Project

General

Profile

Actions

action #120070

closed

Upload and check the content of audit.log

Added by mloviska over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
Start date:
2022-11-08
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Expand journal_check.pm to handle audit.log content. Currently, SELinux runs in permissive mode, meaning it logs denials but does not act upon them.

Search for AVC denials in /var/log/audit/audit.log.

Actions #1

Updated by jsegitz over 1 year ago

Thanks for opening this ticket. Let me add some details I discussed with various people:

  • Goal is to get AVC denials for arbitrary tests, not for a single test.
  • Having a mapping between AVC and test would be necessary. Doesn't need to be super granular, but at least to know which high level test triggered which AVC

This is the requirement for now. Later on we might want to have a baseline defined for each test and fail upon new AVCs, but that is just something that you might want to consider when planning the original solution. That's not necessary for now

Actions #2

Updated by mloviska over 1 year ago

  • Status changed from In Progress to Feedback
Actions #3

Updated by mloviska over 1 year ago

Tiny fix that I have missed while testing suggestions https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/15975

Actions #4

Updated by mloviska over 1 year ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF