Project

General

Profile

Actions

action #105729

closed

[sle][security][sle15sp4][CC] Some test cases related disk error in 'audit-remote' fails or error

Added by Xiaojing_liu about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Spike/Research
Target version:
-
Start date:
2022-01-30
Due date:
% Done:

100%

Estimated time:
56.00 h
Difficulty:

Description

Observation

[8] remote_system client_disk_error immediate                                                                                                            FAIL
        check_msg_from_client
[9] remote_system client_disk_error forward                                                                                                              FAIL
        check_msg_from_client
[38] audisp-remote_disk_error_action syslog immediate                                                                                                ERROR (2)
        SELinux not in Enforcing
[39] audisp-remote_disk_error_action syslog forward                                                                                                  ERROR (2)
        SELinux not in Enforcing
[40] audisp-remote_disk_error_action suspend immediate                                                                                               ERROR (2)
        SELinux not in Enforcing
[41] audisp-remote_disk_error_action suspend forward                                                                                                 ERROR (2)
        SELinux not in Enforcing
[42] audisp-remote_disk_error_action stop immediate                                                                                                  ERROR (2)
        SELinux not in Enforcing
[43] audisp-remote_disk_error_action stop forward                                                                                                    ERROR (2)
        SELinux not in Enforcing
[44] audisp-remote_disk_error_action halt immediate                                                                                                  ERROR (2)
        SELinux not in Enforcing
[45] audisp-remote_disk_error_action halt forward                                                                                                    ERROR (2)
        SELinux not in Enforcing
[46] audisp-remote_disk_error_action single immediate                                                                                                ERROR (2)
        SELinux not in Enforcing
[47] audisp-remote_disk_error_action single forward                                                                                                  ERROR (2)
        SELinux not in Enforcing
[48] audisp-remote_disk_error_action exec immediate                                                                                                  ERROR (2)
        SELinux not in Enforcing
[49] audisp-remote_disk_error_action exec forward                                                                                                    ERROR (2)
        SELinux not in Enforcing

For these test cases, we should investigate the reasons and fix them.

Actions #1

Updated by Xiaojing_liu about 2 years ago

  • Description updated (diff)
Actions #2

Updated by Xiaojing_liu about 2 years ago

  • Status changed from New to In Progress
Actions #3

Updated by Xiaojing_liu about 2 years ago

There are some issues We found during the test process:

  1. When set SELinux is enforcing mode, reboot, users (root or non-root) can't login again
    • there is a way may fix that: 1) run fixfiles relabel when selinux is permissive. 2) modify '/etc/default/grub' to enforce=1 and run grub2-mkconfig -o /boot/grub2/grub.cfg 3) modify '/etc/selinux/config' to set SELINUX=enforcing and reboot.
  2. When selinux is enforcing mode, and policy is targeted, do the audit-remote test case 38 (./run.bash 38), the host will report an 'oom' message and system crash.
    • haven't found the reason and solution.
Actions #4

Updated by Xiaojing_liu about 2 years ago

After I set SELinux as enforcing mode, then change the audit.log context:
chcon system_u:object_r:games_data_t:s0 /var/log/audit/audit.log

after running 'auditctl -m "this is a test";auditctl -r 0'

the results of journalctl will show:
Feb 11 04:45:01 susetest auditd[805]: The audit daemon is now changing the system to single user mode due to previously mentioned write error

Actions #6

Updated by Xiaojing_liu about 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100
  • Estimated time changed from 80.00 h to 56.00 h
Actions

Also available in: Atom PDF