| Message ID | 20200515105105.10075-1-toiwoton@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | secilc/docs: fix use of TMPDIR #240 | expand |
On Fri, May 15, 2020 at 01:51:05PM +0300, Topi Miettinen wrote: > Environment variable TMPDIR may be already set for the user building > and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing > directories. Then when running 'make clean', there are unintended side > effects: > > rm -rf /run/user/1000 > rm: cannot remove '/run/user/1000/dconf/user': Permission denied > rm: cannot remove '/run/user/1000/systemd': Permission denied > rm: cannot remove '/run/user/1000/gnupg': Permission denied > rm: cannot remove '/run/user/1000/dbus-1': Is a directory > rm: cannot remove '/run/user/1000/inaccessible': Permission denied > make[1]: *** [Makefile:68: clean] Error 1 > > Fix by using a different name. > > Signed-off-by: Topi Miettinen <toiwoton@gmail.com> > --- > secilc/docs/Makefile | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > > diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile > index 6b07ce7f..90214e0d 100644 > --- a/secilc/docs/Makefile > +++ b/secilc/docs/Makefile > @@ -1,7 +1,7 @@ > CWD ?= $(shell pwd) > HTMLDIR ?= $(CWD)/html > PDFDIR ?= $(CWD)/pdf > -TMPDIR ?= $(CWD)/tmp > +TMP_DIR ?= $(CWD)/tmp > TESTDIR ?= $(CWD)/../test Maybe it would be enough to drop `?=`: CWD = $(shell pwd) HTMLDIR = $(CWD)/html PDFDIR = $(CWD)/pdf TMPDIR = $(CWD)/tmp TESTDIR = $(CWD)/../test > # All the markdown files that make up the guide: > @@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \ > cil_infiniband_statements.md \ > cil_xen_statements.md > > -PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) > +PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST)) > > PDF_OUT=CIL_Reference_Guide.pdf > HTML_OUT=CIL_Reference_Guide.html > @@ -40,29 +40,29 @@ endif > > all: html pdf > > -$(TMPDIR): > - mkdir -p $(TMPDIR) > +$(TMP_DIR): > + mkdir -p $(TMP_DIR) > > -$(TMPDIR)/%.md: %.md | $(TMPDIR) > - cp -f $< $(TMPDIR)/ > +$(TMP_DIR)/%.md: %.md | $(TMP_DIR) > + cp -f $< $(TMP_DIR)/ > @# Substitute markdown links for conversion into PDF links > $(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@ > > -$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil > +$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil > cp -f $< $@ > @# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion. > $(SED) -i '1i Example Policy\n=========\n```' $@ > echo '```' >> $@ > > -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil > mkdir -p $(HTMLDIR) > $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) > > -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil > mkdir -p $(PDFDIR) > $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) > > clean: > rm -rf $(HTMLDIR) > rm -rf $(PDFDIR) > - rm -rf $(TMPDIR) > + rm -rf $(TMP_DIR) > -- > 2.26.2 >
On 15.5.2020 14.09, Petr Lautrbach wrote: > On Fri, May 15, 2020 at 01:51:05PM +0300, Topi Miettinen wrote: >> Environment variable TMPDIR may be already set for the user building >> and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing >> directories. Then when running 'make clean', there are unintended side >> effects: >> >> rm -rf /run/user/1000 >> rm: cannot remove '/run/user/1000/dconf/user': Permission denied >> rm: cannot remove '/run/user/1000/systemd': Permission denied >> rm: cannot remove '/run/user/1000/gnupg': Permission denied >> rm: cannot remove '/run/user/1000/dbus-1': Is a directory >> rm: cannot remove '/run/user/1000/inaccessible': Permission denied >> make[1]: *** [Makefile:68: clean] Error 1 >> >> Fix by using a different name. >> >> Signed-off-by: Topi Miettinen <toiwoton@gmail.com> >> --- >> secilc/docs/Makefile | 20 ++++++++++---------- >> 1 file changed, 10 insertions(+), 10 deletions(-) >> >> diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile >> index 6b07ce7f..90214e0d 100644 >> --- a/secilc/docs/Makefile >> +++ b/secilc/docs/Makefile >> @@ -1,7 +1,7 @@ >> CWD ?= $(shell pwd) >> HTMLDIR ?= $(CWD)/html >> PDFDIR ?= $(CWD)/pdf >> -TMPDIR ?= $(CWD)/tmp >> +TMP_DIR ?= $(CWD)/tmp >> TESTDIR ?= $(CWD)/../test > > Maybe it would be enough to drop `?