:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 02:52:29 ] :: [ BEGIN ] :: Running 'rlImport 'selinux-policy/common'' :: [ 02:52:29 ] :: [ INFO ] :: rlImport: Found 'selinux-policy/common', version '43' during upwards traversal :: [ 02:52:29 ] :: [ INFO ] :: rlImport: Will try to import selinux-policy/common from /root/selinux/selinux-policy/Library/common/lib.sh :: [ 02:52:29 ] :: [ INFO ] :: found dependencies: 'distribution/epel ' :: [ 02:52:29 ] :: [ ERROR ] :: rlImport: Could not find library distribution/epel :: [ 02:52:29 ] :: [ INFO ] :: SELinux: using 'semodule -lfull' to list modules :: [ 02:52:29 ] :: [ INFO ] :: Running with policy located in /etc/selinux/targeted/policy/policy.34 :: [ 02:52:29 ] :: [ LOG ] :: enriched audit log format already enabled :: [ 02:52:29 ] :: [ LOG ] :: stop the audit daemon first :: [ 02:52:29 ] :: [ BEGIN ] :: Running 'service auditd stop' Stopping logging: :: [ 02:52:29 ] :: [ PASS ] :: Command 'service auditd stop' (Expected 0,2, got 0) :: [ 02:52:34 ] :: [ LOG ] :: audit daemon configuration file is updated, starting the audit service Redirecting to /bin/systemctl status auditd.service Redirecting to /bin/systemctl start auditd.service :: [ 02:52:34 ] :: [ LOG ] :: rlServiceStart: Service auditd started successfully :: [ 02:52:34 ] :: [ INFO ] :: SELinux related packages listing: :: [ 02:52:35 ] :: [ INFO ] :: checkpolicy-3.8-1.el10.x86_64 libselinux-3.8-1.el10.x86_64 libselinux-utils-3.8-1.el10.x86_64 libsemanage-3.8.1-1.el10_0.x86_64 libsepol-3.8-1.el10.x86_64 policycoreutils-3.8-1.el10.x86_64 policycoreutils-devel-3.8-1.el10.x86_64 policycoreutils-python-utils-3.8-1.el10.noarch selinux-policy-40.13.27-1.el10.noarch selinux-policy-devel-40.13.27-1.el10.noarch selinux-policy-targeted-40.13.27-1.el10.noarch setools-console-4.5.1-4.el10.x86_64 :: [ 02:52:35 ] :: [ INFO ] :: listing took 1 second(s) :: [ 02:52:35 ] :: [ INFO ] :: package 'setools-console-4.5.1-4.el10.x86_64' covers required package 'setools-console' :: [ 02:52:35 ] :: [ INFO ] :: package 'expect-5.45.4-25.el10.x86_64' covers required package 'expect' :: [ 02:52:35 ] :: [ INFO ] :: package 'policycoreutils-python-utils-3.8-1.el10.noarch' covers required package 'policycoreutils-python-utils' :: [ 02:52:35 ] :: [ INFO ] :: package 'selinux-policy-devel-40.13.27-1.el10.noarch' covers required package 'selinux-policy-devel' :: [ 02:52:35 ] :: [ PASS ] :: Command 'rlImport 'selinux-policy/common'' (Expected 0,1, got 1) :: [ 02:52:35 ] :: [ BEGIN ] :: Running 'epelyum install -y --nobest --nogpgcheck --skip-broken audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted setools-console switcheroo-control python3-gobject-base /usr/sbin/service ' /usr/share/beakerlib/testing.sh: line 896: epelyum: command not found :: [ 02:52:35 ] :: [ FAIL ] :: Command 'epelyum install -y --nobest --nogpgcheck --skip-broken audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted setools-console switcheroo-control python3-gobject-base /usr/sbin/service ' (Expected 0,1, got 127) selinux-policy-40.13.27-1.el10.noarch :: [ 02:52:35 ] :: [ PASS ] :: Checking for the presence of selinux-policy rpm :: [ 02:52:35 ] :: [ LOG ] :: Package versions: :: [ 02:52:35 ] :: [ LOG ] :: selinux-policy-40.13.27-1.el10.noarch selinux-policy-targeted-40.13.27-1.el10.noarch :: [ 02:52:36 ] :: [ PASS ] :: Checking for the presence of selinux-policy-targeted rpm :: [ 02:52:36 ] :: [ LOG ] :: Package versions: :: [ 02:52:36 ] :: [ LOG ] :: selinux-policy-targeted-40.13.27-1.el10.noarch switcheroo-control-2.6-7.el10.x86_64 :: [ 02:52:36 ] :: [ PASS ] :: Checking for the presence of switcheroo-control rpm :: [ 02:52:36 ] :: [ LOG ] :: Package versions: :: [ 02:52:36 ] :: [ LOG ] :: switcheroo-control-2.6-7.el10.x86_64 Redirecting to /bin/systemctl status switcheroo-control.service :: [ 02:52:36 ] :: [ BEGIN ] :: Running 'setenforce 1' :: [ 02:52:36 ] :: [ PASS ] :: Command 'setenforce 1' (Expected 0, got 0) :: [ 02:52:36 ] :: [ BEGIN ] :: Running 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 :: [ 02:52:36 ] :: [ PASS ] :: Command 'id -Z' (Expected 0, got 0) :: [ 02:52:36 ] :: [ BEGIN ] :: Running 'sestatus' SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 :: [ 02:52:36 ] :: [ PASS ] :: Command 'sestatus' (Expected 0, got 0) :: [ 02:52:36 ] :: [ BEGIN ] :: Running 'semodule --list-modules=full | grep -i disabled' :: [ 02:52:36 ] :: [ PASS ] :: Command 'semodule --list-modules=full | grep -i disabled' (Expected 0,1, got 1) :: [ 02:52:36 ] :: [ LOG ] :: rlSESetTimestamp: Setting timestamp 'TIMESTAMP' [04/01/2025 02:52:36] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 9s :: Assertions: 9 good, 1 bad :: RESULT: WARN (Setup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-24268 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/libexec/switcheroo-control system_u:object_r:switcheroo_control_exec_t:s0 :: [ 02:52:39 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/switcheroo-control should contain switcheroo_control_exec_t (Assert: expected 0, got 0) /run/udev system_u:object_r:udev_var_run_t:s0 :: [ 02:52:40 ] :: [ PASS ] :: Result of matchpathcon /run/udev/ should contain udev_var_run_t (Assert: expected 0, got 0) /run/dbus system_u:object_r:system_dbusd_var_run_t:s0 :: [ 02:52:40 ] :: [ PASS ] :: Result of matchpathcon /run/dbus/ should contain system_dbusd_var_run_t (Assert: expected 0, got 0) /run/dbus/system_bus_socket system_u:object_r:system_dbusd_var_run_t:s0 :: [ 02:52:41 ] :: [ PASS ] :: Result of matchpathcon /run/dbus/system_bus_socket should contain system_dbusd_var_run_t (Assert: expected 0, got 0) :: [ 02:52:41 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t udev_var_run_t : dir { search } [ ]' FILTERED RULES allow switcheroo_control_t udev_var_run_t:dir { getattr ioctl lock open read search }; :: [ 02:52:43 ] :: [ PASS ] :: check permission 'search' is present (Assert: '0' should equal '0') :: [ 02:52:43 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t switcheroo_control_t : netlink_kobject_uevent_socket { create setopt bind getattr } [ ]' FILTERED RULES allow switcheroo_control_t switcheroo_control_t:netlink_kobject_uevent_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; :: [ 02:52:44 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :: [ 02:52:44 ] :: [ PASS ] :: check permission 'setopt' is present (Assert: '0' should equal '0') :: [ 02:52:44 ] :: [ PASS ] :: check permission 'bind' is present (Assert: '0' should equal '0') :: [ 02:52:44 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 02:52:44 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t switcheroo_control_t : capability2 { bpf } [ ]' FILTERED RULES allow switcheroo_control_t switcheroo_control_t:capability2 bpf; :: [ 02:52:46 ] :: [ PASS ] :: check permission 'bpf' is present (Assert: '0' should equal '0') :: [ 02:52:46 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t sysfs_t : dir { read } [ ]' FILTERED RULES allow domain sysfs_t:dir { getattr open search }; allow switcheroo_control_t sysfs_t:dir { ioctl lock read }; :: [ 02:52:48 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 02:52:48 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t sysfs_t : lnk_file { getattr read } [ ]' FILTERED RULES allow switcheroo_control_t sysfs_t:lnk_file { getattr read }; :: [ 02:52:49 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 02:52:49 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 02:52:49 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t sysfs_t : file { getattr open read } [ ]' FILTERED RULES allow switcheroo_control_t sysfs_t:file { getattr ioctl lock open read }; :: [ 02:52:51 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 02:52:51 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 02:52:51 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 02:52:51 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t system_dbusd_t : unix_stream_socket { connectto } [ ]' FILTERED RULES allow switcheroo_control_t system_dbusd_t:unix_stream_socket connectto; :: [ 02:52:52 ] :: [ PASS ] :: check permission 'connectto' is present (Assert: '0' should equal '0') :: [ 02:52:52 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t system_dbusd_var_run_t : sock_file { write } [ ]' FILTERED RULES allow switcheroo_control_t system_dbusd_var_run_t:sock_file { append getattr open write }; :: [ 02:52:54 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 02:52:54 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t system_dbusd_var_run_t : dir { search } [ ]' FILTERED RULES allow switcheroo_control_t system_dbusd_var_run_t:dir { getattr open search }; :: [ 02:52:55 ] :: [ PASS ] :: check permission 'search' is present (Assert: '0' should equal '0') :: [ 02:52:56 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t system_dbusd_t : dbus { acquire_svc send_msg } [ ]' FILTERED RULES allow switcheroo_control_t system_dbusd_t:dbus { acquire_svc send_msg }; :: [ 02:52:57 ] :: [ PASS ] :: check permission 'acquire_svc' is present (Assert: '0' should equal '0') :: [ 02:52:57 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 02:52:57 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow system_dbusd_t switcheroo_control_t : dbus { send_msg } [ ]' FILTERED RULES allow system_dbusd_t switcheroo_control_t:dbus send_msg; :: [ 02:52:59 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 02:52:59 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow unconfined_t switcheroo_control_t : dbus { send_msg } [ ]' FILTERED RULES allow dbusd_unconfined switcheroo_control_t:dbus send_msg; :: [ 02:53:00 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :: [ 02:53:01 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow switcheroo_control_t unconfined_t : dbus { send_msg } [ ]' FILTERED RULES allow switcheroo_control_t dbusd_unconfined:dbus send_msg; :: [ 02:53:02 ] :: [ PASS ] :: check permission 'send_msg' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 24s :: Assertions: 24 good, 0 bad :: RESULT: PASS (RHEL-24268) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: real scenario -- standalone service :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 02:53:02 ] :: [ BEGIN ] :: Running 'service switcheroo-control start' Redirecting to /bin/systemctl start switcheroo-control.service :: [ 02:53:02 ] :: [ PASS ] :: Command 'service switcheroo-control start' (Expected 0, got 0) :: [ 02:53:04 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "switcheroo-control"' system_u:system_r:switcheroo_control_t:s0 root 21398 1 0 02:53 ? 