Ensure that `/run/fapolicyd` exists before performing file operations

[Kangie]

While attempting to test a freshly built fapolicyd on Gentoo as per the README - /usr/sbin/fapolicyd --permissive --debug, it would consistently fail to start.

Some debugging revealed the following:

umask(0117)                             = 022
unlink("/run/fapolicyd/fapolicyd.fifo") = -1 ENOENT (No such file or directory)
mknodat(AT_FDCWD, "/run/fapolicyd/fapolicyd.fifo", S_IFIFO|0660) = -1 ENOENT (No such file or directory)
write(2, "Failed to create a pipe /run/fap"..., 81Failed to create a pipe /run/fapolicyd/fapolicyd.fifo (No such file or directory)) = 81

This set of patches:

• has the preconstruct_fifo function ensure that /run/fapolicyd exists
• moves fapolicyd.state to /run/fapolicyd/

[Kangie]

I'm not sure what's up with the CI/CD failures. If you can offer any guidance I'm happy to address it.

Failed RPM builds are seemingly related to the fapolicy-selinux repo:

+ make
make -f /usr/share/selinux/devel/Makefile fapolicyd.pp
make[1]: Entering directory '/builddir/build/BUILD/fapolicyd-1.3.2/fapolicyd-selinux-master'
Compiling targeted fapolicyd module
fapolicyd.te:51:ERROR 'syntax error' at token 'files_watch_sb_all_mountpoints' on line 4285:
#line 51
    files_watch_sb_all_mountpoints(fapolicyd_t)
/usr/bin/checkmodule:  error(s) encountered while parsing configuration

I'm at a bit of a loss for the centos-stream test failures - I can't work out how anything I've touched would impact on the results of fapolicyd/Regression/rpmdb-ownership or fapolicyd/Sanity/audit-rule-number, especially when they seemingly pass on Fedora.

I can't work out where to start on the test output. Any suggestions?

[radosroka]

I'm not sure what's up with the CI/CD failures. If you can offer any guidance I'm happy to address it.

Failed RPM builds are seemingly related to the fapolicy-selinux repo:

+ make
make -f /usr/share/selinux/devel/Makefile fapolicyd.pp
make[1]: Entering directory '/builddir/build/BUILD/fapolicyd-1.3.2/fapolicyd-selinux-master'
Compiling targeted fapolicyd module
fapolicyd.te:51:ERROR 'syntax error' at token 'files_watch_sb_all_mountpoints' on line 4285:
#line 51
    files_watch_sb_all_mountpoints(fapolicyd_t)
/usr/bin/checkmodule:  error(s) encountered while parsing configuration

I'm at a bit of a loss for the centos-stream test failures - I can't work out how anything I've touched would impact on the results of fapolicyd/Regression/rpmdb-ownership or fapolicyd/Sanity/audit-rule-number, especially when they seemingly pass on Fedora.

I can't work out where to start on the test output. Any suggestions?

These are not related. It is because of old selinux policy on the system and the rest is because there is old audit.

[Kangie]

Fixes #258

[radosroka]

When you fix the proposed changes just rebase your branch.

[Kangie]

When you fix the proposed changes just rebase your branch.

I don't see any proposed changes - Is there supposed to be a review?

What do you want me to rebase on? it seems that I have all the commits up to the current HEAD on main

[radosroka]

When you fix the proposed changes just rebase your branch.

I don't see any proposed changes - Is there supposed to be a review?

What do you want me to rebase on? it seems that I have all the commits up to the current HEAD on main

I apologize I did not realize I haven't published review. Now you should see it.

[Kangie]

I apologize I did not realize I haven't published review. Now you should see it.

Thanks for the feedback. I'll try to find some time to submit an updated PR soon!

[stevegrubb]

We're getting close to doing a new release. Would like to include this.

[Kangie]

I'll try and find some time to make the requested changes tonight, I've been unfortunately busy.

[stevegrubb]

Thanks!