On Tue, Aug 27, 2019 at 6:05 AM Chris PeBenito <pebenito@xxxxxxxx> wrote: > > On 8/18/19 4:38 PM, Nicolas Iooss wrote: > > Hello, > > > > After introducing a buggy file context in the policy (which will be > > fixed with https://github.com/SELinuxProject/refpolicy/pull/66), I > > decided to write a typo-checker for the .fc files. I am re-using some > > code I have already written in order to label files in /usr/bin > > correctly on Arch Linux (I wrote this for > > https://github.com/SELinuxProject/refpolicy/pull/19). It seems it > > already caught another issue in policy/modules/services/monit.fc. The > > "s9" seems to be a misspelling for "s0" in: > > > > /etc/rc\.d/init\.d/monit -- > > gen_context(system_u:object_r:monit_initrc_exec_t,s9) > > > > Is there an interest in having such a script in the repository? If > > What are the checks? > > > > yes, in which directory? > > > > In my humble opinion, it would be nice to have such a script and to > > make Travis-CI run it. I nevertheless feels uncomfortable with putting > > it in the "support" directory, because it is not involved in building > > or installing the reference policy. I am therefore suggesting creating > > a new directory, named "bin" or "scripts". Such a directory would > > contain scripts such as this typo-checker and some other scripts that > > could be useful when working on refpolicy. What do you think about > > this? > > "testing" might work too. Let's got for "testing" then. I began with tests about the endings of patterns, then added checks on patterns such as "(.*)?", etc. As the first version of my checker is ready for comments/review, I opened a Pull Request: https://github.com/SELinuxProject/refpolicy/pull/74. I tried to write understandable comments in order to make it easier to know what is checked. Thanks, Nicolas