Description of problem: [RHEL9] ndctl test suites security.sh failed Version-Release number of selected component (if applicable): ndctl-71.1-8.el9.src.rpm kernel-5.14.0-194.el9 How reproducible: 100% Steps to Reproduce: 1. run ndctl test suite 2. 3. Actual results: Expected results: Additional info: beaker job: https://beaker.engineering.redhat.com/jobs/7248425 + masterkey=nvdimm-master + masterpath=/etc/ndctl/keys/nvdimm-master.blob + backup_key=0 + backup_handle=0 ++ dirname /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh + . /root/rpmbuild/BUILD/ndctl-71.1/test/common ++ '[' -z /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl ']' ++ '[' -z /root/rpmbuild/BUILD/ndctl-71.1/build/daxctl/daxctl ']' ++ '[' -z ']' ++ '[' -f ../cxl/cxl ']' ++ '[' -f ./cxl/cxl ']' ++ '[' -x ./cxl/cxl ']' ++ export CXL=./cxl/cxl ++ CXL=./cxl/cxl ++ '[' -z /root/rpmbuild/BUILD/ndctl-71.1/build/test ']' ++ NFIT_TEST_BUS0=nfit_test.0 ++ NFIT_TEST_BUS1=nfit_test.1 ++ ACPI_BUS=ACPI.NFIT ++ E820_BUS=e820 + trap 'err $LINENO' ERR + check_min_kver 5.0 + local ver=5.0 ++ uname -r + : 5.14.0-194.el9.x86_64 + '[' -n 5.0 ']' ++ echo -e '5.0\n5.14.0-194.el9.x86_64' ++ sort -V ++ head -1 + [[ 5.0 == \5\.\0 ]] ++ keyctl show ++ grep -Eo '_uid.[0-9]+' ++ head -1 ++ cut -d. -f2- + uid= + '[' '' -ne 0 ']' /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh: line 245: [: : integer expression expected + modprobe nfit_test + setup + /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl disable-region -b nfit_test.0 all disabled 2 regions + check_prereq keyctl + command -v keyctl + rc=1 + detect ++ /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl list -b nfit_test.0 -D ++ jq -r '.[0].dev' + dev=nmem1 + '[' -n nmem1 ']' ++ /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl list -b nfit_test.0 -D ++ jq -r '.[0].id' + id=cdab-0a-07e0-feffffff + '[' -n cdab-0a-07e0-feffffff ']' + test_cleanup + keyctl search @u encrypted nvdimm:cdab-0a-07e0-feffffff keyctl_search: Required key not available + keyctl search @u user nvdimm-master keyctl_search: Required key not available ++ hostname + '[' -f /etc/ndctl/keys/nvdimm_cdab-0a-07e0-feffffff_storageqe-40.sqe.lab.eng.bos.redhat.com.blob ']' + setup_keys + '[' '!' -d /etc/ndctl/keys ']' + '[' -f /etc/ndctl/keys/nvdimm-master.blob ']' + '[' -f /etc/ndctl/keys/tpm.handle ']' + dd if=/dev/urandom bs=1 count=32 + keyctl padd user nvdimm-master @u ++ keyctl search @u user nvdimm-master + keyctl pipe 416513477 keyctl_read_alloc: Permission denied ++ err 47 +++ basename /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh ++ echo test/security.sh: failed at line 47 ++ '[' -n '' ']' ++ exit 1 ------------------------------------------------------------------------------ Summary of Failures: 23/23 ndctl:ndctl / security.sh FAIL 0.19s exit status 1
++ keyctl show ++ grep -Eo '_uid.[0-9]+' ++ head -1 ++ cut -d. -f2- + uid= + '[' '' -ne 0 ']' /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh: line 245: [: : integer expression expected That's odd. It looks like there isn't a session keyring. Has the test environment changed?
I tested kernel-5.14.0-198.el9 locally, and security.sh passes. You could try running 'keyctl session; keyctl link @u @s' before kicking off the tests.
We ran into a similar problem in RHEL 8, where the user keyring was not linked into the session keyring. See this comment for an explanation of why this happens: https://bugzilla.redhat.com/show_bug.cgi?id=1736748#c4 Is the test harness running as a systemd service? Anyway, I think the most robust way to run the test is to ensure that: 1) there is a session keyring and 2) the user keyring is linked in to the session keyring before running the tests. I will propose a patch for the test harness upstream.
(In reply to Jeff Moyer from comment #9) > We ran into a similar problem in RHEL 8, where the user keyring was not > linked into the session keyring. See this comment for an explanation of why > this happens: https://bugzilla.redhat.com/show_bug.cgi?id=1736748#c4 > > Is the test harness running as a systemd service? Yes, the test harness is restraint. https://github.com/restraint-harness/restraint > > Anyway, I think the most robust way to run the test is to ensure that: > 1) there is a session keyring and > 2) the user keyring is linked in to the session keyring > before running the tests. > > I will propose a patch for the test harness upstream. Thanks