action #168682
closedopenQA Tests (public) - action #166613: Yast default selected LSM changes from Apparmor to SELinux, existing openQA test fails in first_boot
[Containers] Establish AppArmor and SELinux test runs on Tumbleweed
0%
Description
In Tumbleweed currently the container test runs only run with AppArmor. However https://bugzilla.suse.com/show_bug.cgi?id=1230118 showed us that we need to also run the container test runs with SELinux enabled.
This ticket is about establishing test scenarios for podman and for docker using SELinux and AppArmor, where AppArmor should be used right now for the test runs.
The result should be dedicated scenarios for each security framework, e.g. containers_host_podman_SELinux and containers_host_podman_AppArmor.
Acceptance criteria¶
- AC1 Tumbleweed test runs for the
podmanengine are being tested with SELinux and with AppArmor in separate test scenarios - AC2 Tumbleweed test runs for the
dockerengine are being tested with SELinux and with AppArmor in separate test scenarios
Updated by cahu 2 months ago
could also be the case here:
- https://openqa.opensuse.org/tests/4548648#step/buildah-user_tap/25
- https://openqa.opensuse.org/tests/4548760#step/bats-root-remote_tap/1
but i am not 100% sure, it is tricky for me to understand the test case fully
Updated by cahu 2 months ago
just a quick note: for the verification runs you can create an iso as described here:
https://bugzilla.suse.com/show_bug.cgi?id=1230118#c7
Updated by rbranco 10 days ago
Enabling on x86_64 & aarch64 for now:
https://github.com/os-autoinst/opensuse-jobgroups/pull/574