ansible-playbook 2.9.27 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.9/site-packages/ansible executable location = /usr/local/bin/ansible-playbook python version = 3.9.19 (main, May 16 2024, 11:40:09) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] No config file found; using defaults [WARNING]: running playbook inside collection fedora.linux_system_roles Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: tests_trusted_execution.yml ****************************************** 1 plays in /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml PLAY [Basic test for fapolicyd] ************************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2 Saturday 02 November 2024 08:29:15 -0400 (0:00:00.030) 0:00:00.030 ***** ok: [managed-node3] META: ran handlers TASK [Create temp test directory] ********************************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:24 Saturday 02 November 2024 08:29:16 -0400 (0:00:01.352) 0:00:01.383 ***** changed: [managed-node3] => { "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/var/tmp/fapolicyd_btisrbar", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [Create directories for tests] ******************************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31 Saturday 02 November 2024 08:29:17 -0400 (0:00:00.444) 0:00:01.828 ***** changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar) => { "ansible_loop_var": "item", "changed": true, "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_btisrbar", "mode": "0755", "owner": "root", "path": "/var/tmp/fapolicyd_btisrbar", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0 } changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables) => { "ansible_loop_var": "item", "changed": true, "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_btisrbar/executables", "mode": "0755", "owner": "root", "path": "/var/tmp/fapolicyd_btisrbar/executables", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [Create shell executables] ************************************************ task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40 Saturday 02 November 2024 08:29:18 -0400 (0:00:00.866) 0:00:02.694 ***** changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables/exe1) => { "ansible_loop_var": "item", "changed": true, "checksum": "762c83914caa36750af0b514616a467c7015a0d6", "dest": "/var/tmp/fapolicyd_btisrbar/executables/exe1", "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_btisrbar/executables/exe1", "md5sum": "9bd47e5749d746c8fe2753f04afe8a7c", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 114, "src": "/root/.ansible/tmp/ansible-tmp-1730550558.303514-7949-168296711474751/source", "state": "file", "uid": 0 } changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables/exe2) => { "ansible_loop_var": "item", "changed": true, "checksum": "49884739d6d6313af9d6e4347f03a7f615512600", "dest": "/var/tmp/fapolicyd_btisrbar/executables/exe2", "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_btisrbar/executables/exe2", "md5sum": "38575d4acea7604f2470e6cee4df67a4", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 114, "src": "/root/.ansible/tmp/ansible-tmp-1730550559.108324-7949-168716633061447/source", "state": "file", "uid": 0 } TASK [Create a new user] ******************************************************* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55 Saturday 02 November 2024 08:29:19 -0400 (0:00:01.461) 0:00:04.156 ***** changed: [managed-node3] => { "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/fapolicyd_test1_user", "name": "fapolicyd_test1_user", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1000 } TASK [Run the role] ************************************************************ task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:61 Saturday 02 November 2024 08:29:20 -0400 (0:00:00.718) 0:00:04.874 ***** TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2 Saturday 02 November 2024 08:29:20 -0400 (0:00:00.031) 0:00:04.906 ***** included: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3 TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2 Saturday 02 November 2024 08:29:20 -0400 (0:00:00.024) 0:00:04.931 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] ********* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10 Saturday 02 November 2024 08:29:20 -0400 (0:00:00.036) 0:00:04.968 ***** ok: [managed-node3] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15 Saturday 02 November 2024 08:29:20 -0400 (0:00:00.345) 0:00:05.314 ***** ok: [managed-node3] => { "ansible_facts": { "__fapolicyd_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19 Saturday 02 November 2024 08:29:20 -0400 (0:00:00.040) 0:00:05.354 ***** skipping: [managed-node3] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40 Saturday 02 November 2024 08:29:20 -0400 (0:00:00.058) 0:00:05.412 ***** ok: [managed-node3] => { "ansible_facts": { "__fapolicyd_configcheck_supported": true, "__fapolicyd_integrity_supported": true, "__fapolicyd_selinux_supported": true, "__fapolicyd_supported": true, "__fapolicyd_syslog_format_supported": true, "__fapolicyd_trust_supported": true, "__fapolicyd_trustfiles_supported": true, "__fapolicyd_watch_fs_supported": true }, "changed": false } TASK [fedora.linux_system_roles.fapolicyd : System check] ********************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5 Saturday 02 November 2024 08:29:21 -0400 (0:00:00.085) 0:00:05.498 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] ********* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13 