Menu
▾
▴
audit-test-developer
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:55:14
|
Hello all,
as discussed in "[design] How to write / run / audit syscall wrappers?",
I went ahead and made an example implementation, including some
documentation and additional design considerations.
Please see the attached/referenced patches for a rough idea how it
works.
These patches are not applicable to current audit-test upstream, which
doesn't yet have all the syscalls we've been implementing in the
meantime, but they should provide grounds for some discussion.
What works on my testing branch; utils/bin/ syscall building based on
the 'relevancy' file and execution of most buckets (incl. syscalls/).
There are however more problems involved:
1)
Arch/mode based limitation was different in utils/bin/ and elsewhere,
namely the syscalls/ bucket. Ie. both do_ipc and all do_{msg,sem,shm}*
binaries were built on most (all?) architectures, so the syscalls/
bucket presumed that both were always available, doing ie.
"which do_msgget" in create_msg_key when only do_ipc is available.
This worked, because both do_ipc and do_{msg,sem,shm}* are implemented
using glibc wrappers, which is still the case, but do_{msg,sem,shm}*
were simply not built, because they weren't relevant to x86_64 MODE=32.
Same with socketcall. In summary - hidden bucket dependencies.
2)
Testing/building matrix. Since the new relevancy is based on what is
really available on a given architecture according to kernel-provided
syscall tables (just the default 'relevancy' file, can be changed),
not what was in Makefile (this import was in a separate commit/patch),
the testing matrix is actually somewhat bigger - meaning we test more
on each architecture.
This can lead to unexpected fails where there were previously none,
such as the uselib() syscall, which is relevant on x86_64, but was
skipped in syscalls/run.conf due to ENOSYS (being obsolete). Cases like
these have to be taken care of in the relevancy file, which then doesn't
match exactly what each architecture provides.
Which is fine, but it should be somehow commented/documented.
3)
Masking syscalls behind libc. This has already been discussed, but let
me point out one additional case - send(2). It turns out that send(2)
actually exists only on ppc64 (and ia64). Everywhere else, it's just
(presumably) translated to sendto(2) via libc.
The fact that audit works with real syscalls (numbers) as well as this
"relevancy" implementation would point to using __NR_$syscall for all
syscalls, to ensure consistency, however I'm hesitant to do it just yet
due to the loss of argument checking.
I'd like to continue working on this, even though it seems somewhat
bigger than originally estimated, as it may - IMHO - clean the use of
syscalls / syscall wrappers within the suite and discover more hidden
dependencies and workarounds.
However I would most certainly like to know your opinions on the
patches. Note that they represent a very early implementation that may
change significantly.
Thanks a lot,
Jiri
|
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:55:50
|
Signed-off-by: Jiri Jaburek <jja...@re...> --- audit-test/docs/syscall-relevancy.txt | 193 ++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 audit-test/docs/syscall-relevancy.txt diff --git a/audit-test/docs/syscall-relevancy.txt b/audit-test/docs/syscall-relevancy.txt new file mode 100644 index 0000000..131ee0d --- /dev/null +++ b/audit-test/docs/syscall-relevancy.txt @@ -0,0 +1,193 @@ +Intro +===== +The (audit-test) suite has a lot of "syscall wrappers" that are used for +execution and auditing of syscalls. Unfortunately, various HW architectures +have various differences in the number of available syscalls and their names. +This has been previously worked around by arch-based (+ bitness-based) +conditions on various places in the suite (utils/bin/Makefile, run.conf of +various buckets or test code itself), compiling, executing and auditing only +syscalls that existed for a given architecture. + +Syscall (HW) relevancy abstracts this, using a single file, defining which +syscalls are "relevant" for which arch/bitness combinations, and by providing +means to check against this "relevancy". + + +'relevancy' file +================ +This file defines syscall-to-arch mapping, specifying relevant arch:bitness +combinations for each syscall in utils/bin/. + +syntax +------ +The basic syntax definition is + + <line>: <aliasdef> | <syscalldef> | (empty) + <aliasdef>: alias <syscalldef> + <syscalldef>: <syscall> | <syscall><separator><archlist> + <syscall>: (syscall or alias name, any non-whitespace string) + <separator>: (any non-LF whitespace) + <archlist>: <neg><archspec> | <neg><archspec>,<archlist> + <neg>: ! | (empty) + <archspec>: <arch> | <arch>:<bits> | <alias> + <arch>: (uname -m output, any non-whitespace string) | all + <bits>: (specified as MODE within audit-test, any non-whitespace string) + <alias>: (any non-whitespace string) + +For example + + syscall1 all # relevant everywhere + syscall2 !s390x,all # not on s390x, relevant elsewhere + syscall3 !x86_64:32,all:32 # not on 32bit x86_64, elsewhere only 32bit + syscall4 ppc64 # relevant only on ppc64 + syscall5 # not relevant anywhere + +In addition, + + - the file can have shell-like comments (anything starting with # is ignored) + even in-line, ie. 'syscall1 arch1,arch2#,arch3', the syntax definition + above then applies to a file with removed comments + + - arch is a shell glob, ie. it can contain shell-like wildcards (not regexp), + ie. 'i*86' or 'i?86' or 'i[3456]86' or 'i[3-6]86' + - yes, this essentially means that '*' is equivalent to 'all', by logic + +aliases +------- +The file can contain "aliases" to archlists that can be thought of as "nested" +archlists, having their own "return value" that can be negated, for example: + + alias intel32 x86_64:32,i?86 + syscall1 !intel32,all:32 # relevant everywhere except x86-based 32bit + +Aliases can refer to other aliases: + + alias intel32 x86_64:32,i?86 + alias nointel !x86_64,!intel32,!ia64 + syscall1 nointel,all # relevant everywhere except any intel + +(or even to themselves, which unfortunately leads to infinite loop/recursion) + +Note, however, that an alias within an archlist is equivalent to archspec, +not to arch directly, therefore: + + - alias name itself never matches as an arch + - alias cannot have bitness + - although you can define alias called 'abc:32' and refer to it by this name + - can be negated (like archspec) + - the negation then applies to the entire "nested" archlist, think of: + alias al2 !arch4,arch5 + alias al1 arch2,!arch3,al2 + sc1 arch1,!al1,!arch6 + as + sc1 arch1,!(arch2,!arch3,(!arch4,arch5)),!arch6 + + +Relevancy algorithm +=================== +This is a basic algorithm used by the syscall relevancy parser to decide whether +a syscall is relevant to a given arch/bitness: + + for each line: + for each comma-separated archspec on the line: + if arch doesn't match current arch: + continue (next archspec) + if archspec has bits and it doesn't match current bitness: + continue (next archspec) + if archspec has negation sign: + return EXCLUDE (syscall is not relevant) + else + return INCLUDE (syscall is relevant) + return EXCLUDE (syscall is not relevant, no archspec matched) + + +Usage within audit-test +======================= +The relevancy can be and is used for several types of utilities. The list of +relevant syscalls is availabel as SCREL_SYSCALLS env var to all Makefiles and +tests (via run.bash). + +Makefile +-------- +GNU make can make use of the relevancy for building syscalls by generating +targets (list) from the list of relevant syscalls, assuming the syscall wrappers +are named after syscalls they call. + +bash run.conf / tests +--------------------- +utils/functions exports the 'sc_is_relevant' function, which returns 0 when +a syscall, given as an argument, is relevant to the current arch/bitness: + + if sc_is_relevant open; then + do_open /file read + elif sc_is_relevant openat; then + do_openat AT_FDCWD /file read + else + error "no usable open found" + fi + + +Additional considerations +========================= + +Syscall arguments +----------------- +Various architectures may implement the same syscall with the same name, but +with different arguments or argument order. Unfortunately, syscall relevancy +in its current implementation doesn't address this and such syscalls have +to be manually #ifdef'ed within their wrappers. + +There is no easy solution to this problem and trying to solve it in a generic +way introduces more problems - ie. in the simplest case of different arg order +- we could create a 'reference' mapping and map different ordering types to it. +Who would declare the 'reference' order? Where? Based on what names/ids? +Cases where syscalls with identical names have completely different arguments +*and* functions cannot be solved in this way. + +Another possibility is to introduce multiple wrappers, one per arch or kernel +"implementation" of the syscall. However in such case, any abstraction from +the POV of the tests/Makefile is only harmful as two identically-named syscalls +can do different things). It makes therefore sense to let tests decide in these +special cases (using relevancy) between syscalls. + +This could be easily supported by modifying the utils/bin/Makefile logic to +include ie. do_*$syscall into the target list, allowing for wrappers such as +do_s390x-mmap2.c. + +(Note: doing do_mmap2-s390x.c would be much more complex due to source/target + Makefile logic - wildcarding would remove even *.c on 'make clean') + +Syscall relevancy would then support it automatically as "s390x-mmap2". + +However at this point, there's no known case which would need such complex +solution and - for simple argument ordering - #ifdef within a wrapper should +suffice. + +External criteria +----------------- +There may be cases where additional criteria may be useful for syscall relevancy +checking, such as $DISTRO, $PPROFILE, etc. This could be solved with another +"column" in the 'relevancy' file, specifying a shell expression to evaluate. +Since using more then one relevancy line for the same syscall (name) is allowed, +one could do ie. + + syscall1 all [ "$KERNEL" = "3.10" ] + syscall1 !ia64,all [ "$KERNEL" = "2.6.32" ] + + syscall2 all [ "$PPROFILE" = "lspp" ] + +However such feature would have limited use and would likely serve means other +than the (original, intended) hardware syscall relevancy. For example the latter +case with 'lspp' is a *testing* logic, some other bucket may use the syscall +for non-lspp means. + +Using ie. kernel versions wouldn't make much sense either as other parts of +the suite depend on features available in specific kernel versions, needing +different branches for ie. RHEL6, RHEL7, etc. +In case of multiple distributions having different needs, multiple relevancy +files (with DISTRO-based logic in rules.mk) may offer a cleaner solution. + +(Hardare) syscall relevancy should therefore serve only as means to avoid +unwanted build/execution errors due to the syscall not existing on a given +architecture / bitness as defined in /usr/include/asm/unistd_*.h generated from +syscall tables present in the kernel sources under arch/. -- 1.8.3.1 |
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:55:53
|
Signed-off-by: Jiri Jaburek <jja...@re...>
---
audit-test/utils/screl-parser.py | 153 +++++++++++++++++++++++++++++++++++++++
1 file changed, 153 insertions(+)
create mode 100755 audit-test/utils/screl-parser.py
diff --git a/audit-test/utils/screl-parser.py b/audit-test/utils/screl-parser.py
new file mode 100755
index 0000000..b3d554e
--- /dev/null
+++ b/audit-test/utils/screl-parser.py
@@ -0,0 +1,153 @@
+#!/usr/bin/python
+###############################################################################
+# Copyright (c) 2014 Red Hat, Inc. All rights reserved.
