Closed Snorch closed 1 month ago
This is unusual for Fedora to have SELinux disabled. We could extend our script to correctly handle disabled SELinux. There is a test earlier which checks if SELinux is mounted which is usually a sign of a disabled SELinux system. Probably a bug in Fedora rawhide.
Ah, okay. The rawhide tests runs in a container. Containers always have SELinux disabled from the inside. Somehow /sys/fs/selinux
is now mounted. We used the existence of that directory if SELinux is available. This seems to be no longer true.
Something like this could help
diff --git a/scripts/ci/run-ci-tests.sh b/scripts/ci/run-ci-tests.sh
index c50dc4174..524adbac2 100755
--- a/scripts/ci/run-ci-tests.sh
+++ b/scripts/ci/run-ci-tests.sh
@@ -306,14 +306,18 @@ if [ "$skip" == 0 ]; then
if [ -d /sys/fs/selinux ] && command -v getenforce &>/dev/null; then
# Note: selinux in Enforcing mode prevents us from calling clone3() or writing to ns_last_pid on restore; hence set to Permissive for the test and then set back.
selinuxmode=$(getenforce)
- setenforce Permissive
+ if [ "$selinuxmode" != "Disabled" ]; then
+ setenforce Permissive
+ fi
fi
# Run it as non-root in a user namespace. Since CAP_CHECKPOINT_RESTORE behaves differently in non-user namespaces (e.g. no access to map_files) this tests that we can dump and restore
# under those conditions. Note that the "... && true" part is necessary; we need at least one statement after the tests so that bash can reap zombies in the user namespace,
# otherwise it will exec the last statement and get replaced and nobody will be left to reap our zombies.
sudo --user=#65534 --group=#65534 unshare -Ucfpm --mount-proc -- bash -c "./test/zdtm.py run -t zdtm/static/maps00 -f h --rootless && true"
if [ -d /sys/fs/selinux ] && command -v getenforce &>/dev/null; then
- setenforce "$selinuxmode"
+ if [ "$selinuxmode" != "Disabled" ]; then
+ setenforce "$selinuxmode"
+ fi
fi
setcap -r criu/criu
else
Description
Steps to reproduce the issue: Reproduces in CI https://github.com/checkpoint-restore/criu/pull/2380#pullrequestreview-2065281120 https://github.com/checkpoint-restore/criu/pull/2380/checks?check_run_id=25148861695 while executing scripts/ci/run-ci-tests.sh
Describe the results you received:
Describe the results you expected:
No error.