Description of problem: When a KubeVirt cluster is run with this ConfigMap setting `selinuxLauncherType: spc_t`, two functional tests fail. ------------------------------ • Failure [15.608 seconds] Operator /root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:56 With selinuxLauncherType defined /root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:1442 Should honor custom SELinux type for virt-launcher [It] /root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:1443 Expected <string>: spc_t not to equal <string>: spc_t /root/go/src/kubevirt.io/kubevirt/tests/operator_test.go:1464 ------------------------------ • Failure [7.049 seconds] SecurityFeatures /root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:32 Check virt-launcher securityContext /root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:38 [test_id:2953]Ensure virt-launcher pod securityContext type is virt_launcher.process [It] /root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:47 Expected <string>: spc_t to equal <string>: virt_launcher.process /root/go/src/kubevirt.io/kubevirt/tests/security_features_test.go:56 ------------------------------ Both of these failures are directly linked to the fact that the tests assume that selinuxLauncherType is not set before each test starts. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. kubectl -n kubevirt edit cm kubevirt-config 2. add "selinuxLauncherType: spc_t" under "data" 3. make functest Actual results: Both of the above tests fail Expected results: All tests should pass Additional info: This change was introduced very recently upstream so requires the latest kubevirt code on master to replicate.
This is fixed here: https://github.com/kubevirt/kubevirt/pull/3092
Test pass in the last run off Tier1 - moving to Verify
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:2011