Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-14199] sanity-selinux test 21a fails with 'client mount without sending sepol should be refused' https://jira.whamcloud.com/browse/LU-14199 Lustre <p>sanity-selinux test_21a fails for RHEL 8.3 client/server testing in review-dne-selinux. </p> <p>Looking at the logs for the failure at <a href="https://testing.whamcloud.com/test_sets/75526e78-6eda-4900-995c-b361935c3e9f" class="external-link" target="_blank" rel="nofollow noopener">https://testing.whamcloud.com/test_sets/75526e78-6eda-4900-995c-b361935c3e9f</a> , the suite_log shows the test output</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>CMD: trevis-200vm4 /usr/sbin/lctl set_param -P nodemap.c0.sepol= On mds4, c0.sepol = On mds3, c0.sepol = On mds2, c0.sepol = On mds1, c0.sepol = Starting client: trevis-200vm1.trevis.whamcloud.com: -o user_xattr,flock trevis-200vm4@tcp:/lustre /mnt/lustre CMD: trevis-200vm1.trevis.whamcloud.com mkdir -p /mnt/lustre CMD: trevis-200vm1.trevis.whamcloud.com mount -t lustre -o user_xattr,flock trevis-200vm4@tcp:/lustre /mnt/lustre sanity-selinux test_21a: @@@@@@ FAIL: client mount without sending sepol should be refused Trace dump: = /usr/lib64/lustre/tests/test-framework.sh:6257:error() = /usr/lib64/lustre/tests/sanity-selinux.sh:604:test_21a() </pre> </div></div> <p>Sebastien took a look at this and had the following comments:<br/> It comes from the following command in the test script:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>do_facet mgs $LCTL set_param -P nodemap.$nm.sepol="$sepol" </pre> </div></div> <p>and the sepol variable is obtained from:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>sepol=$(l_getsepol | cut -d':' -f2- | xargs) </pre> </div></div> <p>On my RHEL 8.2 test system it goes like this:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre># l_getsepol | cut -d':' -f2- | xargs 1:targeted:31:309ea33f4ea67b3baf7354d797d41a5330eb7c7653e66bcc928ea62268b7aa08 </pre> </div></div> <p>so the test is expected to set a non empty value for the sepol parameter on the nodemap, and the fact that it fails breaks the rest of the test. So it seems there is a problem with this command in RHEL 8.3 </p> <p>In addition, we see sanity-selinux test 21b fail in the same way with</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>CMD: trevis-200vm4 /usr/sbin/lctl set_param -P nodemap.c0.sepol= On mds4, c0.sepol = On mds3, c0.sepol = On mds2, c0.sepol = On mds1, c0.sepol = sanity-selinux test_21b: @@@@@@ FAIL: touch (1) Trace dump: = /usr/lib64/lustre/tests/test-framework.sh:6257:error() = /usr/lib64/lustre/tests/sanity-selinux.sh:688:test_21b() </pre> </div></div> RHEL8.3 client/server LU-14199 sanity-selinux test 21a fails with 'client mount without sending sepol should be refused' Bug Minor Resolved Fixed Sebastien Buisson James Nunez Tue, 8 Dec 2020 16:56:49 +0000 Fri, 24 Mar 2023 08:29:06 +0000 Mon, 14 Dec 2020 04:52:34 +0000 Lustre 2.14.0 Lustre 2.14.0 0 3 <p>I will look into this, thanks for documenting this issue James.</p> <p>Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: <a href="https://review.whamcloud.com/40918" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/40918</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-14199" title="sanity-selinux test 21a fails with &#39;client mount without sending sepol should be refused&#39;" class="issue-link" data-issue-key="LU-14199"><del>LU-14199</del></a> sec: find policy version in use for sepol<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: e6e8034c05503773274ababc0b2399b9dd80f5f5</p> <p>James,</p> <p>I managed to have review-dne-selinux passing on RHEL 8.3 clients with patch #40918:<br/> <a href="https://testing.whamcloud.com/test_sessions/31d8395b-3a26-49b2-92c9-52efdded3733" class="external-link" target="_blank" rel="nofollow noopener">https://testing.whamcloud.com/test_sessions/31d8395b-3a26-49b2-92c9-52efdded3733</a></p> <p>So it should be fixed now.</p> <p>Oleg Drokin (green@whamcloud.com) merged in patch <a href="https://review.whamcloud.com/40918/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/40918/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-14199" title="sanity-selinux test 21a fails with &#39;client mount without sending sepol should be refused&#39;" class="issue-link" data-issue-key="LU-14199"><del>LU-14199</del></a> sec: find policy version in use for sepol<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: e39d6451efb1d05ce7bb62eb0a91aebe7af302d9</p> <p>Landed for 2.14</p> <p>"Etienne AUJAMES &lt;eaujames@ddn.com&gt;" uploaded a new patch: <a href="https://review.whamcloud.com/c/fs/lustre-release/+/50402" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/c/fs/lustre-release/+/50402</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-14199" title="sanity-selinux test 21a fails with &#39;client mount without sending sepol should be refused&#39;" class="issue-link" data-issue-key="LU-14199"><del>LU-14199</del></a> sec: find policy version in use for sepol<br/> Project: fs/lustre-release<br/> Branch: b2_12<br/> Current Patch Set: 1<br/> Commit: 543051b621826ee118fb678a33bfe9b14c59a002</p> Development Rank 1|i01gnj: Rank (Obsolete) 9223372036854775807 Severity