Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

kola: Add checks for SELinux AVC messages #572

Open
wants to merge 6 commits into
base: flatcar-master
Choose a base branch
from
Open

kola: Add checks for SELinux AVC messages #572

wants to merge 6 commits into from

Conversation

krnowak
Copy link
Member

@krnowak krnowak commented Jan 7, 2025

This adds a check for SELinux AVC messages in the kola test suite with an option of skipping it.

@krnowak krnowak force-pushed the krnowak/avc-check branch from b3dd673 to 1b7b540 Compare January 8, 2025 15:29
@krnowak
Copy link
Member Author

krnowak commented Jan 8, 2025
edited
Loading

@github-actions github-actions bot mentioned this pull request Jan 22, 2025
Closed
@krnowak krnowak force-pushed the krnowak/avc-check branch 2 times, most recently from 83c360f to ec88c1c Compare February 4, 2025 15:09
@krnowak
kola: Add checks for AVC messages
84b9b34 
Kola does some checks after every test run. They are just regexps,
that will cause the test to fail if they match. The regexps are being
run over the contents of the console output and journal. We add
another check to match the AVC denial line ("avc: denied { … } …").
There is a flag to skip the check in case a test wants to actually
generate an AVC and check for it itself.
@krnowak
kola: Skip AVC checks on older versions of Flatcar
e8757ae
@krnowak
kola: Add AVC checks in docker.selinux test
0cf7b9f
@krnowak
kola: Add AVC checks for cl.update tests
2275418 
These start off with an old version of Flatcar and get updated to a
new one.
@krnowak
kola, azure: Drop UseUserData field in Options
a0287a4 
It wasn't exposed through any command-line flag and it seems that it
was meant to be always set to true for Flatcar versions greater than
3033, which means anything that is newer than the already unsupported
LTS-2022. It is basically a dead code now, so drop it.
@krnowak
kola: Add an option for specifying image version
b230327 
When we are running our tests on Github or in Jenkins, we always know
what version of Flatcar the image used for testing has. So instead of
figuring it out by creating a throw-away cluster, make it possible to
provide the image version through a command-line flag. This commit
drops the fast-track code-path that was skipping the version query, so
in order to avoid the overhead of creating a cluster, passing the
version through the command line is required.

This also fixes an issue of SELinux AVC not being ignored on older
versions of the image if getting the image version from the cluster
was for some reason skipped.
@krnowak krnowak marked this pull request as ready for review February 7, 2025 13:47
@krnowak krnowak requested a review from a team February 7, 2025 13:47
@krnowak
Copy link
Member Author

krnowak commented Feb 7, 2025

CI results above - I don't think that any failures are related to this PR.

This was referenced Feb 7, 2025
Open
Open
Open
Open
Open
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
Flatcar tactical, release planning, and roadmap
Status: Testing / in Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@krnowak