ansible-playbook 2.9.27
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.9.19 (main, May 16 2024, 11:40:09) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)]
No config file found; using defaults
[WARNING]: running playbook inside collection fedora.linux_system_roles
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
PLAYBOOK: tests_trusted_execution.yml ******************************************
1 plays in /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml
PLAY [Basic test for fapolicyd] ************************************************
TASK [Gathering Facts] *********************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2
Saturday 16 November 2024 11:24:41 -0500 (0:00:00.037) 0:00:00.037 *****
ok: [managed-node3]
META: ran handlers
TASK [Create temp test directory] **********************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:24
Saturday 16 November 2024 11:24:43 -0500 (0:00:01.381) 0:00:01.419 *****
changed: [managed-node3] => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/var/tmp/fapolicyd_xb438fps",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [Create directories for tests] ********************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31
Saturday 16 November 2024 11:24:43 -0500 (0:00:00.630) 0:00:02.049 *****
changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps) => {
"ansible_loop_var": "item",
"changed": true,
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_xb438fps",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/fapolicyd_xb438fps",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables) => {
"ansible_loop_var": "item",
"changed": true,
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_xb438fps/executables",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/fapolicyd_xb438fps/executables",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [Create shell executables] ************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40
Saturday 16 November 2024 11:24:44 -0500 (0:00:01.132) 0:00:03.182 *****
changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables/exe1) => {
"ansible_loop_var": "item",
"changed": true,
"checksum": "e2a7b942889f57da549865222eae4e583806ebcb",
"dest": "/var/tmp/fapolicyd_xb438fps/executables/exe1",
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_xb438fps/executables/exe1",
"md5sum": "19131284dd5889d0cc108a2b08257c14",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 114,
"src": "/root/.ansible/tmp/ansible-tmp-1731774285.0049653-7933-135945716516929/source",
"state": "file",
"uid": 0
}
changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables/exe2) => {
"ansible_loop_var": "item",
"changed": true,
"checksum": "7d0f26be3284f144ff6f4f522a904e1e7405c50d",
"dest": "/var/tmp/fapolicyd_xb438fps/executables/exe2",
"gid": 0,
"group": "root",
"item": "/var/tmp/fapolicyd_xb438fps/executables/exe2",
"md5sum": "5215583bd56782ae505743cd1aa79a39",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 114,
"src": "/root/.ansible/tmp/ansible-tmp-1731774285.970151-7933-270550909589821/source",
"state": "file",
"uid": 0
}
TASK [Create a new user] *******************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55
Saturday 16 November 2024 11:24:46 -0500 (0:00:01.750) 0:00:04.932 *****
changed: [managed-node3] => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/fapolicyd_test1_user",
"name": "fapolicyd_test1_user",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
TASK [Run the role] ************************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:61
Saturday 16 November 2024 11:24:47 -0500 (0:00:00.779) 0:00:05.712 *****
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2
Saturday 16 November 2024 11:24:47 -0500 (0:00:00.040) 0:00:05.753 *****
included: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3
TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2
Saturday 16 November 2024 11:24:47 -0500 (0:00:00.030) 0:00:05.783 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] *********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10
Saturday 16 November 2024 11:24:47 -0500 (0:00:00.043) 0:00:05.827 *****
ok: [managed-node3] => {
"changed": false,
"stat": {
"exists": false
}
}
TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15
Saturday 16 November 2024 11:24:47 -0500 (0:00:00.406) 0:00:06.234 *****
ok: [managed-node3] => {
"ansible_facts": {
"__fapolicyd_is_ostree": false
},
"changed": false
}
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.048) 0:00:06.283 *****
