freeipa

Clone
Source Code
GIT

#7974 Nightly test failure in ipatests.test_integration.test_user_permissions.TestUserPermissions
Closed: fixed 6 years ago by frenaud. Opened 6 years ago by frenaud.

Closed: fixed
Reopen Issue

Issue

The test TestUserPermissions::test_selinux_user_optimized defined in ipatests/test_integration/test_user_permissions.py is failing in the nightly tests on the master branch.
See the report from 11-Jun-2019.
Test output:

@pytest.mark.xfail(
osinfo.id == 'fedora' and osinfo.version_number <= (28,),
reason='sssd ticket 3819', strict=True)
def test_selinux_user_optimized(self):
"""
Check that SELinux login context is set on first login for the
user, even if the user is not mapped to a specific SELinux user.

Related ticket https://pagure.io/SSSD/sssd/issue/3819.
"""
# Scenario: add an IPA user with non-default home dir, login through
# ssh as this user and check that there is a SELinux user mapping
# for the user with `semanage login -l`.

# kinit admin
tasks.kinit_admin(self.master)

testuser = 'testuser_selinux'
password = 'Secret123'
testuser_password_confirmation = "%s\n%s\n" % (password,
password)
self.master.run_command(['ipa', 'user-add', testuser,
'--first', testuser,
'--last', testuser,
'--password',
'--homedir',
'/root/{}'.format(testuser)],
stdin_text=testuser_password_confirmation)

# login to the system
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(self.master.hostname,
username=testuser,
password=password)
client.close()

# check if user listed in output
cmd = self.master.run_command(['semanage', 'login', '-l'])
> assert testuser in cmd.stdout_text
E       AssertionError: assert 'testuser_selinux' in '\nLogin Name           SELinux User         MLS/MCS Range        Service\n\n__default__          unconfined_u         s0-s0:c0.c1023       *\nroot                 unconfined_u         s0-s0:c0.c1023       *\n'
E        +  where '\nLogin Name           SELinux User         MLS/MCS Range        Service\n\n__default__          unconfined_u         s0-s0:c0.c1023       *\nroot                 unconfined_u         s0-s0:c0.c1023       *\n' = <pytest_multihost.transport.SSHCommand object at 0x7f8ff2fa39e8>.stdout_text

Steps to Reproduce

Check the output of nightly tests from https://github.com/freeipa/freeipa/pulls

Version/Release/Distribution

master branch from 11-Jun-2019.

Additional info:

The master branch is currently using freeipa/ci-master-f29 vagrant box, version 0.2.1 which has SElinux disabled, but the test requires selinux.

Metadata Update from @frenaud:
- Issue assigned to frenaud
6 years ago

Also failing in ipa-4-6 and ipa-4-7 branches because of vagrant boxes with SElinux disabled.

Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.6.6
6 years ago

Metadata Update from @frenaud:
- Issue tagged with: test-failure, tests
6 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3254
6 years ago

master:

  • 910ff25 ipatests: fix TestUserPermissions::test_selinux_user_optimized

hi @frenaud - FYI manual backport will be needed for ipa-4-6 and ipa-4-7.

Hi @fcami
my bad, the test is present on master branch only, hence no need for a backport.
Changing milestone accordingly.

Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.8 (was: FreeIPA 4.6.6)
6 years ago

Metadata Update from @frenaud:
- Custom field affects_doc adjusted to on
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

Log in to comment on this ticket.

Metadata

tests test-failure

None
None
None
None
on
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/3254
None
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.