Project

General

Profile

action #99096

action #93441: [sle][security][sle15sp4][CC] CC hand over

[sle][security][sle15sp4][CC][s390x] handle "permit_root_ssh" login issue on s390x

Added by rfan1 about 1 month ago. Updated 29 days ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Bugs in existing tests
Target version:
-
Start date:
2021-09-23
Due date:
% Done:

0%

Estimated time:
60.00 h
Difficulty:

Description

https://progress.opensuse.org/issues/98715

Based on the comments from Marcus, You cannot remove a security condition of the CC setup. ("root ssh access is not allowed" is a hard CC requirement)

We should find a way to fix the openqa failed case:

http://openqa.suse.de/tests/7198526#step/system_prepare/3

We may need use non-root user to access the system rather than root as a solutioin.

History

#1 Updated by rfan1 about 1 month ago

okurz
Xiaojing_liu

May I ask for your kindly help to take a look at this issue?

When testing Common Criteria system role based VM, root ssh is not permitted by default, and this is CC hard requirement based on Marcus's comment.

CC is supported on 3 platforms x86_64/aarch64 and s390x, for x86_64 and aarch64, we used to connect to the VM via qemu VNC while we try to connect root console via "select_console 'root-console'".

But for s390x, it seems another story, we should have to ssh access to the VM via root user. then the problem shows up.

I did some changes like below and seems it can work well:

-    select_console 'root-console';
+    select_console('user-console', ensure_tty_selected => 0, skip_setterm => 1);
+    my $password = $testapi::password;
+    type_string("sudo -i\n");
+    type_string("$password\n");

However, it is not an easy to fix this issue, since so many test modules have "select_console 'root-console';" function. I have to apply my changes one by one.

Do you have any suggestion here?

BR//Richard.

#2 Updated by okurz 29 days ago

  • Category set to Bugs in existing tests

Also available in: Atom PDF