Project

General

Profile

Actions
Copy link

action #155413

open

Ensure apparmor is enforced in openQA-in-openQA tests size:M

Added by okurz 3 months ago. Updated 6 days ago.

Status:
Workable
Priority:
Normal
Assignee:
-
Category:
Feature requests
Target version:
QA - Tools - Next
Start date:
Due date:
% Done:

0%

Estimated time:
Tags:
reactive work

Description

Motivation

In multiple occurrences openQA failed to start up or operate successfully on openqa.opensuse.org due to change of functionality without having according apparmor adaptions prepared. We should have automatic tests that ensure that apparmor profiles are enforced and fail if not covered properly.

Acceptance criteria

  • AC1: At least one openQA-in-openQA test scenario ensures that openQA jobs can still be executed with apparmor profiles enforced

Suggestions

  • Do we have any documentation regarding apparmor? If not then extend our documentation to cover that, should be simple
  • Enable apparmor in openQA-in-openQA tests and just run tests, e.g. like "zypper -n in apparmor && systemctl enable --now apparmor"
  • Ensure to cover both webUI and worker part though can be on the same host
  • Do we need reboot? Probably not, we don't have any kernel parameters or anything on o3

Related issues 1 (0 open1 closed)

Copied from openQA Project - action #153427: Improve updating cached assets size:MResolvedmkittler2024-01-05

Actions
Actions
Copy link
 #1

Updated by okurz 3 months ago

  • Copied from action #153427: Improve updating cached assets size:M added
Actions
Copy link
 #2

Updated by jbaier_cz 6 days ago

  • Subject changed from Ensure apparmor is enforced in openQA-in-openQA tests to Ensure apparmor is enforced in openQA-in-openQA tests size:M
  • Description updated (diff)
  • Status changed from New to Workable
Actions
Copy link

Also available in: Atom PDF