:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:22:19 ] :: [ INFO ] :: rlImport: Found 'selinux-policy/common', version '43' during upwards traversal :: [ 07:22:19 ] :: [ INFO ] :: rlImport: Will try to import selinux-policy/common from /root/selinux/selinux-policy/Library/common/lib.sh :: [ 07:22:19 ] :: [ INFO ] :: found dependencies: 'distribution/epel ' :: [ 07:22:19 ] :: [ INFO ] :: rlImport: Found 'distribution/epel', version '2' during upwards traversal :: [ 07:22:19 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel from /root/distribution/Library/epel/lib.sh :: [ 07:22:19 ] :: [ INFO ] :: found dependencies: ' distribution/LibrariesWrapper distribution/epel-internal' :: [ 07:22:20 ] :: [ INFO ] :: rlImport: Found 'distribution/LibrariesWrapper', version '9' during upwards traversal :: [ 07:22:20 ] :: [ INFO ] :: rlImport: Will try to import distribution/LibrariesWrapper from /root/distribution/Library/LibrariesWrapper/lib.sh :: [ 07:22:20 ] :: [ INFO ] :: found dependencies: '' :: [ 07:22:20 ] :: [ INFO ] :: rlImport: Found 'distribution/epel-internal', version '3' during upwards traversal :: [ 07:22:20 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel-internal from /root/distribution/Library/epel-internal/lib.sh :: [ 07:22:20 ] :: [ INFO ] :: found dependencies: '' :: [ 07:22:20 ] :: [ PASS ] :: Command 'rlImport distribution/LibrariesWrapper' (Expected 0, got 0) :: [ 07:22:20 ] :: [ INFO ] :: LibrariesWrapperImport(): library fetched already :: [ 07:22:20 ] :: [ INFO ] :: the library was fetched at least 1h ago, checking for updates :: [ 07:22:20 ] :: [ PASS ] :: Command 'git config core.bare true' (Expected 0, got 0) :: [ 07:22:20 ] :: [ PASS ] :: Command 'env git remote update' (Expected 0, got 0) :: [ 07:22:20 ] :: [ PASS ] :: Command 'git config core.bare false' (Expected 0, got 0) :: [ 07:22:20 ] :: [ PASS ] :: Command 'git checkout "master" -- "epel"' (Expected 0, got 0) :: [ 07:22:20 ] :: [ INFO ] :: found epel v42 from https://github.com/beakerlib/epel.git?72a1d18b541fdbd775d87bb69b57c3e018e18552#epel in /root/distribution/Library/epel/lib/epel :: [ 07:22:20 ] :: [ LOG ] :: Determined distro is 'rhel' :: [ 07:22:20 ] :: [ LOG ] :: Determined rhel release is '10' :: [ 07:22:20 ] :: [ LOG ] :: epel repo is accessible :: [ 07:22:20 ] :: [ LOG ] :: epel repo already present :: [ 07:22:20 ] :: [ INFO ] :: SELinux: using 'semodule -lfull' to list modules :: [ 07:22:20 ] :: [ INFO ] :: Running with policy located in /etc/selinux/targeted/policy/policy.34 :: [ 07:22:20 ] :: [ LOG ] :: enriched audit log format already enabled :: [ 07:22:20 ] :: [ LOG ] :: stop the audit daemon first :: [ 07:22:20 ] :: [ PASS ] :: Command 'service auditd stop' (Expected 0,2, got 0) :: [ 07:22:25 ] :: [ LOG ] :: audit daemon configuration file is updated, starting the audit service :: [ 07:22:26 ] :: [ LOG ] :: rlServiceStart: Service auditd started successfully :: [ 07:22:26 ] :: [ INFO ] :: SELinux related packages listing: :: [ 07:22:26 ] :: [ INFO ] :: checkpolicy-3.8-1.el10.x86_64 libselinux-3.8-1.el10.x86_64 libselinux-utils-3.8-1.el10.x86_64 libsemanage-3.8.1-1.el10_0.x86_64 libsepol-3.8-1.el10.x86_64 policycoreutils-3.8-1.el10.x86_64 policycoreutils-devel-3.8-1.el10.x86_64 policycoreutils-python-utils-3.8-1.el10.noarch selinux-policy-40.13.30-1.el10.noarch selinux-policy-devel-40.13.30-1.el10.noarch selinux-policy-targeted-40.13.30-1.el10.noarch setools-console-4.5.1-4.el10.x86_64 :: [ 07:22:26 ] :: [ INFO ] :: listing took 0 second(s) :: [ 07:22:26 ] :: [ INFO ] :: package 'setools-console-4.5.1-4.el10.x86_64' covers required package 'setools-console' :: [ 07:22:26 ] :: [ INFO ] :: package 'expect-5.45.4-25.el10.x86_64' covers required package 'expect' :: [ 07:22:26 ] :: [ INFO ] :: package 'policycoreutils-python-utils-3.8-1.el10.noarch' covers required package 'policycoreutils-python-utils' :: [ 07:22:26 ] :: [ INFO ] :: package 'selinux-policy-devel-40.13.30-1.el10.noarch' covers required package 'selinux-policy-devel' :: [ 07:22:26 ] :: [ INFO ] :: package 'audit-rules-4.0.3-4.el10.x86_64' covers required package 'audit-rules' :: [ 07:22:26 ] :: [ PASS ] :: Command 'rlImport 'selinux-policy/common'' (Expected 0,1, got 0) :: [ 07:22:29 ] :: [ PASS ] :: Command 'epelyum install -y --nobest --nogpgcheck --skip-broken audit libselinux libselinux-utils policycoreutils selinux-policy selinux-policy-targeted setools-console systemd-container /usr/sbin/service ' (Expected 0,1, got 0) :: [ 07:22:29 ] :: [ PASS ] :: Checking for the presence of selinux-policy rpm :: [ 07:22:29 ] :: [ LOG ] :: Package versions: :: [ 07:22:29 ] :: [ LOG ] :: selinux-policy-40.13.30-1.el10.noarch :: [ 07:22:29 ] :: [ PASS ] :: Checking for the presence of selinux-policy-targeted rpm :: [ 07:22:29 ] :: [ LOG ] :: Package versions: :: [ 07:22:29 ] :: [ LOG ] :: selinux-policy-targeted-40.13.30-1.el10.noarch :: [ 07:22:29 ] :: [ PASS ] :: Checking for the presence of systemd-container rpm :: [ 07:22:29 ] :: [ LOG ] :: Package versions: :: [ 07:22:29 ] :: [ LOG ] :: systemd-container-257-11.el10.x86_64 :: [ 07:22:29 ] :: [ PASS ] :: Command 'setenforce 1' (Expected 0, got 0) :: [ 07:22:29 ] :: [ PASS ] :: Command 'id -Z' (Expected 0, got 0) :: [ 07:22:29 ] :: [ PASS ] :: Command 'sestatus' (Expected 0, got 0) :: [ 07:22:29 ] :: [ PASS ] :: Command 'semodule --list-modules=full | grep -i disabled' (Expected 0,1, got 1) :: [ 07:22:29 ] :: [ LOG ] :: rlSESetTimestamp: Setting timestamp 'TIMESTAMP' [04/30/2025 07:22:29] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 15 good, 0 bad :: RESULT: PASS (Setup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: SELinux contexts and rules :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:22:32 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/systemd/systemd-machined should contain systemd_machined_exec_t (Assert: expected 0, got 0) :: [ 07:22:32 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow init_t systemd_machined_exec_t : file { getattr open read execute } ' :: [ 07:22:33 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 07:22:33 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 07:22:33 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 07:22:33 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 07:22:34 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow init_t systemd_machined_t : process { transition } ' :: [ 07:22:35 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :: [ 07:22:35 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition init_t systemd_machined_exec_t : process systemd_machined_t ' :: [ 07:22:37 ] :: [ PASS ] :: check permission 'systemd_machined_t' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 6s :: Assertions: 7 good, 0 bad :: RESULT: PASS (SELinux contexts and rules) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-49567 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:22:37 ] :: [ PASS ] :: Result of matchpathcon /usr/lib/systemd/systemd-machined should contain systemd_machined_exec_t (Assert: expected 0, got 0) :: [ 07:22:38 ] :: [ PASS ] :: Result of matchpathcon /run/systemd/machine should contain systemd_machined_var_run_t (Assert: expected 0, got 0) :: [ 07:22:39 ] :: [ PASS ] :: Result of matchpathcon /run/systemd/machine/io.systemd.Machine should contain systemd_machined_var_run_t (Assert: expected 0, got 0) :: [ 07:22:39 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow systemd_machined_t systemd_machined_var_run_t : dir { create } [ ]' :: [ 07:22:40 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :: [ 07:22:40 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow systemd_machined_t systemd_machined_var_run_t : sock_file { create unlink } [ ]' :: [ 07:22:42 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :: [ 07:22:42 ] :: [ PASS ] :: check permission 'unlink' is present (Assert: '0' should equal '0') :: [ 07:22:42 ] :: [ PASS ] :: Command 'machinectl' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 5s :: Assertions: 7 good, 0 bad :: RESULT: PASS (RHEL-49567) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-74280 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:22:42 ] :: [ PASS ] :: Result of matchpathcon /dev/vsock should contain vsock_device_t (Assert: expected 0, got 0) :: [ 07:22:42 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow systemd_machined_t vsock_device_t : chr_file { getattr open read ioctl } [ ]' :: [ 07:22:44 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 07:22:44 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 07:22:44 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 07:22:44 ] :: [ PASS ] :: check permission 'ioctl' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 5 good, 0 bad :: RESULT: PASS (RHEL-74280) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-76352 + RHEL-77087 + RHEL-78088 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:22:44 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow systemd_machined_t unconfined_service_t : dir { search } [ ]' :: [ 07:22:46 ] :: [ PASS ] :: check permission 'search' is present (Assert: '0' should equal '0') :: [ 07:22:46 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow systemd_machined_t unconfined_service_t : file { getattr open read ioctl } [ ]' :: [ 07:22:47 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 07:22:47 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 07:22:47 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 07:22:47 ] :: [ PASS ] :: check permission 'ioctl' is present (Assert: '0' should equal '0') :: [ 07:22:47 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow systemd_machined_t systemd_machined_t : cap_userns { kill } [ ]' :: [ 07:22:49 ] :: [ PASS ] :: check permission 'kill' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 5s :: Assertions: 6 good, 0 bad :: RESULT: PASS (RHEL-76352 + RHEL-77087 + RHEL-78088) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-85379 + RHEL-86528 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:22:49 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow system_dbusd_t systemd_machined_var_lib_t : dir { read } [ ]' :: [ 07:22:51 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 1 good, 0 bad :: RESULT: PASS (RHEL-85379 + RHEL-86528) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: real scenario -- standalone service :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:22:51 ] :: [ PASS ] :: Command 'service systemd-machined start' (Expected 0, got 0) :: [ 07:22:52 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "systemd-machined"' (Expected 0, got 0) :: [ 07:22:53 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "systemd_machined_t.*systemd-machined"' (Expected 0, got 0) :: [ 07:22:54 ] :: [ PASS ] :: Command 'service systemd-machined status' (Expected 0,1,3, got 0) :: [ 07:22:55 ] :: [ PASS ] :: Command 'restorecon -Rv /etc /run /var -e /var/ARTIFACTS' (Expected 0-255, got 0) :: [ 07:22:55 ] :: [ PASS ] :: Command 'service systemd-machined restart' (Expected 0, got 0) :: [ 07:22:57 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "systemd-machined"' (Expected 0, got 0) :: [ 07:22:57 ] :: [ PASS ] :: Command 'ps -efZ | grep -v " grep " | grep -E "systemd_machined_t.