skipping: [managed-node3] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.071) 0:00:06.354 *****
ok: [managed-node3] => {
"ansible_facts": {
"__fapolicyd_configcheck_supported": true,
"__fapolicyd_integrity_supported": true,
"__fapolicyd_selinux_supported": true,
"__fapolicyd_supported": true,
"__fapolicyd_syslog_format_supported": true,
"__fapolicyd_trust_supported": true,
"__fapolicyd_trustfiles_supported": true,
"__fapolicyd_watch_fs_supported": true
},
"changed": false
}
TASK [fedora.linux_system_roles.fapolicyd : System check] **********************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.103) 0:00:06.457 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] *********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.041) 0:00:06.499 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] *****
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.043) 0:00:06.543 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.043) 0:00:06.586 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] ***********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.045) 0:00:06.632 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
Saturday 16 November 2024 11:24:48 -0500 (0:00:00.044) 0:00:06.677 *****
changed: [managed-node3] => {
"changed": true,
"rc": 0,
"results": [
"Installed: fapolicyd-selinux-1.3.2-1.el8.noarch",
"Installed: rpm-plugin-fapolicyd-4.14.3-31.el8.x86_64",
"Installed: fapolicyd-1.3.2-1.el8.x86_64",
"Installed: policycoreutils-python-utils-2.9-26.el8.noarch"
]
}
lsrpackages: fapolicyd fapolicyd-selinux
TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
Saturday 16 November 2024 11:25:33 -0500 (0:00:44.953) 0:00:51.630 *****
changed: [managed-node3] => {
"changed": true,
"checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55",
"dest": "/etc/fapolicyd/fapolicyd.conf",
"gid": 991,
"group": "fapolicyd",
"md5sum": "769ccbfa27940a69973575df5fa87cdf",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:fapolicyd_config_t:s0",
"size": 509,
"src": "/root/.ansible/tmp/ansible-tmp-1731774333.453488-8601-41335953825619/source",
"state": "file",
"uid": 0
}
TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68
Saturday 16 November 2024 11:25:34 -0500 (0:00:00.857) 0:00:52.487 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"fapolicyd-cli",
"--check-config"
],
"delta": "0:00:00.006917",
"end": "2024-11-16 11:25:34.674400",
"rc": 0,
"start": "2024-11-16 11:25:34.667483"
}
STDOUT:
Daemon config is OK
TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] ***********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Saturday 16 November 2024 11:25:34 -0500 (0:00:00.508) 0:00:52.996 *****
changed: [managed-node3] => {
"changed": true,
"enabled": true,
"name": "fapolicyd.service",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-tmpfiles-setup.service local-fs.target systemd-journald.socket system.slice",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"ConfigurationDirectoryMode": "0755",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14004",
"LimitNPROCSoft": "14004",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14004",
"LimitSIGPENDINGSoft": "14004",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestampMonotonic": "0",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "22406",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"UtmpMode": "init",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] *********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85
Saturday 16 November 2024 11:25:35 -0500 (0:00:01.000) 0:00:53.996 *****
changed: [managed-node3] => {
"changed": true,
"enabled": true,
"name": "fapolicyd.service",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Sat 2024-11-16 11:25:35 EST",
"ActiveEnterTimestampMonotonic": "346773591",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "systemd-journald.socket local-fs.target system.slice systemd-tmpfiles-setup.service",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2024-11-16 11:25:35 EST",
"AssertTimestampMonotonic": "346728129",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2024-11-16 11:25:35 EST",
"ConditionTimestampMonotonic": "346728128",
"ConfigurationDirectoryMode": "0755",
"ControlGroup": "/system.slice/fapolicyd.service",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "10322",
"ExecMainStartTimestamp": "Sat 2024-11-16 11:25:35 EST",
"ExecMainStartTimestampMonotonic": "346773566",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:35 EST] ; stop_time=[Sat 2024-11-16 11:25:35 EST] ; pid=10321 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:35 EST] ; stop_time=[Sat 2024-11-16 11:25:35 EST] ; pid=10296 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestamp": "Sat 2024-11-16 11:25:35 EST",
