From bdfbd38a3bd53c84d76327025ecd91ed64a81501 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: May 31 2018 17:17:03 +0000 Subject: libselinux/setenforce: Drop and restore audit rules Some systems use default audit rule '-a never,task' which suppress audit messages. As a side effect, some tests fail as they don't find expected strings. Fixes: [ FAIL ] :: Command 'ausearch --input-logs -m MAC_STATUS -i -ts 05/31/2018 13:04:51 | grep 'type=SYSCALL.*comm=setenforce'' (Expected 0, got 1) --- diff --git a/libselinux/setenforce/runtest.sh b/libselinux/setenforce/runtest.sh index 1378eae..0b10711 100644 --- a/libselinux/setenforce/runtest.sh +++ b/libselinux/setenforce/runtest.sh @@ -43,6 +43,9 @@ rlJournalStart rlRun "setenforce --help" 0,1 OUTPUT_FILE=`mktemp` export LC_ALL=en_US.utf8 + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "auditctl -l > $TmpDir/auditctl" 0 "Backup current audit rules" + rlRun "auditctl -D" 0 "Delete all audit rules" rlPhaseEnd rlPhaseStartTest "basic use" @@ -56,9 +59,7 @@ rlJournalStart sleep 5 rlRun "ausearch --input-logs -m MAC_STATUS -i -ts ${START_DATE_TIME} | grep 'type=MAC_STATUS.*enforcing=1.*old_enforcing=0'" rlRun "ausearch --input-logs -m MAC_STATUS -i -ts ${START_DATE_TIME} | grep 'type=MAC_STATUS.*enforcing=0.*old_enforcing=1'" - if rlIsRHEL ; then - rlRun "ausearch --input-logs -m MAC_STATUS -i -ts ${START_DATE_TIME} | grep 'type=SYSCALL.*comm=setenforce'" - fi + rlRun "ausearch --input-logs -m MAC_STATUS -i -ts ${START_DATE_TIME} | grep 'type=SYSCALL.*comm=setenforce'" rlPhaseEnd rlPhaseStartTest "extreme cases" @@ -81,6 +82,7 @@ rlJournalStart rlPhaseEnd rlPhaseStartCleanup + rlRun "auditctl -R $TmpDir/auditctl" 0 "Restore audit rules" rm -f ${OUTPUT_FILE} rlPhaseEnd rlJournalPrintText