On 2020-11-02 14:51, Casey Schaufler wrote: > On 11/2/2020 2:08 PM, Richard Guy Briggs wrote: > > On 2020-11-02 13:54, Casey Schaufler wrote: > >> Verify that there are subj= and obj= fields in a record > >> if and only if they are expected. A system without a security > >> module that provides these fields should not include them. > >> A system with multiple security modules providing these fields > >> (e.g. SELinux and AppArmor) should always provide "?" for the > >> data and also include a AUDIT_MAC_TASK_CONTEXTS or > >> AUDIT_MAC_OBJ_CONTEXTS record. The test uses the LSM list from > >> /sys/kernel/security/lsm to determine which format is expected. > >> > >> Signed-off-by: Casey Schaufler <[email protected]> > >> --- > >> tests/Makefile | 1 + > >> tests/multiple_contexts/Makefile | 12 +++ > >> tests/multiple_contexts/test | 166 +++++++++++++++++++++++++++++++ > >> 3 files changed, 179 insertions(+) > >> create mode 100644 tests/multiple_contexts/Makefile > >> create mode 100755 tests/multiple_contexts/test > >> > >> diff --git a/tests/Makefile b/tests/Makefile > >> index a7f242a..f20f6b1 100644 > >> --- a/tests/Makefile > >> +++ b/tests/Makefile > >> @@ -18,6 +18,7 @@ TESTS := \ > >> file_create \ > >> file_delete \ > >> file_rename \ > >> + multiple_contexts \ > > "context" is a bit ambiguous. Could this be named something to indicate > > a security context rather than any other sort, such as audit or user > > context? > > Would "subj_obj_fields" be better?
That is much more obvious to me. Maybe even sec_context_multi, but I like your suggestion better? - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
