Make tests compatible with SLE 16

* fix supportutils * fix vsftpd * fix quota * fix nginx
os-autoinst · Feb 17, 2025 · a5e4352 · a5e4352
1 parent 976f1ae
commit a5e4352
Show file tree

Hide file tree

Showing 7 changed files with 99 additions and 15 deletions.
diff --git a/lib/services/nginx.pm b/lib/services/nginx.pm
@@ -42,9 +42,18 @@ sub add_custom_ports_to_selinux {
         return @ports;
     };
 
+    # Function to check if port already exists in SELinux
+    my $port_exists_in_semanage = sub {
+        my ($port) = @_;
+        my $command = qq{semanage port -l | grep ^http_port_t | awk '{for (i=3; i<=NF; i++) print \$i}' | sed 's/,//'};
+        my $output = script_output($command, proceed_on_failure => 1);
+        return grep { $_ == $port } split /\s+/, $output;
+    };
+
     # Add port to SELinux
     my $add_semanage_port = sub {
         my ($port, $context) = @_;
+        return if $port_exists_in_semanage->($port);
         my $cmd = "semanage port -a -t $context -p tcp $port";
         my $output = script_output($cmd);
         record_info("Port $port", $output =~ /already added/ ? "Already added." : "Added.");

diff --git a/schedule/security/fips/sle16/fips_ker_mode_textmode_extra.yaml b/schedule/security/fips/sle16/fips_ker_mode_textmode_extra.yaml
@@ -0,0 +1,41 @@
+name: fips_ker_mode_textmode_extra
+description:    >
+    This is for FIPS testing of extra modules in kernel mode on a textmode system.
+schedule:
+    - installation/bootloader_start
+    - boot/boot_to_desktop
+    - console/consoletest_setup
+    - fips/fips_setup
+    - fips/curl_fips_rc4_seed
+    - console/gpg
+    - console/journald_fss
+    - console/git
+    - console/ntp_client
+    - console/cups
+    - console/curl_https
+    - console/wget_https
+    - console/w3m_https
+    - console/curl_ipv6
+    - console/wget_ipv6
+    - console/apache_ssl
+    - security/vsftpd/vsftpd_setup
+    - security/vsftpd/vsftpd
+    - console/ca_certificates_mozilla
+    - console/unzip
+    - console/rsync
+    - console/sudo
+    - console/supportutils
+    - console/mdadm
+    - console/quota
+    - console/rpcbind
+    - console/timezone
+    - console/procps
+    - console/kmod
+    - console/suse_module_tools
+    - console/gd
+    - console/coredump_collect
+    - console/ovn
+    - console/firewalld
+    - console/nginx
+    - console/gdb
+    - console/sysctl
diff --git a/tests/console/mdadm.pm b/tests/console/mdadm.pm
@@ -41,6 +41,11 @@ sub run {
     upload_logs 'mdadm.log';
 }
 
+sub test_flags {
+# on SLE16 mdadm is older than SLE15 and thus is failing. Marking as non-fatal until it is resolved (last update 12-Feb-2025, https://bugzilla.suse.com/show_bug.cgi?id=1237075)
+    return {fatal => is_sle('>=16') ? 0 : 1};
+}
+
 sub post_fail_hook {
     select_serial_terminal;
     upload_logs 'mdadm.log';

diff --git a/tests/console/quota.pm b/tests/console/quota.pm
@@ -27,6 +27,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
+use version_utils 'has_selinux_by_default';
 
 sub run {
     my $username = $testapi::username;
@@ -43,33 +44,42 @@ sub run {
     systemctl "restart quotaon" unless $use_templated_service;
 
     # create filesystem image to use
-    assert_script_run "dd if=/dev/zero of=/tmp/quota.img bs=10M count=10";
-    assert_script_run "mkfs.ext3 -m0 /tmp/quota.img";
-    assert_script_run "mkdir /tmp/quota";
+    my $quota_path = has_selinux_by_default ? "/home/bernhard" : "/tmp";
+    assert_script_run "dd if=/dev/zero of=$quota_path/quota.img bs=10M count=10";
+    assert_script_run "mkfs.ext3 -m0 $quota_path/quota.img";
+    assert_script_run "mkdir $quota_path/quota";
 
     #mount disk image
-    assert_script_run "mount -o loop,rw,usrquota,grpquota /tmp/quota.img /tmp/quota";
+    my $extra_opts = has_selinux_by_default ? "usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0" : "usrquota,grpquota";
+    assert_script_run "mount -o loop,rw,$extra_opts $quota_path/quota.img $quota_path/quota";
     # Escape the mount point for systemd service naming
     my $escaped_mount = "";
     if ($use_templated_service) {
-        $escaped_mount = script_output("systemd-escape -p /tmp/quota");
+        $escaped_mount = script_output("systemd-escape -p $quota_path/quota");
         chomp($escaped_mount);
     }
 
     #creating some dir
-    assert_script_run "mkdir /tmp/quota/test-directory; chmod 777 /tmp/quota/test-directory";
+    assert_script_run "mkdir $quota_path/quota/test-directory; chmod 777 $quota_path/quota/test-directory";
 
