test: Skip soft-reboot-selinux-policy for UKI

Johan-Liebert1 · Johan-Liebert1 · commit 082fa3e92d96 · 2026-04-29T04:32:49.000Z
We skip this test for UKI as the container image that's built
has different mtime for /var and /etc which results in different digests
inside the UKI (computed with stitched overlayfs) vs in the final layer

```
5c5
&lt; /etc 0 40755 94 0 0 0 1776409773.0 - - - security.selinux=system_u:object_r:etc_t:s0
---
&gt; /etc 0 40755 94 0 0 0 1776409786.0 - - - security.selinux=system_u:object_r:etc_t:s0
55015c55015
&lt; /var 0 40755 7 0 0 0 1776409756.0 - - - security.selinux=system_u:object_r:var_t:s0
---
&gt; /var 0 40755 7 0 0 0 1776409786.0 - - - security.selinux=system_u:object_r:var_t:s0
```

Signed-off-by: Pragyan Poudyal &lt;pragyanpoudyal41999@gmail.com&gt;
diff --git a/crates/xtask/src/tmt.rs b/crates/xtask/src/tmt.rs
@@ -23,6 +23,7 @@ const FIELD_SUMMARY: &str = "summary";
 const FIELD_ADJUST: &str = "adjust";
 
 const FIELD_FIXME_SKIP_IF_COMPOSEFS: &str = "fixme_skip_if_composefs";
+const FIELD_FIXME_SKIP_IF_UKI: &str = "fixme_skip_if_uki";
 
 // bcvk options
 const BCVK_OPT_BIND_STORAGE_RO: &str = "--bind-storage-ro";
@@ -246,6 +247,7 @@ fn verify_ssh_connectivity(sh: &Shell, port: u16, key_path: &Utf8Path) -> Result
 struct PlanMetadata {
     try_bind_storage: bool,
     skip_if_composefs: bool,
+    skip_if_uki: bool,
 }
 
 /// Parse integration.fmf to extract extra-try_bind_storage for all plans
@@ -286,6 +288,7 @@ fn parse_plan_metadata(
                     .and_modify(|m| m.try_bind_storage = b)
                     .or_insert(PlanMetadata {
                         try_bind_storage: b,
+                        skip_if_uki: false,
                         skip_if_composefs: false,
                     });
             }
@@ -301,6 +304,23 @@ fn parse_plan_metadata(
                     .and_modify(|m| m.skip_if_composefs = b)
                     .or_insert(PlanMetadata {
                         skip_if_composefs: b,
+                        skip_if_uki: false,
+                        try_bind_storage: false,
+                    });
+            }
+        }
+
+        if let Some(skip_if_uki) = plan_data.get(&serde_yaml::Value::String(format!(
+            "extra-{}",
+            FIELD_FIXME_SKIP_IF_UKI
+        ))) {
+            if let Some(b) = skip_if_uki.as_bool() {
+                plan_metadata
+                    .entry(plan_name.to_string())
+                    .and_modify(|m| m.skip_if_uki = b)
+                    .or_insert(PlanMetadata {
+                        skip_if_uki: b,
+                        skip_if_composefs: false,
                         try_bind_storage: false,
                     });
             }
@@ -407,6 +427,16 @@ pub(crate) fn run_tmt(sh: &Shell, args: &RunTmtArgs) -> Result<()> {
         });
     }
 
+    if matches!(args.boot_type, crate::BootType::Uki) {
+        plans.retain(|plan| {
+            !plan_metadata
+                .iter()
+                .find(|(key, _)| plan.ends_with(key.as_str()))
+                .map(|(_, v)| v.skip_if_uki)
+                .unwrap_or(false)
+        });
+    }
+
     if plans.len() < original_plans_count {
         println!(
             "Filtered from {} to {} plan(s) based on arguments: {:?}",
@@ -910,6 +940,8 @@ struct TestDef {
     try_bind_storage: bool,
     /// Whether to skip this test for composefs backend
     skip_if_composefs: bool,
+    /// Whether to skip this test for images with UKI
+    skip_if_uki: bool,
     /// TMT fmf attributes to pass through (summary, duration, adjust, etc.)
     tmt: serde_yaml::Value,
 }
@@ -1011,12 +1043,24 @@ pub(crate) fn update_integration() -> Result<()> {
             .and_then(|v| v.as_bool())
             .unwrap_or(false);
 
+        let skip_if_uki = metadata
+            .extra
+            .as_mapping()
+            .and_then(|m| {
+                m.get(&serde_yaml::Value::String(
+                    FIELD_FIXME_SKIP_IF_UKI.to_string(),
+                ))
+            })
+            .and_then(|v| v.as_bool())
+            .unwrap_or(false);
+
         tests.push(TestDef {
             number: metadata.number,
             name: display_name,
             test_command,
             try_bind_storage,
             skip_if_composefs,
+            skip_if_uki,
             tmt: metadata.tmt,
         });
     }
@@ -1154,6 +1198,13 @@ pub(crate) fn update_integration() -> Result<()> {
             );
         }
 
+        if test.skip_if_uki {
+            plan_value.insert(
+                serde_yaml::Value::String(format!("extra-{}", FIELD_FIXME_SKIP_IF_UKI)),
+                serde_yaml::Value::Bool(true),
+            );
+        }
+
         plans_mapping.insert(
             serde_yaml::Value::String(plan_key),
             serde_yaml::Value::Mapping(plan_value),
diff --git a/tmt/tests/booted/test-soft-reboot-selinux-policy.nu b/tmt/tests/booted/test-soft-reboot-selinux-policy.nu
@@ -2,8 +2,11 @@
 # tmt:
 #   summary: Test soft reboot with SELinux policy changes
 #   duration: 30m
+# extra:
+#   fixme_skip_if_uki: true
 #
 # Verify that soft reboot is blocked when SELinux policies differ
+
 use std assert
 use tap.nu
 
