Project

General

Profile

Actions
Copy link

action #168583

open

action #166613: Yast default selected LSM changes from Apparmor to SELinux, existing openQA test fails in first_boot

[qe-core] test fails in yast2_snapper_ncurses - test needs to use a directory in selinux directory

Added by cahu about 1 month ago. Updated 16 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
rfan1
Category:
Bugs in existing tests
Target version:
QA - QE-Core: Ready
Start date:
2024-10-21
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:
bugbusters

Description

Tumbleweed iso test with SELinux enabled by default, see context:
https://bugzilla.suse.com/show_bug.cgi?id=1230118

also see: https://progress.opensuse.org/issues/166613

we only allow certain snapshots to be labeled snapperd_data_t, so if the test will use /test, the files are not labeled correctly

so either the test case will need to relabel /test manually or it should use a standard snapshot directory, e.g. something from that list:
https://github.com/openSUSE/selinux-policy/blob/13ccc20ff8436e65846543af843778ae32d5389e/policy/modules/contrib/snapper.fc#L12

Observation

openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-yast2_ncurses@64bit fails in
yast2_snapper_ncurses

Test suite description

Maintainer: qsf-y Test for yast2 UI, ncurses only. Running on created gnome images which provides both text console for ncurses UI tests as well as the gnome environment for the GUI tests.
riafarov set TIMEOUT_SCALE to improve stability of the test.

Reproducible

Fails since (at least) Build 20241008-SELinux (current job)

Expected result

Last good: 20241009 (or more recent)

Further details

Always latest result in this scenario: latest

Actions
Copy link
 #1

Updated by szarate about 1 month ago

  • Tags set to bugbusters
  • Subject changed from test fails in yast2_snapper_ncurses to [qe-core] test fails in yast2_snapper_ncurses - test needs to use a directory in selinux directory
  • Target version set to QE-Core: Ready
  • Parent task set to #166613

one point to keeping yast2_ncurses - or having same test coverage by other means.

Actions
Copy link
 #2

Updated by JERiveraMoya about 1 month ago · Edited

szarate wrote in #note-1:

one point to keeping yast2_ncurses - or having same test coverage by other means.

I remember we used /test instead of /root for configuration in the yast module due to it could only work that way, so the relabeling might be an option but I don't know the steps. I guess the the qcow2 should be saved somewhere, as it seems that there are not continues builds to test.

Actions
Copy link
 #3

Updated by cahu about 1 month ago · Edited

probably you could run something like this before you use btrfs to create a new subvolume /test:

semanage fcontext -a -t 'snapperd_data_t' -s system_u '/test(/.*)?'
semanage fcontext -a -t '<<none>>' -s system_u '/test/[^/]*/snapshot(/.*)?'

Actions
Copy link
 #4

Updated by cahu 27 days ago

just a quick note: for the verification runs you can create an iso as described here:
https://bugzilla.suse.com/show_bug.cgi?id=1230118#c7

Actions
Copy link
 #5

Updated by rfan1 22 days ago

  • Status changed from New to In Progress
  • Assignee set to rfan1

Let me try with the command mentioned above

Actions
Copy link
 #6

Updated by rfan1 21 days ago

  • Status changed from In Progress to Feedback
Actions
Copy link
 #7

Updated by rfan1 16 days ago

  • Status changed from Feedback to Resolved
Actions
Copy link
 #8

Updated by rfan1 16 days ago

  • Status changed from Resolved to Feedback
Actions
Copy link

Also available in: Atom PDF