ansible-playbook 2.9.27
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.9.19 (main, May 16 2024, 11:40:09) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)]
No config file found; using defaults
[WARNING]: running playbook inside collection fedora.linux_system_roles
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
PLAYBOOK: tests_trusted_execution.yml ******************************************
1 plays in /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml
PLAY [Basic test for fapolicyd] ************************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2
Saturday 02 November 2024 08:29:15 -0400 (0:00:00.030) 0:00:00.030 *****
ok: [managed-node3]
META: ran handlers
TASK [Create temp test directory] **********************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:24
Saturday 02 November 2024 08:29:16 -0400 (0:00:01.352) 0:00:01.383 *****
changed: [managed-node3] => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/var/tmp/fapolicyd_btisrbar",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [Create directories for tests] ********************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31
Saturday 02 November 2024 08:29:17 -0400 (0:00:00.444) 0:00:01.828 *****
changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar) => {
"ansible_loop_var": "item",
"changed": true,
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_btisrbar",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/fapolicyd_btisrbar",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables) => {
"ansible_loop_var": "item",
"changed": true,
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_btisrbar/executables",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/fapolicyd_btisrbar/executables",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [Create shell executables] ************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40
Saturday 02 November 2024 08:29:18 -0400 (0:00:00.866) 0:00:02.694 *****
changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables/exe1) => {
"ansible_loop_var": "item",
"changed": true,
"checksum": "762c83914caa36750af0b514616a467c7015a0d6",
"dest": "/var/tmp/fapolicyd_btisrbar/executables/exe1",
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_btisrbar/executables/exe1",
"md5sum": "9bd47e5749d746c8fe2753f04afe8a7c",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 114,
"src": "/root/.ansible/tmp/ansible-tmp-1730550558.303514-7949-168296711474751/source",
"state": "file",
"uid": 0
}
changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables/exe2) => {
"ansible_loop_var": "item",
"changed": true,
"checksum": "49884739d6d6313af9d6e4347f03a7f615512600",
"dest": "/var/tmp/fapolicyd_btisrbar/executables/exe2",
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_btisrbar/executables/exe2",
"md5sum": "38575d4acea7604f2470e6cee4df67a4",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 114,
"src": "/root/.ansible/tmp/ansible-tmp-1730550559.108324-7949-168716633061447/source",
"state": "file",
"uid": 0
}
TASK [Create a new user] *******************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55
Saturday 02 November 2024 08:29:19 -0400 (0:00:01.461) 0:00:04.156 *****
changed: [managed-node3] => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/fapolicyd_test1_user",
"name": "fapolicyd_test1_user",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
TASK [Run the role] ************************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:61
Saturday 02 November 2024 08:29:20 -0400 (0:00:00.718) 0:00:04.874 *****
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2
Saturday 02 November 2024 08:29:20 -0400 (0:00:00.031) 0:00:04.906 *****
included: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3
TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2
Saturday 02 November 2024 08:29:20 -0400 (0:00:00.024) 0:00:04.931 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] *********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10
Saturday 02 November 2024 08:29:20 -0400 (0:00:00.036) 0:00:04.968 *****
ok: [managed-node3] => {
"changed": false,
"stat": {
"exists": false
}
}
TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15
Saturday 02 November 2024 08:29:20 -0400 (0:00:00.345) 0:00:05.314 *****
ok: [managed-node3] => {
"ansible_facts": {
"__fapolicyd_is_ostree": false
},
"changed": false
}
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19
Saturday 02 November 2024 08:29:20 -0400 (0:00:00.040) 0:00:05.354 *****
skipping: [managed-node3] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40
