Project

General

Profile

action #81721

[sle][security][sle15sp3][Feature][Automation]QA: /etc/grub.d/10_linux grub should support authorization

Added by rfan1 7 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
New test
Target version:
Start date:
2021-01-22
Due date:
% Done:

100%

Estimated time:
60.00 h (Total: 120.00 h)
Difficulty:
hard

Description

Jira ticket:
https://jira.suse.com/browse/SLE-14812

As documented in Authentication and authorisation in GRUB
grub2 supports restricting access to boot menu entries with the --unrestricted and --users options.
When building their images/appliances, our customer is configuring restrictions in the boot menu entries, so that only specified users can boot selected menu entries.
To implement this, they have been utilizing the editbootconfig feature of kiwi (see https://jira.suse.com/browse/PM-1969), which has recently been deprecated (around kiwi-9.20.4) .

The current solution to configure custom boot menu entries is to use grub capabilities, but this fails as the /etc/grub.d/10_linux script used for generating the bootloader configuration (especially in kiwi images) does not support the --unrestricted and --users options (that implement the authorization).

Manual test steps:
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1768659


Subtasks

action #88157: [sle][security][sle15sp3] Implement "grub authorization" tests in openQAResolvedrfan1

History

#1 Updated by rfan1 7 months ago

Dev task is not done

#2 Updated by rfan1 6 months ago

  • Status changed from Blocked to In Progress

manual test passed

#3 Updated by rfan1 6 months ago

  • Estimated time changed from 40.00 h to 6000.00 h

#4 Updated by rfan1 6 months ago

  • Estimated time changed from 6000.00 h to 60.00 h

#5 Updated by rfan1 5 months ago

  • Status changed from In Progress to Resolved

Automation test passed

Also available in: Atom PDF