[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

audit test results on lspp.12 kernel



On the call Monday, I said I'll test on an lspp.12 kernel. I ran our CAPP audit test suite on an x86_64 installed with FC5-t3, and lspp.12 kernel. Audit version 1.1.5. Below are my results ..

- All syscall test passed with no problems
- object identity (watch) tests (and any other tests that use watches) all failed due to inability to insert watches, I get the following
	> Error sending watch insert request (Invalid argument)
> add_audit_rule failed - auditctl_comm [auditctl -w /tmp/lafa0qlNM -k file-basic-key ] returned 255

- Saw some failures in filters tests due the change in the message of adding/removing audit rules in the CONFIG_CHANGE type records. It used to be "added/removed an audit rule" and now it is "add/remove rule to/from list=X"... is there a reason we changed the message?

- Saw some failures in trusted programs due to the missing msg='SomeString (ex, gpasswd, password, chage ..etc) field from the audit record in some instances. Our test cases check for that string and are failing if it's not found... Is there a reason this was removed?

- Loulwa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]