ansible-playbook 2.9.27 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.9/site-packages/ansible executable location = /usr/local/bin/ansible-playbook python version = 3.9.19 (main, May 16 2024, 11:40:09) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] No config file found; using defaults [WARNING]: running playbook inside collection fedora.linux_system_roles Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: tests_trusted_execution.yml ****************************************** 1 plays in /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml PLAY [Basic test for fapolicyd] ************************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2 Saturday 16 November 2024 11:24:41 -0500 (0:00:00.037) 0:00:00.037 ***** ok: [managed-node3] META: ran handlers TASK [Create temp test directory] ********************************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:24 Saturday 16 November 2024 11:24:43 -0500 (0:00:01.381) 0:00:01.419 ***** changed: [managed-node3] => { "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/var/tmp/fapolicyd_xb438fps", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [Create directories for tests] ******************************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31 Saturday 16 November 2024 11:24:43 -0500 (0:00:00.630) 0:00:02.049 ***** changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps) => { "ansible_loop_var": "item", "changed": true, "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_xb438fps", "mode": "0755", "owner": "root", "path": "/var/tmp/fapolicyd_xb438fps", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0 } changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables) => { "ansible_loop_var": "item", "changed": true, "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_xb438fps/executables", "mode": "0755", "owner": "root", "path": "/var/tmp/fapolicyd_xb438fps/executables", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [Create shell executables] ************************************************ task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40 Saturday 16 November 2024 11:24:44 -0500 (0:00:01.132) 0:00:03.182 ***** changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables/exe1) => { "ansible_loop_var": "item", "changed": true, "checksum": "e2a7b942889f57da549865222eae4e583806ebcb", "dest": "/var/tmp/fapolicyd_xb438fps/executables/exe1", "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_xb438fps/executables/exe1", "md5sum": "19131284dd5889d0cc108a2b08257c14", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 114, "src": "/root/.ansible/tmp/ansible-tmp-1731774285.0049653-7933-135945716516929/source", "state": "file", "uid": 0 } changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables/exe2) => { "ansible_loop_var": "item", "changed": true, "checksum": "7d0f26be3284f144ff6f4f522a904e1e7405c50d", "dest": "/var/tmp/fapolicyd_xb438fps/executables/exe2", "gid": 0, "group": "root", "item": "/var/tmp/fapolicyd_xb438fps/executables/exe2", "md5sum": "5215583bd56782ae505743cd1aa79a39", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 114, "src": "/root/.ansible/tmp/ansible-tmp-1731774285.970151-7933-270550909589821/source", "state": "file", "uid": 0 } TASK [Create a new user] ******************************************************* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55 Saturday 16 November 2024 11:24:46 -0500 (0:00:01.750) 0:00:04.932 ***** changed: [managed-node3] => { "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/fapolicyd_test1_user", "name": "fapolicyd_test1_user", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1000 } TASK [Run the role] ************************************************************ task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:61 Saturday 16 November 2024 11:24:47 -0500 (0:00:00.779) 0:00:05.712 ***** TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2 Saturday 16 November 2024 11:24:47 -0500 (0:00:00.040) 0:00:05.753 ***** included: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3 TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2 Saturday 16 November 2024 11:24:47 -0500 (0:00:00.030) 0:00:05.783 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] ********* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10 Saturday 16 November 2024 11:24:47 -0500 (0:00:00.043) 0:00:05.827 ***** ok: [managed-node3] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15 Saturday 16 November 2024 11:24:47 -0500 (0:00:00.406) 0:00:06.234 ***** ok: [managed-node3] => { "ansible_facts": { "__fapolicyd_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.048) 0:00:06.283 ***** skipping: [managed-node3] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.071) 0:00:06.354 ***** ok: [managed-node3] => { "ansible_facts": { "__fapolicyd_configcheck_supported": true, "__fapolicyd_integrity_supported": true, "__fapolicyd_selinux_supported": true, "__fapolicyd_supported": true, "__fapolicyd_syslog_format_supported": true, "__fapolicyd_trust_supported": true, "__fapolicyd_trustfiles_supported": true, "__fapolicyd_watch_fs_supported": true }, "changed": false } TASK [fedora.linux_system_roles.fapolicyd : System check] ********************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.103) 0:00:06.457 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] ********* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.041) 0:00:06.499 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] ***** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.043) 0:00:06.543 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.043) 0:00:06.586 