[PATCH] audit-testsuite: look for both open(2) and openat(2)
Richard Guy Briggs
rgb at redhat.com
Thu Jun 15 16:17:23 UTC 2017
On 2017-06-15 11:56, Paul Moore wrote:
> From: root <root at rawhide-1.lan>
>
> More and more tools and libraries are using openat(2) whenever
> possible so we need to make sure we check for both syscalls.
>
> This fixes the test suite on current versions of Fedora Rawhide.
>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
Looks ok/necessary to me. (modulo wayward From: line)
Reviewed-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> tests/file_create/test | 4 +++-
> tests/filter_sessionid/test | 2 +-
> tests/syscalls_file/test | 8 ++++----
> 3 files changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/tests/file_create/test b/tests/file_create/test
> index 08dc3ce..26a226d 100755
> --- a/tests/file_create/test
> +++ b/tests/file_create/test
> @@ -78,7 +78,9 @@ while ( $line = <$fh_out> ) {
>
> # test if we generate a SYSCALL record
> if ( $line =~ /^type=SYSCALL / ) {
> - if ( $line =~ / syscall=open / and $line =~ / success=yes / ) {
> + if ( ( $line =~ / syscall=open / or $line =~ / syscall=openat / )
> + and $line =~ / success=yes / )
> + {
> $found_syscall = 1;
> }
> }
> diff --git a/tests/filter_sessionid/test b/tests/filter_sessionid/test
> index de1eb72..6873bed 100755
> --- a/tests/filter_sessionid/test
> +++ b/tests/filter_sessionid/test
> @@ -65,7 +65,7 @@ chomp($pid);
>
> # test for the SYSCALL message
> $result = system(
> -"ausearch -i -m SYSCALL -sc open -p $pid --session $sessionid -k $key > $stdout 2> $stderr"
> +"ausearch -i -m SYSCALL -sc open -sc openat -p $pid --session $sessionid -k $key > $stdout 2> $stderr"
> );
> ok( $result, 0 );
>
> diff --git a/tests/syscalls_file/test b/tests/syscalls_file/test
> index 53d28ba..316f823 100755
> --- a/tests/syscalls_file/test
> +++ b/tests/syscalls_file/test
> @@ -62,10 +62,10 @@ my $found_create = 0;
> while ( $line = <$fh_out> ) {
>
> # test if we generate a SYSCALL record
> - if ( $line =~ /^type=SYSCALL / ) {
> - if ( $line =~ / syscall=open / ) {
> - $found_syscall = 1;
> - }
> + if ( $line =~ /^type=SYSCALL /
> + and ( $line =~ / syscall=open / or $line =~ / syscall=openat / ) )
> + {
> + $found_syscall = 1;
> }
> }
> ok($found_syscall);
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list