"InactiveExitTimestampMonotonic": "346729274",
"InvocationID": "f0bac27eb70f42ea81c3c7cb7f51a217",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14004",
"LimitNPROCSoft": "14004",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14004",
"LimitSIGPENDINGSoft": "14004",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "10322",
"MemoryAccounting": "yes",
"MemoryCurrent": "28184576",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestamp": "Sat 2024-11-16 11:25:35 EST",
"StateChangeTimestampMonotonic": "346773591",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "1",
"TasksMax": "22406",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestamp": "Sat 2024-11-16 11:25:35 EST",
"WatchdogTimestampMonotonic": "346773588",
"WatchdogUSec": "0"
}
}
TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] **************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96
Saturday 16 November 2024 11:25:37 -0500 (0:00:01.425) 0:00:55.422 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] *******************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103
Saturday 16 November 2024 11:25:37 -0500 (0:00:00.064) 0:00:55.486 *****
changed: [managed-node3] => {
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"delete",
"/"
],
"delta": "0:00:00.010157",
"end": "2024-11-16 11:25:37.663439",
"failed_when_result": false,
"rc": 1,
"start": "2024-11-16 11:25:37.653282"
}
STDERR:
/ is not in the trust database
MSG:
non-zero return code
TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] ***************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108
Saturday 16 November 2024 11:25:37 -0500 (0:00:00.512) 0:00:55.999 *****
changed: [managed-node3] => (item=/etc/passwd) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/etc/passwd"
],
"delta": "0:00:00.010186",
"end": "2024-11-16 11:25:38.204864",
"item": "/etc/passwd",
"rc": 0,
"start": "2024-11-16 11:25:38.194678"
}
changed: [managed-node3] => (item=/etc/fapolicyd/fapolicyd.conf) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/etc/fapolicyd/fapolicyd.conf"
],
"delta": "0:00:00.009669",
"end": "2024-11-16 11:25:38.701270",
"item": "/etc/fapolicyd/fapolicyd.conf",
"rc": 0,
"start": "2024-11-16 11:25:38.691601"
}
changed: [managed-node3] => (item=/etc/krb5.conf) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/etc/krb5.conf"
],
"delta": "0:00:00.010528",
"end": "2024-11-16 11:25:39.212496",
"item": "/etc/krb5.conf",
"rc": 0,
"start": "2024-11-16 11:25:39.201968"
}
changed: [managed-node3] => (item=/var/tmp/fapolicyd_xb438fps/executables/exe1) => {
"ansible_loop_var": "item",
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"add",
"/var/tmp/fapolicyd_xb438fps/executables/exe1"
],
"delta": "0:00:00.010420",
"end": "2024-11-16 11:25:39.780155",
"item": "/var/tmp/fapolicyd_xb438fps/executables/exe1",
"rc": 0,
"start": "2024-11-16 11:25:39.769735"
}
TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] ***************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
Saturday 16 November 2024 11:25:39 -0500 (0:00:02.137) 0:00:58.137 *****
changed: [managed-node3] => {
"changed": true,
"cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n",
"delta": "0:00:03.569866",
"end": "2024-11-16 11:25:43.949678",
"rc": 0,
"start": "2024-11-16 11:25:40.379812"
}
STDOUT:
INFO: trustdb is updated
TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171
Saturday 16 November 2024 11:25:44 -0500 (0:00:04.167) 0:01:02.304 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [Run trusted binary exe1] *************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73
Saturday 16 November 2024 11:25:44 -0500 (0:00:00.039) 0:01:02.343 *****
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather
than running su
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_xb438fps/executables/exe1"
],
"delta": "0:00:00.260041",
"end": "2024-11-16 11:25:44.848385",
"rc": 0,
"start": "2024-11-16 11:25:44.588344"
}
TASK [Replace binary exe1 with exe2] *******************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:79
Saturday 16 November 2024 11:25:44 -0500 (0:00:00.862) 0:01:03.205 *****
changed: [managed-node3] => {
"changed": true,
"checksum": "7d0f26be3284f144ff6f4f522a904e1e7405c50d",
"dest": "/var/tmp/fapolicyd_xb438fps/executables/exe1",
"gid": 0,
"group": "root",
"md5sum": "5215583bd56782ae505743cd1aa79a39",
"mode": "0755",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 114,