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] *********** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.045) 0:00:06.632 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ******** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 Saturday 16 November 2024 11:24:48 -0500 (0:00:00.044) 0:00:06.677 ***** changed: [managed-node3] => { "changed": true, "rc": 0, "results": [ "Installed: fapolicyd-selinux-1.3.2-1.el8.noarch", "Installed: rpm-plugin-fapolicyd-4.14.3-31.el8.x86_64", "Installed: fapolicyd-1.3.2-1.el8.x86_64", "Installed: policycoreutils-python-utils-2.9-26.el8.noarch" ] } lsrpackages: fapolicyd fapolicyd-selinux TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 Saturday 16 November 2024 11:25:33 -0500 (0:00:44.953) 0:00:51.630 ***** changed: [managed-node3] => { "changed": true, "checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55", "dest": "/etc/fapolicyd/fapolicyd.conf", "gid": 991, "group": "fapolicyd", "md5sum": "769ccbfa27940a69973575df5fa87cdf", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:fapolicyd_config_t:s0", "size": 509, "src": "/root/.ansible/tmp/ansible-tmp-1731774333.453488-8601-41335953825619/source", "state": "file", "uid": 0 } TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68 Saturday 16 November 2024 11:25:34 -0500 (0:00:00.857) 0:00:52.487 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "fapolicyd-cli", "--check-config" ], "delta": "0:00:00.006917", "end": "2024-11-16 11:25:34.674400", "rc": 0, "start": "2024-11-16 11:25:34.667483" } STDOUT: Daemon config is OK TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] *********** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Saturday 16 November 2024 11:25:34 -0500 (0:00:00.508) 0:00:52.996 ***** changed: [managed-node3] => { "changed": true, "enabled": true, "name": "fapolicyd.service", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-tmpfiles-setup.service local-fs.target systemd-journald.socket system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14004", "LimitNPROCSoft": "14004", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14004", "LimitSIGPENDINGSoft": "14004", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "22406", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] ********* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85 Saturday 16 November 2024 11:25:35 -0500 (0:00:01.000) 0:00:53.996 ***** changed: [managed-node3] => { "changed": true, "enabled": true, "name": "fapolicyd.service", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2024-11-16 11:25:35 EST", "ActiveEnterTimestampMonotonic": "346773591", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket local-fs.target system.slice systemd-tmpfiles-setup.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-11-16 11:25:35 EST", "AssertTimestampMonotonic": "346728129", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-11-16 11:25:35 EST", "ConditionTimestampMonotonic": "346728128", "ConfigurationDirectoryMode": "0755", "ControlGroup": "/system.slice/fapolicyd.service", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "10322", "ExecMainStartTimestamp": "Sat 2024-11-16 11:25:35 EST", "ExecMainStartTimestampMonotonic": "346773566", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:35 EST] ; stop_time=[Sat 2024-11-16 11:25:35 EST] ; pid=10321 ; code=exited ; status=0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:35 EST] ; stop_time=[Sat 2024-11-16 11:25:35 EST] ; pid=10296 ; code=exited ; status=0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-11-16 11:25:35 EST", "InactiveExitTimestampMonotonic": "346729274", "InvocationID": "f0bac27eb70f42ea81c3c7cb7f51a217", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14004", "LimitNPROCSoft": "14004", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14004", "LimitSIGPENDINGSoft": "14004", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "10322", "MemoryAccounting": "yes", "MemoryCurrent": "28184576", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2024-11-16 11:25:35 EST", "StateChangeTimestampMonotonic": "346773591", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "22406", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Sat 2024-11-16 11:25:35 EST", "WatchdogTimestampMonotonic": "346773588", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] ************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96 Saturday 16 November 2024 11:25:37 -0500 (0:00:01.425) 0:00:55.422 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] ******************* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103 Saturday 16 November 2024 11:25:37 -0500 (0:00:00.064) 0:00:55.486 ***** changed: [managed-node3] => { "changed": true, "cmd": [ "fapolicyd-cli", "--file", "delete", "/" ], "delta": "0:00:00.010157", "end": "2024-11-16 11:25:37.663439", "failed_when_result": false, "rc": 1, "start": "2024-11-16 11:25:37.653282" } STDERR: / is not in the trust database MSG: non-zero return code TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] *************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108 Saturday 16 November 2024 11:25:37 -0500 (0:00:00.512) 0:00:55.999 ***** changed: [managed-node3] => (item=/etc/passwd) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/etc/passwd" ], "delta": "0:00:00.010186", "end": "2024-11-16 11:25:38.204864", "item": "/etc/passwd", "rc": 0, "start": "2024-11-16 11:25:38.194678" } changed: [managed-node3] => (item=/etc/fapolicyd/fapolicyd.conf) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/etc/fapolicyd/fapolicyd.conf" ], "delta": "0:00:00.009669", "end": "2024-11-16 11:25:38.701270", "item": "/etc/fapolicyd/fapolicyd.conf", "rc": 