See https://ci.suse.de/job/yast-yast-security-master/49/display/redirect?page=ch... Changes: [igonzalezsosa] Replace PackageSystem with Package [igonzalezsosa] Replace PackageSystem with Package [igonzalezsosa] Bump version and update changes file [kanderssen] AutoYaST LSM: limited behavior [kanderssen] Bump version & changelog [kanderssen] Changes based on CR ------------------------------------------ [...truncated 43.51 KB...] [ 5s] returns true [ 5s] and configuration has not been written [ 5s] returns false [ 5s] #needed_patterns [ 5s] when globals => selinux => patterns is set [ 5s] returns an array holding defined patterns [ 5s] when globals => selinux => patterns is not set [ 5s] returns an empty array [ 5s] #configurable? [ 5s] when running in a WSL environment [ 5s] returns false [ 5s] when running in an installed system [ 5s] returns true [ 5s] when running in installation [ 5s] and 'selinux_configurable' is true [ 5s] returns true [ 5s] and 'selinux_configurable' is false [ 5s] returns false [ 5s] [ 5s] Y2Security::LSM::Selinux::Mode [ 5s] .all [ 5s] returns a collection of known modes [ 5s] .kernel_options [ 5s] includes 'enforcing' [ 5s] .find [ 5s] when given a known mode id [ 5s] returns the mode [ 5s] when given an unknown mode id [ 5s] returns nil [ 5s] #id [ 5s] returns the mode id [ 5s] #name [ 5s] returns the mode name [ 5s] #options [ 5s] returns the mode options [ 5s] [ 5s] Y2Security::Autoinst::LSMConfigReader [ 5s] #read [ 5s] when a LSM is selected [ 5s] selects the desired LSM accordingly [ 5s] when a LSM is not selected explicitly but selinux_mode is given [ 5s] selects SELinux as the desired LSM [ 5s] sets the SELinux mode [ 5s] [ 5s] #Yast::SecurityClass:0x000055e814a7c130 [ 5s] #ReadServiceSettings [ 5s] only with mandatory services [ 5s] sets settings for services as 'secure' [ 5s] with mandatory and extra services [ 5s] sets settings for extra services as 'insecure' [ 5s] without all mandatory services and extra ones [ 5s] sets settings for services as 'insecure' [ 5s] with services that are aliases of optional services [ 5s] sets settings for extra services as 'secure' [ 5s] with no services [ 5s] sets settings for mandatory to 'insecure' [ 5s] #Write [ 5s] writes and applies all the settings [ 5s] #apply_new_settings [ 5s] applies all current permissions as they are now [ 5s] ensures polkit privileges are applied [ 5s] when the sysctl config is modified [ 5s] applies sysctl changes [ 5s] when the sysctl config is not modified [ 5s] does not apply sysctl changes [ 5s] #apply_sysctl_changes [ 5s] checks if there are sysctl conflicts with other files [ 5s] applies the changes from all the configuration files [ 5s] #write_to_locations [ 5s] does not write nil values [ 5s] does not write unchanged values [ 5s] adds missing values [ 5s] updates changed values [ 5s] #write_shadow_config [ 5s] writes login.defs configuration [ 5s] #write_lsm_config [ 5s] saves the LSM config [ 5s] #write_kernel_settings [ 5s] writing to sysctl.conf [ 5s] does not write invalid values [ 5s] does not write unchanged values [ 5s] writes changed values [ 5s] setting sysrq [ 5s] does not write invalid values [ 5s] writes valid values [ 5s] #ReadConsoleShutdown [ 5s] when systemd is installed [ 5s] on a non s390 architecture [ 5s] when ctrl+alt+del file not exist [ 5s] sets settings for shutdown as 'reboot' [ 5s] when ctrl+del+alt file exist [ 5s] sets settings for shutdown as 'ignore' by default [ 5s] sets settings for shutdown as 'halt' if links to poweroff.target [ 5s] sets settings for shutdown as 'reboot' if links to reboot.target [ 5s] sets settings for shutdown as 'reboot' if links to ctrl-alt-del.target [ 5s] on a s390 architecture [ 5s] when ctrl+alt+del file not exist [ 5s] sets settings for shutdown as 'reboot' [ 5s] when ctrl+del+alt file exist [ 5s] sets settings for shutdown as 'ignore' by default [ 5s] sets settings for shutdown as 'halt' if links to poweroff.target [ 5s] sets settings for shutdown as 'reboot' if links to reboot.target [ 5s] sets settings for shutdown as 'halt' if links to ctrl-alt-del.target [ 5s] #read_pam_settings [ 5s] sets passwd encryption setting based on /etc/login.defs [ 5s] sets pwquality settings [ 5s] sets password remember history settings [ 5s] #read_permissions [ 5s] depending on current permission [ 5s] sets security permission to 'easy' if contains easy [ 5s] sets user defined security permission [ 5s] removes local permission [ 5s] sets secure by default [ 5s] #read_polkit_settings [ 5s] depending on current polkit config [ 5s] sets correctly hibernate system settings to 'anyone' [ 5s] sets correctly hibernate settings to 'auth_admin' [ 5s] sets correctly hibernate settings to 'active_console' as default [ 5s] #read_kernel_settings [ 5s] sets kernel settings based on /etc/sysctl.conf [ 5s] #read_from_locations [ 5s] when display manager is gdm [ 5s] sets login definitions based on /etc/login.defs [ 5s] sets different settings based on /etc/sysconfig/* [ 5s] when display manager is kdm [ 5s] sets login definitions based on /etc/login.defs [ 5s] sets login definitions based on /etc/login.defs [ 5s] sets kde4 allow shutdown based on kdmrc [ 6s] sets different settings based on /etc/sysconfig/* [ 6s] #read_shadow_config [ 6s] reads login.defs configuration [ 6s] #read_lsm_config [ 6s] reads lsm configuration [ 6s] #Read [ 6s] reads settings and returns true [ 6s] #Export [ 6s] merges LSM settings (FAILED - 1) [ 6s] #SafeRead [ 6s] reads settings [ 6s] when there is no error reading the settings [ 6s] returns true [ 6s] does not store a read error [ 6s] when there is an error reading the settings [ 6s] returns false [ 6s] stores a read error [ 6s] #Import [ 6s] doest not touch current Settings if given settings are empty [ 6s] when a specific Linux Security Module is selected [ 6s] and LSM is configurable [ 6s] sets resolvables for needed patterns [ 6s] and LSM is declared in the control file as no configurable [ 6s] does not touch resolvables [ 6s] when Settings keys exists in given settings [ 6s] imports given settings without modify [ 6s] when Settings keys do not exist in given settings [ 6s] imports SYSCTL settings modifying key names and adapting values [ 6s] imports LOGIN DEFS settings transforming key name [ 6s] imports enable_sysrq settings transforming key name [ 6s] does not modify not given settings [ 6s] [ 6s] Failures: [ 6s] [ 6s] 1) #Yast::SecurityClass:0x000055e814a7c130 #Export merges LSM settings [ 6s] Failure/Error: expect(settings).to_not include("selinux_mode") [ 6s] [ 6s] expected {"CONSOLE_SHUTDOWN" => "reboot", "CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict", "DISABLE_RESTART_ON_UP...0", "net.ipv4.tcp_syncookies" => "1", "net.ipv6.conf.all.forwarding" => "0", "selinux_mode" => "disabled"} not