Saturday 02 November 2024 08:29:21 -0400 (0:00:00.034) 0:00:05.532 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] ***** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24 Saturday 02 November 2024 08:29:21 -0400 (0:00:00.036) 0:00:05.568 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35 Saturday 02 November 2024 08:29:21 -0400 (0:00:00.037) 0:00:05.606 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] *********** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46 Saturday 02 November 2024 08:29:21 -0400 (0:00:00.039) 0:00:05.645 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ******** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 Saturday 02 November 2024 08:29:21 -0400 (0:00:00.035) 0:00:05.680 ***** changed: [managed-node3] => { "changed": true, "rc": 0, "results": [ "Installed: fapolicyd-selinux-1.3.2-1.el8.noarch", "Installed: rpm-plugin-fapolicyd-4.14.3-31.el8.x86_64", "Installed: fapolicyd-1.3.2-1.el8.x86_64", "Installed: policycoreutils-python-utils-2.9-26.el8.noarch" ] } lsrpackages: fapolicyd fapolicyd-selinux TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 Saturday 02 November 2024 08:30:00 -0400 (0:00:39.133) 0:00:44.813 ***** changed: [managed-node3] => { "changed": true, "checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55", "dest": "/etc/fapolicyd/fapolicyd.conf", "gid": 991, "group": "fapolicyd", "md5sum": "769ccbfa27940a69973575df5fa87cdf", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:fapolicyd_config_t:s0", "size": 509, "src": "/root/.ansible/tmp/ansible-tmp-1730550600.4195297-8292-202837931466682/source", "state": "file", "uid": 0 } TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68 Saturday 02 November 2024 08:30:01 -0400 (0:00:00.718) 0:00:45.532 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "fapolicyd-cli", "--check-config" ], "delta": "0:00:00.006006", "end": "2024-11-02 08:30:01.496558", "rc": 0, "start": "2024-11-02 08:30:01.490552" } STDOUT: Daemon config is OK TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] *********** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Saturday 02 November 2024 08:30:01 -0400 (0:00:00.490) 0:00:46.023 ***** changed: [managed-node3] => { "changed": true, "enabled": true, "name": "fapolicyd.service", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14003", "LimitNPROCSoft": "14003", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14003", "LimitSIGPENDINGSoft": "14003", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "22405", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] ********* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85 Saturday 02 November 2024 08:30:02 -0400 (0:00:01.046) 0:00:47.069 ***** changed: [managed-node3] => { "changed": true, "enabled": true, "name": "fapolicyd.service", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2024-11-02 08:30:02 EDT", "ActiveEnterTimestampMonotonic": "262529976", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-11-02 08:30:02 EDT", "AssertTimestampMonotonic": "262489449", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-11-02 08:30:02 EDT", "ConditionTimestampMonotonic": "262489448", "ConfigurationDirectoryMode": "0755", "ControlGroup": "/system.slice/fapolicyd.service", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "10319", "ExecMainStartTimestamp": "Sat 2024-11-02 08:30:02 EDT", "ExecMainStartTimestampMonotonic": "262529928", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:02 EDT] ; stop_time=[Sat 2024-11-02 08:30:02 EDT] ; pid=10318 ; code=exited ; status=0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:02 EDT] ; stop_time=[Sat 2024-11-02 08:30:02 EDT] ; pid=10293 ; code=exited ; status=0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-11-02 08:30:02 EDT", "InactiveExitTimestampMonotonic": "262490225", "InvocationID": "44eae305cd4b43bda163f1d2f2455a2f", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14003", "LimitNPROCSoft": "14003", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14003", "LimitSIGPENDINGSoft": "14003", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "10319", "MemoryAccounting": "yes", "MemoryCurrent": "31551488", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2024-11-02 08:30:02 EDT", "StateChangeTimestampMonotonic": "262529976", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "22405", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] ************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96 Saturday 02 November 2024 08:30:03 -0400 (0:00:01.271) 0:00:48.341 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] ******************* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103 Saturday 02 November 2024 08:30:03 -0400 (0:00:00.033) 0:00:48.374 ***** changed: [managed-node3] => { "changed": true, "cmd": [ "fapolicyd-cli", "--file", "delete", "/" ], "delta": "0:00:00.009337", "end": "2024-11-02 08:30:04.297619", "failed_when_result": false, "rc": 1, "start": "2024-11-02 08:30:04.288282" } STDERR: / is not in the trust database MSG: non-zero return code TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] *************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108 Saturday 02 November 2024 08:30:04 -0400 (0:00:00.436) 0:00:48.810 ***** changed: [managed-node3] => (item=/etc/passwd) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/etc/passwd" ], "delta": "0:00:00.009689", "end": "2024-11-02 08:30:04.770183", "item": "/etc/passwd", "rc": 0, "start": "2024-11-02 08:30:04.760494" } changed: [managed-node3] => (item=/etc/fapolicyd/fapolicyd.conf) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/etc/fapolicyd/fapolicyd.conf" ], "delta": "0:00:00.007920", "end": "2024-11-02 08:30:05.199617", "item": "/etc/fapolicyd/fapolicyd.conf", "rc": 0, "start": "2024-11-02 08:30:05.191697" } changed: [managed-node3] => (item=/etc/krb5.conf) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/etc/krb5.conf" ], "delta": "0:00:00.008673", "end": "2024-11-02 08:30:05.603726", "item": "/etc/krb5.conf", "rc": 0, "start": "2024-11-02 08:30:05.595053" } changed: [managed-node3] => (item=/var/tmp/fapolicyd_btisrbar/executables/exe1) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/var/tmp/fapolicyd_btisrbar/executables/exe1" ], "delta": "0:00:00.008275", "end": "2024-11-02 08:30:06.045393", "item": "/var/tmp/fapolicyd_btisrbar/executables/exe1", "rc": 0, "start": "2024-11-02 08:30:06.037118" } TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] *************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 Saturday 02 November 2024 08:30:06 -0400 (0:00:01.756) 0:00:50.567 ***** changed: [managed-node3] => { "changed": true, "cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n", "delta": "0:00:03.937015", "end": "2024-11-02 08:30:10.476627", "rc": 0, "start": "2024-11-02 08:30:06.539612" } STDOUT: INFO: trustdb is updated TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171 Saturday 02 November 2024 08:30:10 -0400 (0:00:04.432) 0:00:54.999 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Run trusted binary exe1] ************************************************* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73 Saturday 02 November 2024 08:30:10 -0400 (0:00:00.052) 0:00:55.051 ***** [WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running su ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_btisrbar/executables/exe1" ], "delta": "0:00:00.238775", "end": "2024-11-02 08:30:11.261487", "rc": 0, "start": "2024-11-02 08:30:11.022712" } TASK [Replace binary exe1 with exe2] ******************************************* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:79 Saturday 02 November 2024 08:30:11 -0400 (0:00:00.731) 0:00:55.783 ***** changed: [managed-node3] => { "changed": true, "checksum": "49884739d6d6313af9d6e4347f03a7f615512600", "dest": "/var/tmp/fapolicyd_btisrbar/executables/exe1", "gid": 0, "group": "root", "md5sum": "38575d4acea7604f2470e6cee4df67a4", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 114, "src": "/var/tmp/fapolicyd_btisrbar/executables/exe2", "state": "file", "uid": 0 } TASK [Run untrusted binary exe2] *********************************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86 Saturday 02 November 2024 08:30:11 -0400 (0:00:00.489) 0:00:56.273 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_btisrbar/executables/exe2" ], "delta": "0:00:00.053673", "end": "2024-11-02 08:30:12.268067", "failed_when_result": false, "rc": 126, "start": "2024-11-02 08:30:12.214394" } STDERR: -bash: /var/tmp/fapolicyd_btisrbar/executables/exe2: Operation not permitted MSG: non-zero return code TASK [Check now untrusted exe1 after replacement] ****************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94 Saturday 02 November 2024 08:30:12 -0400 (0:00:00.519) 0:00:56.792 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_btisrbar/executables/exe1" ], "delta": "0:00:00.052540", "end": "2024-11-02 08:30:12.788001", "failed_when_result": false, "rc": 126, "start": "2024-11-02 08:30:12.735461" } STDERR: -bash: /var/tmp/fapolicyd_btisrbar/executables/exe1: Operation not permitted MSG: non-zero return code TASK [Run the role again without test file] ************************************ task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:102 Saturday 02 November 2024 08:30:12 -0400 (0:00:00.517) 0:00:57.309 ***** TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2 Saturday 02 November 2024 08:30:12 -0400 (0:00:00.034) 0:00:57.344 ***** included: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3 TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2 Saturday 02 November 2024 08:30:12 -0400 (0:00:00.021) 0:00:57.365 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] ********* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10 Saturday 02 November 2024 08:30:12 -0400 (0:00:00.034) 0:00:57.400 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15 Saturday 02 November 2024 08:30:12 -0400 (0:00:00.032) 0:00:57.433 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.034) 0:00:57.468 ***** skipping: [managed-node3] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.051) 0:00:57.519 ***** ok: [managed-node3] => { "ansible_facts": { "__fapolicyd_configcheck_supported": true, "__fapolicyd_integrity_supported": true, "__fapolicyd_selinux_supported": true, "__fapolicyd_supported": true, "__fapolicyd_syslog_format_supported": true, "__fapolicyd_trust_supported": true, "__fapolicyd_trustfiles_supported": true, "__fapolicyd_watch_fs_supported": true }, "changed": false } TASK [fedora.linux_system_roles.fapolicyd : System check] ********************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.077) 0:00:57.597 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] ********* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.030) 0:00:57.628 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] ***** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.031) 0:00:57.660 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.032) 0:00:57.692 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] *********** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.032) 