Adding support for lockdown feature#3135
Adding support for lockdown feature#3135PavamanSubramaniyam wants to merge 1 commit intoavocado-framework-tests:masterfrom
Conversation
Executing dlpar tests with the lockdown mode enabled Signed-off-by: Pavaman Subramaniyam <pavsubra@linux.vnet.ibm.com>
|
avocado run --max-parallel-tasks=1 dlpar.py -m dlpar.py.data/dlpar.yaml I have updated the full results logs to the corresponding Jira. |
| self.pci_device = self.params.get("pci_devices", default=None).split(' ') | ||
| self.num_of_dlpar = int(self.params.get("num_of_dlpar", default='1')) | ||
| self.lockdown_mode = self.params.get("lockdown_mode", default="integrity") | ||
| self.original_lockdown_state = None |
There was a problem hiding this comment.
This variable is defined but never used.
| # Save original state | ||
| original_state = self.get_lockdown_state() | ||
|
|
||
| if not self.set_lockdown_mode(self.lockdown_mode): |
There was a problem hiding this comment.
Since we change the lockdown mode, we should also revert it back to original mode in teardown(). I guess self.original_lockdown_state was defined for this purpose. In CR environment this lockdown mode change can cause issues for tests executed after this test
| self.log.error(f"Failed to set lockdown to {mode}, current: {new_state}") | ||
| return False | ||
| except Exception as e: | ||
| self.log.error(f"Error setting lockdown mode: {mode}") |
There was a problem hiding this comment.
This print generic error message but does not capture the exception. Please add
self.log.error(f"Error setting lockdown mode to {mode}: {e}")
| self.test_drmgr_pci() | ||
| self.test_drmgr_phb() | ||
|
|
||
| # Verify lockdown state didn't change |
There was a problem hiding this comment.
Is this verification really required? Why would dlpar operation change security model?
If you think this is possible then we would need verification after each test (dlpar, drmgr_pci, drmgr_phb)
3 participants
Executing dlpar tests with the lockdown mode enabled