diff options
Diffstat (limited to 'testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch')
| -rw-r--r-- | testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch b/testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch new file mode 100644 index 00000000000..14cc0b272b8 --- /dev/null +++ b/testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch @@ -0,0 +1,104 @@ +From e23c66c45436833046a0f7bdd80ad41fc6ebd050 Mon Sep 17 00:00:00 2001 +From: allgdante <allan.garret@gmail.com> +Date: Mon, 23 Mar 2020 15:09:15 +0000 +Subject: [PATCH 11/12] Generate CAPABILITIES in a script due to make 4.3 + +This way we could generate the capabilities in a way that works with +every version of make. +Changes to list_capabilities are intended to exactly replicate the old +behavior. +--- + common/Make.rules | 13 ------------- + common/list_capabilities.sh | 14 ++++++++++++++ + parser/Makefile | 2 +- + utils/Makefile | 2 +- + utils/vim/create-apparmor.vim.py | 2 +- + 5 files changed, 17 insertions(+), 16 deletions(-) + create mode 100755 common/list_capabilities.sh + +diff --git a/common/Make.rules b/common/Make.rules +index 357bdec8..ecc6181a 100644 +--- a/common/Make.rules ++++ b/common/Make.rules +@@ -74,19 +74,6 @@ endif + pod_clean: + -rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp + +-# ===================== +-# generate list of capabilities based on +-# /usr/include/linux/capabilities.h for use in multiple locations in +-# the source tree +-# ===================== +- +-# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2" +-CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LC_ALL=C sort) +- +-.PHONY: list_capabilities +-list_capabilities: /usr/include/linux/capability.h +- @echo "$(CAPABILITIES)" +- + # ===================== + # manpages + # ===================== +diff --git a/common/list_capabilities.sh b/common/list_capabilities.sh +new file mode 100755 +index 00000000..4e37cda7 +--- /dev/null ++++ b/common/list_capabilities.sh +@@ -0,0 +1,14 @@ ++#!/bin/bash -e ++ ++# ===================== ++# generate list of capabilities based on ++# /usr/include/linux/capabilities.h for use in multiple locations in ++# the source tree ++# ===================== ++ ++echo "#include <linux/capability.h>" | \ ++ cpp -dM | \ ++ LC_ALL=C sed -n \ ++ -e '/CAP_EMPTY_SET/d' \ ++ -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$/CAP_\1/p' | \ ++ LC_ALL=C sort +diff --git a/parser/Makefile b/parser/Makefile +index aa5ab730..1df7c143 100644 +--- a/parser/Makefile ++++ b/parser/Makefile +@@ -287,7 +287,7 @@ af_names.h: ../common/list_af_names.sh + # cat $@ + + cap_names.h: /usr/include/linux/capability.h +- echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@ ++ ../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@ + + tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS}) + $(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS) +diff --git a/utils/Makefile b/utils/Makefile +index 01604796..16248083 100644 +--- a/utils/Makefile ++++ b/utils/Makefile +@@ -77,7 +77,7 @@ clean: pod_clean + .SILENT: check_severity_db + check_severity_db: /usr/include/linux/capability.h severity.db + # The sed statement is based on the one in the parser's makefile +- RC=0 ; for cap in ${CAPABILITIES} ; do \ ++ RC=0 ; for cap in $(shell ../common/list_capabilities.sh) ; do \ + if ! grep -q -w $${cap} severity.db ; then \ + echo "Warning! capability $${cap} not found in severity.db" ; \ + RC=1 ; \ +diff --git a/utils/vim/create-apparmor.vim.py b/utils/vim/create-apparmor.vim.py +index fea134f6..6a5f02a2 100644 +--- a/utils/vim/create-apparmor.vim.py ++++ b/utils/vim/create-apparmor.vim.py +@@ -45,7 +45,7 @@ def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, s + return [sp.returncode, out + outerr] + + # get capabilities list +-(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities']) ++(rc, output) = cmd(['../../common/list_capabilities.sh']) + if rc != 0: + sys.stderr.write("make list_capabilities failed: " + output) + exit(rc) +-- +2.25.2 + |