+#
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+#
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+###############################################################################
+#
+# AUTHOR: Jiri Jaburek <jja...@re...>
+#
+# This is a parser for the 'syscall relevancy' file, which specifies relevant
+# (existing) syscalls on various architectures. Based on such info, this parser
+# prints out (to stdout) a list of syscall names that are relevant to the
+# current architecture.
+#
+# For more, see docs/syscall-relevancy.txt.
+#
+
+import sys
+from fnmatch import fnmatch
+
+#
+# helpers functions
+#
+
+# fatal error
+def syntaxerr(msg):
+ print >> sys.stderr, "syntax error on line %d:" % linenr, msg
+ sys.exit(2)
+
+# strip whitespaces, cut off comments
+def sanitize_line(line):
+ return line.strip().split('#')[0]
+
+#
+# parsing (recursive) functions
+#
+
+def parse_archspec(tok):
+ tok = tok.split(':', 2)
+ if len(tok) > 2:
+ syntaxerr("unexpected extra %s" % '`:\'')
+
+ arch = bits = None
+ if len(tok) == 2:
+ (arch, bits) = tok
+ else:
+ (arch,) = tok
+
+ # matching
+ if fnmatch(in_arch, arch) or arch == 'all':
+ if bits:
+ return (bits == in_mode)
+ else:
+ return True
+ else:
+ return False
+
+def parse_neg(tok):
+ if tok and tok[0] == '!':
+ return (tok[1:], True)
+ return (tok, False)
+
+def parse_archlist(toklist, aliases):
+ for tok in toklist.split(','):
+ # negation
+ (tok, neg) = parse_neg(tok)
+
+ if not tok:
+ syntaxerr("empty archspec")
+
+ # if archspec is alias, recurse into it, if it matches, stop
+ if aliases.has_key(tok):
+ (match, verdict) = parse_archlist(aliases[tok], aliases)
+ if match:
+ return (match, (verdict ^ neg))
+ continue
+
+ # if archspec matches current arch, stop
+ if parse_archspec(tok):
+ return (True, not neg)
+
+ return (False, False)
+
+def parse_line_syscall(line, aliases):
+ # line with only syscall - not relevant anywhere, skip
+ if len(line) == 1:
+ return
+ if len(line) > 2:
+ syntaxerr("syscall definition has >2 columns")
+
+ (syscall, archlist) = line
+
+ # if the syscall matched the archlist *and* is relevant
+ # (not matched -> exclude, matched negative archspec -> exclude)
+ (matched, verdict) = parse_archlist(archlist, aliases)
+ if matched and verdict == True:
+ print syscall
+
+def parse_line_alias(line):
+ # line with only word ('alias')
+ if len(line) == 1:
+ syntaxerr("missing alias name")
+ if len(line) > 3:
+ syntaxerr("alias definition >3 columns")
+
+ (name, archlist) = line[1:]
+ return dict(((name, archlist),))
+
+def parse_line(line):
+ if not hasattr(parse_line, "aliases"):
+ parse_line.aliases = {}
+
+ line = sanitize_line(line)
+ # line without any useful content
+ if not line:
+ return
+
+ # len(line) > 0 due to ^^^
+ line = line.split(None, 3)
+
+ if line[0] == 'alias':
+ alias = parse_line_alias(line)
+ parse_line.aliases.update(alias)
+ else:
+ parse_line_syscall(line, parse_line.aliases)
+
+#
+# main
+#
+
+if len(sys.argv) < 4:
+ print >> sys.stderr, "usage: %s <filename> <arch> <mode>" % sys.argv[0]
+ sys.exit(2)
+
+(in_file, in_arch, in_mode) = sys.argv[1:]
+linenr = 0
+
+with open(in_file, 'r') as f:
+ for line in f:
+ linenr += 1
+ parse_line(line)
--
1.8.3.1
|
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:55:56
|
This file is based on utils/bin/Makefile. Signed-off-by: Jiri Jaburek <jja...@re...> --- audit-test/utils/bin/relevancy | 196 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 audit-test/utils/bin/relevancy diff --git a/audit-test/utils/bin/relevancy b/audit-test/utils/bin/relevancy new file mode 100644 index 0000000..9b739f8 --- /dev/null +++ b/audit-test/utils/bin/relevancy @@ -0,0 +1,196 @@ +# this is a syscall relevancy file specifying relevant architectures for all +# syscalls in this directory +# +# see docs/syscall-relevancy.txt for more info on the syntax +# +# to highlight aliases in vim, use :match Operator /^alias\s\@=/ + +# <syscall> <archlist> +accept all +accept4 all +access all +acct all +add_key all +adjtimex all +bind all +capset all +chdir all +chmod all +chown !aarch64,all +chown32 all:32 +chroot all +clock_adjtime all +clock_settime all +clone all +clone2 ia64 +connect all +creat all +delete_module all +dummy all +dummy_group all +execve all +fanotify_mark all +fchmod all +fchmodat all +fchown all +fchown32 all:32 +fchownat all +fgetxattr all +flistxattr all +fork x86_64 +fremovexattr all +fsetxattr all +fstat all +fstatat all +ftruncate all +futimesat all +getegid all +geteuid all +getgid all +getgroups all +getpgid all +getpgrp all +getpid all +getppid all +getresgid all +getresuid all +getseconds all +getsid all +gettid all +gettimezone all +getuid all +getxattr all +init_module all +inotify_add_watch all +ioctl all +ioperm all:32 # revisit +iopl all:32 # revisit +ioprio_get all +ioprio_set all +ipc all +kcmp all +kexec_load all +keyctl all +kill all +lchown !aarch64,all +lchown32 all:32 +lgetxattr all +link all +linkat all +listxattr all +llistxattr all +lookup_dcookie all +lremovexattr all +lsetxattr all +lstat all +migrate_pages all +mkdir all +mkdirat all +mknod all +mknodat all +mlock all +mlockall all +mmap2 all:32 +mount all +move_pages all +mq_open all +mq_unlink all +msgctl all +msgget all +msgrcv all +msgsnd all +nice all:32 +open all +open_by_handle_at all +openat all +pciconfig_read ppc64 +pciconfig_write ppc64 +pivot_root all +prctl all +prlimit all +process_vm_readv all +process_vm_writev all +ptrace all +quotactl all +read all +readlink all +readlinkat all +reboot all +recvfrom all +recvmmsg all +recvmsg all +removexattr all +rename all +renameat all +request_key all +rmdir all +rtas ppc64 +sched_getaffinity all +sched_getparam all +sched_getscheduler all +sched_rr_get_interval all +sched_setaffinity all +sched_setparam all +sched_setscheduler all +semctl all +semget all +semop all +semtimedop all +send all +sendmsg all +sendto all +set_robust_list all +setdomainname all +setfsgid all +setfsgid32 all:32 +setfsuid all +setfsuid32 all:32 +setgid all +setgid32 all:32 +setgroups all +setgroups32 all:32 +sethostname all +setns all +setpgid all +setpriority all +setregid all +setregid32 all:32 +setresgid all +setresgid32 all:32 +setresuid all +setresuid32 all:32 +setreuid all +setreuid32 all:32 +setrlimit all +settimeofday all +setuid all +setuid32 all:32 +setxattr all +shmat all +shmctl all +shmget all +socketcall all +stat all +statfs all +stime all +swapoff all +swapon all +symlink all +symlinkat all +syslog all +tgkill all +tkill all +truncate all +truncate64 all +umask all +umount all +uname all +unlink all +unlinkat all +unshare all +uselib all +utime all +utimensat all +utimes all +vfork x86_64 +vhangup all -- 1.8.3.1 |
