diff --git a/contrib/test/integration/main.yml b/contrib/test/integration/main.yml index 4f61dcab..b80a76db 100644 --- a/contrib/test/integration/main.yml +++ b/contrib/test/integration/main.yml @@ -78,6 +78,7 @@ - "{{ playbook_dir }}/vars.yml" environment: '{{ environment_variables }}' tasks: + - name: Build and install cri-o include: "build/cri-o.yml" tags: diff --git a/contrib/test/integration/system.yml b/contrib/test/integration/system.yml index c17e3c6d..ab82c177 100644 --- a/contrib/test/integration/system.yml +++ b/contrib/test/integration/system.yml @@ -32,6 +32,7 @@ - libgpg-error-devel - libguestfs-tools - libseccomp-devel + - libselinux-python - libvirt-client - libvirt-python - libxml2-devel @@ -47,6 +48,7 @@ - openssl-devel - ostree-devel - pkgconfig + - policycoreutils-python - python - python2-boto - python2-crypto @@ -111,3 +113,12 @@ - name: Update the kernel cmdline to include quota support command: grubby --update-kernel=ALL --args="rootflags=pquota" when: ansible_distribution in ['RedHat', 'CentOS'] + +- name: Enforce specific SELinux types for files on this platform + sefcontext: + target: '{{ item.key }}' + setype: '{{ item.value[ansible_distribution] | default(item.value.default) }}' + state: present + when: item.value[ansible_distribution] is defined or + item.value.default is defined + with_dict: '{{ set_setypes | default({}) }}' diff --git a/contrib/test/integration/vars.yml b/contrib/test/integration/vars.yml index fa8665db..e0cfd993 100644 --- a/contrib/test/integration/vars.yml +++ b/contrib/test/integration/vars.yml @@ -21,6 +21,11 @@ cri_o_src_path: "{{ playbook_dir }}/../../../" # Absolute path on subjects where cri-o source is expected cri_o_dest_path: "{{ go_path }}/src/github.com/kubernetes-incubator/cri-o" +# Mapping of filenames to ansible_distribution (or default), to SELinux types +set_setypes: + /usr/local/bin/crio: + default: 'container_runtime_exec_t' + # For results.yml Paths use rsync 'source' conventions artifacts: "/tmp/artifacts" # Base-directory for collection crio_integration_filepath: "{{ artifacts }}/testout.txt"