"src": "/var/tmp/fapolicyd_xb438fps/executables/exe2",
"state": "file",
"uid": 0
}
TASK [Run untrusted binary exe2] ***********************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86
Saturday 16 November 2024 11:25:45 -0500 (0:00:00.623) 0:01:03.829 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_xb438fps/executables/exe2"
],
"delta": "0:00:00.070996",
"end": "2024-11-16 11:25:46.144730",
"failed_when_result": false,
"rc": 126,
"start": "2024-11-16 11:25:46.073734"
}
STDERR:
-bash: /var/tmp/fapolicyd_xb438fps/executables/exe2: Operation not permitted
MSG:
non-zero return code
TASK [Check now untrusted exe1 after replacement] ******************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94
Saturday 16 November 2024 11:25:46 -0500 (0:00:00.673) 0:01:04.502 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_xb438fps/executables/exe1"
],
"delta": "0:00:00.071518",
"end": "2024-11-16 11:25:46.823605",
"failed_when_result": false,
"rc": 126,
"start": "2024-11-16 11:25:46.752087"
}
STDERR:
-bash: /var/tmp/fapolicyd_xb438fps/executables/exe1: Operation not permitted
MSG:
non-zero return code
TASK [Run the role again without test file] ************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:102
Saturday 16 November 2024 11:25:46 -0500 (0:00:00.678) 0:01:05.180 *****
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:2
Saturday 16 November 2024 11:25:46 -0500 (0:00:00.040) 0:01:05.221 *****
included: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml for managed-node3
TASK [fedora.linux_system_roles.fapolicyd : Ensure ansible_facts used by role] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:2
Saturday 16 November 2024 11:25:46 -0500 (0:00:00.026) 0:01:05.248 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check if system is ostree] *********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:10
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.041) 0:01:05.290 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set flag to indicate system is ostree] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:15
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.331 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set platform/version specific variables] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:19
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.371 *****
skipping: [managed-node3] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
skipping: [managed-node3] => (item=CentOS_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "CentOS_8.yml",
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Set fapolicyd feature facts for OS versions] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/set_vars.yml:40
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.065) 0:01:05.436 *****
ok: [managed-node3] => {
"ansible_facts": {
"__fapolicyd_configcheck_supported": true,
"__fapolicyd_integrity_supported": true,
"__fapolicyd_selinux_supported": true,
"__fapolicyd_supported": true,
"__fapolicyd_syslog_format_supported": true,
"__fapolicyd_trust_supported": true,
"__fapolicyd_trustfiles_supported": true,
"__fapolicyd_watch_fs_supported": true
},
"changed": false
}
TASK [fedora.linux_system_roles.fapolicyd : System check] **********************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:5
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.098) 0:01:05.535 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust compatibility] *********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:13
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.575 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check integrity compatibility] *****
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:24
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.041) 0:01:05.617 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check trust files compatibility] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:35
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.041) 0:01:05.659 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check failed conditions] ***********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:46
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.699 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Install fapolicyd packages] ********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
Saturday 16 November 2024 11:25:47 -0500 (0:00:00.040) 0:01:05.740 *****
ok: [managed-node3] => {
"changed": false,
"rc": 0,
"results": []
}
MSG:
Nothing to do
lsrpackages: fapolicyd fapolicyd-selinux