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:55:59
|
Signed-off-by: Jiri Jaburek <jja...@re...> --- audit-test/rules.mk | 7 ++ audit-test/utils/bin/Makefile | 269 ++++-------------------------------------- 2 files changed, 28 insertions(+), 248 deletions(-) diff --git a/audit-test/rules.mk b/audit-test/rules.mk index a946caa..f8f4f56 100644 --- a/audit-test/rules.mk +++ b/audit-test/rules.mk @@ -93,6 +93,13 @@ ifeq (i686, $(findstring i686, $(MACHINE))) CFLAGS +=-DI686 endif +# syscall relevancy +# - need to be here as it may be needed in any bucket, +# even when running via ./run.bash +SCREL_SYSCALLS := $(shell $(TOPDIR)/utils/screl-parser.py \ + $(TOPDIR)/utils/bin/relevancy $(MACHINE) $(MODE)) +export SCREL_SYSCALLS + ########################################################################## # Common rules ########################################################################## diff --git a/audit-test/utils/bin/Makefile b/audit-test/utils/bin/Makefile index f42b96b..07eeb00 100644 --- a/audit-test/utils/bin/Makefile +++ b/audit-test/utils/bin/Makefile @@ -17,11 +17,16 @@ TOPDIR = ../.. UTILSDIR = .. CPPFLAGS += -I$(UTILSDIR)/include + include $(TOPDIR)/rules.mk -CAPS_EXE = do_capset +# +# required libraries +# -CREATE_EXE = do_creat\ +# for SELinux context file operation +ifdef LSM_SELINUX +CREATE_EXE = do_creat \ do_mkdir \ do_mkdirat \ do_mknod \ @@ -29,259 +34,27 @@ CREATE_EXE = do_creat\ do_open \ do_openat \ do_symlink \ - do_symlinkat + do_symlinkat \ -IPC_EXE = do_ipc \ - do_msgctl \ - do_msgget \ - do_msgrcv \ - do_msgsnd \ - do_semctl \ - do_semget \ - do_semop \ - do_semtimedop \ - do_shmat \ - do_shmctl \ - do_shmget +$(CREATE_EXE): LDLIBS += -lselinux +endif +# POSIX message queues need librt (and SELinux since they work with files) MQ_EXE = do_mq_open \ do_mq_unlink - -NET_EXE = do_accept \ - do_accept4 \ - do_connect \ - do_read \ - do_recvfrom \ - do_recvmmsg \ - do_recvmsg \ - do_send \ - do_sendmsg \ - do_sendto - -RT_EXE = do_clock_settime - -ONLY32P_EXE = do_mmap2 \ - do_nice \ - do_uselib - -ONLY32Z_EXE = do_chown32 \ - do_fchown32 \ - do_lchown32 \ - do_mmap2 \ - do_nice \ - do_setfsgid32 \ - do_setfsuid32 \ - do_setgid32 \ - do_setgroups32 \ - do_setregid32 \ - do_setresgid32 \ - do_setresuid32 \ - do_setreuid32 \ - do_setuid32 \ - do_uselib - -ONLY32_EXE = do_chown32 \ - do_fchown32 \ - do_ioperm \ - do_iopl \ - do_lchown32 \ - do_mmap2 \ - do_nice \ - do_setfsgid32 \ - do_setfsuid32 \ - do_setgid32 \ - do_setgroups32 \ - do_setregid32 \ - do_setresgid32 \ - do_setresuid32 \ - do_setreuid32 \ - do_setuid32 \ - do_uselib - -ONLYIA64_EXE = do_clone2 - -ONLYPPC_EXE = do_pciconfig_read \ - do_pciconfig_write \ - do_rtas - -ONLY86_EXE = do_fork \ - do_vfork - -ALL_EXE = $(CAPS_EXE) \ - $(CREATE_EXE) \ - $(IPC_EXE) \ - $(MQ_EXE) \ - $(NET_EXE) \ - $(RT_EXE) \ - do_access \ - do_acct \ - do_add_key \ - do_adjtimex \ - do_bind \ - do_chdir \ - do_chmod \ - do_chroot \ - do_clock_adjtime \ - do_clone \ - do_delete_module \ - do_dummy \ - do_dummy_group \ - do_execve \ - do_fanotify_mark \ - do_fchmod \ - do_fchmodat \ - do_fchown \ - do_fchownat \ - do_fgetxattr \ - do_flistxattr \ - do_fremovexattr \ - do_fsetxattr \ - do_fstat \ - do_fstatat \ - do_ftruncate \ - do_futimesat \ - do_getegid \ - do_geteuid \ - do_getgid \ - do_getpid \ - do_getppid \ - do_getseconds \ - do_gettimezone \ - do_getuid \ - do_getxattr \ - do_getgroups \ - do_getpgid \ - do_getpgrp \ - do_getresgid \ - do_getresuid \ - do_getsid \ - do_gettid \ - do_init_module \ - do_inotify_add_watch \ - do_ioctl \ - do_ioprio_get \ - do_ioprio_set \ - do_kcmp \ - do_kexec_load \ - do_keyctl \ - do_kill \ - do_lgetxattr \ - do_link \ - do_linkat \ - do_listxattr \ - do_llistxattr \ - do_lookup_dcookie \ - do_lremovexattr \ - do_lsetxattr \ - do_lstat \ - do_migrate_pages \ - do_mlock \ - do_mlockall \ - do_mount \ - do_move_pages \ - do_open_by_handle_at \ - do_pivot_root \ - do_prctl \ - do_prlimit \ - do_process_vm_readv \ - do_process_vm_writev \ - do_ptrace \ - do_quotactl \ - do_readlink \ - do_readlinkat \ - do_reboot \ - do_removexattr \ - do_rename \ - do_renameat \ - do_request_key \ - do_rmdir \ - do_sched_getaffinity \ - do_sched_getparam \ - do_sched_getscheduler \ - do_sched_rr_get_interval \ - do_sched_setaffinity \ - do_sched_setparam \ - do_sched_setscheduler \ - do_set_robust_list \ - do_setfsgid \ - do_setfsuid \ - do_setgid \ - do_setgroups \ - do_sethostname \ - do_setdomainname \ - do_setns \ - do_setpgid \ - do_setpriority \ - do_setregid \ - do_setresgid \ - do_setresuid \ - do_setreuid \ - do_setrlimit \ - do_settimeofday \ - do_setuid \ - do_setxattr \ - do_socketcall \ - do_stat \ - do_statfs \ - do_stime \ - do_swapoff \ - do_swapon \ - do_syslog \ - do_tgkill \ - do_tkill \ - do_truncate \ - do_truncate64 \ - do_umask \ - do_umount \ - do_uname \ - do_unlink \ - do_unlinkat \ - do_unshare \ - do_uselib \ - do_utime \ - do_utimensat \ - do_utimes \ - do_vhangup - -ifneq ($(MACHINE), aarch64) -ALL_EXE += do_chown \ - do_lchown -endif -ifeq ($(MODE), 32) -ifeq ($(MACHINE), ppc64) -ALL_EXE += $(ONLY32P_EXE) -else -ifeq ($(MACHINE), s390x) -ALL_EXE += $(ONLY32Z_EXE) -else -ALL_EXE += $(ONLY32_EXE) -endif -endif -endif -ifeq ($(MACHINE), arm) -ALL_EXE += $(ONLY32_EXE) +$(MQ_EXE): LDLIBS += -lrt +ifdef LSM_SELINUX +$(MQ_EXE): LDLIBS += -lselinux endif +# additional specific library rules +do_clock_settime: LDLIBS += -lrt +do_capset: LDLIBS += -lcap -ifeq ($(MACHINE), ia64) -ALL_EXE += $(ONLYIA64_EXE) -else -ifeq ($(MACHINE), ppc64) -ALL_EXE += $(ONLYPPC_EXE) -else -ifneq ($(MACHINE), aarch64) -ALL_EXE += $(ONLY86_EXE) -endif -endif -endif +# +# syscall inclusion according to relevancy +# -$(CAPS_EXE): LDLIBS += -lcap -ifdef LSM_SELINUX -$(CREATE_EXE): LDLIBS += -lselinux -$(MQ_EXE): LDLIBS += -lrt -lselinux -else -$(MQ_EXE): LDLIBS += -lrt -endif -$(RT_EXE): LDLIBS += -lrt +ALL_EXE := $(addprefix do_,$(SCREL_SYSCALLS)) all: $(ALL_EXE) -- 1.8.3.1 |
