Bug 1805204 - [kubevirt-functional-tests] securityContext tests don't account for cluster settings
Summary: [kubevirt-functional-tests] securityContext tests don't account for cluster s...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Virtualization
Version: 2.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 2.3.0
Assignee: sgott
QA Contact: Israel Pinto
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-20 13:41 UTC by sgott
Modified: 2020-05-04 19:11 UTC (History)
1 user (show)

Fixed In Version: virt-operator-container-v2.3.0-34 hco-bundle-registry-container-v2.3.0-23
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-04 19:10:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2020:2011 0 None None None 2020-05-04 19:11:06 UTC

Description sgott 2020-02-20 13:41:11 UTC 
Description of problem:
When a KubeVirt cluster is run with this ConfigMap setting `selinuxLauncherType: spc_t`, two functional tests fail.

------------------------------                                                                                                                                                                                                               
• Failure [15.608 seconds]                                                                                                                                                                                                                   
Operator                                                                                                                                                                                                                                     
/root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:56 
  With selinuxLauncherType defined                                                                                    
  /root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:1442                     
    Should honor custom SELinux type for virt-launcher [It]                                                           
    /root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:1443                    

    Expected
        <string>: spc_t
    not to equal
        <string>: spc_t                                                                                               
                                                                                                                      
    /root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:1464
------------------------------
• Failure [7.049 seconds]
SecurityFeatures
/root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:32
  Check virt-launcher securityContext
  /root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:38
    [test_id:2953]Ensure virt-launcher pod securityContext type is virt_launcher.process [It]
    /root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:47

    Expected
        <string>: spc_t
    to equal
        <string>: virt_launcher.process

    /root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:56
------------------------------

Both of these failures are directly linked to the fact that the tests assume that selinuxLauncherType is not set before each test starts.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. kubectl -n kubevirt edit cm kubevirt-config
2. add "selinuxLauncherType: spc_t" under "data"
3. make functest

Actual results:
Both of the above tests fail

Expected results:
All tests should pass

Additional info:
This change was introduced very recently upstream so requires the latest kubevirt code on master to replicate.
Comment 1 sgott 2020-02-20 21:48:48 UTC 
This is fixed here: https://github.com/kubevirt/kubevirt/pull/3092
Comment 4 Israel Pinto 2020-03-24 04:43:19 UTC 
Test pass in the last run off Tier1 - moving to Verify
Comment 7 errata-xmlrpc 2020-05-04 19:10:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:2011
Note You need to log in before you can comment on or make changes to this bug.