0, "start": "2024-11-16 11:25:38.691601" } changed: [managed-node3] => (item=/etc/krb5.conf) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/etc/krb5.conf" ], "delta": "0:00:00.010528", "end": "2024-11-16 11:25:39.212496", "item": "/etc/krb5.conf", "rc": 0, "start": "2024-11-16 11:25:39.201968" } changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables/exe1) => { "ansible_loop_var": "item", "changed": true, "cmd": [ "fapolicyd-cli", "--file", "add", "/var/tmp/fapolicyd_xb438fps/executables/exe1" ], "delta": "0:00:00.010420", "end": "2024-11-16 11:25:39.780155", "item": "/var/tmp/fapolicyd_xb438fps/executables/exe1", "rc": 0, "start": "2024-11-16 11:25:39.769735" } TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] *************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 Saturday 16 November 2024 11:25:39 -0500 (0:00:02.137) 0:00:58.137 ***** changed: [managed-node3] => { "changed": true, "cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n", "delta": "0:00:03.569866", "end": "2024-11-16 11:25:43.949678", "rc": 0, "start": "2024-11-16 11:25:40.379812" } STDOUT: INFO: trustdb is updated TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171 Saturday 16 November 2024 11:25:44 -0500 (0:00:04.167) 0:01:02.304 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Run trusted binary exe1] ************************************************* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73 Saturday 16 November 2024 11:25:44 -0500 (0:00:00.039) 0:01:02.343 ***** [WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running su ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_xb438fps/executables/exe1" ], "delta": "0:00:00.260041", "end": "2024-11-16 11:25:44.848385", "rc": 0, "start": "2024-11-16 11:25:44.588344" } TASK [Replace binary exe1 with exe2] ******************************************* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:79 Saturday 16 November 2024 11:25:44 -0500 (0:00:00.862) 0:01:03.205 ***** changed: [managed-node3] => { "changed": true, "checksum": "7d0f26be3284f144ff6f4f522a904e1e7405c50d", "dest": "/var/tmp/fapolicyd_xb438fps/executables/exe1", "gid": 0, "group": "root", "md5sum": "5215583bd56782ae505743cd1aa79a39", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 114, "src": "/var/tmp/fapolicyd_xb438fps/executables/exe2", "state": "file", "uid": 0 } TASK [Run untrusted binary exe2] *********************************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86 Saturday 16 November 2024 11:25:45 -0500 (0:00:00.623) 0:01:03.829 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_xb438fps/executables/exe2" ], "delta": "0:00:00.070996", "end": "2024-11-16 11:25:46.144730", "failed_when_result": false, "rc": 126, "start": "2024-11-16 11:25:46.073734" } STDERR: -bash: /var/tmp/fapolicyd_xb438fps/executables/exe2: Operation not permitted MSG: non-zero return code TASK [Check now untrusted exe1 after replacement] ****************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94 Saturday 16 November 2024 11:25:46 -0500 (0:00:00.673) 0:01:04.502 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_xb438fps/executables/exe1" ], "delta": "0:00:00.071518", "end": "2024-11-16 11:25:46.823605", "failed_when_result": false, "rc": 126, "start": "2024-11-16 11:25:46.752087" } STDERR: -bash: /var/tmp/fapolicyd_xb438fps/executables/exe1: Operation not permitted MSG: non-zero return code TASK [Run the role again without test file] ************************************ task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:102 Saturday 16 November 2024 11:25:46 -0500 (0:00:00.678) 0:01:05.180 ***** TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2 Saturday 16 November 2024 11:25:46 -0500 (0:00:00.040) 0:01:05.221 ***** included: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3 TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2 Saturday 16 November 2024 11:25:46 -0500 (0:00:00.026) 0:01:05.248 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] ********* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.041) 0:01:05.290 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.331 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.371 ***** skipping: [managed-node3] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node3] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.065) 0:01:05.436 ***** ok: [managed-node3] => { "ansible_facts": { "__fapolicyd_configcheck_supported": true, "__fapolicyd_integrity_supported": true, "__fapolicyd_selinux_supported": true, "__fapolicyd_supported": true, "__fapolicyd_syslog_format_supported": true, "__fapolicyd_trust_supported": true, "__fapolicyd_trustfiles_supported": true, "__fapolicyd_watch_fs_supported": true }, "changed": false } TASK [fedora.linux_system_roles.fapolicyd : System check] ********************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.098) 0:01:05.535 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] ********* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.575 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] ***** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.041) 0:01:05.617 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.041) 0:01:05.659 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] *********** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.699 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ******** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.740 ***** ok: [managed-node3] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: fapolicyd fapolicyd-selinux TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 Saturday 16 November 2024 11:25:50 -0500 (0:00:03.471) 0:01:09.211 ***** ok: [managed-node3] => { "changed": false, "checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55", "dest": "/etc/fapolicyd/fapolicyd.conf", "gid": 991, "group": "fapolicyd", "mode": "0644", "owner": "root", "path": "/etc/fapolicyd/fapolicyd.conf", "secontext": "system_u:object_r:fapolicyd_config_t:s0", "size": 509, "state": "file", "uid": 0 } TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68 Saturday 16 November 2024 11:25:51 -0500 (0:00:01.014) 0:01:10.226 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] *********** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Saturday 16 November 2024 11:25:51 -0500 (0:00:00.041) 0:01:10.268 ***** ok: [managed-node3] => { "changed": false, "enabled": true, "name": "fapolicyd.service", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2024-11-16 11:25:41 EST", "ActiveEnterTimestampMonotonic": "353037053", "ActiveExitTimestamp": "Sat 2024-11-16 11:25:41 EST", "ActiveExitTimestampMonotonic": "352543526", "ActiveState": "active", "After": "systemd-journald.socket local-fs.target system.slice systemd-tmpfiles-setup.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-11-16 11:25:41 EST", "AssertTimestampMonotonic": "352994687", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-11-16 11:25:41 EST", "ConditionTimestampMonotonic": "352994685", "ConfigurationDirectoryMode": "0755", "ControlGroup": "/system.slice/fapolicyd.service", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "11260", "ExecMainStartTimestamp": "Sat 2024-11-16 11:25:41 EST", "ExecMainStartTimestampMonotonic": "353035425", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:41 EST] ; stop_time=[Sat 2024-11-16 11:25:41 EST] ; pid=11259 ; code=exited ; status=0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:41 EST] ; stop_time=[Sat 2024-11-16 11:25:41 EST] ; pid=11234 ; code=exited ; status=0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "Sat 2024-11-16 11:25:41 EST", "InactiveEnterTimestampMonotonic": "352993769", "InactiveExitTimestamp": "Sat 2024-11-16 11:25:41 EST", "InactiveExitTimestampMonotonic": "352995882", "InvocationID": "dc03eed4976c4bac83623dc9f1ab5749", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14004", "LimitNPROCSoft": "14004", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14004", "LimitSIGPENDINGSoft": "14004", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "11260", "MemoryAccounting": "yes", "MemoryCurrent": "36847616", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2024-11-16 11:25:41 EST", "StateChangeTimestampMonotonic": "353037053", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "22406", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] ********* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85 Saturday 16 November 2024 11:25:52 -0500 (0:00:00.772) 0:01:11.041 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] ************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96 Saturday 16 November 2024 11:25:52 -0500 (0:00:00.041) 0:01:11.082 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] ******************* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103 Saturday 16 November 2024 11:25:52 -0500 (0:00:00.040) 0:01:11.123 ***** changed: [managed-node3] => { "changed": true, "cmd": [ "fapolicyd-cli", "--file", "delete", "/" ], "delta": "0:00:00.010371", "end": "2024-11-16 11:25:53.352567", "failed_when_result": false, "rc": 0, "start": "2024-11-16 11:25:53.342196" } TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] *************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108 Saturday 16 November 2024 11:25:53 -0500 (0:00:00.585) 0:01:11.709 ***** TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] *************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 Saturday 16 November 2024 11:25:53 -0500 (0:00:00.039) 0:01:11.748 ***** changed: [managed-node3] => { "changed": true, "cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n", "delta": "0:00:03.226899", "end": "2024-11-16 11:25:57.223758", "rc": 0, "start": "2024-11-16 11:25:53.996859" } STDOUT: INFO: trustdb is updated TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] *** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171 Saturday 16 November 2024 11:25:57 -0500 (0:00:03.832) 0:01:15.580 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Run untrusted exe1 after removing from trustdb] ************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110 Saturday 16 November 2024 11:25:57 -0500 (0:00:00.040) 0:01:15.621 ***** ok: [managed-node3] => { "changed": false, "cmd": [ "su", "-", "fapolicyd_test1_user", "-c", "/var/tmp/fapolicyd_xb438fps/executables/exe1" ], "delta": "0:00:00.204714", "end": "2024-11-16 11:25:58.082294", "failed_when_result": false, "rc": 126, "start": "2024-11-16 11:25:57.877580" } STDERR: -bash: /var/tmp/fapolicyd_xb438fps/executables/exe1: Operation not permitted MSG: non-zero return code TASK [Shutdown fapolicyd] ****************************************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118 Saturday 16 November 2024 11:25:58 -0500 (0:00:00.816) 0:01:16.438 ***** changed: [managed-node3] => { "changed": true, "enabled": false, "name": "fapolicyd", "state": "stopped", "status": { "ActiveEnterTimestamp": "Sat 2024-11-16 11:25:55 EST", "ActiveEnterTimestampMonotonic": "366311046", "ActiveExitTimestamp": "Sat 2024-11-16 11:25:55 EST", "ActiveExitTimestampMonotonic": "366159349", "ActiveState": "active", "After": "systemd-journald.socket local-fs.target system.slice systemd-tmpfiles-setup.