qa/cephadm/smb: run setsebool with sudo

phlogistonjohn · phlogistonjohn · commit 8924d7b11e30 · 2025-03-31T14:39:26.000-04:00
Change 06fc55b added a setsebool command to nodes setup on ctdb enabled test. This should have prevented additional errors like: ``` failure_reason: 'SELinux denials found on ubuntu@smithi066.front.sepia.ceph.com: [''type=AVC msg=audit(1743168241.024:10142): avc: denied { nlmsg_read } for pid=60223 comm="ss" scontext=system_u:system_r:container_t:s0:c491,c612 tcontext=system_u:system_r:container_t:s0:c491,c612 tclass=netlink_tcpdiag_socket permissive=1'', ''type=AVC msg=audit(1743168185.768:10101): avc: denied { nlmsg_read } for pid=58817 comm="ss" scontext=system_u:system_r:container_t:s0:c491,c612 tcontext=system_u:system_r:container_t:s0:c491,c612 tclass=netlink_tcpdiag_socket permissive=1'', ''type=AVC msg=audit(1743168210.896:10137): avc: denied { nlmsg_read } for pid=59798 comm="ss" scontext=system_u:system_r:container_t:s0:c491,c612 tcontext=system_u:system_r:container_t:s0:c491,c612 tclass=netlink_tcpdiag_socket permissive=1'']' ``` But these were seen again: https://qa-proxy.ceph.com/teuthology/adking-2025-03-28_12:13:17-orch:cephadm-wip-adk-testing-2025-03-27-1430-distro-default-smithi/8214681/teuthology.log I think that the commands may not be getting run correctly because they need to be run with privs. Other pexec commands in the cephadm suite run with sudo, so try it here. Signed-off-by: John Mulligan <jmulligan@redhat.com>
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_ctdb_node_gone_state.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_clustering_ips.yaml
@@ -28,7 +28,7 @@ tasks:
     count: 1
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_basic.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_dom.yaml
@@ -26,7 +26,7 @@ tasks:
     role: host.d
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
diff --git a/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml b/qa/suites/orch/cephadm/smb/tasks/deploy_smb_mgr_ctdb_res_ips.yaml
@@ -28,7 +28,7 @@ tasks:
     count: 2
 - pexec:
     all:
-      - setsebool -P virt_sandbox_use_netlink 1 || true
+      - sudo setsebool -P virt_sandbox_use_netlink 1 || true
 - cephadm:
 
 - cephadm.shell:
