New issue
Advanced search Search tips

Issue 916021 link

Starred by 1 user
Status: Verified
Owner:
derat@chromium.org
Closed: Dec 20
Cc:
hidehiko@chromium.org
nya@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

security.StatefulFiles sometimes fails due to /var/lib/whitelist/owner.key being 0644

Project Member Reported by derat@chromium.org, Dec 18 
The security.StatefulFiles test looks like it's occasionally failing with the following error:

/mnt/stateful_partition/encrypted/var/lib/whitelist/owner.key: mode 0644 (want 0604)

http://stainless/search?view=list&first_date=2018-12-12&last_date=2018-12-18&branch=%5Emaster%24&test=%5Etast%5C.security%5C.StatefulFiles%24&status=FAIL&status=ERROR&status=ABORT&reason=owner&exclude_cts=false&exclude_not_run=true&exclude_non_release=false&exclude_au=true&exclude_acts=true&exclude_retried=true&exclude_non_production=true

The permissions that the test is checking (which I just copied from live systems, I think) seem nonsensical -- encrypted/var/lib/whitelist is previously asserted as being 0750 root:policy-readers, so I have no idea why files within it are 0604. I'm going to change the check for the directory's contents to just check that 022 is unset.
Project Member

Comment 1 by bugdroid1@chromium.org, Dec 18 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/c63ed2840eb32056edcccfe7bdecfc69ed38d459

commit c63ed2840eb32056edcccfe7bdecfc69ed38d459
Author: Daniel Erat <derat@chromium.org>
Date: Tue Dec 18 12:28:59 2018

tast-tests: Fix security.StatefulFiles owner.key errors.

Make the security.StatefulFiles test that files in
/mnt/stateful_partition/encrypted/var/lib/whitelist don't
have the 022 permission bits, rather than that the bits
exactly match 0604. It looks like owner.key is sometimes
0644.

BUG= chromium:916021 
TEST=ran the test

Change-Id: I8e3f6c8eb77656039f7f97e5652329bb2ad03abd
Reviewed-on: https://chromium-review.googlesource.com/1381892
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[modify] https://crrev.com/c63ed2840eb32056edcccfe7bdecfc69ed38d459/src/chromiumos/tast/local/bundles/cros/security/stateful_files.go

Comment 2 by derat@chromium.org, Dec 20

Status: Verified (was: Started)
The only failures I see in this test now are on guado-moblab (see issue 910867).

Sign in to add a comment