test: Add modifications in SELinux disabled mode #201
Conversation
| selinux_logins_purge: true | ||
|
|
||
| tasks: | ||
| - name: Ensure SELinux tool semanage |
There was a problem hiding this comment.
Can you use
- name: Ensure SELinux tool semanage
include_tasks: set_selinux_variables.ymlto ensure semanage is present?
There was a problem hiding this comment.
set_selinux_variables.yml runs 4 time semanage command which can take 2 seconds on my vm and information collected by this task is not necessary for the test. As the test is now it doesn't even need semanage so it could be dropped completely.
There was a problem hiding this comment.
set_selinux_variables.ymlruns 4 timesemanagecommand which can take 2 seconds on my vm
ok - I guess we need a separate task file (e.g. tests/ensure_semanage.yml) which just installs semanage, and another task file to populate those test variables (or just move the semanage stuff out of set_selinux_variables.yml). We can do that in a subsequent PR. I don't like having multiple copy/paste of the code to install semanage - it makes things like ANSIBLE_GATHERING=explicit, rpm-ostree support, snapshot creation, new test development, etc. harder.
and information collected by this task is not necessary for the test. As the test is now it doesn't even need
semanageso it could be dropped completely.
ack
|
I guess I should also test whether modifications were applied. |
bachradsusi
force-pushed
the
test-modifications-in-disabled
branch
from
867123f to
7bb42de
Compare
|
[citest] |
|
[citest] |
| changed_when: true | ||
| when: selinux_mountpoint.stdout != "" | ||
|
|
||
| - name: Execute the role and catch errors |
There was a problem hiding this comment.
The test isn't catching errors, it is "Execute the role and cleanup" - not sure if you are expecting any errors, but the test is failing:
TASK [linux-system-roles.selinux : Set SELinux file contexts] ******************
task path: /WORKDIR/git-test-modifications-in-disabled37f0mfqq/tests/roles/linux-system-roles.selinux/tasks/main.yml:74
Friday 06 October 2023 21:18:41 +0000 (0:00:00.013) 0:00:12.398 ********
failed: [sut] (item={'target': '/tmp/test_dir(/.*)?', 'setype': 'user_home_dir_t', 'ftype': 'd'}) => {
"ansible_loop_var": "item",
"changed": false,
"item": {
"ftype": "d",
"setype": "user_home_dir_t",
"target": "/tmp/test_dir(/.*)?"
}
}
MSG:
SELinux is disabled on this host.
There was a problem hiding this comment.
- name: Execute the role and catch errors should be just - name: Execute the role
bachradsusi
force-pushed
the
test-modifications-in-disabled
branch
from
6e007b7 to
d7d9b6b
Compare
When targeted SELinux policy is installed it should be possible to setup SELinux while disabled and before it's changed to permissive/enforcing. Related to linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
force-pushed
the
test-modifications-in-disabled
branch
from
d7d9b6b to
887d1b2
Compare
|
[citest] |
|
[citest bad] |
|
I wouldn't worry about the rhel 6 issues, and the rhel 7 issue with the all transitions test and reboot seems to be transient - not easy to reproduce - might be an artifact of the CI system, unless you can consistently reproduce it with qemu locally. |
|
Is this PR ready to merge? It conflicts with #206, and it would be easier for me to rebase on top of this one, than for you to rebase on top of 206 |
|
It's ready to be merged. I don't plan any changes in this PR. Thanks! |
When targeted SELinux policy is installed it should be possible to setup SELinux while disabled and before it's changed to permissive/enforcing.
Related to #188
This test is supposed to fail until #194 is merged.
Enhancement:
Reason:
Result:
Issue Tracker Tickets (Jira or BZ if any):
#188