TASK [fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
Saturday 16 November 2024 11:25:50 -0500 (0:00:03.471) 0:01:09.211 *****
ok: [managed-node3] => {
"changed": false,
"checksum": "d79d7424d2f9daf8e9e018c5750ecd06d3beba55",
"dest": "/etc/fapolicyd/fapolicyd.conf",
"gid": 991,
"group": "fapolicyd",
"mode": "0644",
"owner": "root",
"path": "/etc/fapolicyd/fapolicyd.conf",
"secontext": "system_u:object_r:fapolicyd_config_t:s0",
"size": 509,
"state": "file",
"uid": 0
}
TASK [fedora.linux_system_roles.fapolicyd : Run fapolicyd configuration check] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:68
Saturday 16 November 2024 11:25:51 -0500 (0:00:01.014) 0:01:10.226 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Start fapolicyd service] ***********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Saturday 16 November 2024 11:25:51 -0500 (0:00:00.041) 0:01:10.268 *****
ok: [managed-node3] => {
"changed": false,
"enabled": true,
"name": "fapolicyd.service",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Sat 2024-11-16 11:25:41 EST",
"ActiveEnterTimestampMonotonic": "353037053",
"ActiveExitTimestamp": "Sat 2024-11-16 11:25:41 EST",
"ActiveExitTimestampMonotonic": "352543526",
"ActiveState": "active",
"After": "systemd-journald.socket local-fs.target system.slice systemd-tmpfiles-setup.service",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2024-11-16 11:25:41 EST",
"AssertTimestampMonotonic": "352994687",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2024-11-16 11:25:41 EST",
"ConditionTimestampMonotonic": "352994685",
"ConfigurationDirectoryMode": "0755",
"ControlGroup": "/system.slice/fapolicyd.service",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "11260",
"ExecMainStartTimestamp": "Sat 2024-11-16 11:25:41 EST",
"ExecMainStartTimestampMonotonic": "353035425",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:41 EST] ; stop_time=[Sat 2024-11-16 11:25:41 EST] ; pid=11259 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:41 EST] ; stop_time=[Sat 2024-11-16 11:25:41 EST] ; pid=11234 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestamp": "Sat 2024-11-16 11:25:41 EST",
"InactiveEnterTimestampMonotonic": "352993769",
"InactiveExitTimestamp": "Sat 2024-11-16 11:25:41 EST",
"InactiveExitTimestampMonotonic": "352995882",
"InvocationID": "dc03eed4976c4bac83623dc9f1ab5749",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14004",
"LimitNPROCSoft": "14004",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14004",
"LimitSIGPENDINGSoft": "14004",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "11260",
"MemoryAccounting": "yes",
"MemoryCurrent": "36847616",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestamp": "Sat 2024-11-16 11:25:41 EST",
"StateChangeTimestampMonotonic": "353037053",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "4",
"TasksMax": "22406",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [fedora.linux_system_roles.fapolicyd : Restart fapolicyd service] *********
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85
Saturday 16 November 2024 11:25:52 -0500 (0:00:00.772) 0:01:11.041 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Check fapolicyd logs] **************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:96
Saturday 16 November 2024 11:25:52 -0500 (0:00:00.041) 0:01:11.082 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [fedora.linux_system_roles.fapolicyd : Trustdb cleanup] *******************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:103
Saturday 16 November 2024 11:25:52 -0500 (0:00:00.040) 0:01:11.123 *****
changed: [managed-node3] => {
"changed": true,
"cmd": [
"fapolicyd-cli",
"--file",
"delete",
"/"
],
"delta": "0:00:00.010371",
"end": "2024-11-16 11:25:53.352567",
"failed_when_result": false,
"rc": 0,
"start": "2024-11-16 11:25:53.342196"
}
TASK [fedora.linux_system_roles.fapolicyd : Add file to trustdb] ***************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108
Saturday 16 November 2024 11:25:53 -0500 (0:00:00.585) 0:01:11.709 *****
TASK [fedora.linux_system_roles.fapolicyd : Update fapolicyd db] ***************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
Saturday 16 November 2024 11:25:53 -0500 (0:00:00.039) 0:01:11.748 *****
changed: [managed-node3] => {
"changed": true,
