action #106822
closedNew security settings for AppArmor/SELinux in SLE 15 SP4
Description
Observation¶
openQA test in scenario sle-15-SP4-Online-Y-Staging-x86_64-minimal+base@64bit fails in
start_install
Test suite description¶
Maintainers: QE Core
Select a minimal textmode installation by starting with the default and unselecting all patterns except for "base" and "minimal". Not to be confused with the new system role "minimal" introduced with SLE15.
Reproducible¶
Fails since (at least) Build Y.75.3
Expected result¶
Last good: Y.74.1 (or more recent)
Further details¶
We have changed the way on how to setup a system with and without AppArmor/SELinux by introducing a configuration option in the installation summary (in Security -> Major Linux Security Module). If you want to not install AppArmor you now need to adjust this in the Security settings and unselecting the pattern shouldn't be required after that anymore. If you unselect the pattern though, you also have to deactivate the security setting in the installation overview.
Always latest result in this scenario: latest
Updated by JERiveraMoya almost 3 years ago
- Tags set to qe-yast-refinement
- Project changed from openQA Tests to qe-yam
- Category deleted (
Bugs in existing tests) - Assignee set to JERiveraMoya
- Target version set to Current
Updated by JERiveraMoya almost 3 years ago
Updated by JERiveraMoya almost 3 years ago
- Tags deleted (
qe-yast-refinement) - Status changed from New to In Progress
Updated by JERiveraMoya almost 3 years ago
- Status changed from In Progress to Feedback
Updated by JERiveraMoya almost 3 years ago
Test adapted in staging: https://openqa.suse.de/tests/8187393#step/select_security_module_none/1
Updated by dzedro over 2 years ago
- Status changed from Closed to Workable
Great you fixed libyui part, who will fix non-libyui tests ? https://openqa.suse.de/tests/8299198#step/start_install/3
Your solution is to deactivate Major Linux Security Module, which is fine, but what is with default behavior when Apparmor is active.
Updated by suntorytimed over 2 years ago
When AppArmor is active, it should also install AppArmor. In that case unselecting AppArmor from the package installation is not a valid use case and will result in the error shown in the UI. The customer has now the chance to either add AppArmor back to the package proposal or deactivate AppArmor in the Security settings.
Updated by JERiveraMoya over 2 years ago
It was fixed with needle as well, https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/14301/files#diff-f1c2b23e1cfa0b45649eb10f42143a0c85e16d6f3590e8ff414ba363d82745a0R104 Just needed to set the setting when appropiated.
But the condition was overcomplicated in https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/14333/files#diff-f1c2b23e1cfa0b45649eb10f42143a0c85e16d6f3590e8ff414ba363d82745a0R106
IMO last PR should be reverted but Santiago will try to make it work (as far as I could sync with him, specifying in openQA the patterns via variable).
Updated by JERiveraMoya over 2 years ago
- Status changed from Workable to In Progress
- Assignee changed from JERiveraMoya to szarate
Assigning to Santi as agreed with him.
For the future we are working together in bring AutoYaST for create_hdd_ test suites, so we don't have to do double work.
Updated by ybonatakis over 2 years ago
@santi are you ok to close this. i have restarted only one job[0] and start_install passes but i dont think it is destructed any further
Updated by szarate over 2 years ago
ybonatakis wrote:
@santi are you ok to close this. i have restarted only one job[0] and
start_installpasses but i dont think it is destructed any further
All looks good, no further changes needed (other than reneedling for s390)
Updated by ybonatakis over 2 years ago
ybonatakis wrote:
@santi are you ok to close this. i have restarted only one job[0] and
start_installpasses but i dont think it is destructed any further
Done. i retriggered the previous one + https://openqa.suse.de/tests/8302190
Updated by JERiveraMoya over 2 years ago
- Status changed from In Progress to Feedback
Updated by JERiveraMoya over 2 years ago
- Status changed from Feedback to Closed