1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
From e23c66c45436833046a0f7bdd80ad41fc6ebd050 Mon Sep 17 00:00:00 2001
From: allgdante <allan.garret@gmail.com>
Date: Mon, 23 Mar 2020 15:09:15 +0000
Subject: [PATCH 11/12] Generate CAPABILITIES in a script due to make 4.3
This way we could generate the capabilities in a way that works with
every version of make.
Changes to list_capabilities are intended to exactly replicate the old
behavior.
---
common/Make.rules | 13 -------------
common/list_capabilities.sh | 14 ++++++++++++++
parser/Makefile | 2 +-
utils/Makefile | 2 +-
utils/vim/create-apparmor.vim.py | 2 +-
5 files changed, 17 insertions(+), 16 deletions(-)
create mode 100755 common/list_capabilities.sh
diff --git a/common/Make.rules b/common/Make.rules
index 357bdec8..ecc6181a 100644
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -74,19 +74,6 @@ endif
pod_clean:
-rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
-# =====================
-# generate list of capabilities based on
-# /usr/include/linux/capabilities.h for use in multiple locations in
-# the source tree
-# =====================
-
-# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
-CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LC_ALL=C sort)
-
-.PHONY: list_capabilities
-list_capabilities: /usr/include/linux/capability.h
- @echo "$(CAPABILITIES)"
-
# =====================
# manpages
# =====================
diff --git a/common/list_capabilities.sh b/common/list_capabilities.sh
new file mode 100755
index 00000000..4e37cda7
--- /dev/null
+++ b/common/list_capabilities.sh
@@ -0,0 +1,14 @@
+#!/bin/bash -e
+
+# =====================
+# generate list of capabilities based on
+# /usr/include/linux/capabilities.h for use in multiple locations in
+# the source tree
+# =====================
+
+echo "#include <linux/capability.h>" | \
+ cpp -dM | \
+ LC_ALL=C sed -n \
+ -e '/CAP_EMPTY_SET/d' \
+ -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$/CAP_\1/p' | \
+ LC_ALL=C sort
diff --git a/parser/Makefile b/parser/Makefile
index aa5ab730..1df7c143 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -287,7 +287,7 @@ af_names.h: ../common/list_af_names.sh
# cat $@
cap_names.h: /usr/include/linux/capability.h
- echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
+ ../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS})
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
diff --git a/utils/Makefile b/utils/Makefile
index 01604796..16248083 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -77,7 +77,7 @@ clean: pod_clean
.SILENT: check_severity_db
check_severity_db: /usr/include/linux/capability.h severity.db
# The sed statement is based on the one in the parser's makefile
- RC=0 ; for cap in ${CAPABILITIES} ; do \
+ RC=0 ; for cap in $(shell ../common/list_capabilities.sh) ; do \
if ! grep -q -w $${cap} severity.db ; then \
echo "Warning! capability $${cap} not found in severity.db" ; \
RC=1 ; \
diff --git a/utils/vim/create-apparmor.vim.py b/utils/vim/create-apparmor.vim.py
index fea134f6..6a5f02a2 100644
--- a/utils/vim/create-apparmor.vim.py
+++ b/utils/vim/create-apparmor.vim.py
@@ -45,7 +45,7 @@ def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, s
return [sp.returncode, out + outerr]
# get capabilities list
-(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities'])
+(rc, output) = cmd(['../../common/list_capabilities.sh'])
if rc != 0:
sys.stderr.write("make list_capabilities failed: " + output)
exit(rc)
--
2.25.2
|