"cmd": "set -euo pipefail\n# get current journal cursor\ncursor=\"\"\nwhile [ -z \"$cursor\" ]; do\n sleep 1\n cursor=\"$(journalctl -u fapolicyd -n 0 --show-cursor |\n awk '/^-- cursor:/ {print $3}')\" || :\ndone\nsystemctl restart fapolicyd\nsearch_str='^Starting to listen for events$'\n# wait until we see the search_str - wait up to 30 seconds\nwaittime=30 # seconds\nendtime=\"$(expr \"$(date +%s)\" + \"$waittime\")\"\nfound=0\nprev_cursor=\"$cursor\"\n# NOTE: Cannot use -u fapolicyd - for some reason, on el10, sometime during\n# the startup process, the UNIT field is dropped from fapolicyd journal\n# entries - so use -t instead which relies on SYSLOG_IDENTIFIER which seems stable\nwhile [ \"$(date +%s)\" -le \"$endtime\" ]; do\n prev_cursor=\"$cursor\"\n output=\"$(journalctl -t fapolicyd --grep \"$search_str\" --show-cursor --after-cursor \"$cursor\" || :)\"\n found=1\n while read -r line; do\n if [ \"$line\" = \"-- No entries --\" ]; then\n found=0\n elif [[ \"$line\" =~ ^--\\ cursor:\\ (.+)$ ]]; then\n cursor=\"${BASH_REMATCH[1]}\" # update cursor for next try\n fi\n done <<< \"$output\"\n if [ \"$found\" = 1 ]; then\n break\n fi\n sleep 1\ndone\nif [ \"$found\" = 0 ]; then\n echo ERROR: failed to update the trustdb\n journalctl -t fapolicyd\n exit 1\nfi\necho INFO: trustdb is updated\nexit 0 # success\n",
"delta": "0:00:03.226899",
"end": "2024-11-16 11:25:57.223758",
"rc": 0,
"start": "2024-11-16 11:25:53.996859"
}
STDOUT:
INFO: trustdb is updated
TASK [fedora.linux_system_roles.fapolicyd : Making sure fapolicyd does not run if it was set so] ***
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:171
Saturday 16 November 2024 11:25:57 -0500 (0:00:03.832) 0:01:15.580 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [Run untrusted exe1 after removing from trustdb] **************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110
Saturday 16 November 2024 11:25:57 -0500 (0:00:00.040) 0:01:15.621 *****
ok: [managed-node3] => {
"changed": false,
"cmd": [
"su",
"-",
"fapolicyd_test1_user",
"-c",
"/var/tmp/fapolicyd_xb438fps/executables/exe1"
],
"delta": "0:00:00.204714",
"end": "2024-11-16 11:25:58.082294",
"failed_when_result": false,
"rc": 126,
"start": "2024-11-16 11:25:57.877580"
}
STDERR:
-bash: /var/tmp/fapolicyd_xb438fps/executables/exe1: Operation not permitted
MSG:
non-zero return code
TASK [Shutdown fapolicyd] ******************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118
Saturday 16 November 2024 11:25:58 -0500 (0:00:00.816) 0:01:16.438 *****
changed: [managed-node3] => {
"changed": true,
"enabled": false,
"name": "fapolicyd",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Sat 2024-11-16 11:25:55 EST",
"ActiveEnterTimestampMonotonic": "366311046",
"ActiveExitTimestamp": "Sat 2024-11-16 11:25:55 EST",
"ActiveExitTimestampMonotonic": "366159349",
"ActiveState": "active",
"After": "systemd-journald.socket local-fs.target system.slice systemd-tmpfiles-setup.service",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sat 2024-11-16 11:25:55 EST",
"AssertTimestampMonotonic": "366267670",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "yes",
"ConditionTimestamp": "Sat 2024-11-16 11:25:55 EST",
"ConditionTimestampMonotonic": "366267668",
"ConfigurationDirectoryMode": "0755",
"ControlGroup": "/system.slice/fapolicyd.service",
"ControlPID": "0",
"DefaultDependencies": "no",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "File Access Policy Daemon",
"DevicePolicy": "auto",
"Documentation": "man:fapolicyd(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "12590",
"ExecMainStartTimestamp": "Sat 2024-11-16 11:25:55 EST",
"ExecMainStartTimestampMonotonic": "366309277",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/fapolicyd ; argv[]=/usr/sbin/fapolicyd ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:55 EST] ; stop_time=[Sat 2024-11-16 11:25:55 EST] ; pid=12589 ; code=exited ; status=0 }",
"ExecStartPre": "{ path=/usr/sbin/fagenrules ; argv[]=/usr/sbin/fagenrules ; ignore_errors=no ; start_time=[Sat 2024-11-16 11:25:55 EST] ; stop_time=[Sat 2024-11-16 11:25:55 EST] ; pid=12564 ; code=exited ; status=0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/fapolicyd.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "fapolicyd.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestamp": "Sat 2024-11-16 11:25:55 EST",
"InactiveEnterTimestampMonotonic": "366266698",
"InactiveExitTimestamp": "Sat 2024-11-16 11:25:55 EST",
"InactiveExitTimestampMonotonic": "366268950",
"InvocationID": "eb10e6d565664a3c8a021dc0a346061d",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14004",
"LimitNPROCSoft": "14004",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14004",
"LimitSIGPENDINGSoft": "14004",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "12590",
"MemoryAccounting": "yes",
