|
ATTN serg
I've added setenforce Enforcing experimentally for bb-10.1-mdev10416 tree, for all kvm-rpm-* and kvm-zyp-* builders, in install and minor upgrade (from 10.1.14 to the current tree) tests.
Results are not quite what we anticipated.
http://buildbot.askmonty.org/buildbot/grid?category=main&branch=bb-10.1-mdev10416
| builder |
old value |
install |
upgrade |
| CentOS 5 x86_64 |
Permissive |
fails anyway |
OK |
| CentOS 5 x86 |
Permissive |
OK |
OK |
| CentOS 6 x86_64 |
Permissive |
OK |
OK |
| CentOS 6 x86 |
Permissive |
OK |
OK |
| CentOS 7 x86_64 |
Permissive |
OK |
OK |
| Fedora 22 x86_64 |
Permissive |
OK |
disabled |
| Fedora 22 x86 |
Permissive |
OK |
disabled |
| Fedora 23 x86_64 |
Permissive |
OK |
disabled |
| Fedora 23 x86 |
Permissive |
OK |
disabled |
| Fedora 24 x86_64 |
Permissive |
MDEV-10430 |
disabled |
| Fedora 24 x86 |
Permissive |
MDEV-10430 |
disabled |
| RHEL 5 x86_64 |
Permissive |
OK |
OK |
| RHEL 5 x86 |
Permissive |
OK |
OK |
| openSUSE 13 x86_64 |
doesn't have get/setenforce |
|
|
| openSUSE 13 x86 |
doesn't have get/setenforce |
|
|
| SLES 11 x86_64 |
doesn't have get/setenforce |
|
|
| SLES 11 x86 |
doesn't have get/setenforce |
|
|
| SLES 11sp1 x86_64 |
doesn't have get/setenforce |
|
|
| SLES 12 x86_64 |
doesn't have get/setenforce |
|
|
Our tests couldn't care less about the mode of SELinux, they don't catch problems like MDEV-10404 / MDEV-10405. I assume it's because they don't use any 3rd-party tools to access the server, and the client is apparently not affected. We also don't have any checks for SELinux context on installed files.
I can add all kinds of checks (in reasonable limits), but I don't know what exactly the requirements are and hence what to check. Any suggestions are welcome.
Update: actually, Fedora 24 does care. Server startup after clean Installation there fails with Enforcing and works with Permissive. I've filed it as MDEV-10430.
|