Project

General

Profile

Actions

action #49820

closed

[functional][u] Make the svirt backend work with AppArmor enabled and under company policies

Added by SLindoMansilla almost 5 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Low
Category:
Infrastructure
Target version:
Start date:
2019-03-29
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Motivation

Enabling openSUSE Tumbleweed tests for s390x on openqa.opensuse.org.
Find more details about why this is needed in #48434

Acceptance criteria

  • AC1: The svirt backend complies with the company policies to be run on a shared worker on openqa.opensuse.org
  • AC2: It is possible to enable a worker for z/VM on imagetester

Related issues 1 (0 open1 closed)

Related to openQA Tests - action #48434: [functional][u] test Tumbleweed s390x againResolvedSLindoMansilla2019-02-26

Actions
Actions #1

Updated by SLindoMansilla almost 5 years ago

  • Blocks action #48434: [functional][u] test Tumbleweed s390x again added
Actions #2

Updated by SLindoMansilla almost 5 years ago

  • Assignee set to SLindoMansilla
  • Priority changed from Normal to Low
Actions #3

Updated by SLindoMansilla almost 5 years ago

  • Status changed from New to Blocked

Waiting for z/VM user from Z system admins

Actions #4

Updated by binary_sequence almost 5 years ago

  • Status changed from Blocked to Workable
  • Assignee changed from SLindoMansilla to binary_sequence

I already got a z/VM user.

Actions #5

Updated by SLindoMansilla over 4 years ago

  • Blocks deleted (action #48434: [functional][u] test Tumbleweed s390x again)
Actions #6

Updated by SLindoMansilla over 4 years ago

  • Related to action #48434: [functional][u] test Tumbleweed s390x again added
Actions #7

Updated by SLindoMansilla almost 4 years ago

At the moment this is very low prio since we have a dedicated server (rebel) for testing linux as a zVM guest: https://openqa.opensuse.org/group_overview/34

Actions #8

Updated by okurz almost 4 years ago

I don't think this is feasible as allowing ssh kinda contradicts apparmor by definition, doesn't it?

Actions #9

Updated by SLindoMansilla almost 4 years ago

  • Status changed from Workable to Rejected

Yes, you are right.

Actions #10

Updated by pvorel almost 4 years ago

Could you please explain what's wrong on ssh?
There is sshd profile
https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.sbin.sshd

Actions #11

Updated by SLindoMansilla almost 4 years ago

pvorel wrote:

Could you please explain what's wrong on ssh?
There is sshd profile
https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/profiles/extras/usr.sbin.sshd

Company policies. They denied me to add ssh to the apparmor profiles.

Actions #12

Updated by okurz almost 4 years ago

SLindoMansilla wrote:

[…]
Company policies.

please reference the "company policies" then or state "I did not understand" instead of spreading false rumors.

Actions

Also available in: Atom PDF