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:56:03
|
Signed-off-by: Jiri Jaburek <jja...@re...>
---
audit-test/utils/functions.bash | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/audit-test/utils/functions.bash b/audit-test/utils/functions.bash
index 3acba0e..765c5c3 100644
--- a/audit-test/utils/functions.bash
+++ b/audit-test/utils/functions.bash
@@ -280,6 +280,16 @@ function is_fips {
return 0
}
+# check syscall relevancy to currently running system
+#
+# returns 0 if a syscall is relevant, 1 otherwise
+sc_is_relevant()
+{
+ local sc=
+ for sc in $SCREL_SYSCALLS; do [ "$sc" = "$1" ] && return 0; done
+ return 1
+}
+
######################################################################
# service functions
######################################################################
--
1.8.3.1
|
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:56:08
|
Signed-off-by: Jiri Jaburek <jja...@re...>
---
audit-test/syscalls/cap-run.conf | 54 ----------------------------------------
audit-test/syscalls/dac-run.conf | 40 -----------------------------
audit-test/syscalls/mac-run.conf | 37 ---------------------------
audit-test/syscalls/run.conf | 5 +++-
4 files changed, 4 insertions(+), 132 deletions(-)
diff --git a/audit-test/syscalls/cap-run.conf b/audit-test/syscalls/cap-run.conf
index 8d440fc..c89d2ca 100644
--- a/audit-test/syscalls/cap-run.conf
+++ b/audit-test/syscalls/cap-run.conf
@@ -54,10 +54,8 @@
## 3. Check the audit log for the correct syscall result
+ chown perm=file_priv flag=root expres=success user=super
+ chown perm=file_priv flag=root expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ chown32 perm=file_priv flag=root expres=success user=super
+ chown32 perm=file_priv flag=root expres=fail user=test
-fi
## SYSCALL: fchmod()
## PURPOSE:
@@ -99,10 +97,8 @@ fi
## 3. Check the audit log for the correct syscall result
+ fchown perm=file_priv flag=root expres=success user=super
+ fchown perm=file_priv flag=root expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ fchown32 perm=file_priv flag=root expres=success user=super
+ fchown32 perm=file_priv flag=root expres=fail user=test
-fi
## SYSCALL: fchownat()
## PURPOSE:
@@ -127,10 +123,8 @@ fi
## 3. Check the audit log for the correct syscall result
+ lchown perm=file_priv flag=root expres=success user=super
+ lchown perm=file_priv flag=root expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ lchown32 perm=file_priv flag=root expres=success user=super
+ lchown32 perm=file_priv flag=root expres=fail user=test
-fi
## SYSCALL: umask()
## PURPOSE:
@@ -221,18 +215,14 @@ fi
## syscall using the value of flag to determine the control operation;
## verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ msgctl perm=msg_id_remove expres=success user=super
+ msgctl perm=msg_id_remove expres=fail user=test
+ msgctl perm=msg_id_set expres=success user=super
+ msgctl perm=msg_id_set expres=fail user=test
-else
+ ipc op=msgctl perm=msg_id_remove expres=success user=super
+ ipc op=msgctl perm=msg_id_remove expres=fail user=test
+ ipc op=msgctl perm=msg_id_set expres=success user=super
+ ipc op=msgctl perm=msg_id_set expres=fail user=test
-fi
## SYSCALL: semctl(), ipc()
## PURPOSE:
@@ -251,18 +241,14 @@ fi
## syscall using the value of flag to determine the control operation;
## verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ semctl perm=sem_id_remove expres=success user=super
+ semctl perm=sem_id_remove expres=fail user=test
+ semctl perm=sem_id_set expres=success user=super
+ semctl perm=sem_id_set expres=fail user=test
-else
+ ipc op=semctl perm=sem_id_remove expres=success user=super
+ ipc op=semctl perm=sem_id_remove expres=fail user=test
+ ipc op=semctl perm=sem_id_set expres=success user=super
+ ipc op=semctl perm=sem_id_set expres=fail user=test
-fi
## SYSCALL: shmctl(), ipc()
## PURPOSE:
@@ -281,18 +267,14 @@ fi
## syscall using the value of flag to determine the control operation;
## verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ shmctl perm=shm_id_remove expres=success user=super
+ shmctl perm=shm_id_remove expres=fail user=test
+ shmctl perm=shm_id_set expres=success user=super
+ shmctl perm=shm_id_set expres=fail user=test
-else
+ ipc op=shmctl perm=shm_id_remove expres=success user=super
+ ipc op=shmctl perm=shm_id_remove expres=fail user=test
+ ipc op=shmctl perm=shm_id_set expres=success user=super
+ ipc op=shmctl perm=shm_id_set expres=fail user=test
-fi
##
## NETWORK and I/O syscalls
@@ -308,14 +290,10 @@ fi
## 1b. If expres=fail, execute the test process as a regular user and
## attempt to bind a privileged port, verify the result.
## 2. Check the audit log for the correct syscall result
-if [[ $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ]]; then
+ bind perm=port_priv expres=success user=super
+ bind perm=port_priv expres=fail user=test err=EACCES
-fi
-if [[ $MODE == 32 ]]; then
+ socketcall perm=port_priv op=bind expres=success user=super
+ socketcall perm=port_priv op=bind expres=fail user=test err=EACCES
-fi
## SYSCALL: ioctl()
## PURPOSE:
@@ -341,11 +319,8 @@ fi
## 1b. If expres=fail, execute the test process as a regular user and
## attempt to set port permission bits, verify the result.
## 2. Check the audit log for the correct syscall result
-if [[ $MODE == 32 &&
- $ARCH != "PPC" && $ARCH != "s390x" && $ARCH != "arm" ]]; then
+ ioperm perm=io_perm expres=success user=super
+ ioperm perm=io_perm expres=fail user=test
-fi
## SYSCALL: iopl()
## PURPOSE:
@@ -357,11 +332,8 @@ fi
## 1b. If expres=fail, execute the test process as a regular user and
## attempt to set process's the I/O privilege level, verify the result.
## 2. Check the audit log for the correct syscall result
-if [[ $MODE == 32 &&
- $ARCH != "PPC" && $ARCH != "s390x" && $ARCH != "arm" ]]; then
+ iopl perm=io_priv expres=success user=super
+ iopl perm=io_priv expres=fail user=test
-fi
##
## PROCESS CONTROL syscalls
@@ -379,10 +351,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ clone perm=process_newns expres=success user=super