=`: > > CWD = $(shell pwd) > HTMLDIR = $(CWD)/html > PDFDIR = $(CWD)/pdf > TMPDIR = $(CWD)/tmp > TESTDIR = $(CWD)/../test That could work, assuming that the higher level Makefiles or builders don't use the variables. Other approaches could be to rework build process to use 'mktemp -d' and immediately removing the temporary directory, or generating the temporary files with a prefix (%.md -> %.sedded) in the build directory. -Topi > > > >> # All the markdown files that make up the guide: >> @@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \ >> cil_infiniband_statements.md \ >> cil_xen_statements.md >> >> -PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) >> +PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST)) >> >> PDF_OUT=CIL_Reference_Guide.pdf >> HTML_OUT=CIL_Reference_Guide.html >> @@ -40,29 +40,29 @@ endif >> >> all: html pdf >> >> -$(TMPDIR): >> - mkdir -p $(TMPDIR) >> +$(TMP_DIR): >> + mkdir -p $(TMP_DIR) >> >> -$(TMPDIR)/%.md: %.md | $(TMPDIR) >> - cp -f $< $(TMPDIR)/ >> +$(TMP_DIR)/%.md: %.md | $(TMP_DIR) >> + cp -f $< $(TMP_DIR)/ >> @# Substitute markdown links for conversion into PDF links >> $(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@ >> >> -$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil >> +$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil >> cp -f $< $@ >> @# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion. >> $(SED) -i '1i Example Policy\n=========\n```' $@ >> echo '```' >> $@ >> >> -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil >> +html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil >> mkdir -p $(HTMLDIR) >> $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) >> >> -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil >> +pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil >> mkdir -p $(PDFDIR) >> $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) >> >> clean: >> rm -rf $(HTMLDIR) >> rm -rf $(PDFDIR) >> - rm -rf $(TMPDIR) >> + rm -rf $(TMP_DIR) >> -- >> 2.26.2 >> >
On Fri, May 15, 2020 at 02:19:37PM +0300, Topi Miettinen wrote: > On 15.5.2020 14.09, Petr Lautrbach wrote: > > On Fri, May 15, 2020 at 01:51:05PM +0300, Topi Miettinen wrote: > > > Environment variable TMPDIR may be already set for the user building > > > and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing > > > directories. Then when running 'make clean', there are unintended side > > > effects: > > > > > > rm -rf /run/user/1000 > > > rm: cannot remove '/run/user/1000/dconf/user': Permission denied > > > rm: cannot remove '/run/user/1000/systemd': Permission denied > > > rm: cannot remove '/run/user/1000/gnupg': Permission denied > > > rm: cannot remove '/run/user/1000/dbus-1': Is a directory > > > rm: cannot remove '/run/user/1000/inaccessible': Permission denied > > > make[1]: *** [Makefile:68: clean] Error 1 > > > > > > Fix by using a different name. > > > > > > Signed-off-by: Topi Miettinen <toiwoton@gmail.com> > > > --- > > > secilc/docs/Makefile | 20 ++++++++++---------- > > > 1 file changed, 10 insertions(+), 10 deletions(-) > > > > > > diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile > > > index 6b07ce7f..90214e0d 100644 > > > --- a/secilc/docs/Makefile > > > +++ b/secilc/docs/Makefile > > > @@ -1,7 +1,7 @@ > > > CWD ?= $(shell pwd) > > > HTMLDIR ?= $(CWD)/html > > > PDFDIR ?= $(CWD)/pdf > > > -TMPDIR ?= $(CWD)/tmp > > > +TMP_DIR ?= $(CWD)/tmp > > > TESTDIR ?= $(CWD)/../test > > > > Maybe it would be enough to drop `?=`: > > > > CWD = $(shell pwd) > > HTMLDIR = $(CWD)/html > > PDFDIR = $(CWD)/pdf > > TMPDIR = $(CWD)/tmp > > TESTDIR = $(CWD)/../test > > That could work, assuming that the higher level Makefiles or builders don't > use the variables. Higher level Makefiles don't use it. I'm not sure about builders but given that this is a subdirectory of secilc and ../Makefile doesn't use I doubt that's the case - Fedora, Arch and Debian don't use it. It would be broken by your change anyway as you renamed TMPDIR to TMP_DIR. > Other approaches could be to rework build process to use 'mktemp -d' and > immediately removing the temporary directory, or generating the temporary > files with a prefix (%.md -> %.sedded) in the build directory. > Lets