-
Notifications
You must be signed in to change notification settings - Fork 582
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Cirrus CI / Vagrant Fedora Rawhide based test" fails with error "setenforce: SELinux is disabled" #2406
Comments
This is unusual for Fedora to have SELinux disabled. We could extend our script to correctly handle disabled SELinux. There is a test earlier which checks if SELinux is mounted which is usually a sign of a disabled SELinux system. Probably a bug in Fedora rawhide. |
Ah, okay. The rawhide tests runs in a container. Containers always have SELinux disabled from the inside. Somehow Something like this could help diff --git a/scripts/ci/run-ci-tests.sh b/scripts/ci/run-ci-tests.sh
index c50dc4174..524adbac2 100755
--- a/scripts/ci/run-ci-tests.sh
+++ b/scripts/ci/run-ci-tests.sh
@@ -306,14 +306,18 @@ if [ "$skip" == 0 ]; then
if [ -d /sys/fs/selinux ] && command -v getenforce &>/dev/null; then
# Note: selinux in Enforcing mode prevents us from calling clone3() or writing to ns_last_pid on restore; hence set to Permissive for the test and then set back.
selinuxmode=$(getenforce)
- setenforce Permissive
+ if [ "$selinuxmode" != "Disabled" ]; then
+ setenforce Permissive
+ fi
fi
# Run it as non-root in a user namespace. Since CAP_CHECKPOINT_RESTORE behaves differently in non-user namespaces (e.g. no access to map_files) this tests that we can dump and restore
# under those conditions. Note that the "... && true" part is necessary; we need at least one statement after the tests so that bash can reap zombies in the user namespace,
# otherwise it will exec the last statement and get replaced and nobody will be left to reap our zombies.
sudo --user=#65534 --group=#65534 unshare -Ucfpm --mount-proc -- bash -c "./test/zdtm.py run -t zdtm/static/maps00 -f h --rootless && true"
if [ -d /sys/fs/selinux ] && command -v getenforce &>/dev/null; then
- setenforce "$selinuxmode"
+ if [ "$selinuxmode" != "Disabled" ]; then
+ setenforce "$selinuxmode"
+ fi
fi
setcap -r criu/criu
else |
Description
Steps to reproduce the issue:
Reproduces in CI #2380 (review) https://github.com/checkpoint-restore/criu/pull/2380/checks?check_run_id=25148861695 while executing scripts/ci/run-ci-tests.sh
Describe the results you received:
Describe the results you expected:
No error.
The text was updated successfully, but these errors were encountered: