|
82 | 82 | submodules: false |
83 | 83 | persist-credentials: false |
84 | 84 |
|
| 85 | + - name: Selinux - Setup Lima |
| 86 | + uses: lima-vm/lima-actions/setup@v1 |
| 87 | + id: lima-actions-setup |
| 88 | + |
| 89 | + - name: Selinux - Cache ~/.cache/lima |
| 90 | + uses: actions/cache@v4 |
| 91 | + with: |
| 92 | + path: ~/.cache/lima |
| 93 | + key: lima-${{ steps.lima-actions-setup.outputs.version }} |
| 94 | + |
| 95 | + - name: Selinux - Start Fedora VM with SELinux |
| 96 | + run: limactl start --plain --name=default --cpus=2 --disk=40 --memory=8 --network=lima:user-v2 template://fedora |
| 97 | + |
| 98 | + - name: Selinux - Setup SSH |
| 99 | + uses: lima-vm/lima-actions/ssh@v1 |
| 100 | + |
| 101 | + - name: Selinux - Verify SELinux Status and Configuration |
| 102 | + run: | |
| 103 | + lima getenforce |
| 104 | + lima ls -laZ /etc/selinux |
| 105 | + lima sudo sestatus |
| 106 | + lima sudo semanage boolean -l | head -5 # Show a few SELinux booleans |
| 107 | +
|
| 108 | + # Ensure we're running in enforcing mode |
| 109 | + lima sudo setenforce 1 |
| 110 | + lima getenforce # Verify it's enforcing |
| 111 | +
|
| 112 | + # Create test files with SELinux contexts for testing |
| 113 | + lima sudo mkdir -p /var/test_selinux |
| 114 | + lima sudo touch /var/test_selinux/test_file |
| 115 | + lima sudo chcon -t etc_t /var/test_selinux/test_file |
| 116 | + lima ls -Z /var/test_selinux/test_file # Verify context |
| 117 | +
|
| 118 | + - name: Selinux - Install dependencies in VM |
| 119 | + run: | |
| 120 | + lima sudo dnf -y update |
| 121 | + lima sudo dnf -y install git autoconf autopoint bison texinfo gperf gcc g++ gdb jq libacl-devel libattr-devel libcap-devel libselinux-devel attr |
| 122 | +
|
85 | 123 | - name: Override submodule URL and initialize submodules |
86 | 124 | # Use github instead of upstream git server |
87 | 125 | run: | |
@@ -131,6 +169,32 @@ jobs: |
131 | 169 | ## Build binaries |
132 | 170 | cd '${{ steps.vars.outputs.path_UUTILS }}' |
133 | 171 | bash util/build-gnu.sh --release-build |
| 172 | +
|
| 173 | + - name: Selinux - Copy the builds to VM |
| 174 | + run: | |
| 175 | + lima mkdir -p ~/work/uutils/ ~/work/gnu/ |
| 176 | + rsync -v -a -e ssh ./${{ steps.vars.outputs.path_UUTILS }}/ lima-default:~/work/uutils/ |
| 177 | + rsync -v -a -e ssh ./${{ steps.vars.outputs.path_GNU }}/ lima-default:~/work/gnu/ |
| 178 | +
|
| 179 | + - name: Selinux - rebuild with the selinux feature |
| 180 | + run: | |
| 181 | + lima bash -c "cd work/uutils/ && cargo build --features 'feat_selinux'" |
| 182 | +
|
| 183 | + - name: Selinux - Find tests |
| 184 | + run: | |
| 185 | + # Find and list all tests that require SELinux |
| 186 | + lima bash -c "cd ~/work/gnu/tests && grep -l 'require_selinux_' --include='*.sh' -r . > ~/work/selinux-tests.txt" |
| 187 | + lima bash -c "cd ~/work && cat selinux-tests.txt" |
| 188 | +
|
| 189 | + # Count the tests |
| 190 | + lima bash -c "cd ~/work && echo 'Found SELinux tests:'; wc -l selinux-tests.txt" |
| 191 | +
|
| 192 | + # Make paths relative to gnu directory for run-gnu-test.sh |
| 193 | + lima bash -c "cd ~/work && sed -i 's|^./|tests/|g' selinux-tests.txt" |
| 194 | +
|
| 195 | + # Run each SELinux test individually |
| 196 | + lima bash -c "cd ~/work && while read test; do echo \"Running \$test\"; bash uutils/util/run-gnu-test.sh \$test; done < selinux-tests.txt" |
| 197 | +
|
134 | 198 | - name: Run GNU tests |
135 | 199 | shell: bash |
136 | 200 | run: | |
|
0 commit comments