action #168574
openaction #166613: Yast default selected LSM changes from Apparmor to SELinux, existing openQA test fails in first_boot
[security] test fails in selinux_setup
0%
Description
Tumbleweed iso test with SELinux enabled by default, see context:
https://bugzilla.suse.com/show_bug.cgi?id=1230118
also see: https://progress.opensuse.org/issues/166613
test fails because it checks if selinux is disabled, but it is not since it is selected by default
Observation¶
openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-selinux@64bit fails in
selinux_setup
Test suite description¶
Maintainer (Lily Zhao) llzhao@suse.com
Reproducible¶
Fails since (at least) Build 20241008-SELinux (current job)
Expected result¶
Last good: 20241009 (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by szarate about 1 month ago
- Subject changed from test fails in selinux_setup to [qe-security] test fails in selinux_setup
- Status changed from New to Workable
- Assignee set to tjyrinki_suse
- Parent task set to #166613
Updated by cahu 27 days ago
just a quick note: for the verification runs you can create an iso as described here:
https://bugzilla.suse.com/show_bug.cgi?id=1230118#c7
Updated by tjyrinki_suse 22 days ago
- Subject changed from [qe-security] test fails in selinux_setup to [security] test fails in selinux_setup
- Priority changed from Normal to High
Updated by szarate 13 days ago · Edited
amanzini wrote in #note-5:
Question: what's the best way to handle this ?
Seems like we need to support both selinux-tumbleweed and apparmor-tumbleweed.
Is there a special variable set somewhere to differentiate or we should rely on the build/test name ?
if the default is changing in TW, that's what has to be supported, if I understand correctly and this was needed for staging: is_staging can be used, as for variables, check: https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/variables.md
In the end, apparmor should be dropped from TW's testing
Updated by dimstar 12 days ago
szarate wrote in #note-6:
amanzini wrote in #note-5:
Question: what's the best way to handle this ?
Seems like we need to support both selinux-tumbleweed and apparmor-tumbleweed.
Is there a special variable set somewhere to differentiate or we should rely on the build/test name ?if the default is changing in TW, that's what has to be supported, if I understand correctly and this was needed for staging:
is_stagingcan be used, as for variables, check: https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/variables.mdIn the end, apparmor should be dropped from TW's testing
As release manager I beg to differ!
Just as a sure can now switch to SELinux - and we have a test for that, once TW moves to SELinux by default, the option to switch to AppArmor will be present in the installer and we need to provide tests for that
Updated by cahu 10 days ago · Edited
dimstar wrote in #note-7:
szarate wrote in #note-6:
amanzini wrote in #note-5:
Question: what's the best way to handle this ?
Seems like we need to support both selinux-tumbleweed and apparmor-tumbleweed.
Is there a special variable set somewhere to differentiate or we should rely on the build/test name ?if the default is changing in TW, that's what has to be supported, if I understand correctly and this was needed for staging:
is_stagingcan be used, as for variables, check: https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/variables.mdIn the end, apparmor should be dropped from TW's testing
As release manager I beg to differ!
Just as a sure can now switch to SELinux - and we have a test for that, once TW moves to SELinux by default, the option to switch to AppArmor will be present in the installer and we need to provide tests for that
yes, please do not remove the apparmor tests, they are still needed as dimstar said
apparmor should be tested as before, but just not set as default in the installer