[Swan-dev] pointless test failures
Paul Wouters
paul at nohats.ca
Thu Jul 30 14:27:24 EEST 2015
On Wed, 22 Jul 2015, D. Hugh Redelmeier wrote:
> | If you do not have a Makefile.inc.local with USE_LINUX_AUDIT=true then
> | yes.
>
> So I added this. Now I get messages that don't match the reference
> output, but at least they are there.
>
> What's up?
A few things it seems. Let me re-order the - and + lines to make it
easier to see:
> -type=UNKNOWN[2408] msg=audit(XXX): pid=PID uid=0 auid=AUID ses=SES subj=system_u:system_r:init_t:s0 msg='op=start direction=initiator conn-name="ikev1" connstate=1 ike-version=1 auth=RSA_SIG cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP1536 laddr=192.1.2.45 exe="PATH/libexec/ipsec/pluto" hostname=? addr=192.1.2.23 terminal=? res=success'
> +type=CRYPTO_IKE_SA msg=audit(XXX): pid=PID uid=0 auid=AUID ses=SES subj=system_u:system_r:unconfined_service_t:s0 msg='op=start direction=initiator conn-name="ikev1" connstate=#1 ike-version=1 auth=RSA_SIG cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP1536 laddr=192.1.2.45 exe="PATH/libexec/ipsec/pluto" hostname=? addr=192.1.2.23 terminal=? res=success'
The audit libraties were updated so our logging type numbers (2408 and
2409) are now recognised as type CRYPTO_IKE_SA and CRYPTO_IPSEC_SA.
I am not sure wh our Selinux context changes from init_t to
unconfined_service_t, perhaps Tuomo can give us his views on that.
The constate= seems to have gotten the "#" from our state number which
is wrong, we should not do that as we dont know for sure how that will
get interpreted. This was done by you in:
commit 010b9072a71b6b3d4a0dd44987e2c9bc2176229f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Jun 14 18:33:28 2015 -0400
pluto: tidy printf formatting of so_serial_t (#%lu) and v1 msgid_t
("%08" PRIx32)
I'll undo the parts related to audit logs.
Paul
More information about the Swan-dev
mailing list