From 06fc55b0a4d994550f05625f10d8f7f0b11863eb Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Tue, 11 Mar 2025 14:51:23 -0400 Subject: [PATCH] qa/cephadm/smb: set virt_sandbox_use_netlink selinux bool on ctdb tests Try to use the virt_sandbox_use_netlink selinux boolean to avoid getting selinux AVC errors in smb tests using ctdb. Some tests run ctdb with public addresses and the scripts that ctdb uses to manage those IPs calls ss which uses netlink which can cause selinux denials. Attempt to work around that problem by using a selinux boolean documented in `container_selinux(8)`. Signed-off-by: John Mulligan --- .../cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml | 3 +++ .../orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml | 3 +++ .../orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml | 3 +++ .../orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml | 3 +++ .../orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml | 3 +++ 5 files changed, 15 insertions(+) diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml index 0d862b2c5f9..e05869d93e3 100644 --- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml +++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml @@ -24,6 +24,9 @@ overrides: tasks: - cephadm.configure_samba_client_container: role: host.d +- pexec: + all: + - setsebool -P virt_sandbox_use_netlink 1 || true - cephadm: - cephadm.shell: diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml index 3bbf30ea427..45ed41e8212 100644 --- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml +++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml @@ -26,6 +26,9 @@ tasks: role: host.d - vip: count: 1 +- pexec: + all: + - setsebool -P virt_sandbox_use_netlink 1 || true - cephadm: - cephadm.shell: diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml index b9b0ec0d6f1..aab74b1692b 100644 --- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml +++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml @@ -24,6 +24,9 @@ overrides: tasks: - cephadm.configure_samba_client_container: role: host.d +- pexec: + all: + - setsebool -P virt_sandbox_use_netlink 1 || true - cephadm: - cephadm.shell: diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml index b74593058e2..20a10a7cbc0 100644 --- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml +++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml @@ -24,6 +24,9 @@ overrides: tasks: - cephadm.deploy_samba_ad_dc: role: host.d +- pexec: + all: + - setsebool -P virt_sandbox_use_netlink 1 || true - cephadm: - cephadm.shell: diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml index 0aa55a53a3d..4f3bcb0a735 100644 --- a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml +++ b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml @@ -26,6 +26,9 @@ tasks: role: host.d - vip: count: 2 +- pexec: + all: + - setsebool -P virt_sandbox_use_netlink 1 || true - cephadm: - cephadm.shell: -- 2.39.5