Project

General

Profile

Actions
Copy link

action #168703

closed

[MinimalVM] Ensure SELinux status is checked

Added by ph03nix 2 months ago. Updated 22 days ago.

Status:
Resolved
Priority:
High
Assignee:
rmarliere
Target version:
-
Start date:
2024-10-22
Due date:
% Done:

100%

Estimated time:
Tags:
MinimalVM

Description

In preparation for SLES16, we should tune the Tumbleweed jeos-selinux tests such, that they check if the image has SELinux enabled by default.

See e.g. jeos-selinux, where the SELinux functionality is tested, but it is never tested, if SELinux is enabled by default.

We should add a new setting SELINUX and if that is set to 1, then check if SELinux is enabled by default.

Acceptance criteria

  • The jeos-selinux test runs contains a new setting (e.g. SELINUX) that defines if SELinux is expected to be enabled by default
  • If SELINUX is enabled, the test run check if SELinux is enabled by default and fails if it's not

Related issues 1 (1 open0 closed)

Related to openQA Tests (public) - action #166613: Yast default selected LSM changes from Apparmor to SELinux, existing openQA test fails in first_bootNew2024-10-21

Actions
Actions
Copy link
 #1

Updated by ph03nix 2 months ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by ph03nix 2 months ago

  • Related to action #166613: Yast default selected LSM changes from Apparmor to SELinux, existing openQA test fails in first_boot added
Actions
Copy link
 #3

Updated by favogt 2 months ago

We should add a new setting SELINUX and if that is set to 1, then check if SELinux is enabled by default.

IMO there should be something in version_utils that returns whether SELinux is enabled by default. If needed with some more primitives on top like selinux_is_active and selinux_needs_to_be_enabled.

Actions
Copy link
 #4

Updated by ph03nix about 2 months ago

  • Project changed from 208 to Containers and images
Actions
Copy link
 #5

Updated by ph03nix about 2 months ago

  • Subject changed from Ensure SELinux status is checked to [MinimalVM] Ensure SELinux status is checked
Actions
Copy link
 #6

Updated by szarate about 2 months ago

favogt wrote in #note-3:

We should add a new setting SELINUX and if that is set to 1, then check if SELinux is enabled by default.

IMO there should be something in version_utils that returns whether SELinux is enabled by default. If needed with some more primitives on top like selinux_is_active and selinux_needs_to_be_enabled.

100%, created: https://progress.opensuse.org/issues/169591

Actions
Copy link
 #7

Updated by rmarliere about 1 month ago

  • Status changed from Workable to In Progress
  • Assignee set to rmarliere
Actions
Copy link
 #8

Updated by rbranco about 1 month ago

Was about to pick this one but you were faster. Please check if https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/20125 helps.

Actions
Copy link
 #9

Updated by rmarliere about 1 month ago

Thanks for the link! Immediately after picking it up I saw from the linked poo#169591 that the version_utils helper was not merged yet :( But PR#20125 is looking good.

Actions
Copy link
 #11

Updated by rmarliere 22 days ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

Merged

Actions
Copy link

Also available in: Atom PDF