*systemd-machined"' (Expected 0, got 0) :: [ 07:22:58 ] :: [ PASS ] :: Command 'service systemd-machined status' (Expected 0,1,3, got 0) :: [ 07:23:00 ] :: [ PASS ] :: Command 'service systemd-machined stop' (Expected 0, got 0) :: [ 07:23:01 ] :: [ PASS ] :: Command 'service systemd-machined status' (Expected 0,1,3, got 3) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 12s :: Assertions: 11 good, 0 bad :: RESULT: PASS (real scenario -- standalone service) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: real scenario -- bz#1900869 + bz#1900888 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:23:03 ] :: [ PASS ] :: Command 'mkdir -pZ /var/lib/machines/test' (Expected 0, got 0) :: [ 07:23:21 ] :: [ PASS ] :: Command 'dnf -y --installroot=/var/lib/machines/test/ install dhcp-client dnf filesystem glibc glibc-langpack-en glibc-langpack-de iproute iputils less passwd systemd vim-minimal --skip-broken' (Expected 0, got 0) :: [ 07:23:22 ] :: [ PASS ] :: Command 'restorecon -Rv /var/lib/machines' (Expected 0, got 0) :: [ 07:23:23 ] :: [ PASS ] :: Command 'systemctl start systemd-nspawn@test' (Expected 0, got 0) :: [ 07:23:23 ] :: [ PASS ] :: Command 'systemctl status systemd-nspawn@test' (Expected 0, got 0) :: [ 07:23:23 ] :: [ PASS ] :: Command 'ps -efZ | grep -e systemd_machined_t -e unconfined_service_t' (Expected 0, got 0) :: [ 07:23:23 ] :: [ PASS ] :: Command 'machinectl list' (Expected 0, got 0) :: [ 07:23:23 ] :: [ PASS ] :: Command 'machinectl status test' (Expected 0, got 0) :: [ 07:23:23 ] :: [ PASS ] :: Command 'journalctl -M test --system' (Expected 0, got 0) :: [ 07:23:23 ] :: [ PASS ] :: Command 'journalctl -M test --user' (Expected 0, got 0) :: [ 07:23:23 ] :: [ LOG ] :: Runnning machinectl login test, with 20 seconds timeout :: [ 07:23:24 ] :: [ LOG ] :: Command ended itself, I am not killing it. :: [ 07:23:25 ] :: [ PASS ] :: Command 'machinectl list-images' (Expected 0, got 0) :: [ 07:23:25 ] :: [ PASS ] :: Command 'machinectl image-status test' (Expected 0, got 0) :: [ 07:23:25 ] :: [ PASS ] :: Command 'machinectl reboot test' (Expected 0, got 0) :: [ 07:23:40 ] :: [ PASS ] :: Command 'machinectl status test' (Expected 0, got 0) :: [ 07:23:40 ] :: [ PASS ] :: Command 'machinectl kill test' (Expected 0, got 0) :: [ 07:23:40 ] :: [ PASS ] :: Command 'machinectl terminate test' (Expected 0, got 0) :: [ 07:23:40 ] :: [ PASS ] :: Command 'systemctl stop systemd-nspawn@test' (Expected 0, got 0) :: [ 07:23:40 ] :: [ PASS ] :: Command 'rm -rf /var/lib/machines/test' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 37s :: Assertions: 18 good, 0 bad :: RESULT: PASS (real scenario -- bz#1900869 + bz#1900888) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:23:43 ] :: [ LOG ] :: rlSEAVCCheck: Search for AVCs, USER_AVCs, SELINUX_ERRs, and USER_SELINUX_ERRs since timestamp 'TIMESTAMP' [04/30/2025 07:22:29] :: [ 07:23:43 ] :: [ INFO ] :: rlSEAVCCheck: ignoring patterns: :: [ 07:23:43 ] :: [ INFO ] :: rlSEAVCCheck: type=USER_AVC.*received (policyload|setenforce) notice :: [ 07:23:43 ] :: [ PASS ] :: Check there are no unexpected AVCs/ERRORs (Assert: expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: /CoreOS/selinux-policy/Regression/systemd-machined-and-similar :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 07:23:43 ] :: [ LOG ] :: Phases fingerprint: qYP1zJ4N :: [ 07:23:43 ] :: [ LOG ] :: Asserts fingerprint: ozrS8gsR :: [ 07:23:43 ] :: [ LOG ] :: JOURNAL XML: /var/tmp/beakerlib-wS4Xvpg/journal.xml :: [ 07:23:43 ] :: [ LOG ] :: JOURNAL TXT: /var/tmp/beakerlib-wS4Xvpg/journal.txt :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 84s :: Phases: 9 good, 0 bad :: OVERALL RESULT: PASS (/CoreOS/selinux-policy/Regression/systemd-machined-and-similar)