Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-14199

sanity-selinux test 21a fails with 'client mount without sending sepol should be refused'

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.14.0
    • Lustre 2.14.0
    • RHEL8.3 client/server
    • 3
    • 9223372036854775807

    Description

      sanity-selinux test_21a fails for RHEL 8.3 client/server testing in review-dne-selinux.

      Looking at the logs for the failure at https://testing.whamcloud.com/test_sets/75526e78-6eda-4900-995c-b361935c3e9f , the suite_log shows the test output

      CMD: trevis-200vm4 /usr/sbin/lctl set_param -P nodemap.c0.sepol=
On mds4, c0.sepol = 
On mds3, c0.sepol = 
On mds2, c0.sepol = 
On mds1, c0.sepol = 
Starting client: trevis-200vm1.trevis.whamcloud.com:  -o user_xattr,flock trevis-200vm4@tcp:/lustre /mnt/lustre
CMD: trevis-200vm1.trevis.whamcloud.com mkdir -p /mnt/lustre
CMD: trevis-200vm1.trevis.whamcloud.com mount -t lustre -o user_xattr,flock trevis-200vm4@tcp:/lustre /mnt/lustre
 sanity-selinux test_21a: @@@@@@ FAIL: client mount without sending sepol should be refused 
  Trace dump:
  = /usr/lib64/lustre/tests/test-framework.sh:6257:error()
  = /usr/lib64/lustre/tests/sanity-selinux.sh:604:test_21a()

      Sebastien took a look at this and had the following comments:
      It comes from the following command in the test script:

      do_facet mgs $LCTL set_param -P nodemap.$nm.sepol="$sepol"

      and the sepol variable is obtained from:

      sepol=$(l_getsepol | cut -d':' -f2- | xargs)

      On my RHEL 8.2 test system it goes like this:

      # l_getsepol | cut -d':' -f2- | xargs
1:targeted:31:309ea33f4ea67b3baf7354d797d41a5330eb7c7653e66bcc928ea62268b7aa08

      so the test is expected to set a non empty value for the sepol parameter on the nodemap, and the fact that it fails breaks the rest of the test. So it seems there is a problem with this command in RHEL 8.3

      In addition, we see sanity-selinux test 21b fail in the same way with

      CMD: trevis-200vm4 /usr/sbin/lctl set_param -P nodemap.c0.sepol=
On mds4, c0.sepol = 
On mds3, c0.sepol = 
On mds2, c0.sepol = 
On mds1, c0.sepol = 
 sanity-selinux test_21b: @@@@@@ FAIL: touch (1) 
  Trace dump:
  = /usr/lib64/lustre/tests/test-framework.sh:6257:error()
  = /usr/lib64/lustre/tests/sanity-selinux.sh:688:test_21b()

      Attachments

        Activity

          [LU-14199] sanity-selinux test 21a fails with 'client mount without sending sepol should be refused'
          gerrit Gerrit Updater added a comment -

          "Etienne AUJAMES <eaujames@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50402
          Subject: LU-14199 sec: find policy version in use for sepol
          Project: fs/lustre-release
          Branch: b2_12
          Current Patch Set: 1
          Commit: 543051b621826ee118fb678a33bfe9b14c59a002

          gerrit Gerrit Updater added a comment - "Etienne AUJAMES <eaujames@ddn.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/50402 Subject: LU-14199 sec: find policy version in use for sepol Project: fs/lustre-release Branch: b2_12 Current Patch Set: 1 Commit: 543051b621826ee118fb678a33bfe9b14c59a002
          pjones Peter Jones added a comment -

          Landed for 2.14

          pjones Peter Jones added a comment - Landed for 2.14
          gerrit Gerrit Updater added a comment -

          Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/40918/
          Subject: LU-14199 sec: find policy version in use for sepol
          Project: fs/lustre-release
          Branch: master
          Current Patch Set:
          Commit: e39d6451efb1d05ce7bb62eb0a91aebe7af302d9

          gerrit Gerrit Updater added a comment - Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/40918/ Subject: LU-14199 sec: find policy version in use for sepol Project: fs/lustre-release Branch: master Current Patch Set: Commit: e39d6451efb1d05ce7bb62eb0a91aebe7af302d9
          sebastien Sebastien Buisson added a comment -

          James,

          I managed to have review-dne-selinux passing on RHEL 8.3 clients with patch #40918:
          https://testing.whamcloud.com/test_sessions/31d8395b-3a26-49b2-92c9-52efdded3733

          So it should be fixed now.

          sebastien Sebastien Buisson added a comment - James, I managed to have review-dne-selinux passing on RHEL 8.3 clients with patch #40918: https://testing.whamcloud.com/test_sessions/31d8395b-3a26-49b2-92c9-52efdded3733 So it should be fixed now.
          gerrit Gerrit Updater added a comment -

          Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/40918
          Subject: LU-14199 sec: find policy version in use for sepol
          Project: fs/lustre-release
          Branch: master
          Current Patch Set: 1
          Commit: e6e8034c05503773274ababc0b2399b9dd80f5f5

          gerrit Gerrit Updater added a comment - Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/40918 Subject: LU-14199 sec: find policy version in use for sepol Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: e6e8034c05503773274ababc0b2399b9dd80f5f5
          sebastien Sebastien Buisson added a comment -

          I will look into this, thanks for documenting this issue James.

          sebastien Sebastien Buisson added a comment - I will look into this, thanks for documenting this issue James.

          People

            sebastien Sebastien Buisson
            jamesanunez James Nunez (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: