[PATCH] audit-testsuite: look for both open(2) and openat(2)

Thu Jun 15 15:56:29 UTC 2017

From: root <root at rawhide-1.lan>

More and more tools and libraries are using openat(2) whenever
possible so we need to make sure we check for both syscalls.

This fixes the test suite on current versions of Fedora Rawhide.

Signed-off-by: Paul Moore <paul at paul-moore.com>
---
 tests/file_create/test      |    4 +++-
 tests/filter_sessionid/test |    2 +-
 tests/syscalls_file/test    |    8 ++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/tests/file_create/test b/tests/file_create/test
index 08dc3ce..26a226d 100755
--- a/tests/file_create/test
+++ b/tests/file_create/test
@@ -78,7 +78,9 @@ while ( $line = <$fh_out> ) {
 
     # test if we generate a SYSCALL record
     if ( $line =~ /^type=SYSCALL / ) {
-        if ( $line =~ / syscall=open / and $line =~ / success=yes / ) {
+        if ( ( $line =~ / syscall=open / or $line =~ / syscall=openat / )
+            and $line =~ / success=yes / )
+        {
             $found_syscall = 1;
         }
     }
diff --git a/tests/filter_sessionid/test b/tests/filter_sessionid/test
index de1eb72..6873bed 100755
--- a/tests/filter_sessionid/test
+++ b/tests/filter_sessionid/test
@@ -65,7 +65,7 @@ chomp($pid);
 
 # test for the SYSCALL message
 $result = system(
-"ausearch -i -m SYSCALL -sc open -p $pid --session $sessionid -k $key > $stdout 2> $stderr"
+"ausearch -i -m SYSCALL -sc open -sc openat -p $pid --session $sessionid -k $key > $stdout 2> $stderr"
 );
 ok( $result, 0 );
 
diff --git a/tests/syscalls_file/test b/tests/syscalls_file/test
index 53d28ba..316f823 100755
--- a/tests/syscalls_file/test
+++ b/tests/syscalls_file/test
@@ -62,10 +62,10 @@ my $found_create  = 0;
 while ( $line = <$fh_out> ) {
 
     # test if we generate a SYSCALL record
-    if ( $line =~ /^type=SYSCALL / ) {
-        if ( $line =~ / syscall=open / ) {
-            $found_syscall = 1;
-        }
+    if ( $line =~ /^type=SYSCALL /
+        and ( $line =~ / syscall=open / or $line =~ / syscall=openat / ) )
+    {
+        $found_syscall = 1;
     }
 }
 ok($found_syscall);