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-11-16 11:25:55 EST", "AssertTimestampMonotonic": "366267670", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-11-16 11:25:55 EST", "ConditionTimestampMonotonic": "366267668", "ConfigurationDirectoryMode": "0755", "ControlGroup": "/system.slice/fapolicyd.service", "ControlPID": "0", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "File Access Policy Daemon", "DevicePolicy": "auto", "Documentation": "man:fapolicyd(8)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "12590", "ExecMainStartTimestamp": "Sat 2024-11-16 11:25:55 EST", "ExecMainStartTimestampMonotonic": "366309277", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:55 EST] ; stop_time=[Sat 2024-11-16 11:25:55 EST] ; pid=12589 ; code=exited ; status=0 }", "ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:55 EST] ; stop_time=[Sat 2024-11-16 11:25:55 EST] ; pid=12564 ; code=exited ; status=0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/fapolicyd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "fapolicyd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestamp": "Sat 2024-11-16 11:25:55 EST", "InactiveEnterTimestampMonotonic": "366266698", "InactiveExitTimestamp": "Sat 2024-11-16 11:25:55 EST", "InactiveExitTimestampMonotonic": "366268950", "InvocationID": "eb10e6d565664a3c8a021dc0a346061d", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14004", "LimitNPROCSoft": "14004", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14004", "LimitSIGPENDINGSoft": "14004", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "12590", "MemoryAccounting": "yes", "MemoryCurrent": "35291136", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "fapolicyd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "-1000", "OnFailureJobMode": "replace", "PIDFile": "/run/fapolicyd.pid", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-abnormal", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2024-11-16 11:25:55 EST", "StateChangeTimestampMonotonic": "366311046", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "22406", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [Clean up temp directory] ************************************************* task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:124 Saturday 16 November 2024 11:25:59 -0500 (0:00:01.293) 0:01:17.731 ***** changed: [managed-node3] => { "changed": true, "path": "/var/tmp/fapolicyd_xb438fps", "state": "absent" } TASK [Remove test user] ******************************************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:129 Saturday 16 November 2024 11:25:59 -0500 (0:00:00.412) 0:01:18.144 ***** changed: [managed-node3] => { "attempts": 1, "changed": true, "force": false, "name": "fapolicyd_test1_user", "remove": false, "state": "absent" } TASK [Debug test user removal failure] ***************************************** task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:139 Saturday 16 November 2024 11:26:00 -0500 (0:00:00.506) 0:01:18.650 ***** skipping: [managed-node3] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* managed-node3 : ok=32 changed=17 unreachable=0 failed=0 skipped=24 rescued=0 ignored=0 Saturday 16 November 2024 11:26:00 -0500 (0:00:00.038) 0:01:18.688 ***** =============================================================================== fedora.linux_system_roles.fapolicyd : Install fapolicyd packages ------- 44.95s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 4.17s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 3.83s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124 fedora.linux_system_roles.fapolicyd : Install fapolicyd packages -------- 3.47s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51 fedora.linux_system_roles.fapolicyd : Add file to trustdb --------------- 2.14s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108 Create shell executables ------------------------------------------------ 1.75s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40 fedora.linux_system_roles.fapolicyd : Restart fapolicyd service --------- 1.43s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85 Gathering Facts --------------------------------------------------------- 1.38s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2 Shutdown fapolicyd ------------------------------------------------------ 1.29s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118 Create directories for tests -------------------------------------------- 1.13s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31 fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 1.01s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 1.00s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Run trusted binary exe1 ------------------------------------------------- 0.86s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73 fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 0.86s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59 Run untrusted exe1 after removing from trustdb -------------------------- 0.82s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110 Create a new user ------------------------------------------------------- 0.78s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55 fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 0.77s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76 Check now untrusted exe1 after replacement ------------------------------ 0.68s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94 Run untrusted binary exe2 ----------------------------------------------- 0.67s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86 Create temp test directory ---------------------------------------------- 0.63s /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:24