search

containers / qm

QM is a containerized environment for running Functional Safety qm (Quality Management) software
https://github.com/containers/qm
GNU General Public License v2.0
22 stars 25 forks source link

Test QM selinux permissions #494

Closed nsednev closed 3 months ago

nsednev commented 3 months ago

This test case should test inside QM the command setenforce 0 which must fail.

bash-5.1# setenforce 0 setenforce: security_setenforce() failed: Permission denied

What is Selinux? A test tool insures that inside the QM the command setenforce 0 must fail.

Why? QM environment should not allow setenforce to change its state and must always fail. It should be validated via FFI tests.

How the deny is made? SELinux internal policies prevent a user inside QM change the SELinux setstaus.

How to test?

# podman exec -it qm setenforce 0
setenforce:  security_setenforce() failed:  Permission denied

or

# podman exec -it qm bash
bash-5.1# setenforce 0
setenforce:  security_setenforce() failed:  Permission denied
pengshanyu commented 3 months ago

should add polarion-id to main.fmf