Saturday 02 November 2024 08:29:20 -0400 (0:00:00.058) 0:00:05.412 *****
ok: [managed-node3] => {
"ansible_facts": {
"__fapolicyd_configcheck_supported": true,
"__fapolicyd_integrity_supported": true,
"__fapolicyd_selinux_supported": true,
"__fapolicyd_supported": true,
"__fapolicyd_syslog_format_supported": true,
"__fapolicyd_trust_supported": true,
"__fapolicyd_trustfiles_supported": true,
"__fapolicyd_watch_fs_supported": true
},
"changed": false
}
TASK [fedora.linux_system_roles.fapolicyd : System check] **********************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5
Saturday 02 November 2024 08:29:21 -0400 (0:00:00.085) 0:00:05.498 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] *********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13
Saturday 02 November 2024 08:29:21 -0400 (0:00:00.034) 0:00:05.532 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] *****
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24
Saturday 02 November 2024 08:29:21 -0400 (0:00:00.036) 0:00:05.568 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35
Saturday 02 November 2024 08:29:21 -0400 (0:00:00.037) 0:00:05.606 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] ***********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46
Saturday 02 November 2024 08:29:21 -0400 (0:00:00.039) 0:00:05.645 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
Saturday 02 November 2024 08:29:21 -0400 (0:00:00.035) 0:00:05.680 *****
changed: [managed-node3] => {
"changed": true,
"rc": 0,
"results": [
"Installed: fapolicyd-selinux-1.3.2-1.el8.noarch",
"Installed: rpm-plugin-fapolicyd-4.14.3-31.el8.x86_64",
"Installed: fapolicyd-1.3.2-1.el8.x86_64",
"Installed: policycoreutils-python-utils-2.9-26.el8.noarch"
]
}
lsrpackages: fapolicyd fapolicyd-selinux
TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
Saturday 02 November 2024 08:30:00 -0400 (0:00:39.133) 0:00:44.813 *****
changed: [managed-node3] => {
"changed": true,
"checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55",
"dest": "/etc/fapolicyd/fapolicyd.conf",
"gid": 991,
"group": "fapolicyd",
"md5sum": "769ccbfa27940a69973575df5fa87cdf",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:fapolicyd_config_t:s0",
"size": 509,
"src": "/root/.ansible/tmp/ansible-tmp-1730550600.4195297-8292-202837931466682/source",
"state": "file",
"uid": 0
}
TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68
Saturday 02 November 2024 08:30:01 -0400 (0:00:00.718) 0:00:45.532 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"fapolicyd-cli",
"--check-config"
],
"delta": "0:00:00.006006",
"end": "2024-11-02 08:30:01.496558",
"rc": 0,
"start": "2024-11-02 08:30:01.490552"
}
STDOUT:
Daemon config is OK
TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] ***********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Saturday 02 November 2024 08:30:01 -0400 (0:00:00.490) 0:00:46.023 *****
changed: [managed-node3] => {
"changed": true,
"enabled": true,
"name": "fapolicyd.service",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"ConfigurationDirectoryMode": "0755",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14003",
"LimitNPROCSoft": "14003",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14003",
"LimitSIGPENDINGSoft": "14003",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestampMonotonic": "0",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "22405",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"UtmpMode": "init",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] *********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85
Saturday 02 November 2024 08:30:02 -0400 (0:00:01.046) 0:00:47.069 *****
changed: [managed-node3] => {
"changed": true,
"enabled": true,
"name": "fapolicyd.service",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Sat 2024-11-02 08:30:02 EDT",
"ActiveEnterTimestampMonotonic": "262529976",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2024-11-02 08:30:02 EDT",
"AssertTimestampMonotonic": "262489449",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2024-11-02 08:30:02 EDT",
"ConditionTimestampMonotonic": "262489448",
"ConfigurationDirectoryMode": "0755",
"ControlGroup": "/system.slice/fapolicyd.service",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "10319",
"ExecMainStartTimestamp": "Sat 2024-11-02 08:30:02 EDT",
"ExecMainStartTimestampMonotonic": "262529928",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:02 EDT] ; stop_time=[Sat 2024-11-02 08:30:02 EDT] ; pid=10318 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:02 EDT] ; stop_time=[Sat 2024-11-02 08:30:02 EDT] ; pid=10293 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Sat 2024-11-02 08:30:02 EDT",
