Actions
action #105729
closed[sle][security][sle15sp4][CC] Some test cases related disk error in 'audit-remote' fails or error
Start date:
2022-01-30
Due date:
% Done:
100%
Estimated time:
56.00 h
Difficulty:
Description
Observation¶
[8] remote_system client_disk_error immediate FAIL
check_msg_from_client
[9] remote_system client_disk_error forward FAIL
check_msg_from_client
[38] audisp-remote_disk_error_action syslog immediate ERROR (2)
SELinux not in Enforcing
[39] audisp-remote_disk_error_action syslog forward ERROR (2)
SELinux not in Enforcing
[40] audisp-remote_disk_error_action suspend immediate ERROR (2)
SELinux not in Enforcing
[41] audisp-remote_disk_error_action suspend forward ERROR (2)
SELinux not in Enforcing
[42] audisp-remote_disk_error_action stop immediate ERROR (2)
SELinux not in Enforcing
[43] audisp-remote_disk_error_action stop forward ERROR (2)
SELinux not in Enforcing
[44] audisp-remote_disk_error_action halt immediate ERROR (2)
SELinux not in Enforcing
[45] audisp-remote_disk_error_action halt forward ERROR (2)
SELinux not in Enforcing
[46] audisp-remote_disk_error_action single immediate ERROR (2)
SELinux not in Enforcing
[47] audisp-remote_disk_error_action single forward ERROR (2)
SELinux not in Enforcing
[48] audisp-remote_disk_error_action exec immediate ERROR (2)
SELinux not in Enforcing
[49] audisp-remote_disk_error_action exec forward ERROR (2)
SELinux not in Enforcing
For these test cases, we should investigate the reasons and fix them.
Updated by Xiaojing_liu about 2 years ago
- Status changed from New to In Progress
Updated by Xiaojing_liu about 2 years ago
There are some issues We found during the test process:
- When set SELinux is enforcing mode, reboot, users (root or non-root) can't login again
- there is a way may fix that:
1) run
fixfiles relabel
when selinux is permissive. 2) modify '/etc/default/grub' toenforce=1
and rungrub2-mkconfig -o /boot/grub2/grub.cfg
3) modify '/etc/selinux/config' to setSELINUX=enforcing
and reboot.
- there is a way may fix that:
1) run
- When selinux is enforcing mode, and policy is targeted, do the audit-remote test case 38 (./run.bash 38), the host will report an 'oom' message and system crash.
- haven't found the reason and solution.
Updated by Xiaojing_liu about 2 years ago
After I set SELinux as enforcing mode, then change the audit.log context:
chcon system_u:object_r:games_data_t:s0 /var/log/audit/audit.log
after running 'auditctl -m "this is a test";auditctl -r 0'
the results of journalctl will show:
Feb 11 04:45:01 susetest auditd[805]: The audit daemon is now changing the system to single user mode due to previously mentioned write error
Updated by Xiaojing_liu about 2 years ago
Updated by Xiaojing_liu about 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
- Estimated time changed from 80.00 h to 56.00 h
Actions