Closed aesteve-rh closed 3 weeks ago
@Yarboa it may be nice to have a syntax checker in the pipelines to prevent future issues. Not sure if there is one such tool, but I assume there must be?
@aesteve-rh , @Yarboa here's the tool: https://github.com/SELinuxProject/selint ; would be great if it can be just added to pre-commit hooks :-)
After giving it a try, not sure selint can be used, it tests the whole selinux system, not just the file itself. On my F40:
$ selint qm.if
Note: Check E-007 is not performed because no permission macro has been parsed.
/usr/share/selinux/devel/include/contrib/virt.if:169: (F): syntax error, unexpected UNKNOWN_TOKEN (F-001)
169 | filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")
| ^
/usr/share/selinux/devel/include/contrib/virt.if:169: (F): Error: Invalid statement (F-001)
169 | filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Error: Failed to parse files
Fix syntax errors when running sepolgen-ifgen: