From e5f843d6043ecb2a7a60dee1c6cb865b9de36672 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sun, 10 Nov 2024 14:17:51 +0100
Subject: [PATCH] ci: add module storage test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add test to verify modular policies can be successfully installed from
a module storage.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 .github/workflows/build-policy.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/build-policy.yml b/.github/workflows/build-policy.yml
index 017c674861..60aed0ea50 100644
--- a/.github/workflows/build-policy.yml
+++ b/.github/workflows/build-policy.yml
@@ -108,6 +108,15 @@ jobs:
       run: |
         make validate
 
+    - name: Test module storage
+      working-directory: ${{ inputs.path }}
+      shell: bash
+      if: ${{ matrix.monolithic == 'n' }}
+      run: |
+        mkdir -p /tmp/policy_root/var/lib/selinux/refpolicy
+        /usr/sbin/semodule --noreload --store mls --path /tmp/policy_root --verbose --install *.pp
+        /sbin/setfiles -c /tmp/policy_root/var/lib/selinux/refpolicy/policy/policy.* /tmp/policy_root/var/lib/selinux/refpolicy/contexts/files/file_contexts
+
     - name: Build docs
       working-directory: ${{ inputs.path }}
       shell: bash