+ clone perm=process_newns expres=fail user=test
-if [[ $HOSTTYPE == ia64 ]]; then
+ clone2 perm=process_newns expres=success user=super
+ clone2 perm=process_newns expres=fail user=test
-fi
## SYSCALL: fork(), vfork()
## PURPOSE:
@@ -394,18 +364,14 @@ fi
## 1b. If expres=fail, set RLIMIT_NPROC, execute the test process as a
## regular user and attempt to fork a child process, verify the result.
## 2. Check the audit log for the correct syscall result
-if [[ $HOSTTYPE != ia64 ]]; then
+ fork perm=process_nproc expres=success user=super \
testfunc=test_su_fork
+ fork perm=process_nproc expres=fail user=test err=EAGAIN \
testfunc=test_su_fork
-fi
-if [[ $HOSTTYPE != ia64 ]]; then
+ vfork perm=process_nproc expres=success user=super \
testfunc=test_su_fork
+ vfork perm=process_nproc expres=fail user=test err=EAGAIN \
testfunc=test_su_fork
-fi
## SYSCALL: ptrace()
## PURPOSE:
@@ -450,10 +416,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ setgroups perm=group_set flag=3 expres=success user=super
+ setgroups perm=group_set flag=3 expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setgroups32 perm=group_set flag=3 expres=success user=super
+ setgroups32 perm=group_set flag=3 expres=fail user=test
-fi
## SYSCALL: setfsgid()
## PURPOSE:
@@ -474,12 +438,10 @@ fi
testfunc=test_su_fsgid_set
+ setfsgid perm=fsgid_set flag=3 expres=success user=test \
tag=setfsgid__cap_fsgid_set_fail_test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setfsgid32 perm=fsgid_set flag=3 expres=success user=super \
testfunc=test_su_fsgid_set
+ setfsgid32 perm=fsgid_set flag=3 expres=success user=test \
tag=setfsgid32__cap_fsgid_set_fail_test
-fi
## SYSCALL: setfsuid()
## PURPOSE:
@@ -500,12 +462,10 @@ fi
testfunc=test_su_fsuid_set
+ setfsuid perm=fsuid_set flag=3 expres=success user=test \
tag=setfsuid__cap_fsuid_set_fail_test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setfsuid32 perm=fsuid_set flag=3 expres=success user=super \
testfunc=test_su_fsuid_set
+ setfsuid32 perm=fsuid_set flag=3 expres=success user=test \
tag=setfsuid32__cap_fsuid_set_fail_test
-fi
## SYSCALL: setgid()
## PURPOSE:
@@ -519,10 +479,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ setgid perm=gid_set flag=0 expres=success user=super
+ setgid perm=gid_set flag=0 expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setgid32 perm=gid_set flag=0 expres=success user=super
+ setgid32 perm=gid_set flag=0 expres=fail user=test
-fi
## SYSCALL: setregid()
## PURPOSE:
@@ -537,10 +495,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ setregid perm=gid_set flag=0 expres=success user=super
+ setregid perm=gid_set flag=0 expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setregid32 perm=gid_set flag=0 expres=success user=super
+ setregid32 perm=gid_set flag=0 expres=fail user=test
-fi
## SYSCALL: setresgid()
## PURPOSE:
@@ -555,10 +511,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ setresgid perm=gid_set flag=0 expres=success user=super
+ setresgid perm=gid_set flag=0 expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setresgid32 perm=gid_set flag=0 expres=success user=super
+ setresgid32 perm=gid_set flag=0 expres=fail user=test
-fi
## SYSCALL: setuid()
## PURPOSE:
@@ -572,10 +526,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ setuid perm=uid_set flag=0 expres=success user=super
+ setuid perm=uid_set flag=0 expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setuid32 perm=uid_set flag=0 expres=success user=super
+ setuid32 perm=uid_set flag=0 expres=fail user=test
-fi
## SYSCALL: setreuid()
## PURPOSE:
@@ -590,10 +542,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ setreuid perm=uid_set flag=0 expres=success user=super
+ setreuid perm=uid_set flag=0 expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setreuid32 perm=uid_set flag=0 expres=success user=super
+ setreuid32 perm=uid_set flag=0 expres=fail user=test
-fi
## SYSCALL: setresuid()
## PURPOSE:
@@ -608,10 +558,8 @@ fi
## 2. Check the audit log for the correct syscall result
+ setresuid perm=uid_set flag=0 expres=success user=super
+ setresuid perm=uid_set flag=0 expres=fail user=test
-if [[ $MODE == 32 && $ARCH != "PPC" ]]; then
+ setresuid32 perm=uid_set flag=0 expres=success user=super
+ setresuid32 perm=uid_set flag=0 expres=fail user=test
-fi
##
## TIME syscalls
@@ -669,10 +617,8 @@ fi
## 1b. If expres=fail, execute the test process as a regular user and
## attempt to set the time, verify the result.
## 2. Check the audit log for the correct syscall result
-if [[ $MODE == 32 ]]; then
+ stime perm=time_set expres=success user=super
+ stime perm=time_set expres=fail user=test
-fi
##
## XATTR syscalls
diff --git a/audit-test/syscalls/dac-run.conf b/audit-test/syscalls/dac-run.conf
index a03c637..99d716b 100644
--- a/audit-test/syscalls/dac-run.conf
+++ b/audit-test/syscalls/dac-run.conf
@@ -158,10 +158,8 @@
## that's what is reported in the audit.log, so that is what we need
## to search for. arch/x86/kernel/syscall_table_32.S tells us 192 is
## really mmap_pgoff. They did this for some compatibility reasons.
-if [[ $MODE == 32 ]]; then
+ mmap2 perm=mmap_file flag=PASS expres=success dacugo=user user=super
+ mmap2 perm=mmap_file flag=FAIL expres=fail dacugo=user user=super
-fi
## SYSCALL: open()
## PURPOSE:
@@ -337,10 +335,8 @@ fi
## 3. Check the audit log for the correct syscall result
+ truncate perm=file_write expres=success dacugo=user user=super
+ truncate perm=file_write expres=fail dacugo=user user=test
-if [[ $MODE == 32 ]]; then
+ truncate64 perm=file_write expres=success dacugo=user user=super
+ truncate64 perm=file_write expres=fail dacugo=user user=test
-fi
## SYSCALL: unlink()
## PURPOSE:
@@ -382,11 +378,9 @@ fi
## 2b. If expres=fail, execute the test process as another user and
## attempt to load the library, verify the result
## 3. Check the audit log for the correct syscall result
-if [[ $HOSTTYPE != x86_64 || $MODE == 32 ]]; then
+ uselib perm=file_exec expres=fail dacugo=user user=root err=ENOEXEC \
tag=uselib__dac_file_exec_success_user
+ uselib perm=file_exec expres=fail dacugo=user user=test
-fi
## SYSCALL: utime(), utimes(), utimensat()
## PURPOSE:
@@ -400,10 +394,8 @@ fi
## 2b. If expres=fail, execute the test process as another user and
## attempt to change the file's timestamps; verify the result
## 3. Check the audit log for the correct syscall result
-if [[ $HOSTTYPE != ia64 ]]; then
+ utime perm=file_write expres=success dacugo=user user=super
+ utime perm=file_write expres=fail dacugo=user user=test
-fi
+ utimes perm=file_write expres=success dacugo=user user=super
+ utimes perm=file_write expres=fail dacugo=user user=test
+ utimensat perm=file_write at=1 expres=success dacugo=user user=super
