[Swan-dev] if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
Paul Wouters
paul at nohats.ca
Wed Apr 7 14:22:27 UTC 2021
On Wed, 7 Apr 2021, Andrew Cagney wrote:
> I'll move it to post-mortem.sh then
>
> I've also pushed this:
>
> commit c9783475af893389cc5aaf034a2a12b7c5088775 (HEAD -> main, origin/main, origin/HEAD)
> Author: Andrew Cagney <cagney at gnu.org>
> Date: Wed Apr 7 08:46:00 2021 -0400
>
> testing selinux: drop another selinux sanitizer - temp-selinux-ignore.sed
>
> Pull back the curtain on the selinux records being found by
> post-mortem.sh but then hidden by a sanitizer.
>
> For instance, ikev2-labeled-ipsec-03-multi-acquires-enforced, currently
> fails because post-mortem.sh detects the record:
> type=AVC msg=audit(1617773741.748:165): avc: denied { setcontext } for pid=752 comm="pluto" ...
> but the sanitizer then hides it (all records are dumped into
> OUTPUT/*.avsearch.log).
Yeah that seems wrong. The only possible selinux warnings to ignore are
those related to system-unknown mounting mounts like /source and /testing
Paul
More information about the Swan-dev
mailing list