From 30008977ec5c0316bf9c5956b86ccbbd5f17fda3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Sun, 10 Nov 2024 14:17:51 +0100 Subject: [PATCH] ci: add module storage test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add test to verify modular policies can be successfully installed from a module storage. Signed-off-by: Christian Göttsche --- .github/workflows/build-policy.yml | 10 +++++++++- Rules.modular | 12 +++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-policy.yml b/.github/workflows/build-policy.yml index 017c674861..6235251990 100644 --- a/.github/workflows/build-policy.yml +++ b/.github/workflows/build-policy.yml @@ -89,7 +89,7 @@ jobs: echo "APPS_OFF=${{ matrix.apps-off }}" >> $GITHUB_ENV echo "DIRECT_INITRC=${{ matrix.direct_initrc }}" >> $GITHUB_ENV echo "WERROR=y" >> $GITHUB_ENV - echo "TEST_TOOLCHAIN=\"${{ steps.dl-userspace.outputs.download-path }}\"" >> $GITHUB_ENV + echo "TEST_TOOLCHAIN=${{ steps.dl-userspace.outputs.download-path }}" >> $GITHUB_ENV - name: Build refpolicy shell: bash @@ -108,6 +108,14 @@ jobs: run: | make validate + - name: Test module storage + working-directory: ${{ inputs.path }} + shell: bash + if: ${{ matrix.monolithic == 'n' }} + run: | + echo "compiler-directory = ${TEST_TOOLCHAIN}/usr/libexec/selinux/hll" | sudo tee -a /etc/selinux/semanage.conf + make test-module-storage + - name: Build docs working-directory: ${{ inputs.path }} shell: bash diff --git a/Rules.modular b/Rules.modular index c705541ec9..3d5ebe7a03 100644 --- a/Rules.modular +++ b/Rules.modular @@ -230,6 +230,16 @@ validate: $(base_pkg) $(mod_pkgs) $(tmpdir)/all_mods.fc $(builtappfiles) $(verbose) $(validateappconfig) $(builtappconf) $(tmpdir)/policy.bin @echo "Success." +######################################## +# +# Test converting to module storage +# +test-module-storage: $(base_pkg) $(mod_pkgs) + @echo "Testing module storage for $(NAME)." + @test -d $(tmpdir)/policy_root/var/lib/selinux/$(NAME) || mkdir -p $(tmpdir)/policy_root/var/lib/selinux/$(NAME) + $(verbose) $(SEMODULE) --noreload --store $(NAME) --path $(tmpdir)/policy_root --install *.pp + $(verbose) $(SETFILES) -c $(tmpdir)/policy_root/var/lib/selinux/$(NAME)/policy/policy.* $(tmpdir)/policy_root/var/lib/selinux/$(NAME)/contexts/files/file_contexts + ######################################## # # Clean the sources @@ -241,4 +251,4 @@ clean: $(verbose) rm -f $(net_contexts) $(net_contexts_nft) $(verbose) rm -fR $(tmpdir) -.PHONY: default all policy base modules install load pure-load clean validate +.PHONY: default all policy base modules install load pure-load clean validate test-module-storage