00:00:00 /usr/libexec/switcheroo-control :: [ 02:53:04 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "switcheroo-control"' (Expected 0, got 0) :: [ 02:53:04 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "switcheroo_control_t.*switcheroo-control"' system_u:system_r:switcheroo_control_t:s0 root 21398 1 0 02:53 ? 00:00:00 /usr/libexec/switcheroo-control :: [ 02:53:04 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "switcheroo_control_t.*switcheroo-control"' (Expected 0, got 0) :: [ 02:53:05 ] :: [ BEGIN ] :: Running 'service switcheroo-control status' Redirecting to /bin/systemctl status switcheroo-control.service ● switcheroo-control.service - Switcheroo Control Proxy service Loaded: loaded (/usr/lib/systemd/system/switcheroo-control.service; enabled; preset: enabled) Active: active (running) since Tue 2025-04-01 02:53:02 EDT; 2s ago Invocation: 553cb94ec90948cc8b0a6586a5989e20 Main PID: 21398 (switcheroo-cont) Tasks: 5 (limit: 10679) Memory: 940K (peak: 2.8M) CPU: 24ms CGroup: /system.slice/switcheroo-control.service └─21398 /usr/libexec/switcheroo-control Apr 01 02:53:02 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Startin…. Apr 01 02:53:02 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Started…. Hint: Some lines were ellipsized, use -l to show in full. :: [ 02:53:05 ] :: [ PASS ] :: Command 'service switcheroo-control status' (Expected 0,1,3, got 0) :: [ 02:53:07 ] :: [ BEGIN ] :: Running 'switcherooctl version' 2.6 :: [ 02:53:07 ] :: [ PASS ] :: Command 'switcherooctl version' (Expected 0, got 0) :: [ 02:53:07 ] :: [ BEGIN ] :: Running 'switcherooctl list' Device: 0 Name: Red Hat, Inc. Virtio 1.0 GPU Default: yes Environment: DRI_PRIME=pci-0000_00_01_0 :: [ 02:53:07 ] :: [ PASS ] :: Command 'switcherooctl list' (Expected 0, got 0) :: [ 02:53:07 ] :: [ BEGIN ] :: Running 'service switcheroo-control restart' Redirecting to /bin/systemctl restart switcheroo-control.service :: [ 02:53:07 ] :: [ PASS ] :: Command 'service switcheroo-control restart' (Expected 0, got 0) :: [ 02:53:09 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "switcheroo-control"' system_u:system_r:switcheroo_control_t:s0 root 22039 1 1 02:53 ? 00:00:00 /usr/libexec/switcheroo-control :: [ 02:53:09 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "switcheroo-control"' (Expected 0, got 0) :: [ 02:53:09 ] :: [ BEGIN ] :: Running 'ps -efZ | grep -v " grep " | grep -E "switcheroo_control_t.*switcheroo-control"' system_u:system_r:switcheroo_control_t:s0 root 22039 1 1 02:53 ? 00:00:00 /usr/libexec/switcheroo-control :: [ 02:53:09 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "switcheroo_control_t.*switcheroo-control"' (Expected 0, got 0) :: [ 02:53:10 ] :: [ BEGIN ] :: Running 'service switcheroo-control status' Redirecting to /bin/systemctl status switcheroo-control.service ● switcheroo-control.service - Switcheroo Control Proxy service Loaded: loaded (/usr/lib/systemd/system/switcheroo-control.service; enabled; preset: enabled) Active: active (running) since Tue 2025-04-01 02:53:07 EDT; 2s ago Invocation: 379e6d08a2f742cfa930987736c8444d Main PID: 22039 (switcheroo-cont) Tasks: 5 (limit: 10679) Memory: 944K (peak: 2.8M) CPU: 25ms CGroup: /system.slice/switcheroo-control.service └─22039 /usr/libexec/switcheroo-control