posix on :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: TEST PROTOCOL :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Package : unknown beakerlib RPM : beakerlib-1.29.3-5.fc40.noarch Test name : unknown Test started : 2024-05-28 21:15:21 UTC Test finished : Test duration : Distro : Fedora release 41 (Rawhide) Hostname : ip-172-31-19-214.us-east-2.compute.internal Architecture : unknown CPUs : 2 x AMD EPYC 7R13 Processor RAM size : 3806 MB HDD size : 297.80 GB :: [ 21:15:21 ] :: [ WARNING ] :: POSIX mode detected and switched off :: [ 21:15:21 ] :: [ WARNING ] :: Please fix your test to have /bin/bash shebang :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: selinux-policy-40.20-1.fc41.noarch :: [ 21:15:21 ] :: [ PASS ] :: Checking for the presence of selinux-policy rpm :: [ 21:15:21 ] :: [ LOG ] :: Package versions: :: [ 21:15:21 ] :: [ LOG ] :: selinux-policy-40.20-1.fc41.noarch selinux-policy-targeted-40.20-1.fc41.noarch :: [ 21:15:21 ] :: [ PASS ] :: Checking for the presence of selinux-policy-targeted rpm :: [ 21:15:21 ] :: [ LOG ] :: Package versions: :: [ 21:15:21 ] :: [ LOG ] :: selinux-policy-targeted-40.20-1.fc41.noarch zabbix-selinux-6.0.30-1.fc41.noarch :: [ 21:15:21 ] :: [ PASS ] :: Checking for the presence of zabbix-selinux rpm :: [ 21:15:21 ] :: [ LOG ] :: Package versions: :: [ 21:15:21 ] :: [ LOG ] :: zabbix-selinux-6.0.30-1.fc41.noarch Downloading src rpms for zabbix-selinux-6.0.30-1.fc41 and selinux-policy :: [ 21:15:21 ] :: [ PASS ] :: Command './download_sources.sh' (Expected 0, got 0) https://copr.fedorainfracloud.org/api_ 100% | 6.0 KiB/s | 1.6 KiB | 00m00sEnabling a Copr repository. Please note that this repository is not part of the main distribution, and quality may vary. The Fedora Project does not exercise any power over the contents of this repository beyond the rules outlined in the Copr FAQ at , and packages are not held to any quality or security level. Please do not file bug reports about these packages in Fedora Bugzilla. In case of problems, contact the owner of this repository. :: [ 21:15:22 ] :: [ PASS ] :: Command 'dnf copr enable vmojzis/SELinux -y' (Expected 0, got 0) Updating and loading repositories: Copr repo for SELinux owned by vmojzis 100% | 44.9 KiB/s | 6.7 KiB | 00m00s koji-latest 100% | 14.1 MiB/s | 7.5 MiB | 00m01s Repositories loaded. Package Arch Version Repository Size Installing: selint x86_64 1.5.0-1.fc40 testing-farm-tag-repository 234.1 KiB Installing dependencies: libconfuse x86_64 3.3-12.fc40 testing-farm-tag-repository 1.0 MiB Transaction Summary: Installing: 2 packages Total size of inbound packages is 285 KiB. Need to download 285 KiB. After this operation 1 MiB will be used (install 1 MiB, remove 0 B). [1/2] libconfuse-0:3.3-12.fc40.x86_64 100% | 927.9 KiB/s | 188.4 KiB | 00m00s [2/2] selint-0:1.5.0-1.fc40.x86_64 100% | 462.7 KiB/s | 96.2 KiB | 00m00s -------------------------------------------------------------------------------- [2/2] Total 100% | 1.3 MiB/s | 284.6 KiB | 00m00s Running transaction [1/4] Verify package files 100% | 666.0 B/s | 2.0 B | 00m00s [2/4] Prepare transaction 100% | 37.0 B/s | 2.0 B | 00m00s [3/4] Installing libconfuse-0:3.3-12.fc 100% | 13.5 MiB/s | 1.0 MiB | 00m00s [4/4] Installing selint-0:1.5.0-1.fc40. 100% | 880.3 KiB/s | 235.9 KiB | 00m00s >>> Running trigger-install scriptlet: glibc-common-0:2.39.9000-18.fc41.x86_64 >>> Stop trigger-install scriptlet: glibc-common-0:2.39.9000-18.fc41.x86_64 >>> Running trigger-install scriptlet: man-db-0:2.12.1-1.fc41.x86_64 >>> Stop trigger-install scriptlet: man-db-0:2.12.1-1.fc41.x86_64 :: [ 21:15:26 ] :: [ PASS ] :: Command 'dnf install selint -y' (Expected 0, got 0) :: [ 21:15:26 ] :: [ PASS ] :: Command 'ls policy' (Expected 0, got 0) SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 :: [ 21:15:26 ] :: [ PASS ] :: Command 'sestatus' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 5s :: Assertions: 8 good, 0 bad :: RESULT: PASS (Setup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Unsound/dangerous policy practices :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 200 zabbix pp 100 zabbix pp :: [ 21:15:26 ] :: [ PASS ] :: Command 'semodule -lfull | grep zabbix' (Expected 0, got 0) :: [ 21:15:26 ] :: [ PASS ] :: Command 'semodule -X 200 --cil -E zabbix' (Expected 0, got 0) Never allow: Access to restricted types: allow zabbix_script_t security_t:file { write read ioctl append lock getattr open } policy management (permissions): allow zabbix_script_t security_t:security { setsecparam } Access to restricted types: allow zabbix_agent_t security_t:file { write lock read getattr open ioctl append } Access to restricted types: allow zabbix_t security_t:file { write lock read getattr open ioctl append } Warnings: Circumventing DAC settings as root (capability): allow zabbix_script_t self:capability { fsetid chown sys_resource sys_boot sys_time dac_override ipc_lock mknod sys_tty_config dac_read_search linux_immutable lease sys_rawio sys_pacct audit_write sys_chroot setuid sys_nice fowner net_broadcast sys_admin setgid setfcap ipc_owner sys_ptrace kill audit_control setpcap net_bind_service net_raw net_admin } Reassociate thread with a namespace (capability): allow zabbix_script_t self:capability { fsetid chown sys_resource sys_boot sys_time dac_override ipc_lock mknod sys_tty_config dac_read_search linux_immutable lease sys_rawio sys_pacct audit_write sys_chroot setuid sys_nice fowner net_broadcast sys_admin setgid setfcap ipc_owner sys_ptrace kill audit_control setpcap net_bind_service net_raw net_admin } Trace arbitrary process (capability): allow zabbix_script_t self:capability { fsetid chown sys_resource sys_boot sys_time dac_override ipc_lock mknod sys_tty_config dac_read_search linux_immutable lease sys_rawio sys_pacct audit_write sys_chroot setuid sys_nice fowner net_broadcast sys_admin setgid setfcap ipc_owner sys_ptrace kill audit_control setpcap net_bind_service net_raw net_admin } Circumventing DAC settings as root (capability): allow zabbix_agent_t self:capability { chown dac_read_search setgid sys_resource audit_write setuid } Circumventing DAC settings as root (capability): allow zabbix_t self:capability { setuid dac_read_search setgid sys_resource } Attributes allowing excessive write access: typeattributeset files_unconfined_type (zabbix_script_t) Attributes allowing excessive write access: typeattributeset unconfined_domain_type (zabbix_script_t) Attributes allowing excessive access: typeattributeset files_unconfined_type (zabbix_script_t) Attributes allowing excessive access: typeattributeset unconfined_domain_type (zabbix_script_t) Transition to unconfined domain: typetransition zabbix_agent_t lvm_exec_t process lvm_t Transition to unconfined domain: typetransition zabbix_t zabbix_script_exec_t process zabbix_script_t Transition to unconfined domain: typetransition zabbix_agent_t zabbix_script_exec_t process zabbix_script_t :: [ 21:15:27 ] :: [ FAIL ] :: Command 'python3 test.py zabbix.cil policy/zabbix.te' (Expected 0, got 4) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 2 good, 1 bad :: RESULT: FAIL (Unsound/dangerous policy practices) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: SELint static analysis :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Warning: Failed to locate access_vectors file. Warning: Failed to locate security_classes file. Warning: Failed to locate modules.conf file. Warning: Failed to locate obj_perm_sets.spt file. Warning: Failed to locate global conditions files. Note: Check E-007 is not performed because no permission macro has been parsed. Note: Check E-008 is not performed because no class has been parsed. Error: Failed to open policy/zabbix.te: No such file or directory Error: Failed to parse files :: [ 21:15:27 ] :: [ PASS ] :: Command 'selint -s -r -d E-005 -d W-004 -d W-005 -d W-010 -d S-001 -d S-010 --context=base-policy policy/zabbix.fc policy/zabbix.te 2>&1 | tee /tmp/tmp.DVGZL996ny' (Expected 0, got 0) Warning: Failed to locate access_vectors file. Warning: Failed to locate security_classes file. Warning: Failed to locate modules.conf file. Warning: Failed to locate obj_perm_sets.spt file. Warning: Failed to locate global conditions files. Note: Check E-007 is not performed because no permission macro has been parsed. Note: Check E-008 is not performed because no class has been parsed. Error: