action #152679
closed[security][alp-marble] test fails in semanage_fcontext: missing policy file
0%
Description
Observation¶
The test expects:
/etc/selinux/minimum/contexts/files/file_contexts.local
This file used to be provided by selinux-policy-minimum, but that package is no longer part of the distribution, AFAIK.
openQA test in scenario sle-micro-6.0-Default-x86_64-selinux@uefi fails in
semanage_fcontext
Further details¶
Always latest result in this scenario: latest
Updated by FSzekely 5 months ago
- Assignee set to FSzekely
Johannes wrote on Slack:
I don't think it's the minimum policy
you add local rules, so the file should get created
I'll have a deeper look
you need to check which policy is active and then adjust the path accordingly
the test assumes the minimum policy is installed. It needs to be changed to detect the current policy and then access the proper path
I will try to figure this out.
Updated by openqa_review 4 months ago
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: selinux
https://openqa.suse.de/tests/13079700#step/semanage_fcontext/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
Updated by FSzekely 4 months ago
Found that the same policy file should be loaded as on ALP. SLE Micro 6.0 still identifies itself as 'sle-micro'.
A tiny change in https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/lib/selinuxtest.pm#L32 should fix the issue.
PR is on its way soon.
Updated by FSzekely 4 months ago
VR on x86 looks good: https://openqa.suse.de/tests/13240110
Updated by FSzekely 4 months ago
- Status changed from In Progress to Resolved
SELinux tests now pass on Marble: https://openqa.suse.de/group_overview/514
A bit more info for future reference:
the current selinux policy could be obtained from the output of sestatus:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
See the line: Loaded policy name