action #117184
closed[security] test fails in kvm_check due to dnsmasq
100%
Description
Observation¶
openQA test in scenario sle-15-SP5-Online-aarch64-cc_atsec@aarch64 fails in
kvm_check
Test suite description¶
Testsuite maintained at https://gitlab.suse.de/qe-security/osd-sle15-security.
Reproducible¶
Fails since (at least) Build 24.1
Expected result¶
Last good: 21.1 (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by pstivanin over 1 year ago
cc_audit-remote-libvirt is failing for the same reason.
Updated by pstivanin over 1 year ago
- Status changed from New to In Progress
- Assignee set to pstivanin
- % Done changed from 0 to 20
This tests and some others fail due to:
# virsh net-start default
error: Failed to start network default
error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt_leaseshelper) unexpected exit status 3: sh: /usr/lib/libvirt_leaseshelper: Permission denied
dnsmasq: cannot run lease-init script /usr/lib/libvirt_leaseshelper: Permission denied
but
# ls -l /usr/lib/libvirt_leaseshelper
-rwxr-xr-x 1 root root 14840 Sep 15 04:05 /usr/lib/libvirt_leaseshelper
Updated by pstivanin over 1 year ago
disabling apparmor fixed the issue, so it must be an issue with the dnsmasq rule.
# aa-disable usr.sbin.dnsmasq
Disabling /etc/apparmor.d/usr.sbin.dnsmasq.
# VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt_leaseshelper
#
Updated by pstivanin over 1 year ago
Updated by pstivanin over 1 year ago
- Status changed from In Progress to Blocked
Blocked until we get the libvirt update (see https://bugzilla.opensuse.org/show_bug.cgi?id=1203775)
Updated by pstivanin over 1 year ago
- Status changed from Blocked to In Progress
- % Done changed from 80 to 100
update is in 15-SP5. With the next build the issue should be gone. Let's keep this open and see.
Updated by openqa_review over 1 year ago
- Status changed from Resolved to Feedback
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: security_swtpm_uefi
https://openqa.suse.de/tests/10352598#step/swtpm_env_setup/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 36 days if nothing changes in this ticket.
Updated by pstivanin over 1 year ago
- Status changed from Feedback to Resolved
issue is unrelated to this ticket