Project

General

Profile

Actions

action #81721

closed

[sle][security][sle15sp3][Feature][Automation]QA: /etc/grub.d/10_linux grub should support authorization

Added by rfan1 about 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
New test
Target version:
Start date:
2021-01-22
Due date:
% Done:

100%

Estimated time:
60.00 h (Total: 120.00 h)
Difficulty:
hard

Description

Jira ticket:
https://jira.suse.com/browse/SLE-14812

As documented in Authentication and authorisation in GRUB
grub2 supports restricting access to boot menu entries with the --unrestricted and --users options.
When building their images/appliances, our customer is configuring restrictions in the boot menu entries, so that only specified users can boot selected menu entries.
To implement this, they have been utilizing the editbootconfig feature of kiwi (see https://jira.suse.com/browse/PM-1969), which has recently been deprecated (around kiwi-9.20.4) .

The current solution to configure custom boot menu entries is to use grub capabilities, but this fails as the /etc/grub.d/10_linux script used for generating the bootloader configuration (especially in kiwi images) does not support the --unrestricted and --users options (that implement the authorization).

Manual test steps:
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1768659


Subtasks 1 (0 open1 closed)

action #88157: [sle][security][sle15sp3] Implement "grub authorization" tests in openQAResolvedrfan12021-01-22

Actions
Actions #1

Updated by rfan1 about 3 years ago

Dev task is not done

Actions #2

Updated by rfan1 about 3 years ago

  • Status changed from Blocked to In Progress

manual test passed

Actions #3

Updated by rfan1 about 3 years ago

  • Estimated time changed from 40.00 h to 6000.00 h
Actions #4

Updated by rfan1 about 3 years ago

  • Estimated time changed from 6000.00 h to 60.00 h
Actions #5

Updated by rfan1 almost 3 years ago

  • Status changed from In Progress to Resolved

Automation test passed

Actions

Also available in: Atom PDF