Actions
action #174175
open[security][tumbleweed] Add setroubleshootd tests
Start date:
Due date:
% Done:
20%
Estimated time:
8.00 h
Difficulty:
Tags:
Description
Motivation¶
We need to be able to test setroubleshoot automatically so we could catch downgrades or issues in advance to bring better usability to the users.
What should be tested:
- setroubleshootd
- systemd service has no issue when called
- daemon is dbus activated
- policykit restrict direct usage only to setroubleshoot user
Acceptance Criteria¶
- Create a test that runs on SELinux enabled Tumbleweed system, with auditd
- Install the package setroubleshoot-server, check that it installs setroubleshoot-plugins automatically
- Check setroubleshootd DBus activation via systemd service. Check if is-active shows inactive at first, then after restart shows active at first but after about 15 seconds it should be no longer active again.
- Check setroubleshootd invoking via polkit as root, see /usr/share/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
Further Information¶
Ask for details from for example Zdenek Kubala if something is unclear, or from this ticket's author.
Updated by tjyrinki_suse 15 days ago
- Related to action #174178: [security][tumbleweed] Add sealert tests to setroubleshootd added
Updated by amanzini 9 days ago ยท Edited
tests are in a good shape: https://openqa.opensuse.org/tests/4709307#step/setroubleshootd/11
waiting for clarification about the ac4 (asked on slack) and left a comment on confluence page
Actions