     #testing quota commands:
-    assert_script_run "quotacheck -cug /tmp/quota";
+    assert_script_run "quotacheck -cug $quota_path/quota";
     #setquota to user
-    assert_script_run "setquota -u $username 100 200 6 10 /tmp/quota";
+    assert_script_run "setquota -u $username 100 200 6 10 $quota_path/quota";
+    # if using SELinux, apply correct context
+    if (has_selinux_by_default) {
+        # https://bugzilla.suse.com/show_bug.cgi?id=1237081
+        assert_script_run("semanage fcontext -a -t quota_db_t $quota_path/quota/aquota.user");
+        assert_script_run("semanage fcontext -a -t quota_db_t $quota_path/quota/aquota.group");
+        assert_script_run("restorecon -Rv $quota_path/quota");
+    }
     #enable quota
     assert_script_run("systemctl start quotaon@" . $escaped_mount) if $use_templated_service;
-    assert_script_run("quotaon /tmp/quota") unless $use_templated_service;
+    assert_script_run("quotaon $quota_path/quota") unless $use_templated_service;
     # run user to use all quota
     ensure_serialdev_permissions;
     select_console 'user-console';
-    assert_script_run 'cd /tmp/quota/test-directory';
+    assert_script_run "cd $quota_path/quota/test-directory";
     assert_script_run 'touch first_file';
     assert_script_run 'quota';
     assert_script_run 'echo {1..6} |  xargs touch';
@@ -79,15 +89,16 @@ sub run {
 
     select_console 'root-console';
     #quota report
-    assert_script_run "repquota /tmp/quota";
+    assert_script_run "repquota $quota_path/quota";
 
     #Clean configurations, stop quota, dismount disc image
     assert_script_run("systemctl stop quotaon@" . $escaped_mount) if $use_templated_service;
     systemctl "stop quotaon" unless $use_templated_service;
-    script_retry("umount -l /tmp/quota", timeout => 180, retry => 3) if $use_templated_service;
+
+    script_retry("umount -l $quota_path/quota", timeout => 180, retry => 3) if $use_templated_service;
     assert_script_run "cd";    # return back to ~ to be in a defined state for the next test modules
-    assert_script_run "umount /tmp/quota" unless $use_templated_service;
-    assert_script_run "rm /tmp/quota.img";
+    assert_script_run "umount $quota_path/quota" unless $use_templated_service;
+    assert_script_run "rm $quota_path/quota.img";
 }
 
 1;
diff --git a/tests/console/supportutils.pm b/tests/console/supportutils.pm
@@ -17,6 +17,7 @@ use warnings;
 use testapi;
 use serial_terminal 'select_serial_terminal';
 use upload_system_log 'upload_supportconfig_log';
+use version_utils 'is_sle';
 
 sub run {
     select_serial_terminal;
@@ -37,7 +38,14 @@ sub run {
     # Check few file whether expected content is there.
     # we just compare the first line after /proc/cmdline in boot.txt
     # with the content in /proc/cmdline.
-    assert_script_run(q(diff <(awk '/^# \/proc\/cmdline/{getline; print; exit}' boot.txt) /proc/cmdline));
+    if (is_sle('>=16')) {
+        # in SLE 16 we need to compare only the first part because the rest is stripped by supportconfig due to live.password being present
+        assert_script_run(q(awk '/^# \/proc\/cmdline/{getline; print $1 " " $2 " " $3; exit}' boot.txt > cmdline_cleaned_output.txt));
+        assert_script_run(q(awk '{print $1 " " $2 " " $3}' /proc/cmdline > cmdline_system.txt));
+        assert_script_run(q(diff cmdline_cleaned_output.txt cmdline_system.txt));
+    } else {
+        assert_script_run(q(diff <(awk '/^# \/proc\/cmdline/{getline; print; exit}' boot.txt) /proc/cmdline));
+    }
     assert_script_run "grep -q -f /etc/os-release basic-environment.txt";
 
     assert_script_run "cd ..";

diff --git a/tests/security/dm_crypt.pm b/tests/security/dm_crypt.pm
@@ -86,4 +86,9 @@ sub run {
     }
 }
 
+sub test_flags {
+# on SLE16 cryptsetup is older than SLE15 and thus is failing. Marking as non-fatal until it is resolved (last update 12-Feb-2025, https://bugzilla.suse.com/show_bug.cgi?id=1236375)
+    return {fatal => is_sle('>=16') ? 0 : 1};
+}
+
 1;
diff --git a/tests/security/vsftpd/vsftpd.pm b/tests/security/vsftpd/vsftpd.pm
@@ -10,6 +10,7 @@ use strict;
 use warnings;
 use testapi;
 use utils;
+use version_utils 'has_selinux_by_default';
 
 sub run {
     my $ftp_users_path = '/srv/ftp/users';
@@ -19,6 +20,10 @@ sub run {
     my $pwd = 'susetesting';
 
     select_console 'root-console';
+    if (has_selinux_by_default) {
+        assert_script_run('setsebool -P ftpd_full_access 1');
+        assert_script_run("restorecon -R $ftp_users_path");
+    }
 
     # Change to ftpuser for downloading and uploading
     enter_cmd("su - $user");