action #126812
[security][alp] test fails in fixfiles in selinux tests
100%
Description
Observation¶
openQA test in scenario alp-micro-0.1-Default-x86_64-selinux@uefi fails in
fixfiles
It used to pass at https://openqa.opensuse.org/tests/3193154
History
Updated by #3
Updated by pstivanin 2 months ago
If done manually, all is good:
localhost:~ # fixfiles restore /var/cache/zypp/raw/ALP-Build/repodata/81a3aedc4a37b3fe7e745668f90679e4444bfc0bdc0db58fa55a3c6bdd1cc52fec719f2972975e7e68ca10dc874f4fe09225189649403aac3bf44d2bc6b6374f-primary.xml.gz skipping the directory /var/lib/overlay localhost:~ # fixfiles verify /var/cache/zypp/raw/ALP-Build/repodata/81a3aedc4a37b3fe7e745668f90679e4444bfc0bdc0db58fa55a3c6bdd1cc52fec719f2972975e7e68ca10dc874f4fe09225189649403aac3bf44d2bc6b6374f-primary.xml.gz skipping the directory /var/lib/overlay localhost:~ # ls -Z /var/cache/zypp/raw/ALP-Build/repodata/81a3aedc4a37b3fe7e745668f90679e4444bfc0bdc0db58fa55a3c6bdd1cc52fec719f2972975e7e68ca10dc874f4fe09225189649403aac3bf44d2bc6b6374f-primary.xml.gz unconfined_u:object_r:rpm_var_cache_t:s0 /var/cache/zypp/raw/ALP-Build/repodata/81a3aedc4a37b3fe7e745668f90679e4444bfc0bdc0db58fa55a3c6bdd1cc52fec719f2972975e7e68ca10dc874f4fe09225189649403aac3bf44d2bc6b6374f-primary.xml.gz
#4
Updated by pstivanin 2 months ago
- % Done changed from 20 to 60
I see, the issue seems to be related to spaces!
This is what we are trying to relabel in openqa:
Would relabel /var/cache/zypp/raw/ALP Build Repository/repodata/6aa88ff60c6dbe7754d1abdfe87028f1db3951f18e4232c56d44f7618b9ac866fae59a61d42a6b4c4007a75884de87d9fdd3c4ae6676e3cf0cffebfe3c3621e7-primary.xml.gz from unconfined_u:object_r:user_tmp_t:s0 to unconfined_u:object_r:rpm_var_cache_t:s0
and this is what we get on the error message:
Output: unconfined_u:object_r:rpm_var_cache_t:s0 /var/cache/zypp/raw/ALP
we can see that also the wrong dir is being parse:
[ -d /var/cache/zypp/raw/ALP ]
#5
Updated by pstivanin 2 months ago
the issue is with the cut cmd in our test:
my $file_name = script_output("echo $file_info | cut -d ' ' -f3");
which, considering the string: Would relabel /var/cache/zypp/raw/ALP Build Repository/repodata/6aa88ff60c6dbe7754d1abdfe87028f1db3951f18e4232c56d44f7618b9ac866fae59a61d42a6b4c4007a75884de87d9fdd3c4ae6676e3cf0cffebfe3c3621e7-primary.xml.gz from unconfined_u:object_r:user_tmp_t:s0 to unconfined_u:object_r:rpm_var_cache_t:s0 would translate to:
/var/cache/zypp/raw/ALP
#7
Updated by pstivanin 2 months ago
- Status changed from In Progress to Blocked
ATM old builds can't be retriggered due to: https://openqa.opensuse.org/tests/3213090#step/selinux_setup/18
setting to blocked until this is resolved.
#9
Updated by pstivanin about 2 months ago
- Status changed from Blocked to In Progress
#10
Updated by pstivanin about 2 months ago
- Status changed from In Progress to Resolved
PR has been merged
#11
Updated by dimstar about 2 months ago
Updated by pstivanin wrote:
PR has been merged
Seems to have caused a regression in Tumbleweed tests:
https://openqa.opensuse.org/tests/3222223#next_previous
observed in snapshot 0411, a rerun of 0410 (which passed yesterday) shows this now also failing
#12
Updated by dimstar about 2 months ago
- Status changed from Resolved to Workable
#13
Updated by pstivanin about 2 months ago
- Status changed from Workable to In Progress
looking into it
#14
Updated by pstivanin about 2 months ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100