@@ -436,18 +428,14 @@ fi
## syscall using the value of flag to determine whether to open the message
## queue for read or write; verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ msgget perm=msg_key_read expres=success dacugo=user user=super
+ msgget perm=msg_key_read expres=fail dacugo=user user=test
+ msgget perm=msg_key_write expres=success dacugo=user user=super
+ msgget perm=msg_key_write expres=fail dacugo=user user=test
-else
+ ipc op=msgget perm=msg_key_read expres=success dacugo=user user=super
+ ipc op=msgget perm=msg_key_read expres=fail dacugo=user user=test
+ ipc op=msgget perm=msg_key_write expres=success dacugo=user user=super
+ ipc op=msgget perm=msg_key_write expres=fail dacugo=user user=test
-fi
## SYSCALL: msgrcv(), ipc()
## PURPOSE:
@@ -461,14 +449,10 @@ fi
## 2b. If expres=fail, execute the test process as another user and attempt to
## receive a message, verify the result
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ msgrcv perm=msg_id_recv expres=success dacugo=user user=super
+ msgrcv perm=msg_id_recv expres=fail dacugo=user user=test
-else
+ ipc op=msgrcv perm=msg_id_recv expres=success dacugo=user user=super
+ ipc op=msgrcv perm=msg_id_recv expres=fail dacugo=user user=test
-fi
## SYSCALL: msgsnd(), ipc()
## PURPOSE:
@@ -482,18 +466,14 @@ fi
## 2b. If expres=fail, execute the test process as another user and attempt to
## send a message, verify the result
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ msgsnd perm=msg_id_send msg="this is a test" expres=success dacugo=user \
user=super testfunc=test_su_msg_send
+ msgsnd perm=msg_id_send msg="this is a test" expres=fail dacugo=user \
user=test testfunc=test_su_msg_send
-else
+ ipc op=msgsnd perm=msg_id_send msg="this is a test" expres=success dacugo=user \
user=super testfunc=test_su_msg_send
+ ipc op=msgsnd perm=msg_id_send msg="this is a test" expres=fail dacugo=user \
user=test testfunc=test_su_msg_send
-fi
## SYSCALL: semget(), ipc()
## PURPOSE:
@@ -515,18 +495,14 @@ fi
## syscall using the value of flag to determine whether to open the
## semaphore set for read or write; verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ semget perm=sem_key_read expres=success dacugo=user user=super
+ semget perm=sem_key_read expres=fail dacugo=user user=test
+ semget perm=sem_key_write expres=success dacugo=user user=super
+ semget perm=sem_key_write expres=fail dacugo=user user=test
-else
+ ipc op=semget perm=sem_key_read expres=success dacugo=user user=super
+ ipc op=semget perm=sem_key_read expres=fail dacugo=user user=test
+ ipc op=semget perm=sem_key_write expres=success dacugo=user user=super
+ ipc op=semget perm=sem_key_write expres=fail dacugo=user user=test
-fi
## SYSCALL: semop(), ipc()
## PURPOSE:
@@ -541,14 +517,10 @@ fi
## 2b. If expres=fail, execute the test process as another user and attempt a
## read operation, verify the result
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ semop perm=sem_id_read expres=success dacugo=user user=super
+ semop perm=sem_id_read expres=fail dacugo=user user=test
-else
+ ipc op=semop perm=sem_id_read expres=success dacugo=user user=super
+ ipc op=semop perm=sem_id_read expres=fail dacugo=user user=test
-fi
## SYSCALL: semtimedop(), ipc()
## PURPOSE:
@@ -563,14 +535,10 @@ fi
## 2b. If expres=fail, execute the test process as another user and attempt a
## write operation, verify the result
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ semtimedop perm=sem_id_write expres=success dacugo=user user=super
+ semtimedop perm=sem_id_write expres=fail dacugo=user user=test
-else
+ ipc op=semtimedop perm=sem_id_write expres=success dacugo=user user=super
+ ipc op=semtimedop perm=sem_id_write expres=fail dacugo=user user=test
-fi
## SYSCALL: shmat(), ipc()
## PURPOSE:
@@ -589,20 +557,16 @@ fi
## syscall using the value of perm to determine whether to perform a read or
## write operation; verify the result
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ shmat perm=shm_id_read expres=success dacugo=user user=super
+ shmat perm=shm_id_read expres=fail dacugo=user user=test
+ shmat perm=shm_id_write expres=success dacugo=user user=super
+ shmat perm=shm_id_write expres=fail dacugo=user user=test
-else
+ ipc op=shmat perm=shm_id_read expres=success dacugo=user user=super \
augrokfunc=augrok_op_no_exit
+ ipc op=shmat perm=shm_id_read expres=fail dacugo=user user=test
+ ipc op=shmat perm=shm_id_write expres=success dacugo=user user=super \
augrokfunc=augrok_op_no_exit
+ ipc op=shmat perm=shm_id_write expres=fail dacugo=user user=test
-fi
## SYSCALL: shmget(), ipc()
## PURPOSE:
@@ -625,18 +589,14 @@ fi
## syscall using the value of flag to determine whether to request the
## shared memory segment for read or write; verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ shmget perm=shm_key_read expres=success dacugo=user user=super
+ shmget perm=shm_key_read expres=fail dacugo=user user=test
+ shmget perm=shm_key_write expres=success dacugo=user user=super
+ shmget perm=shm_key_write expres=fail dacugo=user user=test
-else
+ ipc op=shmget perm=shm_key_read expres=success dacugo=user user=super
+ ipc op=shmget perm=shm_key_read expres=fail dacugo=user user=test
+ ipc op=shmget perm=shm_key_write expres=success dacugo=user user=super
+ ipc op=shmget perm=shm_key_write expres=fail dacugo=user user=test
-fi
##
## XATTR syscalls
diff --git a/audit-test/syscalls/mac-run.conf b/audit-test/syscalls/mac-run.conf
index 2f73d0d..5127a01 100644
--- a/audit-test/syscalls/mac-run.conf
+++ b/audit-test/syscalls/mac-run.conf
@@ -594,10 +594,8 @@
## 3. Check the audit log for the correct syscall result
+ truncate perm=file_write expres=success mlsop=eq
+ truncate perm=file_write expres=fail mlsop=domby
-if [[ $MODE == 32 ]]; then
+ truncate64 perm=file_write expres=success mlsop=eq
+ truncate64 perm=file_write expres=fail mlsop=incomp
-fi
## SYSCALL: unlink()
## PURPOSE:
@@ -667,7 +665,6 @@ fi
## 2. Execute the test process and attempt the uselib() syscall, verify
## the results
## 3. Check the audit log for the correct syscall result
-if [[ $HOSTTYPE != x86_64 || $MODE == 32 ]]; then
## TESTCASE: mac success (eq)
+ uselib perm=file_exec expres=fail mlsop=eq err=ENOEXEC \
tag=uselib__mac_file_exec_success_subj_eq_obj
@@ -678,7 +675,6 @@ if [[ $HOSTTYPE != x86_64 || $MODE == 32 ]]; then
+ uselib perm=file_exec expres=fail mlsop=domby
## TESTCASE: mac failure (incomp)
+ uselib perm=file_exec expres=fail mlsop=incomp
-fi
##
## IPC syscalls
@@ -702,8 +698,6 @@ fi
## test process requests the message queue for read or write depending on
## the 'perm' value '*_read' or '*_write'. Verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ msgget perm=msg_key_read expres=success mlsop=eq