"InactiveExitTimestampMonotonic": "262490225",
"InvocationID": "44eae305cd4b43bda163f1d2f2455a2f",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14003",
"LimitNPROCSoft": "14003",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14003",
"LimitSIGPENDINGSoft": "14003",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "10319",
"MemoryAccounting": "yes",
"MemoryCurrent": "31551488",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestamp": "Sat 2024-11-02 08:30:02 EDT",
"StateChangeTimestampMonotonic": "262529976",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "1",
"TasksMax": "22405",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] **************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96
Saturday 02 November 2024 08:30:03 -0400 (0:00:01.271) 0:00:48.341 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] *******************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103
Saturday 02 November 2024 08:30:03 -0400 (0:00:00.033) 0:00:48.374 *****
changed: [managed-node3] => {
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"delete",
"/"
],
"delta": "0:00:00.009337",
"end": "2024-11-02 08:30:04.297619",
"failed_when_result": false,
"rc": 1,
"start": "2024-11-02 08:30:04.288282"
}
STDERR:
/ is not in the trust database
MSG:
non-zero return code
TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] ***************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108
Saturday 02 November 2024 08:30:04 -0400 (0:00:00.436) 0:00:48.810 *****
changed: [managed-node3] => (item=/etc/passwd) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/etc/passwd"
],
"delta": "0:00:00.009689",
"end": "2024-11-02 08:30:04.770183",
"item": "/etc/passwd",
"rc": 0,
"start": "2024-11-02 08:30:04.760494"
}
changed: [managed-node3] => (item=/etc/fapolicyd/fapolicyd.conf) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/etc/fapolicyd/fapolicyd.conf"
],
"delta": "0:00:00.007920",
"end": "2024-11-02 08:30:05.199617",
"item": "/etc/fapolicyd/fapolicyd.conf",
"rc": 0,
"start": "2024-11-02 08:30:05.191697"
}
changed: [managed-node3] => (item=/etc/krb5.conf) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/etc/krb5.conf"
],
"delta": "0:00:00.008673",
"end": "2024-11-02 08:30:05.603726",
"item": "/etc/krb5.conf",
"rc": 0,
"start": "2024-11-02 08:30:05.595053"
}
changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables/exe1) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/var/tmp/fapolicyd_btisrbar/executables/exe1"
],
"delta": "0:00:00.008275",
"end": "2024-11-02 08:30:06.045393",
"item": "/var/tmp/fapolicyd_btisrbar/executables/exe1",
"rc": 0,
"start": "2024-11-02 08:30:06.037118"
}
TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] ***************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
Saturday 02 November 2024 08:30:06 -0400 (0:00:01.756) 0:00:50.567 *****
changed: [managed-node3] => {
"changed": true,
"cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n",
"delta": "0:00:03.937015",
"end": "2024-11-02 08:30:10.476627",
"rc": 0,
"start": "2024-11-02 08:30:06.539612"
}
STDOUT:
INFO: trustdb is updated
TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171
Saturday 02 November 2024 08:30:10 -0400 (0:00:04.432) 0:00:54.999 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [Run trusted binary exe1] *************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73
Saturday 02 November 2024 08:30:10 -0400 (0:00:00.052) 0:00:55.051 *****
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather
than running su
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_btisrbar/executables/exe1"
],
"delta": "0:00:00.238775",
"end": "2024-11-02 08:30:11.261487",
"rc": 0,
"start": "2024-11-02 08:30:11.022712"
}
TASK [Replace binary exe1 with exe2] *******************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:79
Saturday 02 November 2024 08:30:11 -0400 (0:00:00.731) 0:00:55.783 *****
changed: [managed-node3] => {
"changed": true,
"checksum": "49884739d6d6313af9d6e4347f03a7f615512600",
"dest": "/var/tmp/fapolicyd_btisrbar/executables/exe1",
"gid": 0,
"group": "root",
"md5sum": "38575d4acea7604f2470e6cee4df67a4",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 114,
"src": "/var/tmp/fapolicyd_btisrbar/executables/exe2",
"state": "file",
"uid": 0
}
TASK [Run untrusted binary exe2] ***********************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86
