freeipa

Clone
Source Code
GIT

#8118 Run smoke tests in FIPS mode
Closed: fixed 4 years ago by cheimes. Opened 4 years ago by cheimes.

Closed: fixed
Reopen Issue

We want to make sure that FreeIPA can be installed on a system in FIPS enforcing mode and that basic functionality is working correctly.

For a full FIPS mode system it is necessary to reconfigure the system and then reboot the entire OS. For most problems it is sufficient to just put the userspace in a fake FIPS mode. Ondrej Moris came up with a clever trick using mount --bind:

echo "userspace fips" > /etc/system-fips
mkdir -p /var/tmp/userspace-fips
echo 1 > /var/tmp/userspace-fips/fips_enabled
mount --bind \
  /var/tmp/userspace-fips/fips_enabled \
  /proc/sys/crypto/fips_enabled
update-crypto-policy --set FIPS

The trick makes all user space programs think that the system is running in FIPS enforcing mode. That's sufficient enough for a smoke test and will catch most to all userspace problems with FIPS.

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3897
4 years ago

master:

  • 8124b1b Test installation with (fake) userspace FIPS

ipa-4-8:

  • 0cd2f4e Test installation with (fake) userspace FIPS

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
4 years ago

Log in to comment on this ticket.

Metadata

tests

None
None
important
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/3897
None
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.