action #177066
Updated by jbaier_cz 2 months ago
## Motivation https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/21108/files#diff-c61b6b7d08adaeb720aec789fbe11aff6a52dc44c3abc09b428fb8cb8cc46fa5R799 https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/21108/files#diff-c61b6b7d08adaeb720aec789fbe11[…]44c3abc09b428fb8cb8cc46fa5R798-R807 - "anything that speaks against removing sudo-permissions to [_openqa-worker] user?" we already explicitly only give sudo to each individual but also _openqa-worker in https://gitlab.suse.de/openqa/salt-states-openqa/-/blob/master/openqa/worker.sls#L323 which apparently is needed for the openQA multi-machine setup, possibly /etc/wicked/scripts/gre_tunnel_preup.sh But we never gave sudo to _openqa-worker on o3 workers and there is apparmor. It can't be that severe. How about just removing that rule and then we can selectively remove the residing file one by one and monitor?