start with the simple step which fixes your problem, and if there's demand to make it more robust, it can be enhanced later. > > > > > > > > > > # All the markdown files that make up the guide: > > > @@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \ > > > cil_infiniband_statements.md \ > > > cil_xen_statements.md > > > -PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) > > > +PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST)) > > > PDF_OUT=CIL_Reference_Guide.pdf > > > HTML_OUT=CIL_Reference_Guide.html > > > @@ -40,29 +40,29 @@ endif > > > all: html pdf > > > -$(TMPDIR): > > > - mkdir -p $(TMPDIR) > > > +$(TMP_DIR): > > > + mkdir -p $(TMP_DIR) > > > -$(TMPDIR)/%.md: %.md | $(TMPDIR) > > > - cp -f $< $(TMPDIR)/ > > > +$(TMP_DIR)/%.md: %.md | $(TMP_DIR) > > > + cp -f $< $(TMP_DIR)/ > > > @# Substitute markdown links for conversion into PDF links > > > $(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@ > > > -$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil > > > +$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil > > > cp -f $< $@ > > > @# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion. > > > $(SED) -i '1i Example Policy\n=========\n```' $@ > > > echo '```' >> $@ > > > -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > > > +html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil > > > mkdir -p $(HTMLDIR) > > > $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) > > > -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > > > +pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil > > > mkdir -p $(PDFDIR) > > > $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) > > > clean: > > > rm -rf $(HTMLDIR) > > > rm -rf $(PDFDIR) > > > - rm -rf $(TMPDIR) > > > + rm -rf $(TMP_DIR) > > > -- > > > 2.26.2 > > > > > >
diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile index 6b07ce7f..90214e0d 100644 --- a/secilc/docs/Makefile +++ b/secilc/docs/Makefile @@ -1,7 +1,7 @@ CWD ?= $(shell pwd) HTMLDIR ?= $(CWD)/html PDFDIR ?= $(CWD)/pdf -TMPDIR ?= $(CWD)/tmp +TMP_DIR ?= $(CWD)/tmp TESTDIR ?= $(CWD)/../test # All the markdown files that make up the guide: @@ -26,7 +26,7 @@ FILE_LIST ?= cil_introduction.md \ cil_infiniband_statements.md \ cil_xen_statements.md -PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) +PANDOC_FILE_LIST = $(addprefix $(TMP_DIR)/,$(FILE_LIST)) PDF_OUT=CIL_Reference_Guide.pdf HTML_OUT=CIL_Reference_Guide.html @@ -40,29 +40,29 @@ endif all: html pdf -$(TMPDIR): - mkdir -p $(TMPDIR) +$(TMP_DIR): + mkdir -p $(TMP_DIR) -$(TMPDIR)/%.md: %.md | $(TMPDIR) - cp -f $< $(TMPDIR)/ +$(TMP_DIR)/%.md: %.md | $(TMP_DIR) + cp -f $< $(TMP_DIR)/ @# Substitute markdown links for conversion into PDF links $(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@ -$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil +$(TMP_DIR)/policy.cil: $(TESTDIR)/policy.cil cp -f $< $@ @# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion. $(SED) -i '1i Example Policy\n=========\n```' $@ echo '```' >> $@ -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil +html: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil mkdir -p $(HTMLDIR) $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil +pdf: $(PANDOC_FILE_LIST) $(TMP_DIR)/policy.cil mkdir -p $(PDFDIR) $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) clean: rm -rf $(HTMLDIR) rm -rf $(PDFDIR) - rm -rf $(TMPDIR) + rm -rf $(TMP_DIR)
Environment variable TMPDIR may be already set for the user building and this could be equal to $XDG_RUNTIME_DIR or /tmp which are existing directories. Then when running 'make clean', there are unintended side effects: rm -rf /run/user/1000 rm: cannot remove '/run/user/1000/dconf/user': Permission denied rm: cannot remove '/run/user/1000/systemd': Permission denied rm: cannot remove '/run/user/1000/gnupg': Permission denied rm: cannot remove '/run/user/1000/dbus-1': Is a directory rm: cannot remove '/run/user/1000/inaccessible': Permission denied make[1]: *** [Makefile:68: clean] Error 1 Fix by using a different name. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> --- secilc/docs/Makefile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-)