From: Ilya Dryomov <idryomov@gmail.com>
Date: Wed, 10 Jul 2024 11:25:21 +0000 (+0200)
Subject: teuthology/task/selinux: ignore denials in agetty
X-Git-Tag: 1.2.0~21^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2edcefaa5da1ebca412ab937b136c251cb224ecc;p=teuthology.git

teuthology/task/selinux: ignore denials in agetty

This was tracked in [1], but the addition of the context to the
allowlist in ceph.git commit 7a6389272aff ("qa: ignore container
checkpoint/restore related selinux denials for centos9") doesn't
cover krbd suite which doesn't pull in any distro snippets.

Since this denial has nothing to do with Ceph [2], let's ignore it
globally.

[1] http://tracker.ceph.com/issues/64616
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2259622

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---

diff --git a/teuthology/task/selinux.py b/teuthology/task/selinux.py
index ca7390722..7b33b11b3 100644
--- a/teuthology/task/selinux.py
+++ b/teuthology/task/selinux.py
@@ -137,6 +137,7 @@ class SELinux(Task):
             'comm="sssd"',
             'comm="sss_cache"',
             'context=system_u:system_r:NetworkManager_dispatcher_t:s0',
+            'context=system_u:system_r:getty_t:s0',
         ]
         se_allowlist = self.config.get('allowlist', [])
         if se_allowlist: