QA/TestCases/LUKS Using Selinux (disabled)
From FedoraProject
Description
Support the use of encrypted filesystems for anything other than /boot using cryptsetup and LUKS. This includes install time creation/configuration, as well as integrated support in mkinitrd and initscripts (others?). Currently we are only pursuing support for encrypted devices using cryptsetup/LUKS.
When using encrypted file systems/block devices, the selinux functionality should continue to work as expected, and not create situations where the encryption leads to undesired selinux errors; in particular, a successful installation using any of the operating selinux modes "enforcing", "permissive" and "disabled" should be successful.
References:
Steps To Reproduce
- Boot anaconda
- Proceed to the partitioning dialog
- Select the checkbox item "Encrypt system"
- Enable the "disabled" selinux setting
- Enter and confirm the passphrase in a pop up dialog for the encrypted filesystem
- choose default partitioning layout and continue to the disk druid partition screen
- continue with installation
"Remove linux partitions on selected drives and create default layout"
Expected Results
- Confirmed "Encrypt system" item is checked
- Verify installation completes successfully
- Upon reboot, the user is asked for the LUKS passphrase at the console
- Verify entry in /etc/crypttab is present for LUKS device
- Verify selinux is in disabled in post-install system
- post-install system boots completely and is usable, and does not have selinux errors that would significantly hamper system operation
/etc/crypttab may look something like:
luks-sda2 /dev/sda2 none