Saturday 02 November 2024 08:30:11 -0400 (0:00:00.489) 0:00:56.273 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_btisrbar/executables/exe2"
],
"delta": "0:00:00.053673",
"end": "2024-11-02 08:30:12.268067",
"failed_when_result": false,
"rc": 126,
"start": "2024-11-02 08:30:12.214394"
}
STDERR:
-bash: /var/tmp/fapolicyd_btisrbar/executables/exe2: Operation not permitted
MSG:
non-zero return code
TASK [Check now untrusted exe1 after replacement] ******************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94
Saturday 02 November 2024 08:30:12 -0400 (0:00:00.519) 0:00:56.792 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_btisrbar/executables/exe1"
],
"delta": "0:00:00.052540",
"end": "2024-11-02 08:30:12.788001",
"failed_when_result": false,
"rc": 126,
"start": "2024-11-02 08:30:12.735461"
}
STDERR:
-bash: /var/tmp/fapolicyd_btisrbar/executables/exe1: Operation not permitted
MSG:
non-zero return code
TASK [Run the role again without test file] ************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:102
Saturday 02 November 2024 08:30:12 -0400 (0:00:00.517) 0:00:57.309 *****
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2
Saturday 02 November 2024 08:30:12 -0400 (0:00:00.034) 0:00:57.344 *****
included: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3
TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2
Saturday 02 November 2024 08:30:12 -0400 (0:00:00.021) 0:00:57.365 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] *********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10
Saturday 02 November 2024 08:30:12 -0400 (0:00:00.034) 0:00:57.400 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15
Saturday 02 November 2024 08:30:12 -0400 (0:00:00.032) 0:00:57.433 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.034) 0:00:57.468 *****
skipping: [managed-node3] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.051) 0:00:57.519 *****
ok: [managed-node3] => {
"ansible_facts": {
"__fapolicyd_configcheck_supported": true,
"__fapolicyd_integrity_supported": true,
"__fapolicyd_selinux_supported": true,
"__fapolicyd_supported": true,
"__fapolicyd_syslog_format_supported": true,
"__fapolicyd_trust_supported": true,
"__fapolicyd_trustfiles_supported": true,
"__fapolicyd_watch_fs_supported": true
},
"changed": false
}
TASK [fedora.linux_system_roles.fapolicyd : System check] **********************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.077) 0:00:57.597 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] *********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.030) 0:00:57.628 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] *****
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.031) 0:00:57.660 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.032) 0:00:57.692 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] ***********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.032) 0:00:57.725 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
Saturday 02 November 2024 08:30:13 -0400 (0:00:00.033) 0:00:57.759 *****
ok: [managed-node3] => {
"changed": false,
"rc": 0,
"results": []
}
MSG:
Nothing to do
lsrpackages: fapolicyd fapolicyd-selinux
TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
Saturday 02 November 2024 08:30:16 -0400 (0:00:03.040) 0:01:00.799 *****
ok: [managed-node3] => {
"changed": false,
"checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55",
"dest": "/etc/fapolicyd/fapolicyd.conf",
"gid": 991,
"group": "fapolicyd",
"mode": "0644",
"owner": "root",
"path": "/etc/fapolicyd/fapolicyd.conf",
"secontext": "system_u:object_r:fapolicyd_config_t:s0",
"size": 509,
"state": "file",
"uid": 0
}
TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68
Saturday 02 November 2024 08:30:17 -0400 (0:00:00.785) 0:01:01.585 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] ***********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Saturday 02 November 2024 08:30:17 -0400 (0:00:00.034) 0:01:01.620 *****
ok: [managed-node3] => {
"changed": false,
"enabled": true,
"name": "fapolicyd.service",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Sat 2024-11-02 08:30:08 EDT",
"ActiveEnterTimestampMonotonic": "268446074",
"ActiveExitTimestamp": "Sat 2024-11-02 08:30:07 EDT",
"ActiveExitTimestampMonotonic": "267571555",
"ActiveState": "active",
"After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2024-11-02 08:30:08 EDT",
"AssertTimestampMonotonic": "268406555",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2024-11-02 08:30:08 EDT",
"ConditionTimestampMonotonic": "268406554",
"ConfigurationDirectoryMode": "0755",
