test migration branch

gosipyan · gosipyan · commit 4eb9ca0014cd · 2026-02-03T09:43:55.000+01:00
diff --git a/schedule/security/selinux.yaml b/schedule/security/selinux.yaml
@@ -2,13 +2,21 @@ name: selinux
 description: >
     This is for SElinux test
 schedule:
+#    - microos/disk_boot
+#    - transactional/host_config
+#    - update/zypper_clear_repos
+#    - console/zypper_ar
+#    - console/zypper_ref
+#    - transactional/enable_selinux
+#    - microos/services_enabled
     - '{{bootloader_zkvm}}'
     - '{{sle_os_boot}}'
     - '{{alp_boot}}'
     - '{{scc_slem}}'
     - security/selinux/selinux_setup
     - security/selinux/sestatus
     - '{{sle_os_tests}}'
+#    - security/selinux/selinux_migration
     - security/selinux/semanage_fcontext
     - security/selinux/semanage_boolean
     - security/selinux/fixfiles
@@ -22,7 +30,8 @@ schedule:
     - security/selinux/set_get_enforce
     - security/selinux/selinuxexeccon
     - security/selinux/setroubleshootd
-    - '{{alp_shutdown}}'
+    - security/selinux/selinux_migration
+#    - '{{alp_shutdown}}'
 conditional_schedule:
     bootloader_zkvm:
         ARCH:
diff --git a/tests/security/selinux/selinux_migration.pm b/tests/security/selinux/selinux_migration.pm
@@ -12,6 +12,8 @@ use testapi;
 use serial_terminal 'select_serial_terminal';
 use utils;
 use version_utils qw(is_sle is_microos is_leap is_tumbleweed is_sle_micro has_selinux);
+use version_utils qw(is_sle is_sle_micro is_transactional package_version_cmp);
+use transactional;
 use transactional qw(process_reboot trup_call);
 use Utils::Architectures;
 
@@ -23,11 +25,24 @@ sub run {
     check_dir();
 
     my $rollback_number = create_snapshot();
+    #TODO update test repo
+    #zypper_call('ar https://download.opensuse.org/repositories/home:/djz88:/branches:/security:/SELinux/openSUSE_Factory/ selinux-migration');
+    zypper_call('ar https://download.opensuse.org/repositories/home:/cahu:/branches:/security:/SELinux:/varlibselinux-fixes/openSUSE_Factory/ selinux-migration');
+    record_info('Updating SELinux policy package.');
+    zypper_call("--gpg-auto-import-keys ref");
+    if(is_microos){
+	enter_trup_shell(global_options => '-c') if is_transactional;
+        script_run('zypper in -i selinux-migration trasnactional-update', 600);
+        exit_trup_shell if is_transactional;
+        process_reboot(trigger => 1);
 
-    if (script_run("zypper info selinux-policy | grep -q 'out-of-date'")) {
-
-        update_selinux_policy();
     }
+    #script_run("mkdir -p /var/lib/selinux");
+
+    #    if (script_run("zypper info selinux-policy | grep -q 'out-of-date'")) {
+
+    update_selinux_policy();
+	#}
 
 
     check_paths();
@@ -109,10 +124,21 @@ sub create_snapshot {
 sub update_selinux_policy {
     record_info('Updating SELinux policy');
     zypper_call("--gpg-auto-import-keys ref");
+    script_run("zypper info selinux-policy");
     if (is_microos) {
         validate_script_output('sestatus', sub { m/SELinux status: .*enabled/ && m/Current mode: .*enforcing/ }, fail_message => 'SELinux is NOT enabled and set to enforcing');
-        trup_call('dup', timeout => 600);
+
+        enter_trup_shell(global_options => '-c') if is_transactional;
+        script_run('zypper dup --force-resolution  --allow-vendor-change --no-confirm', 600);
+        script_run('zypper in -r selinux-migration --force-resolution  --allow-vendor-change --no-confirm selinux-policy selinux-policy-targeted selinux-policy-targeted-gaming policycoreutils policycoreutils-python-utils setools-console systemd-presets-common-SUSE', 600);
+        exit_trup_shell if is_transactional;
+
+
+	#    trup_call 'dup', timeout => 600;
+	#trup_call('dup', timeout => 600);
         process_reboot(trigger => 1);
+        script_run("zypper lr -u");
+        script_run("zypper info selinux-policy");
     }
     else {
         zypper_call('dup --force-resolution  --allow-vendor-change --no-confirm');
@@ -167,7 +193,7 @@ sub rollback_and_verify_state {
         record_info("test1 has correct selinux label");
     }
     else {
-        record_info("wrong selinux label", result => "fail");
+        record_info("[FAIL]","Wrong selinux label", result => "fail");
     }
 
 
@@ -221,6 +247,7 @@ sub check_dir {
 sub check_service {
     if (script_run("systemctl list-unit-files --type=service | grep -qw cleanoldsepoldir.service") == 0) {
         my $status = script_output("systemctl is-enabled cleanoldsepoldir.service");
+	print $status;
         return $status;
     } else {
         record_info("[FAIL]", "cleanoldsepoldir.service not detected", result => "fail");