0:00:57.725 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ******** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 Saturday 02 November 2024 08:30:13 -0400 (0:00:00.033) 0:00:57.759 ***** ok: [managed-node3] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: fapolicyd fapolicyd-selinux TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 Saturday 02 November 2024 08:30:16 -0400 (0:00:03.040) 0:01:00.799 ***** ok: [managed-node3] => { "changed": false, "checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55", "dest": "/etc/fapolicyd/fapolicyd.conf", "gid": 991, "group": "fapolicyd", "mode": "0644", "owner": "root", "path": "/etc/fapolicyd/fapolicyd.conf", "secontext": "system_u:object_r:fapolicyd_config_t:s0", "size": 509, "state": "file", "uid": 0 } TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68 Saturday 02 November 2024 08:30:17 -0400 (0:00:00.785) 0:01:01.585 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] *********** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Saturday 02 November 2024 08:30:17 -0400 (0:00:00.034) 0:01:01.620 ***** ok: [managed-node3] => { "changed": false, "enabled": true, "name": "fapolicyd.service", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2024-11-02 08:30:08 EDT", "ActiveEnterTimestampMonotonic": "268446074", "ActiveExitTimestamp": "Sat 2024-11-02 08:30:07 EDT", "ActiveExitTimestampMonotonic": "267571555", "ActiveState": "active", "After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-11-02 08:30:08 EDT", "AssertTimestampMonotonic": "268406555", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-11-02 08:30:08 EDT", "ConditionTimestampMonotonic": "268406554", "ConfigurationDirectoryMode": "0755", "ControlGroup": "/system.slice/fapolicyd.service", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "11257", "ExecMainStartTimestamp": "Sat 2024-11-02 08:30:08 EDT", "ExecMainStartTimestampMonotonic": "268442349", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:08 EDT] ; stop_time=[Sat 2024-11-02 08:30:08 EDT] ; pid=11256 ; code=exited ; status=0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:08 EDT] ; stop_time=[Sat 2024-11-02 08:30:08 EDT] ; pid=11231 ; code=exited ; status=0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "Sat 2024-11-02 08:30:08 EDT", "InactiveEnterTimestampMonotonic": "268405814", "InactiveExitTimestamp": "Sat 2024-11-02 08:30:08 EDT", "InactiveExitTimestampMonotonic": "268407599", "InvocationID": "a16853a5ae5341bbb8015a8955a52376", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14003", "LimitNPROCSoft": "14003", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14003", "LimitSIGPENDINGSoft": "14003", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "11257", "MemoryAccounting": "yes", "MemoryCurrent": "36995072", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2024-11-02 08:30:08 EDT", "StateChangeTimestampMonotonic": "268446074", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "22405", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] ********* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85 Saturday 02 November 2024 08:30:17 -0400 (0:00:00.605) 0:01:02.225 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] ************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96 Saturday 02 November 2024 08:30:17 -0400 (0:00:00.034) 0:01:02.259 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] ******************* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103 Saturday 02 November 2024 08:30:17 -0400 (0:00:00.031) 0:01:02.291 ***** changed: [managed-node3] => { "changed": true, "cmd": [ "fapolicyd-cli", "--file", "delete", "/" ], "delta": "0:00:00.008597", "end": "2024-11-02 08:30:18.217839", "failed_when_result": false, "rc": 0, "start": "2024-11-02 08:30:18.209242" } TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] *************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108 Saturday 02 November 2024 08:30:18 -0400 (0:00:00.447) 0:01:02.739 ***** TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] *************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 Saturday 02 November 2024 08:30:18 -0400 (0:00:00.032) 0:01:02.771 ***** changed: [managed-node3] => { "changed": true, "cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n", "delta": "0:00:04.895900", "end": "2024-11-02 08:30:23.612849", "rc": 0, "start": "2024-11-02 08:30:18.716949" } STDOUT: INFO: trustdb is updated TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] *** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171 Saturday 02 November 2024 08:30:23 -0400 (0:00:05.362) 0:01:08.134 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Run untrusted exe1 after removing from trustdb] ************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110 Saturday 02 November 2024 08:30:23 -0400 (0:00:00.033) 0:01:08.167 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_btisrbar/executables/exe1" ], "delta": "0:00:00.169498", "end": "2024-11-02 08:30:24.272546", "failed_when_result": false, "rc": 126, "start": "2024-11-02 08:30:24.103048" } STDERR: -bash: /var/tmp/fapolicyd_btisrbar/executables/exe1: Operation not permitted MSG: non-zero return code TASK [Shutdown fapolicyd] ****************************************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118 Saturday 02 November 2024 08:30:24 -0400 (0:00:00.628) 0:01:08.795 ***** changed: [managed-node3] => { "changed": true, "enabled": false, "name": "fapolicyd", "state": "stopped", "status": { "ActiveEnterTimestamp": "Sat 2024-11-02 08:30:21 EDT", "ActiveEnterTimestampMonotonic": "281584088", "ActiveExitTimestamp": "Sat 2024-11-02 08:30:19 EDT", "ActiveExitTimestampMonotonic": "279748019", "ActiveState": "active", "After": "systemd-tmpfiles-setup.service systemd-journald.socket system.slice local-fs.