Failed to open policy/zabbix.te: No such file or directory Error: Failed to parse files :: [ 21:15:27 ] :: [ FAIL ] :: Command 'grep -v 'F-002' '/tmp/tmp.DVGZL996ny'' (Expected 1, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 0s :: Assertions: 1 good, 1 bad :: RESULT: FAIL (SELint static analysis) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 21:15:27 ] :: [ PASS ] :: Command 'rm -rf zabbix.cil policy base-policy /etc/yum.repos.d/koji-latest.repo' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 0s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: TEST PROTOCOL :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Package : unknown beakerlib RPM : beakerlib-1.29.3-5.fc40.noarch Test name : unknown Test started : 2024-05-28 21:15:21 UTC Test finished : 2024-05-28 21:15:27 UTC (still running) Test duration : 6 seconds Distro : Fedora release 41 (Rawhide) Hostname : ip-172-31-19-214.us-east-2.compute.internal Architecture : unknown CPUs : 2 x AMD EPYC 7R13 Processor RAM size : 3806 MB HDD size : 297.80 GB :: [ 21:15:21 ] :: [ WARNING ] :: POSIX mode detected and switched off :: [ 21:15:21 ] :: [ WARNING ] :: Please fix your test to have /bin/bash shebang :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 21:15:21 ] :: [ PASS ] :: Checking for the presence of selinux-policy rpm :: [ 21:15:21 ] :: [ LOG ] :: Package versions: :: [ 21:15:21 ] :: [ LOG ] :: selinux-policy-40.20-1.fc41.noarch :: [ 21:15:21 ] :: [ PASS ] :: Checking for the presence of selinux-policy-targeted rpm :: [ 21:15:21 ] :: [ LOG ] :: Package versions: :: [ 21:15:21 ] :: [ LOG ] :: selinux-policy-targeted-40.20-1.fc41.noarch :: [ 21:15:21 ] :: [ PASS ] :: Checking for the presence of zabbix-selinux rpm :: [ 21:15:21 ] :: [ LOG ] :: Package versions: :: [ 21:15:21 ] :: [ LOG ] :: zabbix-selinux-6.0.30-1.fc41.noarch :: [ 21:15:21 ] :: [ PASS ] :: Command './download_sources.sh' (Expected 0, got 0) :: [ 21:15:22 ] :: [ PASS ] :: Command 'dnf copr enable vmojzis/SELinux -y' (Expected 0, got 0) :: [ 21:15:26 ] :: [ PASS ] :: Command 'dnf install selint -y' (Expected 0, got 0) :: [ 21:15:26 ] :: [ PASS ] :: Command 'ls policy' (Expected 0, got 0) :: [ 21:15:26 ] :: [ PASS ] :: Command 'sestatus' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 5s :: Assertions: 8 good, 0 bad :: RESULT: PASS (Setup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Unsound/dangerous policy practices :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 21:15:26 ] :: [ PASS ] :: Command 'semodule -lfull | grep zabbix' (Expected 0, got 0) :: [ 21:15:26 ] :: [ PASS ] :: Command 'semodule -X 200 --cil -E zabbix' (Expected 0, got 0) :: [ 21:15:27 ] :: [ FAIL ] :: Command 'python3 test.py zabbix.cil policy/zabbix.te' (Expected 0, got 4) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 1s :: Assertions: 2 good, 1 bad :: RESULT: FAIL (Unsound/dangerous policy practices) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: SELint static analysis :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 21:15:27 ] :: [ PASS ] :: Command 'selint -s -r -d E-005 -d W-004 -d W-005 -d W-010 -d S-001 -d S-010 --context=base-policy policy/zabbix.fc policy/zabbix.te 2>&1 | tee /tmp/tmp.DVGZL996ny' (Expected 0, got 0) :: [ 21:15:27 ] :: [ FAIL ] :: Command 'grep -v 'F-002' '/tmp/tmp.DVGZL996ny'' (Expected 1, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 0s :: Assertions: 1 good, 1 bad :: RESULT: FAIL (SELint static analysis) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 21:15:27 ] :: [ PASS ] :: Command 'rm -rf zabbix.cil policy base-policy /etc/yum.repos.d/koji-latest.repo' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 0s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: unknown :: unknown :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 21:15:27 ] :: [ LOG ] :: Phases fingerprint: fzUty1h+ :: [ 21:15:27 ] :: [ LOG ] :: Asserts fingerprint: xkf3QXtm :: [ 21:15:27 ] :: [ LOG ] :: JOURNAL XML: /var/tmp/beakerlib-YLKKnHB/journal.xml :: [ 21:15:27 ] :: [ LOG ] :: JOURNAL TXT: /var/tmp/beakerlib-YLKKnHB/journal.txt :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 6s :: Phases: 2 good, 2 bad :: OVERALL RESULT: FAIL (unknown)