On Wed, 7 Apr 2021, Andrew Cagney wrote:
I'll move it to post-mortem.sh then
I've also pushed this:
commit c9783475af893389cc5aaf034a2a12b7c5088775 (HEAD -> main, origin/main,
origin/HEAD)
Author: Andrew Cagney <[email protected]>
Date: Wed Apr 7 08:46:00 2021 -0400
testing selinux: drop another selinux sanitizer - temp-selinux-ignore.sed
Pull back the curtain on the selinux records being found by
post-mortem.sh but then hidden by a sanitizer.
For instance, ikev2-labeled-ipsec-03-multi-acquires-enforced, currently
fails because post-mortem.sh detects the record:
type=AVC msg=audit(1617773741.748:165): avc: denied { setcontext } for pid=752
comm="pluto" ...
but the sanitizer then hides it (all records are dumped into
OUTPUT/*.avsearch.log).
Yeah that seems wrong. The only possible selinux warnings to ignore are
those related to system-unknown mounting mounts like /source and /testing
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