"MemoryCurrent": "35291136",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "fapolicyd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "-1000",
"OnFailureJobMode": "replace",
"PIDFile": "/run/fapolicyd.pid",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "system.slice",
"Restart": "on-abnormal",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestamp": "Sat 2024-11-16 11:25:55 EST",
"StateChangeTimestampMonotonic": "366311046",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "running",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "4",
"TasksMax": "22406",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "forking",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"UtmpMode": "init",
"WantedBy": "multi-user.target",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [Clean up temp directory] *************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:124
Saturday 16 November 2024 11:25:59 -0500 (0:00:01.293) 0:01:17.731 *****
changed: [managed-node3] => {
"changed": true,
"path": "/var/tmp/fapolicyd_xb438fps",
"state": "absent"
}
TASK [Remove test user] ********************************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:129
Saturday 16 November 2024 11:25:59 -0500 (0:00:00.412) 0:01:18.144 *****
changed: [managed-node3] => {
"attempts": 1,
"changed": true,
"force": false,
"name": "fapolicyd_test1_user",
"remove": false,
"state": "absent"
}
TASK [Debug test user removal failure] *****************************************
task path: /tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:139
Saturday 16 November 2024 11:26:00 -0500 (0:00:00.506) 0:01:18.650 *****
skipping: [managed-node3] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
managed-node3 : ok=32 changed=17 unreachable=0 failed=0 skipped=24 rescued=0 ignored=0
Saturday 16 November 2024 11:26:00 -0500 (0:00:00.038) 0:01:18.688 *****
===============================================================================
fedora.linux_system_roles.fapolicyd : Install fapolicyd packages ------- 44.95s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 4.17s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
fedora.linux_system_roles.fapolicyd : Update fapolicyd db --------------- 3.83s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:124
fedora.linux_system_roles.fapolicyd : Install fapolicyd packages -------- 3.47s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:51
fedora.linux_system_roles.fapolicyd : Add file to trustdb --------------- 2.14s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:108
Create shell executables ------------------------------------------------ 1.75s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:40
fedora.linux_system_roles.fapolicyd : Restart fapolicyd service --------- 1.43s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:85
Gathering Facts --------------------------------------------------------- 1.38s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:2
Shutdown fapolicyd ------------------------------------------------------ 1.29s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:118
Create directories for tests -------------------------------------------- 1.13s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:31
fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 1.01s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 1.00s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Run trusted binary exe1 ------------------------------------------------- 0.86s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:73
fedora.linux_system_roles.fapolicyd : Copy fapolicyd configuration file --- 0.86s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:59
Run untrusted exe1 after removing from trustdb -------------------------- 0.82s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:110
Create a new user ------------------------------------------------------- 0.78s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:55
fedora.linux_system_roles.fapolicyd : Start fapolicyd service ----------- 0.77s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/roles/fapolicyd/tasks/main.yml:76
Check now untrusted exe1 after replacement ------------------------------ 0.68s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:94
Run untrusted binary exe2 ----------------------------------------------- 0.67s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:86
Create temp test directory ---------------------------------------------- 0.63s
/tmp/collections-OCY/ansible_collections/fedora/linux_system_roles/tests/fapolicyd/tests_trusted_execution.yml:24