Bug 1420296
Summary: | beah runs test with bad selinux context | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Beaker | Reporter: | Dalibor Pospíšil <dapospis> | ||||
Component: | beah | Assignee: | beaker-dev-list | ||||
Status: | CLOSED EOL | QA Contact: | tools-bugs <tools-bugs> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | develop | CC: | mastyk, mjia | ||||
Target Milestone: | --- | Keywords: | Patch | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2020-02-11 12:17:43 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Beah is no longer supported by Beaker development team. Instead of that, we are working on Restraint test harness. You can find all the features of Restraint here. https://restraint.readthedocs.io/en/latest/ If you think your RFE should be still implemented as part of Restraint feel free to create a new BZ ticket. https://bugzilla.redhat.com/enter_bug.cgi?product=Restraint In case you have any question feel free to reach out to me Thank you, Martin Styk <martin.styk> |
Created attachment 1248590 [details] workaround.patch Description of problem: In the tortilla script, there's check for selinux role and typy. Currently the problem is missing MCS range which is not detected by tortilla script. The issue appears since RHEL-7.3 AFAIK. Version-Release number of selected component (if applicable): beah-0.7.10-1.el7_2 How reproducible: 100% Steps to Reproduce: 1. run id as a task in beaker 2. run 'sandbox true' as a task in beaker Actual results: system_u:unconfined_r:unconfined_t:s0 /usr/bin/sandbox: User account must be setup with an MCS Range Expected results: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 command should pass Additional info: In the tortilla script, there is an insufficient check for context. If the check passes, no context change is done. This can be safely omitted and the context change can be done everytime as it does not break anything. I'm using attached workaround for quite long time and it works as expected.