From 543a85741dbb4fbcb4251c081ba346885d6928f0 Mon Sep 17 00:00:00 2001 From: Jan Baier Date: Thu, 22 Aug 2024 12:23:12 +0200 Subject: [PATCH] Add option to enforce AppArmor profiles in tests Introduce variable `USE_APPARMOR` to allow enforcing AppArmor profiles inside tests. Use the new variable inside nginx install variant of the test. Reference: https://progress.opensuse.org/issues/155413 --- main.pm | 1 + scenario-definitions.yaml | 1 + tests/install/apparmor.pm | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 tests/install/apparmor.pm diff --git a/main.pm b/main.pm index 37e2b545..9c673605 100644 --- a/main.pm +++ b/main.pm @@ -24,6 +24,7 @@ sub load_install_tests() { # interaction return 1 if get_var('OPENQA_FROM_GIT'); loadtest 'install/openqa_worker' unless get_var('OPENQA_FROM_BOOTSTRAP'); + loadtest 'install/apparmor' if get_var('USE_APPARMOR'); loadtest 'install/test_distribution'; } diff --git a/scenario-definitions.yaml b/scenario-definitions.yaml index 77db6620..8a4e8652 100644 --- a/scenario-definitions.yaml +++ b/scenario-definitions.yaml @@ -55,6 +55,7 @@ job_templates: settings: DESKTOP: minimalx OPENQA_WEB_PROXY: 'nginx' + USE_APPARMOR: "1" openqa_install_multimachine: <<: *common_4g settings: diff --git a/tests/install/apparmor.pm b/tests/install/apparmor.pm new file mode 100644 index 00000000..2e0ae965 --- /dev/null +++ b/tests/install/apparmor.pm @@ -0,0 +1,17 @@ +use Mojo::Base 'openQAcoretest', -signatures; +use testapi; +use utils qw(install_packages); + +sub run { + # Make sure AppArmor is installed and enabled + install_packages('-t pattern apparmor'); + assert_script_run('systemctl enable --now apparmor'); + assert_script_run('aa-enabled'); + # Reload AppArmor to enforce newly installed profiles + assert_script_run('systemctl reload apparmor'); + # Restart running services to apply loaded profiles + assert_script_run('systemctl try-restart openqa-*'); + assert_script_run('aa-status --filter.profiles="usr.share.openqa.*"'); +} + +1;