diff options
| author |   Christian Göttsche <cgzones@googlemail.com> | 2022-09-17 16:54:48 +0200 |
|---|---|---|
| committer |   Kenton Groombridge <concord@gentoo.org> | 2022-11-02 10:06:45 -0400 |
| commit | 18ca950f0390db6f1996dc8bd785bab8255db052 (patch) | |
| tree | b24a7fb70ab04c58298d475f4c746ead908ad00a /.github | |
| parent | ci: update dependencies (diff) | |
| download | hardened-refpolicy-18ca950f0390db6f1996dc8bd785bab8255db052.tar.gz hardened-refpolicy-18ca950f0390db6f1996dc8bd785bab8255db052.tar.bz2 hardened-refpolicy-18ca950f0390db6f1996dc8bd785bab8255db052.zip | |
ci: build SELint from source
Disable newly added check C-008:
usermanage.te: 581: (C): Identifier samba_domain_controller in expression for conditional block not found in own module, but in module samba (candidate for global declaration or interface) (C-008)
mplayer.te: 122: (C): Identifier xserver_allow_dri in expression for conditional block not found in own module, but in module xserver (candidate for global declaration or interface) (C-008)
nscd.te: 125: (C): Identifier samba_domain_controller in expression for conditional block not found in own module, but in module samba (candidate for global declaration or interface) (C-008)
xguest.te: 44: (C): Identifier user_exec_noexattrfile in expression for conditional block not found in own module, but in module userdomain (candidate for global declaration or interface) (C-008)
xguest.te: 48: (C): Identifier user_rw_noexattrfile in expression for conditional block not found in own module, but in module userdomain (candidate for global declaration or interface) (C-008)
userdomain.if: 1278: (C): Identifier usbguard_user_modify_rule_files in expression for conditional block not found in own module, but in module usbguard (candidate for global declaration or interface) (C-008)
Found the following issue counts:
C-008: 6
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/tests.yml | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ae706938..d7606088 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -23,12 +23,23 @@ jobs: - name: Install dependencies run: | sudo apt-get update -q + sudo apt-get install -qy autoconf-archive bison flex libconfuse-dev uthash-dev - # Install SELint from Debian testing - wget -O - https://ftp-master.debian.org/keys/archive-key-10.asc 2>/dev/null | sudo apt-key add - - sudo add-apt-repository 'deb http://deb.debian.org/debian/ testing main' -y - sudo apt-get install -qy selint - selint -V + - name: Checkout SELint + uses: actions/checkout@v3 + with: + repository: SELinuxProject/selint + # support exclusions in interface arguments + ref: '41a575e82dea5cd7f60b4fa7aeb84405dba3baba' # "Parse interface taking list of exemptions" + path: selint + + - name: Build SELint + run: | + cd selint/ + ./autogen.sh + ./configure --without-check + make -j$(nproc) + sudo make install - name: Create generated policy files run: | @@ -41,8 +52,9 @@ jobs: - name: Run SELint run: | # disable C-005 (Permissions in av rule or class declaration not ordered) for now: needs fixing + # disable C-008 (Conditional expression identifier from foreign module) for now: needs fixing # disable W-005 (Interface call from module not in optional_policy block): refpolicy does not follow this rule - selint --source --recursive --summary --fail --disable C-005 --disable W-005 policy + selint --source --recursive --summary --fail --disable C-005 --disable C-008 --disable W-005 policy build: runs-on: ubuntu-latest |