+ msgget perm=msg_key_read expres=success mlsop=dom
+ msgget perm=msg_key_read expres=fail mlsop=domby
@@ -712,7 +706,6 @@ if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
+ msgget perm=msg_key_write expres=fail mlsop=dom
+ msgget perm=msg_key_write expres=fail mlsop=domby
+ msgget perm=msg_key_write expres=fail mlsop=incomp
-else
+ ipc op=msgget perm=msg_key_read expres=success mlsop=eq
+ ipc op=msgget perm=msg_key_read expres=success mlsop=dom
+ ipc op=msgget perm=msg_key_read expres=fail mlsop=domby
@@ -721,7 +714,6 @@ else
+ ipc op=msgget perm=msg_key_write expres=fail mlsop=dom
+ ipc op=msgget perm=msg_key_write expres=fail mlsop=domby
+ ipc op=msgget perm=msg_key_write expres=fail mlsop=incomp
-fi
## SYSCALL: msgrcv(), ipc()
## PURPOSE:
@@ -738,18 +730,14 @@ fi
## the ipc() syscall the function is determined by the 'op' variable.
## Verify the result.
## 4. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ msgrcv perm=msg_id_recv expres=success mlsop=eq
+ msgrcv perm=msg_id_recv expres=success mlsop=dom
+ msgrcv perm=msg_id_recv expres=fail mlsop=domby
+ msgrcv perm=msg_id_recv expres=fail mlsop=incomp
-else
+ ipc op=msgrcv perm=msg_id_recv expres=success mlsop=eq
+ ipc op=msgrcv perm=msg_id_recv expres=success mlsop=dom
+ ipc op=msgrcv perm=msg_id_recv expres=fail mlsop=domby
+ ipc op=msgrcv perm=msg_id_recv expres=fail mlsop=incomp
-fi
## SYSCALL: msgsnd(), ipc()
## PURPOSE:
@@ -765,8 +753,6 @@ fi
## the ipc() syscall the function is determined by the 'op' variable.
## Verify the result.
## 4. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ msgsnd perm=msg_id_send msg="this is a test" expres=success mlsop=eq \
testfunc=test_runcon_msg_send
+ msgsnd perm=msg_id_send msg="this is a test" expres=fail mlsop=dom \
@@ -775,7 +761,6 @@ if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
testfunc=test_runcon_msg_send
+ msgsnd perm=msg_id_send msg="this is a test" expres=fail mlsop=incomp \
testfunc=test_runcon_msg_send
-else
+ ipc op=msgsnd perm=msg_id_send msg="this is a test" expres=success mlsop=eq \
testfunc=test_runcon_msg_send
+ ipc op=msgsnd perm=msg_id_send msg="this is a test" expres=fail mlsop=dom \
@@ -784,7 +769,6 @@ else
testfunc=test_runcon_msg_send
+ ipc op=msgsnd perm=msg_id_send msg="this is a test" expres=fail mlsop=incomp \
testfunc=test_runcon_msg_send
-fi
## SYSCALL: semget(), ipc()
## PURPOSE:
@@ -804,8 +788,6 @@ fi
## test process requests the semaphore set for read or write depending on
## the 'perm' value '*_read' or '*_write'. Verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ semget perm=sem_key_read expres=success mlsop=eq
+ semget perm=sem_key_read expres=success mlsop=dom
+ semget perm=sem_key_read expres=fail mlsop=domby
@@ -814,8 +796,6 @@ if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
+ semget perm=sem_key_write expres=fail mlsop=dom
+ semget perm=sem_key_write expres=fail mlsop=domby
+ semget perm=sem_key_write expres=fail mlsop=incomp
-else
-+ ipc op=semget perm=sem_key_read expres=success mlsop=eq
+ ipc op=semget perm=sem_key_read expres=success mlsop=dom
+ ipc op=semget perm=sem_key_read expres=fail mlsop=domby
+ ipc op=semget perm=sem_key_read expres=fail mlsop=incomp
@@ -823,7 +803,6 @@ else
+ ipc op=semget perm=sem_key_write expres=fail mlsop=dom
+ ipc op=semget perm=sem_key_write expres=fail mlsop=domby
+ ipc op=semget perm=sem_key_write expres=fail mlsop=incomp
-fi
## SYSCALL: semop(), ipc()
## PURPOSE:
@@ -839,18 +818,14 @@ fi
## read operation. With the ipc() syscall the function is determined by the
## 'op' variable. Verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ semop perm=sem_id_read expres=success mlsop=eq
+ semop perm=sem_id_read expres=success mlsop=dom
+ semop perm=sem_id_read expres=fail mlsop=domby
+ semop perm=sem_id_read expres=fail mlsop=incomp
-else
+ ipc op=semop perm=sem_id_read expres=success mlsop=eq
+ ipc op=semop perm=sem_id_read expres=success mlsop=dom
+ ipc op=semop perm=sem_id_read expres=fail mlsop=domby
+ ipc op=semop perm=sem_id_read expres=fail mlsop=incomp
-fi
## SYSCALL: semtimedop(), ipc()
## PURPOSE:
@@ -866,18 +841,14 @@ fi
## write operation. With the ipc() syscall the function is determined by the
## 'op' variable. Verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ semtimedop perm=sem_id_write expres=success mlsop=eq
+ semtimedop perm=sem_id_write expres=fail mlsop=dom
+ semtimedop perm=sem_id_write expres=fail mlsop=domby
+ semtimedop perm=sem_id_write expres=fail mlsop=incomp
-else
+ ipc op=semtimedop perm=sem_id_write expres=success mlsop=eq
+ ipc op=semtimedop perm=sem_id_write expres=fail mlsop=dom
+ ipc op=semtimedop perm=sem_id_write expres=fail mlsop=domby
+ ipc op=semtimedop perm=sem_id_write expres=fail mlsop=incomp
-fi
## SYSCALL: shmat(), ipc()
## PURPOSE:
@@ -898,8 +869,6 @@ fi
## 'perm' variable. With the ipc() syscall the function is determined by
## the 'op' variable. Verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ shmat perm=shm_id_read expres=success mlsop=eq
+ shmat perm=shm_id_read expres=success mlsop=dom
+ shmat perm=shm_id_read expres=fail mlsop=domby
@@ -908,7 +877,6 @@ if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
+ shmat perm=shm_id_write expres=fail mlsop=dom
+ shmat perm=shm_id_write expres=fail mlsop=domby
+ shmat perm=shm_id_write expres=fail mlsop=incomp
-else
+ ipc op=shmat perm=shm_id_read expres=success mlsop=eq \
augrokfunc=augrok_mls_op_label_no_exit
+ ipc op=shmat perm=shm_id_read expres=success mlsop=dom \
@@ -920,7 +888,6 @@ else
+ ipc op=shmat perm=shm_id_write expres=fail mlsop=dom
+ ipc op=shmat perm=shm_id_write expres=fail mlsop=domby
+ ipc op=shmat perm=shm_id_write expres=fail mlsop=incomp
-fi
## SYSCALL: shmget(), ipc()
## PURPOSE:
@@ -941,8 +908,6 @@ fi
## test process requests the shared memory segment for read or write
## depending on the 'perm' value '*_read' or '*_write'. Verify the result.
## 3. Check the audit log for the correct syscall result
-if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
- $ARCH == "arm" ]]; then
+ shmget perm=shm_key_read expres=success mlsop=eq
+ shmget perm=shm_key_read expres=success mlsop=dom
+ shmget perm=shm_key_read expres=fail mlsop=domby
@@ -951,7 +916,6 @@ if [[ ( $MODE == 64 && $ARCH != "PPC" && $ARCH != "s390x" ) ||
+ shmget perm=shm_key_write expres=fail mlsop=dom
+ shmget perm=shm_key_write expres=fail mlsop=domby
+ shmget perm=shm_key_write expres=fail mlsop=incomp
-else
+ ipc op=shmget perm=shm_key_read expres=success mlsop=eq
+ ipc op=shmget perm=shm_key_read expres=success mlsop=dom
+ ipc op=shmget perm=shm_key_read expres=fail mlsop=domby
@@ -960,7 +924,6 @@ else
+ ipc op=shmget perm=shm_key_write expres=fail mlsop=dom
+ ipc op=shmget perm=shm_key_write expres=fail mlsop=domby
+ ipc op=shmget perm=shm_key_write expres=fail mlsop=incomp
-fi
##
## MQ syscalls
diff --git a/audit-test/syscalls/run.conf b/audit-test/syscalls/run.conf
index daa53d8..a2577be 100644
--- a/audit-test/syscalls/run.conf
+++ b/audit-test/syscalls/run.conf
@@ -22,10 +22,13 @@ function + {
declare test=$1 tag # make sure it is not inherited from caller
shift
eval "$(parse_named "$@")" && [[ ${#unnamed[@]} -eq 0 ]] || exit_error
- set -- "$@" permtype="$permtype"
+
+ # if the test (syscall) is not relevant for this env, skip it
+ sc_is_relevant "$test" || return
# if $err or $tag haven't been supplied in run.conf, set based on $permtype.
# tags are constructed from named args that identify a unique testcase.
+ set -- "$@" permtype="$permtype"
## CAPABILITIES tests ##
if [[ $permtype == cap ]]; then
--
1.8.3.1
|
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:56:11
|
Signed-off-by: Jiri Jaburek <jja...@re...>
---
audit-test/network/run.conf | 125 ++++++++++++--------------------------------
1 file changed, 34 insertions(+), 91 deletions(-)
diff --git a/audit-test/network/run.conf b/audit-test/network/run.conf
index f59aa02..383ff88 100644
--- a/audit-test/network/run.conf
+++ b/audit-test/network/run.conf
@@ -540,64 +540,24 @@ function augrok_default {
expres_audit="no"
fi
- case $(uname -m)-$MODE in
- x86_64-64|ia64-64)
- params="--seek=$log_mark -m1 type==SYSCALL syscall=$syscall \
- success=$expres_audit exit=$exitval \
- pid=$pid auid=$(</proc/self/loginuid) \
- uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
- gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
- "$@""
- ;;
- x86_64-32)
- # socket calls are multiplexed onto the socketcall() syscall
- if [[ "$syscall" == "recvmmsg" ]]; then
- params="--seek=$log_mark -m1 type==SYSCALL \
- syscall=337 \
- success=$expres_audit exit=$exitval \
- pid=$pid auid=$(</proc/self/loginuid) \
- uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
- gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
- "$@""
- else
- params="--seek=$log_mark -m1 type==SYSCALL \
- syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
- success=$expres_audit exit=$exitval \
- pid=$pid auid=$(</proc/self/loginuid) \
- uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
- gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
- "$@""
- fi
- ;;
- ppc64-32)
- params="--seek=$log_mark -m1 type==SYSCALL \
- syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
- success=$expres_audit exit=$exitval \
- pid=$pid auid=$(</proc/self/loginuid) \
- uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
- gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
- "$@""
- ;;
- s390x-32)
- params="--seek=$log_mark -m1 type==SYSCALL \
- syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
- success=$expres_audit exit=$exitval \
- pid=$pid auid=$(</proc/self/loginuid) \
- uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
- gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
- "$@""
- ;;
- *)
- # socket calls are multiplexed onto the socketcall() syscall
- params="--seek=$log_mark -m1 type==SOCKETCALL \
- syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
- success=$expres_audit exit=$exitval \
- pid=$pid auid=$(</proc/self/loginuid) \
- uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
- gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
- "$@""
- ;;
- esac
+ if sc_is_relevant "$syscall"; then
+ params="--seek=$log_mark -m1 type==SYSCALL syscall=$syscall \
+ success=$expres_audit exit=$exitval \
+ pid=$pid auid=$(</proc/self/loginuid) \
+ uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
+ gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
+ "$@""
+ elif sc_is_relevant socketcall; then
+ params="--seek=$log_mark -m1 type==SYSCALL \
+ syscall=socketcall a0=$(get_sockcall_num_hex $syscall) \
+ success=$expres_audit exit=$exitval \
+ pid=$pid auid=$(</proc/self/loginuid) \
+ uid=$uid euid=$euid suid=$suid fsuid=$fsuid \
+ gid=$gid egid=$egid sgid=$sgid fsgid=$fsgid \
+ "$@""
+ else
+ exit_error "$syscall or socketcall not available"
