action #168577
openopenQA Tests - action #166613: Yast default selected LSM changes from Apparmor to SELinux, existing openQA test fails in first_boot
[containers] test fails in kubectl helm_K3S - missing k3s-selinux or container-selinux
0%
Description
Tumbleweed iso test with SELinux enabled by default, see context:
https://bugzilla.suse.com/show_bug.cgi?id=1230118
also see: https://progress.opensuse.org/issues/166613
these tests fail because the test case needs k3s-selinux:
https://openqa.opensuse.org/tests/4548715#step/kubectl/60
https://openqa.opensuse.org/tests/4548672#step/helm_K3S/29
[ERROR] Failed to find the k3s-selinux policy, please install:
zypper install -y container-selinux
zypper install -y https://rpm.rancher.io/k3s/stable/common/microos/noarch/
Observation¶
openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-containers_host_kubectl@64bit fails in
kubectl
Test suite description¶
Maintainer: dheidler. Extra tests about CLI software in container module
2023-08-10/dimstar: added QEMURAM=2048 (boo#1212824)
Reproducible¶
Fails since (at least) Build 20241008-SELinux (current job)
Expected result¶
Last good: 20241009 (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by szarate about 1 month ago
- Tags set to qac
- Project changed from openQA Tests to Containers and images
- Subject changed from test fails in kubectl helm_K3S to test fails in kubectl helm_K3S - missing k3s-selinux or container-selinux
- Category deleted (
Bugs in existing tests) - Status changed from New to Workable
- Assignee set to ph03nix
ph03nix, I guess you're better to know in which backlog this goes
Updated by cahu 27 days ago
just a quick note: for the verification runs you can create an iso as described here:
https://bugzilla.suse.com/show_bug.cgi?id=1230118#c7
Updated by ph03nix 23 days ago
- Tags changed from qac to containers, k3s
- Subject changed from test fails in kubectl helm_K3S - missing k3s-selinux or container-selinux to [containers] test fails in kubectl helm_K3S - missing k3s-selinux or container-selinux
- Assignee deleted (
ph03nix) - Priority changed from Normal to High
Updated by cahu 17 days ago
rbranco wrote in #note-6:
Seems to be solved in the latest job.
no, unfortunately it is not, so the latest job that you see linked does not have SELinux installed and enabled.
Could you please have another look? You need to test the iso as described here:
https://bugzilla.suse.com/show_bug.cgi?id=1230118#c7
The context is that we are moving from default apparmor to selinux, but the changes are not in factory yet because we would like to have the openQA tests fixed first.
This report is from a test run with an iso that has selinux selected by default in yast.
rfan also build a test image for openQA, so you could maybe also use that one for testing:
https://bugzilla.suse.com/show_bug.cgi?id=1230118#c8
please let me know if you have further questions, thanks for looking into it :)
Updated by rbranco 17 days ago
zypper in https://rpm.rancher.io/k3s/stable/common/microos/noarch/
Loading repository data...
Reading installed packages...
'https://rpm.rancher.io/k3s/stable/common/microos/noarch/' not found in package names. Trying capabilities.
No provider of 'https://rpm.rancher.io/k3s/stable/common/microos/noarch/' found.
Resolving package dependencies...
Nothing to do.
Updated by rbranco 17 days ago
# zypper in https://rpm.rancher.io/k3s/stable/common/microos/x86_64/
Loading repository data...
Reading installed packages...
'https://rpm.rancher.io/k3s/stable/common/microos/x86_64/' not found in package names. Trying capabilities.
No provider of 'https://rpm.rancher.io/k3s/stable/common/microos/x86_64/' found.
Resolving package dependencies...
Nothing to do.