image-info: changes related to reading SELinux labels unknown to host
When `image-info` inspects ostree images, the `/usr/etc` is bind-mounted to `/etc`. This results in conflicting SELinux policy specification for these files and makes the outcome dependent on the `setfiles` build. All the files in `/etc` have mismatch in the expected vs. actual SELinux context. Exclude `/etc` from the check of SELinux ctx mismatches in case the analysed tree is from an ostree-based image. Sort the list returned `read_selinux_ctx_mismatch()` based on the item's `filename` key, to make the result consistent across runs. `image-info` can not read SELinux labels from the images, which are not known to the host. This makes the report content depend on the host environment. As a temporary workaround, relabel the image-info script with osbuild_exec_t label to allow it to read unknown SELinux labels. Modify documentation in `test/README.md` to explain the issue with `image-info` and unknown SELinux labels. Modify the `generate-all-test-cases` to relabel `image-info` before generating test cases. Modify the `image_tests.sh` to relabel `image-info` before running image test cases. Add 'tar' image for 'rhel-8' on 's390x' back to the matrix of generated test cases, as it was removed by mistake. Regenerate the image test case. Remove 'tar' image from 'rhel-84' on 's390x' from the matrix of generated test cases, as it is not supported. Regenerate all affected image test cases. Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza
Alexander Todorov
parent
95cd5b782e
commit
bce603586e
26 changed files with 134 additions and 144862 deletions
|
|
@ -6799,29 +6799,29 @@
|
|||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/kernel"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.003"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/kernel"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
|
|
@ -11128,31 +11128,6 @@
|
|||
],
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_unit_file_t:s0",
|
||||
"filename": "/usr/lib/systemd/system/usbguard.service"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/runc"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/podman"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/crun"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_exec_t:s0",
|
||||
"filename": "/usr/sbin/usbguard-daemon"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:mnt_t:s0",
|
||||
"expected": "system_u:object_r:default_t:s0",
|
||||
|
|
|
|||
|
|
@ -11134,31 +11134,6 @@
|
|||
],
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_unit_file_t:s0",
|
||||
"filename": "/usr/lib/systemd/system/usbguard.service"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/runc"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/podman"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/crun"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_exec_t:s0",
|
||||
"filename": "/usr/sbin/usbguard-daemon"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:mnt_t:s0",
|
||||
"expected": "system_u:object_r:default_t:s0",
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -5704,6 +5704,11 @@
|
|||
},
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
|
|
@ -5713,11 +5718,6 @@
|
|||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.003"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -9021,26 +9021,6 @@
|
|||
],
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_unit_file_t:s0",
|
||||
"filename": "/usr/lib/systemd/system/usbguard.service"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/runc"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/podman"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_exec_t:s0",
|
||||
"filename": "/usr/sbin/usbguard-daemon"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:mnt_t:s0",
|
||||
"expected": "system_u:object_r:default_t:s0",
|
||||
|
|
|
|||
|
|
@ -9486,26 +9486,6 @@
|
|||
],
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_unit_file_t:s0",
|
||||
"filename": "/usr/lib/systemd/system/usbguard.service"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/runc"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/podman"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_exec_t:s0",
|
||||
"filename": "/usr/sbin/usbguard-daemon"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:mnt_t:s0",
|
||||
"expected": "system_u:object_r:default_t:s0",
|
||||
|
|
|
|||
|
|
@ -5789,12 +5789,12 @@
|
|||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
|
|
|
|||
|
|
@ -9642,11 +9642,6 @@
|
|||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:systemd_sleep_exec_t:s0",
|
||||
