From d659db68bd4f09c7a593629f78c7b49a30d344c2 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 24 Oct 2024 16:36:29 -0400 Subject: [PATCH] tests/kola: add SELinux systemd /var/cache exceptions in upgrade test https://github.com/coreos/fedora-coreos-tracker/issues/1819#issuecomment-2436280393 --- tests/kola/upgrade/extended/test.sh | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/tests/kola/upgrade/extended/test.sh b/tests/kola/upgrade/extended/test.sh index b1c1441402..0e069e5a93 100755 --- a/tests/kola/upgrade/extended/test.sh +++ b/tests/kola/upgrade/extended/test.sh @@ -175,15 +175,20 @@ selinux-sanity-check() { mislabeled="$(restorecon -vnr /var/ /etc/ /usr/ /boot/)" if [ -n "${mislabeled}" ]; then # Exceptions for files that could be wrong (sometimes upgrades are messy) - # Would relabel /var/lib/cni from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0 - # Would relabel /etc/selinux/targeted/semanage.read.LOCK from system_u:object_r:semanage_trans_lock_t:s0 to system_u:object_r:selinux_config_t:s0 - # Would relabel /etc/selinux/targeted/semanage.trans.LOCK from system_u:object_r:semanage_trans_lock_t:s0 to system_u:object_r:selinux_config_t:s0 - # Would relabel /etc/systemd/journald.conf.d from system_u:object_r:etc_t:s0 to system_u:object_r:systemd_conf_t:s0 - # Would relabel /etc/systemd/journald.conf.d/forward-to-console.conf from system_u:object_r:etc_t:s0 to system_u:object_r:systemd_conf_t:s0 - # Would relabel /boot/lost+found from system_u:object_r:unlabeled_t:s0 to system_u:object_r:lost_found_t:s0' ']' - # Would relabel /var/lib/systemd/home from system_u:object_r:init_var_lib_t:s0 to system_u:object_r:systemd_homed_library_dir_t:s0 + # - Would relabel /var/lib/cni from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0 + # - Would relabel /etc/selinux/targeted/semanage.read.LOCK from system_u:object_r:semanage_trans_lock_t:s0 to system_u:object_r:selinux_config_t:s0 + # - Would relabel /etc/selinux/targeted/semanage.trans.LOCK from system_u:object_r:semanage_trans_lock_t:s0 to system_u:object_r:selinux_config_t:s0 + # - Would relabel /etc/systemd/journald.conf.d from system_u:object_r:etc_t:s0 to system_u:object_r:systemd_conf_t:s0 + # - Would relabel /etc/systemd/journald.conf.d/forward-to-console.conf from system_u:object_r:etc_t:s0 to system_u:object_r:systemd_conf_t:s0 + # - Would relabel /boot/lost+found from system_u:object_r:unlabeled_t:s0 to system_u:object_r:lost_found_t:s0' ']' + # - Would relabel /var/lib/systemd/home from system_u:object_r:init_var_lib_t:s0 to system_u:object_r:systemd_homed_library_dir_t:s0 # - 39.20230916.1.1->41.20240928.10.1 # - https://github.com/fedora-selinux/selinux-policy/commit/3ba70ae27d067f7edc0a52ff722511c5ada724f2 + # - Would relabel /var/cache/systemd from system_u:object_r:var_t:s0 to system_u:object_r:systemd_cache_t:s0 + # Would relabel /var/cache/systemd/home from system_u:object_r:var_t:s0 to system_u:object_r:systemd_homed_cache_t:s0 + # - 38.20230322.1.0->42.20241023.91.0 + # - https://github.com/fedora-selinux/selinux-policy/commit/b08568ca696f14d3232adef6a291ebb0ec80ba46 + # - https://github.com/coreos/fedora-coreos-tracker/issues/1819 declare -A exceptions=( ['/var/lib/cni']=1 ['/etc/selinux/targeted/semanage.read.LOCK']=1 @@ -192,6 +197,8 @@ selinux-sanity-check() { ['/etc/systemd/journald.conf.d/forward-to-console.conf']=1 ['/boot/lost+found']=1 ['/var/lib/systemd/home']=1 + ['/var/cache/systemd']=1 + ['/var/cache/systemd/home']=1 ) paths="$(echo "${mislabeled}" | grep "Would relabel" | cut -d ' ' -f 3)" found=""