From Fedora Project Wiki

No edit summary
No edit summary
Line 11: Line 11:
#:<pre># systemctl start tuned.service</pre>
#:<pre># systemctl start tuned.service</pre>
# Do test for all available profiles in tuned:
# Do test for all available profiles in tuned:
#:<pre>for I in `tuned-adm list | grep "^- " | cut -d ' ' -f 2` ; do
#:<pre> # copy commands bellow to open terminal (as root)
setenforce 1
for I in `tuned-adm list | grep "^- " | cut -d ' ' -f 2` ; do
  dd if=/dev/null of=/var/log/audit/audit.log >& /dev/null
  dd if=/dev/null of=/var/log/audit/audit.log >& /dev/null
  tuned-adm active ; tuned-adm profile $I
  tuned-adm active ; tuned-adm profile $I

Revision as of 12:28, 10 October 2012

Description

This test case tests tests all profiles enable and try to fing if there happen selinux AVCs in all profiles

Setup

  1. Check that you have tuned package version 2 or newer installed:
    $ rpm -q tuned
    There must be installed tuned version 2 or newer (but not 1) and tuned-utils subpackage.
    • If not install it:
    # yum install tuned tuned-utils

How to test

  1. Start tuned (via systemd):
    # systemctl start tuned.service
  2. Do test for all available profiles in tuned:
     # copy commands bellow to open terminal (as root)
setenforce 1
for I in `tuned-adm list | grep "^- " | cut -d ' ' -f 2` ; do
dd if=/dev/null of=/var/log/audit/audit.log >& /dev/null
tuned-adm active ; tuned-adm profile $I
sleep 5
ausearch -m avc -m user_avc -i
done

Expected Results

  1. No AVC errors in profiles.
  2. In case there are some errors like bellow, please fill the bug:
    type=SYSCALL msg=audit(10/10/2012 08:11:23.095:165) : arch=x86_64 syscall=statfs success=no exit=-13(Permission denied) ...

.