"ControlGroup": "/system.slice/fapolicyd.service",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "11257",
"ExecMainStartTimestamp": "Sat 2024-11-02 08:30:08 EDT",
"ExecMainStartTimestampMonotonic": "268442349",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:08 EDT] ; stop_time=[Sat 2024-11-02 08:30:08 EDT] ; pid=11256 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:08 EDT] ; stop_time=[Sat 2024-11-02 08:30:08 EDT] ; pid=11231 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestamp": "Sat 2024-11-02 08:30:08 EDT",
"InactiveEnterTimestampMonotonic": "268405814",
"InactiveExitTimestamp": "Sat 2024-11-02 08:30:08 EDT",
"InactiveExitTimestampMonotonic": "268407599",
"InvocationID": "a16853a5ae5341bbb8015a8955a52376",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14003",
"LimitNPROCSoft": "14003",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14003",
"LimitSIGPENDINGSoft": "14003",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "11257",
"MemoryAccounting": "yes",
"MemoryCurrent": "36995072",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestamp": "Sat 2024-11-02 08:30:08 EDT",
"StateChangeTimestampMonotonic": "268446074",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "4",
"TasksMax": "22405",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] *********
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85
Saturday 02 November 2024 08:30:17 -0400 (0:00:00.605) 0:01:02.225 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] **************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96
Saturday 02 November 2024 08:30:17 -0400 (0:00:00.034) 0:01:02.259 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] *******************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103
Saturday 02 November 2024 08:30:17 -0400 (0:00:00.031) 0:01:02.291 *****
changed: [managed-node3] => {
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"delete",
"/"
],
"delta": "0:00:00.008597",
"end": "2024-11-02 08:30:18.217839",
"failed_when_result": false,
"rc": 0,
"start": "2024-11-02 08:30:18.209242"
}
TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] ***************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108
Saturday 02 November 2024 08:30:18 -0400 (0:00:00.447) 0:01:02.739 *****
TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] ***************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
Saturday 02 November 2024 08:30:18 -0400 (0:00:00.032) 0:01:02.771 *****
changed: [managed-node3] => {
"changed": true,
"cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n",
"delta": "0:00:04.895900",
"end": "2024-11-02 08:30:23.612849",
"rc": 0,
"start": "2024-11-02 08:30:18.716949"
}
STDOUT:
INFO: trustdb is updated
TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] ***
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171
Saturday 02 November 2024 08:30:23 -0400 (0:00:05.362) 0:01:08.134 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [Run untrusted exe1 after removing from trustdb] **************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110
Saturday 02 November 2024 08:30:23 -0400 (0:00:00.033) 0:01:08.167 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_btisrbar/executables/exe1"
],
"delta": "0:00:00.169498",
"end": "2024-11-02 08:30:24.272546",
"failed_when_result": false,
"rc": 126,
"start": "2024-11-02 08:30:24.103048"
}
STDERR:
-bash: /var/tmp/fapolicyd_btisrbar/executables/exe1: Operation not permitted
MSG:
non-zero return code
TASK [Shutdown fapolicyd] ******************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118
Saturday 02 November 2024 08:30:24 -0400 (0:00:00.628) 0:01:08.795 *****
changed: [managed-node3] => {
"changed": true,
"enabled": false,
"name": "fapolicyd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Sat 2024-11-02 08:30:21 EDT",
"ActiveEnterTimestampMonotonic": "281584088",
"ActiveExitTimestamp": "Sat 2024-11-02 08:30:19 EDT",
"ActiveExitTimestampMonotonic": "279748019",
"ActiveState": "active",
"After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2024-11-02 08:30:21 EDT",
"AssertTimestampMonotonic": "281547238",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2024-11-02 08:30:21 EDT",
"ConditionTimestampMonotonic": "281547236",
"ConfigurationDirectoryMode": "0755",
"ControlGroup": "/system.slice/fapolicyd.service",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "12587",
"ExecMainStartTimestamp": "Sat 2024-11-02 08:30:21 EDT",
