action #120070
closedUpload and check the content of audit.log
0%
Description
Expand journal_check.pm to handle audit.log content. Currently, SELinux runs in permissive mode, meaning it logs denials but does not act upon them.
Search for AVC denials in /var/log/audit/audit.log.
Updated by jsegitz about 2 years ago
Thanks for opening this ticket. Let me add some details I discussed with various people:
- Goal is to get AVC denials for arbitrary tests, not for a single test.
- Having a mapping between AVC and test would be necessary. Doesn't need to be super granular, but at least to know which high level test triggered which AVC
This is the requirement for now. Later on we might want to have a baseline defined for each test and fail upon new AVCs, but that is just something that you might want to consider when planning the original solution. That's not necessary for now
Updated by mloviska about 2 years ago
- Status changed from In Progress to Feedback
Updated by mloviska about 2 years ago
Tiny fix that I have missed while testing suggestions https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/15975
Updated by mloviska about 2 years ago
- Status changed from Feedback to Resolved
Updated by mloviska about 2 years ago
AVCs from cockpit module: https://openqa.opensuse.org/tests/2904127#step/cockpit_service/82