On 8/18/19 4:38 PM, Nicolas Iooss wrote:
Hello, After introducing a buggy file context in the policy (which will be fixed with https://github.com/SELinuxProject/refpolicy/pull/66), I decided to write a typo-checker for the .fc files. I am re-using some code I have already written in order to label files in /usr/bin correctly on Arch Linux (I wrote this for https://github.com/SELinuxProject/refpolicy/pull/19). It seems it already caught another issue in policy/modules/services/monit.fc. The "s9" seems to be a misspelling for "s0" in: /etc/rc\.d/init\.d/monit -- gen_context(system_u:object_r:monit_initrc_exec_t,s9) Is there an interest in having such a script in the repository? If
What are the checks?
yes, in which directory? In my humble opinion, it would be nice to have such a script and to make Travis-CI run it. I nevertheless feels uncomfortable with putting it in the "support" directory, because it is not involved in building or installing the reference policy. I am therefore suggesting creating a new directory, named "bin" or "scripts". Such a directory would contain scripts such as this typo-checker and some other scripts that could be useful when working on refpolicy. What do you think about this?
"testing" might work too. -- Chris PeBenito