"ExecMainStartTimestampMonotonic": "281582778",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:21 EDT] ; stop_time=[Sat 2024-11-02 08:30:21 EDT] ; pid=12586 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:21 EDT] ; stop_time=[Sat 2024-11-02 08:30:21 EDT] ; pid=12561 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestamp": "Sat 2024-11-02 08:30:21 EDT",
"InactiveEnterTimestampMonotonic": "281546460",
"InactiveExitTimestamp": "Sat 2024-11-02 08:30:21 EDT",
"InactiveExitTimestampMonotonic": "281548325",
"InvocationID": "3fe0b281fc73440c8252926f95621969",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14003",
"LimitNPROCSoft": "14003",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14003",
"LimitSIGPENDINGSoft": "14003",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "12587",
"MemoryAccounting": "yes",
"MemoryCurrent": "35278848",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestamp": "Sat 2024-11-02 08:30:21 EDT",
"StateChangeTimestampMonotonic": "281584088",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "4",
"TasksMax": "22405",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [Clean up temp directory] *************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:124
Saturday 02 November 2024 08:30:25 -0400 (0:00:01.393) 0:01:10.189 *****
changed: [managed-node3] => {
"changed": true,
"path": "/var/tmp/fapolicyd_btisrbar",
"state": "absent"
}
TASK [Remove test user] ********************************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:129
Saturday 02 November 2024 08:30:26 -0400 (0:00:00.334) 0:01:10.524 *****
changed: [managed-node3] => {
"attempts": 1,
"changed": true,
"force": false,
"name": "fapolicyd_test1_user",
"remove": false,
"state": "absent"
}
TASK [Debug test user removal failure] *****************************************
task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:139
Saturday 02 November 2024 08:30:26 -0400 (0:00:00.435) 0:01:10.959 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
managed-node3 : ok=32 changed=17 unreachable=0 failed=0 skipped=24 rescued=0 ignored=0
Saturday 02 November 2024 08:30:26 -0400 (0:00:00.031) 0:01:10.990 *****
===============================================================================
fedora.linux_system_roles.fapolicyd : Install fapolicyd packages ------- 39.13s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 5.36s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 4.43s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
fedora.linux_system_roles.fapolicyd : Install fapolicyd packages -------- 3.04s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
fedora.linux_system_roles.fapolicyd : Add file to trustdb --------------- 1.76s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108
Create shell executables ------------------------------------------------ 1.46s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40
Shutdown fapolicyd ------------------------------------------------------ 1.39s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118
Gathering Facts --------------------------------------------------------- 1.35s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2
fedora.linux_system_roles.fapolicyd : Restart fapolicyd service --------- 1.27s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85
fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 1.05s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Create directories for tests -------------------------------------------- 0.87s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31
fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 0.79s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
Run trusted binary exe1 ------------------------------------------------- 0.73s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73
Create a new user ------------------------------------------------------- 0.72s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55
fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 0.72s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
Run untrusted exe1 after removing from trustdb -------------------------- 0.63s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110
fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 0.61s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Run untrusted binary exe2 ----------------------------------------------- 0.52s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86
Check now untrusted exe1 after replacement ------------------------------ 0.52s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94
fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check --- 0.49s
/tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68