+ fi
# we do this multiple times on failure to give the audit records time to
# appear in the log (recent distros can lag in recording audit records)
@@ -628,39 +588,22 @@ function augrok_default {
# test case.
#
function auwatch_default {
- declare sockcall_num
- declare syscall_name
- case $(uname -m)-$MODE in
- x86_64-64|ia64-64)
- syscall_name=$syscall
- if [[ "$syscall" == "accept4" ]]; then
- syscall="288"
- fi
- auditctl -a exit,always ${MODE:+-F arch=b$MODE} -S $syscall || \
- exit_error
- prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
- -S $syscall"
- syscall=$syscall_name
- ;;
- *)
- # socket calls are multiplexed onto the socketcall() syscall
- if [[ "$syscall" == "recvmmsg" ]]; then
- syscall_name=$syscall
- syscall="337"
- auditctl -a exit,always ${MODE:+-F arch=b$MODE} -S $syscall || \
- exit_error
- prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
- -S $syscall"
- syscall=$syscall_name
- else
- sockcall_num=$(get_sockcall_num $syscall)
- auditctl -a exit,always ${MODE:+-F arch=b$MODE} \
- -S socketcall -F a0=$sockcall_num || exit_error
- prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
- -S socketcall -F a0=$sockcall_num"
- fi
- ;;
- esac
+ declare scnum
+
+ if sc_is_relevant "$syscall"; then
+ auditctl -a exit,always ${MODE:+-F arch=b$MODE} \
+ -S $syscall || exit_error
+ prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
+ -S $syscall"
+ elif sc_is_relevant socketcall; then
+ scnum=$(get_sockcall_num $syscall)
+ auditctl -a exit,always ${MODE:+-F arch=b$MODE} \
+ -S socketcall -F a0=$scnum || exit_error
+ prepend_cleanup "auditctl -d exit,always ${MODE:+-F arch=b$MODE} \
+ -S socketcall -F a0=$scnum"
+ else
+ exit_error "$syscall or socketcall not available"
+ fi
}
######################################################################
--
1.8.3.1
|
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:56:15
|
x86_64, ppc64 and s390x taken from RHEL7 i686 taken from RHEL6 ia64 taken from RHEL5 Signed-off-by: Jiri Jaburek <jja...@re...> --- audit-test/utils/bin/relevancy | 128 ++++++++++++++++++++--------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/audit-test/utils/bin/relevancy b/audit-test/utils/bin/relevancy index 9b739f8..a4c08c5 100644 --- a/audit-test/utils/bin/relevancy +++ b/audit-test/utils/bin/relevancy @@ -6,42 +6,42 @@ # to highlight aliases in vim, use :match Operator /^alias\s\@=/ # <syscall> <archlist> -accept all -accept4 all +accept !s390x,!x86_64:32,!i686,all +accept4 !s390x,!x86_64:32,!i686,!ia64,all access all acct all add_key all adjtimex all -bind all +bind !s390x,!x86_64:32,!i686,all capset all chdir all chmod all chown !aarch64,all -chown32 all:32 +chown32 !ppc64,all:32 chroot all -clock_adjtime all +clock_adjtime !ia64,all # old kernel? clock_settime all clone all clone2 ia64 -connect all +connect !s390x,!x86_64:32,!i686,all creat all delete_module all -dummy all -dummy_group all +dummy all # not a syscall +dummy_group all # not a syscall execve all -fanotify_mark all +fanotify_mark !i686,!ia64,all # old kernel? fchmod all fchmodat all fchown all -fchown32 all:32 +fchown32 !ppc64,all:32 fchownat all fgetxattr all flistxattr all -fork x86_64 +fork !ia64,all # old kernel? fremovexattr all fsetxattr all fstat all -fstatat all +fstatat all # ??? ftruncate all futimesat all getegid all @@ -49,31 +49,31 @@ geteuid all getgid all getgroups all getpgid all -getpgrp all +getpgrp !ia64,all # old kernel? getpid all getppid all getresgid all getresuid all -getseconds all +getseconds all # ??? getsid all gettid all -gettimezone all +gettimezone all # ??? getuid all getxattr all init_module all inotify_add_watch all ioctl all -ioperm all:32 # revisit -iopl all:32 # revisit +ioperm !s390x:64,!ia64,all +iopl !s390x,!ia64,all ioprio_get all ioprio_set all -ipc all -kcmp all +ipc !x86_64:64,!ia64,all +kcmp !i686,!ia64,all # old kernel? kexec_load all keyctl all kill all lchown !aarch64,all -lchown32 all:32 +lchown32 !ppc64,all:32 lgetxattr all link all linkat all @@ -83,42 +83,42 @@ lookup_dcookie all lremovexattr all lsetxattr all lstat all -migrate_pages all +migrate_pages !s390x,all mkdir all mkdirat all mknod all mknodat all mlock all mlockall all -mmap2 all:32 +mmap2 ia64,all:32 mount all -move_pages all +move_pages !s390x,all mq_open all mq_unlink all -msgctl all -msgget all -msgrcv all -msgsnd all -nice all:32 +msgctl x86_64:64,ia64 +msgget x86_64:64,ia64 +msgrcv x86_64:64,ia64 +msgsnd x86_64:64,ia64 +nice !x86_64:64,!ia64,all open all -open_by_handle_at all +open_by_handle_at !i686,!ia64,all # old kernel? openat all -pciconfig_read ppc64 -pciconfig_write ppc64 +pciconfig_read ppc64,ia64 +pciconfig_write ppc64,ia64 pivot_root all prctl all -prlimit all -process_vm_readv all -process_vm_writev all +prlimit all # ??? +process_vm_readv !ia64,all # old kernel? +process_vm_writev !ia64,all # old kernel? ptrace all quotactl all read all readlink all readlinkat all reboot all -recvfrom all -recvmmsg all -recvmsg all +recvfrom !s390x,!x86_64:32,!i686,all +recvmmsg !s390x,all +recvmsg !s390x,!x86_64:32,!i686,all removexattr all rename all renameat all @@ -132,47 +132,47 @@ sched_rr_get_interval all sched_setaffinity all sched_setparam all sched_setscheduler all -semctl all -semget all -semop all -semtimedop all -send all -sendmsg all -sendto all +semctl x86_64:64,ia64 +semget x86_64:64,ia64 +semop x86_64:64,ia64 +semtimedop x86_64:64,ia64 +send ppc64,ia64 +sendmsg !s390x,!x86_64:32,!i686,all +sendto !s390x,!x86_64:32,!i686,all set_robust_list all setdomainname all setfsgid all -setfsgid32 all:32 +setfsgid32 !ppc64,all:32 setfsuid all -setfsuid32 all:32 +setfsuid32 !ppc64,all:32 setgid all -setgid32 all:32 +setgid32 !ppc64,all:32 setgroups all -setgroups32 all:32 +setgroups32 !ppc64,all:32 sethostname all -setns all +setns !ia64,all # old kernel? setpgid all setpriority all setregid all -setregid32 all:32 +setregid32 !ppc64,all:32 setresgid all -setresgid32 all:32 +setresgid32 !ppc64,all:32 setresuid all -setresuid32 all:32 +setresuid32 !ppc64,all:32 setreuid all -setreuid32 all:32 +setreuid32 !ppc64,all:32 setrlimit all settimeofday all setuid all -setuid32 all:32 +setuid32 !ppc64,all:32 setxattr all -shmat all -shmctl all -shmget all -socketcall all +shmat x86_64:64,ia64 +shmctl x86_64:64,ia64 +shmget x86_64:64,ia64 +socketcall !x86_64:64,!ia64,all stat all statfs all -stime all +stime ppc64,all:32 swapoff all swapon all symlink all @@ -181,16 +181,16 @@ syslog all tgkill all tkill all truncate all -truncate64 all +truncate64 all:32 umask all -umount all +umount !x86_64:64,all uname all unlink all unlinkat all unshare all uselib all -utime all -utimensat all +utime !ia64,all # old kernel? +utimensat !ia64,all # old kernel? utimes all -vfork x86_64 +vfork !ia64,all vhangup all -- 1.8.3.1 |
|
From: Jiri J. <jja...@re...> - 2014-10-08 16:56:19
|
--- audit-test/utils/bin/relevancy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit-test/utils/bin/relevancy b/audit-test/utils/bin/relevancy index a4c08c5..1e68870 100644 --- a/audit-test/utils/bin/relevancy +++ b/audit-test/utils/bin/relevancy @@ -188,7 +188,7 @@ uname all unlink all unlinkat all unshare all -uselib all +uselib !x86_64:64,all # exists, but returns ENOSYS utime !ia64,all # old kernel? utimensat !ia64,all # old kernel? utimes all -- 1.8.3.1 |
Thanks for helping keep SourceForge clean.
X