Actions
action #104542
closed[Tumbleweed][security] test fails in sestatus: sed does not disabled apparmor
Start date:
2021-12-31
Due date:
% Done:
100%
Estimated time:
8.00 h
Difficulty:
Description
Observation¶
openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-selinux@64bit fails in
sestatus
Test suite description¶
Maintainer (Lily Zhao) llzhao@suse.com
(Started with snapshot 1229, which was only a handful of yast changes, but they DID have relation to LSM/Selinux:
yast2-installation (4.4.30 -> 4.4.31)
yast2-schema (4.4.6 -> 4.4.7)
yast2-security (4.4.1 -> 4.4.3)
08:37 < teclator> I guess the problem with https://bugzilla.opensuse.org/show_bug.cgi?id=1194192 is in the test and the sed option... let me confirm, but
if we check the grub defaults it probably contains lsm=apparmor
08:38 < teclator> DimStar: confirmed
08:38 < teclator> DimStar: see linuxI/boot/vmlinuz-5.15.8-1-default root=UUID=2cc68ef1-a0f0-44a2-86c0-ec4b2cc1f53a ${extra_cmdline} splash=silent
video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1
resume=/dev/disk/by-uuid/e62e089b-ee86-4b21-855d-427e0bcc61af lsm=apparmor mitigations=auto security=selinux selinux=1 enforcing=0
08:38 < teclator> IechoI'Loading initial ramdisk ...'
08:40 < DimStar> teclator: ok, I expected something like that. prior to the yast change, lsm=apparmor was not there yet, right?
08:40 < teclator> we replaced security=X by lsm=X and we are now also specifying the apparmor security module
08:40 < teclator> DimStar: exactly
08:40 < teclator> DimStar: as it is compiled and enabled by default in the kernel it was not needed
08:40 < teclator> DimStar: but the idea is that we could even not enabled it by default and do that through the installation
08:41 < teclator> DimStar: so the pattern could be removed and added only in case of selected
08:43 < teclator> DimStar: you could replace lsm=apparmor by lsm=selinux selinux=1 enforcing=0 here
https://openqa.opensuse.org/tests/2114514#step/sestatus/17
Reproducible¶
Fails since (at least) Build 20211229
Expected result¶
Last good: 20211228 (or more recent)
Further details¶
Always latest result in this scenario: latest
Actions