Apr 01 02:53:07 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Startin…. Apr 01 02:53:07 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Started…. Hint: Some lines were ellipsized, use -l to show in full. :: [ 02:53:10 ] :: [ PASS ] :: Command 'service switcheroo-control status' (Expected 0,1,3, got 0) :: [ 02:53:12 ] :: [ BEGIN ] :: Running 'restorecon -Rv /etc /var /run -e /var/ARTIFACTS' Can't stat exclude path "/var/ARTIFACTS", No such file or directory - ignoring. :: [ 02:53:12 ] :: [ PASS ] :: Command 'restorecon -Rv /etc /var /run -e /var/ARTIFACTS' (Expected 0-255, got 0) :: [ 02:53:12 ] :: [ BEGIN ] :: Running 'touch ./empty-file' :: [ 02:53:12 ] :: [ PASS ] :: Command 'touch ./empty-file' (Expected 0, got 0) :: [ 02:53:12 ] :: [ BEGIN ] :: Running 'switcherooctl launch ./empty-file' Traceback (most recent call last): File "/usr/bin/switcherooctl", line 187, in launch(args, gpu) File "/usr/bin/switcherooctl", line 66, in launch os.execvp(args[0], args) File "", line 609, in execvp File "", line 632, in _execvpe PermissionError: [Errno 13] Permission denied :: [ 02:53:12 ] :: [ PASS ] :: Command 'switcherooctl launch ./empty-file' (Expected 0,1, got 1) :: [ 02:53:12 ] :: [ BEGIN ] :: Running 'rm -f ./empty-file' :: [ 02:53:12 ] :: [ PASS ] :: Command 'rm -f ./empty-file' (Expected 0, got 0) :: [ 02:53:12 ] :: [ BEGIN ] :: Running 'service switcheroo-control stop' Redirecting to /bin/systemctl stop switcheroo-control.service :: [ 02:53:13 ] :: [ PASS ] :: Command 'service switcheroo-control stop' (Expected 0, got 0) :: [ 02:53:14 ] :: [ BEGIN ] :: Running 'service switcheroo-control status' Redirecting to /bin/systemctl status switcheroo-control.service ○ switcheroo-control.service - Switcheroo Control Proxy service Loaded: loaded (/usr/lib/systemd/system/switcheroo-control.service; enabled; preset: enabled) Active: inactive (dead) since Tue 2025-04-01 02:53:13 EDT; 1s ago Duration: 5.071s Invocation: 379e6d08a2f742cfa930987736c8444d Process: 22039 ExecStart=/usr/libexec/switcheroo-control (code=killed, signal=TERM) Main PID: 22039 (code=killed, signal=TERM) Mem peak: 2.8M CPU: 26ms Apr 01 02:53:07 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Startin…. Apr 01 02:53:07 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Started…. Apr 01 02:53:12 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Stoppin…. Apr 01 02:53:13 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: switche…. Apr 01 02:53:13 prereserve-1mt-rhel-10.1-20250320.6-38644-2025-04-01-05-20 systemd[1]: Stopped…. Hint: Some lines were ellipsized, use -l to show in full. :: [ 02:53:14 ] :: [ PASS ] :: Command 'service switcheroo-control status' (Expected 0,1,3, got 3) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 14s :: Assertions: 16 good, 0 bad :: RESULT: PASS (real scenario -- standalone service) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 02:53:18 ] :: [ LOG ] :: rlSEAVCCheck: Search for AVCs, USER_AVCs, SELINUX_ERRs, and USER_SELINUX_ERRs since timestamp 'TIMESTAMP' [04/01/2025 02:52:36] :: [ 02:53:18 ] :: [ INFO ] :: rlSEAVCCheck: ignoring patterns: :: [ 02:53:18 ] :: [ INFO ] :: rlSEAVCCheck: type=USER_AVC.*received (policyload|setenforce) notice :: [ 02:53:18 ] :: [ PASS ] :: Check there are no unexpected AVCs/ERRORs (Assert: expected 0, got 0) Redirecting to /bin/systemctl status switcheroo-control.service :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup)