action #174178
Updated by tjyrinki_suse 15 days ago
## Motivation
Test sealert tool on SELinux enabled Tumbleweed.
## Acceptance Criteria
1. Run certain commands testing adding and triggering an alert, an example below. listing of alerts can be done with either -l "*" or -l specific_UUID.
` localhost:~ # sealert -l "*" || echo "FAILED"
localhost:~ # touch /tmp/pokusny_kralik && chcon -t httpd_sys_content_t /tmp/pokusny_kralik
localhost:~ # journalctl -u setroubleshootd.service | grep pokusny_kralik
localhost:~ # runcon -u guest_u -r guest_r -t user_tmp_t -- cat /tmp/pokusny_kralik;sleep 10
localhost:~ # sealert_command=$(journalctl sealert_command=`journalctl -u setroubleshootd.service | grep -m 1 pokusny_kralik|grep -o "sealert.*") "sealert.*"`
localhost:~ # sealert -l 350d88fb-70f9-4e7a-a1b2-0a06615abfd2
localhost:~ # sealert_command`
One should get output something like the following:
SELinux is preventing pokusny_kralik from 'read, write' accesses on the chr_file /dev/pts/0.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that pokusny_kralik should be allowed read write access on the 0 chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Allow the access for now by executing:
`# ausearch -c 'pokusny_kralik' --raw | audit2allow -M my-pokusnykralik
# semodule -X 300 -i my-pokusnykralik.pp`
And there should be output:
Additional Information:
Source Context guest_u:guest_r:user_tmp_t:s0
Target Context unconfined_u:object_r:devpts_t:s0
Target Objects /dev/pts/0 [ chr_file ]
Source pokusny_kralik
Source Path pokusny_kralik
Port <Unknown>
...
...
...
localhost:~ # analyze log -a (ausearch -m AVC > test_output)
localhost:~ # jsealert -a
`
## Further Information
See ticket #174175 for the related basic setroubleshootd testing.