tests / selinux

Clone
Source Code
GIT

#67 policycoreutils/sepolicy-generate fails on Rawhide when it's run from setools PR
Opened 4 years ago by plautrba. Modified 3 years ago

Open
Close Issue

There's new https://src.fedoraproject.org/rpms/setools/pull-request/15 and /CoreOS/policycoreutils/Sanity/sepolicy-generate passed. All Command 'mypolicy/testpolicy.sh' returned 0:

:: [ 11:15:42 ] :: [  BEGIN   ] :: Running 'mypolicy/testpolicy.sh'
+ make -f /usr/share/selinux/devel/Makefile testpolicy.pp
+ /usr/sbin/semodule -i testpolicy.pp
libsemanage.add_user: user sar-user not in password file
+ sepolicy manpage -p . -d testpolicy_t
+ /usr/sbin/semanage user -a -R 'testpolicy_r webadm_r system_r' testpolicy_u
libsemanage.add_user: user sar-user not in password file
+ cat
+ '[' '!' -f /etc/selinux/targeted/contexts/users/testpolicy_u ']'
+ cp testpolicy_u /etc/selinux/targeted/contexts/users/
++ pwd
+ pwd=/tmp/tmp.Gy9SftEjED/mypolicy
+ rpmbuild --define '_sourcedir /tmp/tmp.Gy9SftEjED/mypolicy' --define '_specdir /tmp/tmp.Gy9SftEjED/mypolicy' --define '_builddir /tmp/tmp.Gy9SftEjED/mypolicy' --define '_srcrpmdir /tmp/tmp.Gy9SftEjED/mypolicy' --define '_rpmdir /tmp/tmp.Gy9SftEjED/mypolicy' --define '_buildrootdir /tmp/tmp.Gy9SftEjED/mypolicy/.build' -ba testpolicy_selinux.spec
+ umask 022
+ cd /tmp/tmp.Gy9SftEjED/mypolicy
+ '[' /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64 '!=' / ']'
+ rm -rf /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64
++ dirname /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64
+ mkdir -p /tmp/tmp.Gy9SftEjED/mypolicy/.build
+ mkdir /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64
+ install -d /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/packages
+ install -m 644 /tmp/tmp.Gy9SftEjED/mypolicy/testpolicy.pp /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/packages
+ install -d /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/devel/include/contrib
+ install -m 644 /tmp/tmp.Gy9SftEjED/mypolicy/testpolicy.if /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/devel/include/contrib/
+ install -d /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/man/man8/
+ install -m 644 /tmp/tmp.Gy9SftEjED/mypolicy/testpolicy_selinux.8 /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/man/man8/testpolicy_selinux.8
+ install -d /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/etc/selinux/targeted/contexts/users/
+ install -m 644 /tmp/tmp.Gy9SftEjED/mypolicy/testpolicy_u /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/etc/selinux/targeted/contexts/users/testpolicy_u
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-python-bytecompile /usr/bin/python 1 0
+ /usr/lib/rpm/brp-python-hardlink
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
+ umask 022
+ cd /tmp/tmp.Gy9SftEjED/mypolicy
+ /usr/bin/rm -rf /tmp/tmp.Gy9SftEjED/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64
+ RPM_EC=0
++ jobs -p
+ exit 0
:: [ 11:17:05 ] :: [   PASS   ] :: Command 'mypolicy/testpolicy.sh' (Expected 0, got 0)

I consider this issue fixed.

@rfilo Have you afound any other issue?

I still have a issue when the test runs on Fedora Rawhide.
Couple of Commands 'mypolicy/testpolicy.sh' returned 1.

