Project

General

Profile

Actions

action #81721

closed

[sle][security][sle15sp3][Feature][Automation]QA: /etc/grub.d/10_linux grub should support authorization

Added by rfan1 almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
New test
Target version:
Start date:
2021-01-22
Due date:
% Done:

100%

Estimated time:
60.00 h (Total: 120.00 h)
Difficulty:
hard

Description

Jira ticket:
https://jira.suse.com/browse/SLE-14812

As documented in Authentication and authorisation in GRUB
grub2 supports restricting access to boot menu entries with the --unrestricted and --users options.
When building their images/appliances, our customer is configuring restrictions in the boot menu entries, so that only specified users can boot selected menu entries.
To implement this, they have been utilizing the editbootconfig feature of kiwi (see https://jira.suse.com/browse/PM-1969), which has recently been deprecated (around kiwi-9.20.4) .

The current solution to configure custom boot menu entries is to use grub capabilities, but this fails as the /etc/grub.d/10_linux script used for generating the bootloader configuration (especially in kiwi images) does not support the --unrestricted and --users options (that implement the authorization).

Manual test steps:
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1768659


Subtasks 1 (0 open1 closed)

action #88157: [sle][security][sle15sp3] Implement "grub authorization" tests in openQAResolvedrfan12021-01-22

Actions
Actions

Also available in: Atom PDF