Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 530178 - Parallel builds of SELinux policy modules are broken
Summary: Parallel builds of SELinux policy modules are broken
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Jason Zaman
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-11-23 15:03 UTC by Sven Vermeulen (RETIRED)
Modified: 2014-12-21 14:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
selinux-xserver-9999 failure when not using -j1 (build.log,2.67 KB, text/plain)
2014-11-23 15:05 UTC, Sven Vermeulen (RETIRED)
Details
selinux-base-policy-9999 when not using -j1 (build.log,4.19 KB, text/plain)
2014-11-23 15:08 UTC, Sven Vermeulen (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen (RETIRED) gentoo-dev 2014-11-23 15:03:53 UTC
When building policy module packages with a high parallelism, the builds break down:

>>> Compiling source in /var/tmp/portage/sec-policy/selinux-xserver-9999/work ...
make -j9 NAME=mcs -C /var/tmp/portage/sec-policy/selinux-xserver-9999/work//mcs 
make: Entering directory '/var/tmp/portage/sec-policy/selinux-xserver-9999/work/mcs'
/bin/sh: tmp/xserver.mod.fc: No such file or directory
/usr/share/selinux/mcs/include/Makefile:161: recipe for target 'tmp/xserver.mod.fc' failed
make: *** [tmp/xserver.mod.fc] Error 1
make: *** Waiting for unfinished jobs....
make: Leaving directory '/var/tmp/portage/sec-policy/selinux-xserver-9999/work/mcs'

Both selinux-base-policy as well as individual module builds (governed through selinux eclass) fail if the build do not use "-j1"

Until this is fixed, we will force -j1 where necessary.

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2014-11-23 15:05:59 UTC
Created attachment 390108 [details]
selinux-xserver-9999 failure when not using -j1
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2014-11-23 15:08:35 UTC
Created attachment 390110 [details]
selinux-base-policy-9999 when not using -j1
Comment 3 Nicolas Iooss 2014-11-23 15:51:31 UTC
It seems that the Makefile is not creating tmp/ before creating tmp/xserver.mod.fc.  By reading the Makefile, I found that other targets were running "@test -d $(@D) || mkdir -p $(@D)" but not tmp/%.mod.fc.  This is explaining why the parallel build fails but not the sequential one.

Here is the patch I sent to upstream to fix this bug: http://oss.tresys.com/pipermail/refpolicy/2014-November/007468.html . Could you please test it and report whether other issues exist when building in parallel mode?
Comment 4 Jason Zaman gentoo-dev 2014-11-29 11:33:26 UTC
I can confirm that adding: 

mkdir -p "${S}"/${i}/tmp

right before the emake in both the eclass and selinux-base-policy, makes the parallel build work fine.

I probably will not add it to the ebuilds yet tho, its easier to just wait for upstream to apply nicolas' patch. 

I also went through the build steps carefully to make sure that the .fc file created does not have any dep on the all_interfaces.conf which is the rule that creates the tmp/ dir in sequential build.
Comment 5 Jason Zaman gentoo-dev 2014-12-05 09:28:22 UTC
I have removed the -j1 in the -9999 ebuilds for selinux-base{,-policy} so it will trickle down as we bump.

For the eclass I am committing: 

RCS file: /var/cvsroot/gentoo-x86/eclass/selinux-policy-2.eclass,v
retrieving revision 1.28
diff -u -B -r1.28 selinux-policy-2.eclass
--- selinux-policy-2.eclass	14 Nov 2014 19:46:05 -0000	1.28
+++ selinux-policy-2.eclass	5 Dec 2014 09:12:49 -0000
@@ -232,8 +233,12 @@
 	for i in ${POLICY_TYPES}; do
 		# Support USE flags in builds
 		export M4PARAM="${makeuse}"
-		# Parallel builds are broken, so we need to force -j1 here
-		emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+		if [[ ${BASEPOL} == 2.20140311* ]]; then
+			# Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178
+			emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+		else
+			emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+		fi
 	done
 }
Comment 6 Sven Vermeulen (RETIRED) gentoo-dev 2014-12-21 14:16:02 UTC
The r1 release is now stable, which contains the fixes as well.