:: [ 04:30:28 ] :: [  BEGIN   ] :: Running 'mypolicy/testpolicy.sh'
Building and Loading Policy
+ make -f /usr/share/selinux/devel/Makefile testpolicy.pp
make[1]: Entering directory '/tmp/tmp.T1yd396F9I/mypolicy'
Compiling mls testpolicy module
Creating mls testpolicy.pp policy package
rm tmp/testpolicy.mod.fc tmp/testpolicy.mod
make[1]: Leaving directory '/tmp/tmp.T1yd396F9I/mypolicy'
+ /usr/sbin/semodule -i testpolicy.pp
+ sepolicy manpage -p . -d testpolicy_t
+ /usr/sbin/semanage user -a -R 'testpolicy_r webadm_r system_r' testpolicy_u
+ cat
+ '[' '!' -f /etc/selinux/targeted/contexts/users/testpolicy_u ']'
++ pwd
+ pwd=/tmp/tmp.T1yd396F9I/mypolicy
+ rpmbuild --define '_sourcedir /tmp/tmp.T1yd396F9I/mypolicy' --define '_specdir /tmp/tmp.T1yd396F9I/mypolicy' --define '_builddir /tmp/tmp.T1yd396F9I/mypolicy' --define '_srcrpmdir /tmp/tmp.T1yd396F9I/mypolicy' --define '_rpmdir /tmp/tmp.T1yd396F9I/mypolicy' --define '_buildrootdir /tmp/tmp.T1yd396F9I/mypolicy/.build' -ba testpolicy_selinux.spec
setting SOURCE_DATE_EPOCH=1589760000
warning: Found bdb Packages database while attempting sqlite backend: using bdb backend.
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.iw6hE6
+ umask 022
+ cd /tmp/tmp.T1yd396F9I/mypolicy
+ '[' /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64 '!=' / ']'
+ rm -rf /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64
++ dirname /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64
+ mkdir -p /tmp/tmp.T1yd396F9I/mypolicy/.build
+ mkdir /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64
+ install -d /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/packages
+ install -m 644 /tmp/tmp.T1yd396F9I/mypolicy/testpolicy.pp /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/packages
+ install -d /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/devel/include/contrib
+ install -m 644 /tmp/tmp.T1yd396F9I/mypolicy/testpolicy.if /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/selinux/devel/include/contrib/
+ install -d /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/man/man8/
+ install -m 644 /tmp/tmp.T1yd396F9I/mypolicy/testpolicy_selinux.8 /tmp/tmp.T1yd396F9I/mypolicy/.build/testpolicy_selinux-1.0-1.fc33.x86_64/usr/share/man/man8/testpolicy_selinux.8
install: cannot stat '/tmp/tmp.T1yd396F9I/mypolicy/testpolicy_selinux.8': No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.iw6hE6 (%install)


RPM build errors:
    Found bdb Packages database while attempting sqlite backend: using bdb backend.
    Bad exit status from /var/tmp/rpm-tmp.iw6hE6 (%install)
:: [ 04:30:41 ] :: [   FAIL   ] :: Command 'mypolicy/testpolicy.sh' (Expected 0, got 1)
:: [ 04:30:41 ] :: [  BEGIN   ] :: Running 'semodule -l | grep  testpolicy'
testpolicy
:: [ 04:30:41 ] :: [   PASS   ] :: Command 'semodule -l | grep  testpolicy' (Expected 0, got 0)

Which selinux-policy packages are installed on the machine, where you see the problem?

rpm -qa | grep selinux-policy

selinux-policy-devel-3.14.6-13.fc33.noarch
selinux-policy-mls-3.14.6-13.fc33.noarch
selinux-policy-targeted-3.14.6-13.fc33.noarch
selinux-policy-3.14.6-13.fc33.noarch

I don't think it's related to this problem. Seems to be related to https://fedoraproject.org/wiki/Releases/33/ChangeSet#Sqlite_RpmDB - please update/or reinstall your system

I see the same problem when running the TC in 1MT-Fedora-Rawhide. Interesting is that
"1MT-Fedora-Rawhide" parameter is translated to "1MT-Fedora-Rawhide-mls" image and the machine really runs in permissive mode with MLS policy.

If you have an up-to-date 1minutetip, then "rawhide" should translate to "1MT-Fedora-Rawhide-mls", but entering "1MT-Fedora-Rawhide" explicitly should get you the non-mls version. (At least that's how it was when I last tried).

Thanks, all passed already.

Login to comment on this ticket.

Metadata
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.