debuig

scripts/ci/prepare-for-fedora-rawhide.sh

@@ -18,6 +18,7 @@ dnf install -y \
 	libnet-devel \
 	libnl3-devel \
 	libbsd-devel \
+	libselinux-utils \
 	make \
 	procps-ng \
 	protobuf-c-devel \

scripts/ci/run-ci-tests.sh

@@ -295,14 +295,14 @@ if capsh --supports=cap_checkpoint_restore && unshare -c /bin/true; then
 	if [ -d /sys/fs/selinux ]; then
 		# Note: selinux in Enforcing mode prevents us from calling clone3() or writing to ns_last_pid on restore; hence set to Permissive for the test and then set back.
 		selinuxmode=$(getenforce)
-		setenforce Permissive
+		setenforce Permissive || true
 	fi
 	# Run it as non-root in a user namespace. Since CAP_CHECKPOINT_RESTORE behaves differently in non-user namespaces (e.g. no access to map_files) this tests that we can dump and restore
 	# under those conditions. Note that the "... && true" part is necessary; we need at least one statement after the tests so that bash can reap zombies in the user namespace,
 	# otherwise it will exec the last statement and get replaced and nobody will be left to reap our zombies.
 	sudo --user=#65534 --group=#65534 unshare -Ucfpm --mount-proc -- bash -c "./test/zdtm.py run -t zdtm/static/maps00 -f h --rootless && true"
 	if [ -d /sys/fs/selinux ]; then
-		setenforce "$selinuxmode"
+		setenforce "$selinuxmode" || true
 	fi
 	setcap -r criu/criu
 else

scripts/ci/vagrant.sh

@@ -57,6 +57,7 @@ fedora-no-vdso() {
 }
 
 fedora-rawhide() {
+	ssh default sudo grubby --update-kernel ALL --args="selinux=0"
 	# The 6.2 kernel of Fedora 38 in combination with rawhide userspace breaks
 	# zdtm/static/socket-tcp-nfconntrack. To activate the new kernel previously
 	# installed this reboots the VM.