Project

General

Profile

Actions
Copy link

action #49820

closed

[functional][u] Make the svirt backend work with AppArmor enabled and under company policies

Added by SLindoMansilla about 5 years ago. Updated about 4 years ago.

Status:
Rejected
Priority:
Low
Assignee:
binary_sequence
Category:
Infrastructure
Target version:
QA - future
Start date:
2019-03-29
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Motivation

Enabling openSUSE Tumbleweed tests for s390x on openqa.opensuse.org.
Find more details about why this is needed in #48434

Acceptance criteria

  • AC1: The svirt backend complies with the company policies to be run on a shared worker on openqa.opensuse.org
  • AC2: It is possible to enable a worker for z/VM on imagetester

Related issues 1 (0 open1 closed)

Related to openQA Tests - action #48434: [functional][u] test Tumbleweed s390x againResolvedSLindoMansilla2019-02-26

Actions
Actions
Copy link
 #1

Updated by SLindoMansilla about 5 years ago

  • Blocks action #48434: [functional][u] test Tumbleweed s390x again added
Actions
Copy link
 #2

Updated by SLindoMansilla about 5 years ago

  • Assignee set to SLindoMansilla
  • Priority changed from Normal to Low
Actions
Copy link
 #3

Updated by SLindoMansilla about 5 years ago

  • Status changed from New to Blocked

Waiting for z/VM user from Z system admins

Actions
Copy link
 #4

Updated by binary_sequence almost 5 years ago

  • Status changed from Blocked to Workable
  • Assignee changed from SLindoMansilla to binary_sequence

I already got a z/VM user.

Actions
Copy link
 #5

Updated by SLindoMansilla over 4 years ago

  • Blocks deleted (action #48434: [functional][u] test Tumbleweed s390x again)
Actions
Copy link
 #6

Updated by SLindoMansilla over 4 years ago

  • Related to action #48434: [functional][u] test Tumbleweed s390x again added
Actions
Copy link
 #7

Updated by SLindoMansilla about 4 years ago

At the moment this is very low prio since we have a dedicated server (rebel) for testing linux as a zVM guest: https://openqa.opensuse.org/group_overview/34

Actions
Copy link
 #8

Updated by okurz about 4 years ago

I don't think this is feasible as allowing ssh kinda contradicts apparmor by definition, doesn't it?

Actions
Copy link
 #9

Updated by SLindoMansilla about 4 years ago

  • Status changed from Workable to Rejected

Yes, you are right.

Actions
Copy link
 #10

Updated by pvorel about 4 years ago

Could you please explain what's wrong on ssh?
There is sshd profile
https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.sbin.sshd

Actions
Copy link
 #11

Updated by SLindoMansilla about 4 years ago

pvorel wrote:

Could you please explain what's wrong on ssh?
There is sshd profile
https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.sbin.sshd

Company policies. They denied me to add ssh to the apparmor profiles.

Actions
Copy link
 #12

Updated by okurz about 4 years ago

SLindoMansilla wrote:

[…]
Company policies.

please reference the "company policies" then or state "I did not understand" instead of spreading false rumors.

Actions
Copy link

Also available in: Atom PDF