$(error FLASK_BUILD_DIR not set)
+endif
+
 ########################################
 #
 # Configurable portions of the Makefile
@@ -31,7 +35,7 @@ OUTPUT_POLICY ?= $(BEST_POLICY_VER)
 #
 ########################################
 
-POLICY_FILENAME = xenpolicy-$(shell $(MAKE) -C $(XEN_ROOT)/xen xenversion --no-print-directory)
+POLICY_FILENAME = $(FLASK_BUILD_DIR)/xenpolicy-$(shell $(MAKE) -C $(XEN_ROOT)/xen xenversion --no-print-directory)
 POLICY_LOADPATH = /boot
 
 # List of policy versions supported by the hypervisor
@@ -114,14 +118,14 @@ install: $(POLICY_FILENAME)
        $(INSTALL_DIR) $(DESTDIR)/$(POLICY_LOADPATH)
        $(INSTALL_DATA) $^ $(DESTDIR)/$(POLICY_LOADPATH)
 
-$(POLICY_FILENAME): policy.conf
+$(POLICY_FILENAME): $(FLASK_BUILD_DIR)/policy.conf
        $(CHECKPOLICY) $(CHECKPOLICY_PARAM) $^ -o $@
 
-policy.conf: $(POLICY_SECTIONS) $(MOD_CONF)
+$(FLASK_BUILD_DIR)/policy.conf: $(POLICY_SECTIONS) $(MOD_CONF)
        $(M4) $(M4PARAM) $(POLICY_SECTIONS) > $@
 
 clean:
-       $(RM) tmp policy.conf $(POLICY_FILENAME)
+       $(RM) $(FLASK_BUILD_DIR)/policy.conf $(POLICY_FILENAME)
 
 distclean: clean
 
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index 0ed7d7b5c5ba5f2684e98d94bb387e7e61a72180..898cc202e26d3510ac2b94422ac1e091cd773a32 100644 (file)
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -29,10 +29,11 @@ $(AV_H_FILES): $(AV_H_DEPEND)
 
 obj-$(CONFIG_XSM_POLICY) += policy.o
 
-POLICY_SRC := $(XEN_ROOT)/tools/flask/policy/xenpolicy-$(XEN_FULLVERSION)
+FLASK_BUILD_DIR := $(CURDIR)
+POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION)
 
 policy.bin: FORCE
-       $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C $(XEN_ROOT)/tools/flask/policy
+       $(MAKE) -f $(XEN_ROOT)/tools/flask/policy/Makefile.common -C $(XEN_ROOT)/tools/flask/policy FLASK_BUILD_DIR=$(FLASK_BUILD_DIR)
        cmp -s $(POLICY_SRC) $@ || cp $(POLICY_SRC) $@
 
 policy.c: policy.bin gen-policy.py
@@ -40,4 +41,4 @@ policy.c: policy.bin gen-policy.py
 
 .PHONY: clean
 clean::
-       rm -f $(ALL_H_FILES) *.o $(DEPS) policy.c policy.bin
+       rm -f $(ALL_H_FILES) *.o $(DEPS) policy.* $(POLICY_SRC)
Xen (staging and unstable) mirror