to include "selinux_mode" [ 6s] Diff: [ 6s] @@ -1,2 +1,40 @@ [ 6s] -["selinux_mode"] [ 6s] +"CONSOLE_SHUTDOWN" => "reboot", [ 6s] +"CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict", [ 6s] +"DISABLE_RESTART_ON_UPDATE" => "no", [ 6s] +"DISABLE_STOP_ON_REMOVAL" => "no", [ 6s] +"DISPLAYMANAGER_REMOTE_ACCESS" => "no", [ 6s] +"DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no", [ 6s] +"DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => "no", [ 6s] +"EXTRA_SERVICES" => "no", [ 6s] +"FAIL_DELAY" => "3", [ 6s] +"GID_MAX" => "60000", [ 6s] +"GID_MIN" => "1000", [ 6s] +"HIBERNATE_SYSTEM" => "active_console", [ 6s] +"MANDATORY_SERVICES" => "yes", [ 6s] +"PASSWD_ENCRYPTION" => "sha512", [ 6s] +"PASSWD_REMEMBER_HISTORY" => "0", [ 6s] +"PASSWD_USE_PWQUALITY" => "yes", [ 6s] +"PASS_MAX_DAYS" => "99999", [ 6s] +"PASS_MIN_DAYS" => "0", [ 6s] +"PASS_MIN_LEN" => "5", [ 6s] +"PASS_WARN_AGE" => "7", [ 6s] +"PERMISSION_SECURITY" => "secure", [ 6s] +"RUN_UPDATEDB_AS" => "nobody", [ 6s] +"SMTPD_LISTEN_REMOTE" => "no", [ 6s] +"SYSLOG_ON_NO_ERROR" => "yes", [ 6s] +"SYS_GID_MAX" => "499", [ 6s] +"SYS_GID_MIN" => "100", [ 6s] +"SYS_UID_MAX" => "499", [ 6s] +"SYS_UID_MIN" => "100", [ 6s] +"UID_MAX" => "60000", [ 6s] +"UID_MIN" => "500", [ 6s] +"USERADD_CMD" => "/usr/sbin/useradd.local", [ 6s] +"USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local", [ 6s] +"USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local", [ 6s] +"kernel.sysrq" => "0", [ 6s] +"lsm_select" => "selinux", [ 6s] +"net.ipv4.ip_forward" => "0", [ 6s] +"net.ipv4.tcp_syncookies" => "1", [ 6s] +"net.ipv6.conf.all.forwarding" => "0", [ 6s] +"selinux_mode" => "disabled", [ 6s] # ./test/security_test.rb:660:in `block (3 levels) in module:Yast' [ 6s] [ 6s] Finished in 0.60733 seconds (files took 0.67761 seconds to load) [ 6s] 184 examples, 1 failure [ 6s] [ 6s] Failed examples: [ 6s] [ 6s] rspec ./test/security_test.rb:658 # #Yast::SecurityClass:0x000055e814a7c130 #Export merges LSM settings [ 6s] [ 6s] rake aborted! [ 6s] Command failed with status (1): [rspec --color --format doc 'test/cfa/selin...] [ 6s] [ 6s] Tasks: TOP => test:unit [ 6s] (See full trace by running task with --trace) [ 6s] error: Bad exit status from /var/tmp/rpm-tmp.1xei9K (%check) [ 6s] [ 6s] [ 6s] RPM build errors: [ 6s] Bad exit status from /var/tmp/rpm-tmp.1xei9K (%check) [ 6s] [ 6s] vm-yast-ci-worker2 failed "build yast2-security.spec" at Mon Jan 31 10:57:33 UTC 2022. [ 6s] The buildroot was: /var/tmp/build-root/SUSE_SLE-15-SP4_GA-x86_64 rm -rf Devel:YaST:Head rake aborted! Command failed with status (1): [echo -e 'y\ny\ny\n' | osc -A 'https://api....] Tasks: TOP => osc:sr => osc:commit => osc:build (See full trace by running task with --trace) cleaning Result: PID 18387 exited with value 1 Scanning for a pull request... Found pull request #123 Adding comment ":x: Internal Jenkins [job #49](https://ci.suse.de/job/yast-yast-security-master/49/) failed" to pull request https://github.com/yast/yast-security/pull/123 Sending Net::HTTP::Post request to https://api.github.com/repos/yast/yast-security/issues/123/comments... OK Success Build step 'Execute shell' marked build as failure Not sending mail to unregistered user igonzalezsosa@suse.com Not sending mail to unregistered user kanderssen@suse.de