[Swan-dev] if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

Andrew Cagney andrew.cagney at gmail.com
Wed Apr 7 13:47:21 UTC 2021


On Tue, 6 Apr 2021 at 10:19, Andrew Cagney <andrew.cagney at gmail.com> wrote:

>
>
> On Mon, 5 Apr 2021 at 22:21, Paul Wouters <paul at nohats.ca> wrote:
>
>> On Mon, 5 Apr 2021, Andrew Cagney wrote:
>>
>> > Is this something like memory leaks which should be checked at the end
>> of every test, or can it be limited to the se-linux specific tests where
>> the goal is to, presumably, tickle these errors?
>>
>> It should be checked at every test, so we know when something happens
>> that is blocked by SElinux. Usually it means we need to tell the SElinux
>> people we need some extra permission somewhere.
>>
>
> I'll move it to post-mortem.sh then
>

I've also pushed this:

commit c9783475af893389cc5aaf034a2a12b7c5088775 (HEAD -> main, origin/main,
origin/HEAD)
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 7 08:46:00 2021 -0400

    testing selinux: drop another selinux sanitizer -
temp-selinux-ignore.sed

    Pull back the curtain on the selinux records being found by
    post-mortem.sh but then hidden by a sanitizer.

    For instance, ikev2-labeled-ipsec-03-multi-acquires-enforced, currently
    fails because post-mortem.sh detects the record:
       type=AVC msg=audit(1617773741.748:165): avc:  denied  { setcontext }
for  pid=752 comm="pluto" ...
    but the sanitizer then hides it (all records are dumped into
    OUTPUT/*.avsearch.log).

    Presumably, either:
      - the record is an expected and the test should check for
        and then flush the record; that way post-mortem.sh can't
        see it (this might be tricky)
    or:
      - something needs fixing and post-mortem DTRT

The records it is finding are here:

https://testing.libreswan.org/v4.3-403-g3379af3083-main/ikev2-labeled-ipsec-03-multi-acquires-enforced/OUTPUT/west.ausearch.log.gz

to me these look more like test misconfiguration than an expected result.



> Paul
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210407/4bd617e2/attachment.html>


More information about the Swan-dev mailing list