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-11-02 08:30:21 EDT", "AssertTimestampMonotonic": "281547238", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-11-02 08:30:21 EDT", "ConditionTimestampMonotonic": "281547236", "ConfigurationDirectoryMode": "0755", "ControlGroup": "/system.slice/fapolicyd.service", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "12587", "ExecMainStartTimestamp": "Sat 2024-11-02 08:30:21 EDT", "ExecMainStartTimestampMonotonic": "281582778", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:21 EDT] ; stop_time=[Sat 2024-11-02 08:30:21 EDT] ; pid=12586 ; code=exited ; status=0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-02 08:30:21 EDT] ; stop_time=[Sat 2024-11-02 08:30:21 EDT] ; pid=12561 ; code=exited ; status=0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "Sat 2024-11-02 08:30:21 EDT", "InactiveEnterTimestampMonotonic": "281546460", "InactiveExitTimestamp": "Sat 2024-11-02 08:30:21 EDT", "InactiveExitTimestampMonotonic": "281548325", "InvocationID": "3fe0b281fc73440c8252926f95621969", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14003", "LimitNPROCSoft": "14003", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14003", "LimitSIGPENDINGSoft": "14003", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "12587", "MemoryAccounting": "yes", "MemoryCurrent": "35278848", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2024-11-02 08:30:21 EDT", "StateChangeTimestampMonotonic": "281584088", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "22405", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [Clean up temp directory] ************************************************* task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:124 Saturday 02 November 2024 08:30:25 -0400 (0:00:01.393) 0:01:10.189 ***** changed: [managed-node3] => { "changed": true, "path": "/var/tmp/fapolicyd_btisrbar", "state": "absent" } TASK [Remove test user] ******************************************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:129 Saturday 02 November 2024 08:30:26 -0400 (0:00:00.334) 0:01:10.524 ***** changed: [managed-node3] => { "attempts": 1, "changed": true, "force": false, "name": "fapolicyd_test1_user", "remove": false, "state": "absent" } TASK [Debug test user removal failure] ***************************************** task path: /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:139 Saturday 02 November 2024 08:30:26 -0400 (0:00:00.435) 0:01:10.959 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* managed-node3 : ok=32 changed=17 unreachable=0 failed=0 skipped=24 rescued=0 ignored=0 Saturday 02 November 2024 08:30:26 -0400 (0:00:00.031) 0:01:10.990 ***** =============================================================================== fedora.linux_system_roles.fapolicyd : Install fapolicyd packages ------- 39.13s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 5.36s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 4.43s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 fedora.linux_system_roles.fapolicyd : Install fapolicyd packages -------- 3.04s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 fedora.linux_system_roles.fapolicyd : Add file to trustdb --------------- 1.76s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108 Create shell executables ------------------------------------------------ 1.46s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40 Shutdown fapolicyd ------------------------------------------------------ 1.39s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118 Gathering Facts --------------------------------------------------------- 1.35s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2 fedora.linux_system_roles.fapolicyd : Restart fapolicyd service --------- 1.27s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85 fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 1.05s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Create directories for tests -------------------------------------------- 0.87s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31 fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 0.79s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 Run trusted binary exe1 ------------------------------------------------- 0.73s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73 Create a new user ------------------------------------------------------- 0.72s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55 fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 0.72s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 Run untrusted exe1 after removing from trustdb -------------------------- 0.63s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110 fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 0.61s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Run untrusted binary exe2 ----------------------------------------------- 0.52s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86 Check now untrusted exe1 after replacement ------------------------------ 0.52s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94 fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check --- 0.49s /tmp/collections-JMC/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68