"filename": "/usr/lib/systemd/systemd-sleep"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
|
|
@ -10240,11 +10240,6 @@
|
|||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:systemd_sleep_exec_t:s0",
|
||||
"filename": "/usr/lib/systemd/systemd-sleep"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
|
|
@ -10170,11 +10170,6 @@
|
|||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:systemd_sleep_exec_t:s0",
|
||||
"filename": "/usr/lib/systemd/systemd-sleep"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -5726,21 +5726,6 @@
|
|||
},
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.003"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
|
|
@ -5750,6 +5735,21 @@
|
|||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.003"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
|
|
@ -10949,6 +10949,7 @@
|
|||
"/proc": ".M.......",
|
||||
"/run/cockpit": ".M.......",
|
||||
"/sys": ".M.......",
|
||||
"/var/lib/powerpc-utils/smt.state": "..5....T.",
|
||||
"/var/log/lastlog": ".M....G..",
|
||||
"/var/spool/anacron/cron.daily": ".M.......",
|
||||
"/var/spool/anacron/cron.monthly": ".M.......",
|
||||
|
|
@ -10967,11 +10968,6 @@
|
|||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:systemd_sleep_exec_t:s0",
|
||||
"filename": "/usr/lib/systemd/systemd-sleep"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
|
|
@ -10834,6 +10834,11 @@
|
|||
},
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "unconfined_u:object_r:boot_t:s0",
|
||||
"expected": "system_u:object_r:boot_t:s0",
|
||||
"filename": "/boot/bootmap"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
|
|
@ -10843,16 +10848,6 @@
|
|||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:systemd_sleep_exec_t:s0",
|
||||
"filename": "/usr/lib/systemd/systemd-sleep"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:boot_t:s0",
|
||||
"expected": "system_u:object_r:boot_t:s0",
|
||||
"filename": "/boot/bootmap"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
|
|
@ -9727,26 +9727,6 @@
|
|||
},
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_unit_file_t:s0",
|
||||
"filename": "/usr/lib/systemd/system/usbguard.service"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/runc"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/podman"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_exec_t:s0",
|
||||
"filename": "/usr/sbin/usbguard-daemon"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:mnt_t:s0",
|
||||
"expected": "system_u:object_r:default_t:s0",
|
||||
|
|
|
|||
|
|
@ -10096,26 +10096,6 @@
|
|||
},
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_unit_file_t:s0",
|
||||
"filename": "/usr/lib/systemd/system/usbguard.service"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/runc"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:container_runtime_exec_t:s0",
|
||||
"filename": "/usr/bin/podman"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:unlabeled_t:s0",
|
||||
"expected": "system_u:object_r:usbguard_exec_t:s0",
|
||||
"filename": "/usr/sbin/usbguard-daemon"
|
||||
},
|
||||
{
|
||||
"actual": "system_u:object_r:mnt_t:s0",
|
||||
"expected": "system_u:object_r:default_t:s0",
|
||||
|
|
|
|||
|
|
@ -5809,29 +5809,29 @@
|
|||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/kernel"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.001"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.002"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:rpm_var_lib_t:s0",
|
||||
"expected": "system_u:object_r:rpm_var_lib_t:s0",
|
||||
"filename": "/var/lib/rpm/__db.003"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/kernel"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
|
|
@ -11083,6 +11083,7 @@
|
|||
"/proc": ".M.......",
|
||||
"/run/cockpit": ".M.......",
|
||||
"/sys": ".M.......",
|
||||
"/var/lib/powerpc-utils/smt.state": "..5....T.",
|
||||
"/var/log/btmp": ".M.......",
|
||||
"/var/log/journal": ".M....G..",
|
||||
"/var/log/lastlog": ".M....G..",
|
||||
|
|
|
|||
|
|
@ -10496,6 +10496,11 @@
|
|||
},
|
||||
"selinux": {
|
||||
"context-mismatch": [
|
||||
{
|
||||
"actual": "unconfined_u:object_r:boot_t:s0",
|
||||
"expected": "system_u:object_r:boot_t:s0",
|
||||
"filename": "/boot/bootmap"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
|
|
@ -10505,11 +10510,6 @@
|
|||
"actual": "unconfined_u:object_r:etc_t:s0",
|
||||
"expected": "system_u:object_r:etc_t:s0",
|
||||
"filename": "/etc/sysconfig/network"
|
||||
},
|
||||
{
|
||||
"actual": "unconfined_u:object_r:boot_t:s0",
|
||||
"expected": "system_u:object_r:boot_t:s0",
|
||||
"filename": "/boot/bootmap"
|
||||
}
|
||||
],
|
||||
"policy": {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue