Skip to content

test: skip OSCI gating AVC test #2106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
henrywang wants to merge 1 commit into
base: main
Choose a base branch
from
+22 −6
Open

test: skip OSCI gating AVC test #2106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions crates/xtask/src/tmt.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1070,6 +1070,18 @@ pub(crate) fn update_integration() -> Result<()> {
tests_content.push_str("# THIS IS GENERATED CODE - DO NOT EDIT\n");
tests_content.push_str("# Generated by: cargo xtask tmt\n");
tests_content.push_str("\n");
// bootc probes for SELinux mac_admin capability by attempting chcon with
// an intentionally invalid label, which generates expected AVC denials.
// Report as informational only in OSCI gating test
tests_content
.push_str("# bootc probes for SELinux mac_admin capability by attempting chcon with\n");
tests_content
.push_str("# an intentionally invalid label, which generates expected AVC denials.\n");
tests_content.push_str("# Report as informational only in OSCI gating test\n");
tests_content.push_str("check:\n");
tests_content.push_str(" - how: avc\n");
tests_content.push_str(" result: info\n");
tests_content.push_str("\n");
tests_content.push_str(&tests_yaml_formatted);

// Only write if content changed
Expand Down
3 changes: 3 additions & 0 deletions hack/packages.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ rsync
cloud-init
/usr/bin/flock
/usr/bin/awk
# Needed by tmt avc check
audit
policycoreutils
# Required by install-to-filesystem-var-mount test
parted
lvm2
Expand Down
6 changes: 0 additions & 6 deletions tmt/plans/integration.fmf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,6 @@
provision:
how: virtual
image: $@{test_disk_image}
# bootc probes for SELinux mac_admin/install_t capability by attempting
# chcon with an intentionally invalid label (see lsm.rs test_install_t).
# This generates expected AVC denials that rhel-ci's injected AVC check
# would otherwise flag as test failures.
environment:
AVC_ERROR: +no_avc_check
prepare:
# Install image mode system on package mode system
# Do not run on image mode VM running on Github CI and Locally
Expand Down
7 changes: 7 additions & 0 deletions tmt/tests/tests.fmf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
# THIS IS GENERATED CODE - DO NOT EDIT
# Generated by: cargo xtask tmt

# bootc probes for SELinux mac_admin capability by attempting chcon with
# an intentionally invalid label, which generates expected AVC denials.
# Report as informational only in OSCI gating test
check:
- how: avc
result: info

/test-01-readonly:
summary: Execute booted readonly/nondestructive tests
duration: 30m
Expand Down
Loading