On 11/2/2020 7:31 PM, Paul Moore wrote: > On Mon, Nov 2, 2020 at 8:19 PM Richard Guy Briggs <[email protected]> wrote: >> On 2020-11-02 14:51, Casey Schaufler wrote: >>> On 11/2/2020 2:08 PM, Richard Guy Briggs wrote: >>>> On 2020-11-02 13:54, Casey Schaufler wrote: >>>>> Verify that there are subj= and obj= fields in a record >>>>> if and only if they are expected. A system without a security >>>>> module that provides these fields should not include them. >>>>> A system with multiple security modules providing these fields >>>>> (e.g. SELinux and AppArmor) should always provide "?" for the >>>>> data and also include a AUDIT_MAC_TASK_CONTEXTS or >>>>> AUDIT_MAC_OBJ_CONTEXTS record. The test uses the LSM list from >>>>> /sys/kernel/security/lsm to determine which format is expected. >>>>> >>>>> Signed-off-by: Casey Schaufler <[email protected]> >>>>> --- >>>>> tests/Makefile | 1 + >>>>> tests/multiple_contexts/Makefile | 12 +++ >>>>> tests/multiple_contexts/test | 166 +++++++++++++++++++++++++++++++ >>>>> 3 files changed, 179 insertions(+) >>>>> create mode 100644 tests/multiple_contexts/Makefile >>>>> create mode 100755 tests/multiple_contexts/test >>>>> >>>>> diff --git a/tests/Makefile b/tests/Makefile >>>>> index a7f242a..f20f6b1 100644 >>>>> --- a/tests/Makefile >>>>> +++ b/tests/Makefile >>>>> @@ -18,6 +18,7 @@ TESTS := \ >>>>> file_create \ >>>>> file_delete \ >>>>> file_rename \ >>>>> + multiple_contexts \ >>>> "context" is a bit ambiguous. Could this be named something to indicate >>>> a security context rather than any other sort, such as audit or user >>>> context? >>> Would "subj_obj_fields" be better? >> That is much more obvious to me. Maybe even sec_context_multi, but I >> like your suggestion better? > How about just "multiple_lsms"? It's relatively concise and better > reflects what it is actually being tested IMHO.
I'm perfectly happy to call it whatever you'd prefer. Anything substantive about the test itself? -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
