Project

General

Profile

Actions
Copy link

action #167662

open

action #166613: Yast default selected LSM changes from Apparmor to SELinux, existing openQA test fails in first_boot

[security][tumbleweed] test fails in aa_enforce: audit 4.0 changes need adaption

Added by dimstar 26 days ago. Updated 4 days ago.

Status:
Workable
Priority:
Normal
Assignee:
-
Category:
Bugs in existing tests
Target version:
-
Start date:
2024-10-01
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:
apparmor

Description

Observation

Failed to restart auditd.service: Operation refused, unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status auditd.service' for details.
YxdDO-4-

auditd.service has: RefuseManualStop=yes

The service that can be restarted with Audit 4.0 is audit-rules; from the upstream changelog:

One of the main features is the separation of loading rules and logging
events into separate services, audit-rules.service and auditd.service.

openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-apparmor@64bit fails in
aa_enforce

Test suite description

Maintainer: QE Security; test AppArmor tool with an existing disk image.

Reproducible

Fails since (at least) Build 20231102

Expected result

Last good: 20231020 (or more recent)

Further details

Always latest result in this scenario: latest

Related issues 1 (0 open1 closed)

Related to openQA Tests - action #165686: perl-Bootloader package is now update-bootloader in TumbleweedResolvedcvidot2024-08-22

Actions
Actions
Copy link
 #3

Updated by szarate 26 days ago

  • Tags set to bugbusters
  • Assignee set to dimstar
Actions
Copy link
 #4

Updated by dimstar 26 days ago

The previous fix was merged - some missing parts:

Actions
Copy link
 #5

Updated by slo-gin 19 days ago

This ticket was set to Urgent priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.

Actions
Copy link
 #6

Updated by szarate 19 days ago

  • Related to action #165686: perl-Bootloader package is now update-bootloader in Tumbleweed added
Actions
Copy link
 #7

Updated by slo-gin 12 days ago

  • Priority changed from Urgent to High

This ticket was set to Urgent priority but was not updated within the SLO period. The ticket will be set to the next lower priority High.

Actions
Copy link
 #8

Updated by szarate 5 days ago

  • Parent task set to #166613

Contact @cahu if any questions.

cc @tjyrinki_suse
Looks like for apparmor and security audit testsuites need to be reworked too. #168571 can be rejected in favor of #167662

Actions
Copy link
 #9

Updated by szarate 5 days ago

  • Tags deleted (bugbusters)
  • Assignee changed from dimstar to tjyrinki_suse
Actions
Copy link
 #10

Updated by tjyrinki_suse 4 days ago

  • Tags set to apparmor
  • Subject changed from test fails in aa_enforce: audit 4.0 changes need adaption to [security][tumbleweed] test fails in aa_enforce: audit 4.0 changes need adaption
  • Status changed from New to Workable
  • Assignee deleted (tjyrinki_suse)
  • Priority changed from High to Normal
Actions
Copy link

Also available in: Atom PDF