[PATCH testsuite 3/3] travis: test building the test policy package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Download, build, and install Fedora policy & refpolicy and try building
the test policy package against both of them.

Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
 .travis.yml                         | 24 ++++++++++++++++++--
 travis-ci/enable-policy.sh          | 10 +++++++++
 travis-ci/setup-policy-fedora.sh    | 35 +++++++++++++++++++++++++++++
 travis-ci/setup-policy-refpolicy.sh | 22 ++++++++++++++++++
 4 files changed, 89 insertions(+), 2 deletions(-)
 create mode 100644 travis-ci/enable-policy.sh
 create mode 100644 travis-ci/setup-policy-fedora.sh
 create mode 100644 travis-ci/setup-policy-refpolicy.sh

diff --git a/.travis.yml b/.travis.yml
index fbbe98d..c8cd44e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,6 @@
 language: c
 
-dist: xenial
+dist: bionic
 
 addons:
   apt:
@@ -8,6 +8,14 @@ addons:
       - astyle
       - libselinux1-dev
       - libsctp-dev
+      - checkpolicy
+      - semodule-utils
+
+cache:
+  directories:
+    - selinux-policy
+    - container-selinux
+    - refpolicy
 
 before_install:
   # FYI: known good with HEAD at 8551fc60fc515cd290ba38ee8c758c1f4df52b56
@@ -17,7 +25,19 @@ before_install:
      perl Makefile.PL &&
      make &&
      sudo make install)
+  # install libbpf from sources
+  - git clone https://github.com/libbpf/libbpf
+  - (cd libbpf/src && make PREFIX=/usr/local)
+  - (cd libbpf/src && sudo make install PREFIX=/usr/local)
+  # install Fedora policy and refpolicy
+  - bash travis-ci/setup-policy-fedora.sh
+  - bash travis-ci/setup-policy-refpolicy.sh
+  # establish a fake "selinuxfs" mount (policy/Makefile just greps for selinuxfs)
+  - sudo mkdir -p /tmp/fake-selinuxfs
+  - sudo mount -t tmpfs tmpfs /tmp/fake-selinuxfs
+  - echo 31 >/tmp/fake-selinuxfs/policyvers
 
 script:
   - tools/check-syntax -f && git diff --exit-code
-  - make
+  - bash travis-ci/enable-policy.sh targeted  && make POLDEV=/usr/share/selinux/targeted
+  - bash travis-ci/enable-policy.sh refpolicy && make POLDEV=/usr/share/selinux/refpolicy
diff --git a/travis-ci/enable-policy.sh b/travis-ci/enable-policy.sh
new file mode 100644
index 0000000..ae53fbe
--- /dev/null
+++ b/travis-ci/enable-policy.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+# create a dummy /etc/selinux/config
+sudo mkdir -p /etc/selinux
+sudo tee /etc/selinux/config >/dev/null <<EOF
+SELINUX=disabled
+SELINUXTYPE=$1
+EOF
diff --git a/travis-ci/setup-policy-fedora.sh b/travis-ci/setup-policy-fedora.sh
new file mode 100644
index 0000000..192e234
--- /dev/null
+++ b/travis-ci/setup-policy-fedora.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -ex
+
+if ! [ -d selinux-policy/.git ]; then
+	git clone --recursive https://github.com/fedora-selinux/selinux-policy
+	(cd selinux-policy/policy/modules/contrib && git checkout rawhide)
+else
+	(cd selinux-policy && git pull || { git checkout '*' && git pull; })
+	(cd selinux-policy/policy/modules/contrib && git pull)
+fi
+
+if ! [ -d container-selinux/.git ]; then
+	git clone https://github.com/containers/container-selinux.git
+	for f in container.if container.te; do
+		ln -s ../../../../container-selinux/$f \
+			selinux-policy/policy/modules/contrib/$f
+	done
+else
+	(cd container-selinux && git pull)
+fi
+
+cd selinux-policy
+
+grep -q refpolicy build.conf && sed -i 's/refpolicy/targeted/' build.conf
+grep -q '^portcon sctp' policy/modules/kernel/corenetwork.te.in && \
+	sed -i '/^portcon sctp/d' policy/modules/kernel/corenetwork.te.in
+
+[ -f policy/modules.conf ] || make conf
+
+make -j`nproc --all`
+sudo make install install-headers
+
+# workaround for different Makefile location in Fedora RPMs
+sudo ln -s include/Makefile /usr/share/selinux/targeted/Makefile
diff --git a/travis-ci/setup-policy-refpolicy.sh b/travis-ci/setup-policy-refpolicy.sh
new file mode 100644
index 0000000..d89b041
--- /dev/null
+++ b/travis-ci/setup-policy-refpolicy.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -ex
+
+if ! [ -d refpolicy/.git ]; then
+	git clone https://github.com/SELinuxProject/refpolicy
+else
+	git pull || { git checkout '*' && git pull; }
+fi
+
+cd refpolicy
+
+[ -f policy/modules.conf ] || make conf
+
+grep -q '^portcon sctp' policy/modules/kernel/corenetwork.te.in && \
+	sed -i '/^portcon sctp/d' policy/modules/kernel/corenetwork.te.in
+
+make -j`nproc --all`
+sudo make install install-headers
+
+# workaround for different Makefile location in Fedora RPMs
+sudo ln -s include/Makefile /usr/share/selinux/refpolicy/Makefile
-- 
2.21.0
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux