Retry sealert command on failure

We randomly see issues while running sealert
in RDO puppet promotion pipeline, sealert fails with:-
"SELinux is disabled or we can't open a policy file"
As per logs selinux is enabled and selinuxfs is mounted
so seems it's some filesystem issue.

Locally was able to reproduce only with selinux disabled
or umount /sys/fs/selinux. Adding retries in hope to
fix these random failures.

Change-Id: Icb07742d328827a41132cdd6a6c2bcfa3cde11ec
This commit is contained in:
yatinkarel 2021-02-04 20:58:26 +05:30
parent eaab90a97a
commit 425f454bdc

View File

@ -234,7 +234,8 @@ function run_puppet() {
function catch_selinux_alerts() { function catch_selinux_alerts() {
if is_fedora; then if is_fedora; then
$SUDO sealert -a /var/log/audit/audit.log sealert_cmd="$SUDO sealert -a /var/log/audit/audit.log"
retry_cmd "$sealert_cmd"
if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
echo "AVC detected in /var/log/audit/audit.log" echo "AVC detected in /var/log/audit/audit.log"
source /etc/os-release source /etc/os-release