From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 707631382C5 for ; Sun, 7 Feb 2021 03:20:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5A065E0875; Sun, 7 Feb 2021 03:20:09 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 268E5E0875 for ; Sun, 7 Feb 2021 03:20:09 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A2808342069 for ; Sun, 7 Feb 2021 03:20:07 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id AB15F4C5 for ; Sun, 7 Feb 2021 03:20:04 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1612644851.9640bce3661c84abb5bfd0aebccd60dc22a13c5e.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: / X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: Rules.monolithic X-VCS-Directories: / X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 9640bce3661c84abb5bfd0aebccd60dc22a13c5e X-VCS-Branch: master Date: Sun, 7 Feb 2021 03:20:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: ff144f1e-6768-4ab9-93f9-6c01a4ee293f X-Archives-Hash: e9d304b5ea1ca803cec6452a64525d42 commit: 9640bce3661c84abb5bfd0aebccd60dc22a13c5e Author: Christian Göttsche googlemail com> AuthorDate: Sun Jan 31 20:50:29 2021 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sat Feb 6 20:54:11 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9640bce3 Rules.monolithic: ignore version mismatch Ignore version mismatch when OUTPUT_POLICY is defined and the kernel supports a higher policy version. Currently Debian ships SELinux userland tools 3.1, which supports version 32, and Linux 5.10, which supports version 33. Signed-off-by: Christian Göttsche googlemail.com> Signed-off-by: Jason Zaman gentoo.org> Rules.monolithic | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Rules.monolithic b/Rules.monolithic index 7dbc2e1c..65529d38 100644 --- a/Rules.monolithic +++ b/Rules.monolithic @@ -13,6 +13,11 @@ ifeq "$(kv)" "" kv := $(pv) endif +# dont print version warnings if we specified a lower version than the kernel supports +ifneq "$(OUTPUT_POLICY)" "" + kv := $(shell if test $(kv) -gt $(pv); then echo $(pv); else echo $(kv); fi) +endif + # load_policy(8) loads policy from /etc/selinux//policy/policy.$(pv) # It does this by reading the /etc/selinux/config file SELINUXTYPE entry to # form the full path. $(polbinpath) will contain this evaluated path for use as @@ -73,7 +78,7 @@ $(polver): $(policy_conf) @echo "Compiling $(NAME) $(polver)" ifneq ($(pv),$(kv)) @echo - @echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?" + @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))! Is your OUTPUT_POLICY set correctly?" @echo endif $(verbose) $(CHECKPOLICY) -U $(UNK_PERMS) $^ -o $@ @@ -86,7 +91,7 @@ $(loadpath): $(policy_conf) @echo "Compiling and installing $(NAME) $(loadpath)" ifneq ($(pv),$(kv)) @echo - @echo "WARNING: Policy version mismatch! Is your OUTPUT_POLICY set correctly?" + @echo "WARNING: Policy version mismatch (policy:$(pv) kernel:$(kv))! Is your OUTPUT_POLICY set correctly?" @echo endif @$(INSTALL) -d -m 0755 $(@D)