Bug 623952 - beaker doesn't catch AVC denial
Summary: beaker doesn't catch AVC denial
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Beaker
Classification: Retired
Component: beah
Version: 0.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Marian Csontos
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 545868
TreeView+ depends on / blocked
 
Reported: 2010-08-13 09:17 UTC by Marian Csontos
Modified: 2011-09-28 15:34 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 623566
Environment:
Last Closed: 2010-09-02 07:30:53 UTC
Embargoed:

Attachments (Terms of Use)
the patch (1.91 KB, patch)
2010-09-01 06:02 UTC, Marian Csontos 		no flags Details | Diff
View All

Comment 1 Marian Csontos 2010-08-30 12:37:33 UTC 
I have tried to make some improvements in avc subtest, but it will take some time to evaluate results. I will submit changes in 0.5.56 upgrade this Wednesday but will keep this bug open to track it.
Comment 2 Marian Csontos 2010-09-01 06:02:18 UTC 
Created attachment 442332 [details]
the patch

This was likely caused by incorrect time format: 1:9:8 is not recognized by ausearch as valid time.
Comment 3 Marian Csontos 2010-09-02 07:30:53 UTC 
The patch was deployed on beaker as rhts-4.21-1.

And it's easy to see the wrong time-format was with high probability the cause:

In J:11716 the AVC was catched by:

> /sbin/ausearch --input-logs -sv no -m AVC -m USER_AVC -m SELINUX_ERR -ts 8/11/2010 11:47:45

The timestamp (11:47:45) is one second after the previous result (./Create-the-spacewalk-user 	2010-08-11 11:47:44) was recorded.

In J:11637 the ./Create-the-spacewalk-user result was reported at 2010-08-11 05:04:08 giving us timestamp 5:4:9 which causes the ausearch ending with error.
Note You need to log in before you can comment on or make changes to this bug.