BUG: some tests fail on RHEL-6 about audit-testsuite HOT 22 CLOSED

Test are running, there is just a minor issue in the test driver - auditctl is expected in /usr/sbin but located in /sbin, I will patch it. Most of the test failed, I have to investigate that. We should also introduce some logic to distinguish between rhel-6, rhel-7 and fedora tests.

from audit-testsuite.

Well I did my homework and check all the tests in RHEL6. Details are as follows.

Working

• syscalls_file
• user_msg

Broken but Compatible

• exec_execve - on RHEL6, it might take some time to populate events, test sometimes fails and sometimes passes, I hate adding sleeps to tests, but in this case adding 1s sleep before events before ausearch call makes it green

Broken

• file_* - are these tests for directory watches? Is it supposed to be working on RHEL6? Rules are added correctly but no syscalls are audited at all

Generally Broken

• login_tty - this test is broken for all distributions at the moment.

from audit-testsuite.

Great, thanks for looking into this, I think we can move this from Q to BUG.

from audit-testsuite.

Ok, I tracked down the problem with the file_* tests. The tempdir and tempfile functions don't honour the TEMPLATE assignment, so the intended file never gets created or tested. Testing with $filename = "$dir/$key";system("touch $filename"); works fine.

from audit-testsuite.

The login_tty test doesn't work on RHEL6 because that feature/bugfix hasn't been backported to RHEL6.

from audit-testsuite.

Not directly related to this issue, but in the process of debugging the tests, I found it difficult to parse the log output. It would be nice if there was a clear delimiter between each subdir test so when failures happen it is easier to see what part of the output goes with which test case.

from audit-testsuite.

from audit-testsuite.

Here's a quick and dirty tempfile TEMPLATE workaround for RHEL6: rgbriggs@4d0fddc

from audit-testsuite.

Here's a quick and dirty tempfile TEMPLATE workaround for RHEL6: rgbriggs@4d0fddc

Thanks guys for the help on this.

One of the things that is nice about tempfile() is the automatic cleanup when UNLINK is true. @rgbriggs you mention that RHEL-6.x doesn't honor the tempfile() TEMPLATE parameter, does it still generate a file if we omit the TEMPLATE parameter? The name/location of the temp file generally shouldn't be important to us (assuming it is created in a valid temp/writable location, but I think that is a safe assumption).

from audit-testsuite.

It still generates a file while seemingly ignoring the TEMPLATE parameter, so I assume it would generate the same pattern of file with the TEMPLATE parameter missing. The file was generated in a safe place. Knowing that the TEMPLATE parameter was ignored (or incorrect syntax of the supplied parameter?) then I would cast some doubt that the UNLINK parameter was honoured either.

from audit-testsuite.

It should be easy enough to verify if the UNLINK worked.

from audit-testsuite.

The UNLINK parameter was also ignored. There are temp files hanging around in /tmp/.

from audit-testsuite.

Thanks for checking, but that's a bummer. We definitely need to find an alternate method of creating, and cleaning up, temporary files that works on RHEL-6.x forward (yes, I'm intentionally ignoring RHEL-5.x).

from audit-testsuite.

The quick and dirty patch from #19 (comment) does clean up after itself. The tempdir command does reap the files from the touch system command.

from audit-testsuite.

So the TEMPLATE parameter works for tempdir() but not tempfile()? I didn't think that was the case based on your earlier comment, perhaps I misunderstood.

I don't see any rm/unlink actions in the quick n' dirty patch so the only way the temp files could be deleted is if $dir was deleted. What am I missing?

from audit-testsuite.

The TEMPLATE parameter appears to not work for either tempdir() or tempfile(), but it appears unlink works or defaults to on for tempdir() but not for tempfile(), which surprised me.

from audit-testsuite.

Huh, yeah, I wouldn't have guess that either. What a mess.

This unpredictability makes me wonder about the difficulty of doing our own temp file management.

from audit-testsuite.

Well, for other tests I've just been making tempfiles based on the unique key generated for the test and cleaning up after myself.

from audit-testsuite.

That may be the only reasonable solution, my only concern is cleanup in the case of abnormal termination, e.g. kill the test via Ctrl-C. That said, I'm not even sure the existing tempdir()/tempfile() solution handles this correctly, and I'm also not sure how much we should ultimately care about this; as long as everything is created under /tmp, artifacts under corner cases may be acceptable.

from audit-testsuite.

It actually might be good to have some "clean-up stack" which is called when test exits or is killed / aborted. For instance, when you create a temporary file, you just add a removing call-back onto clean-up stack. Callbacks from the stack are then called by some exit subroutine or from a signal handler. Does it make sense? I can open an issue and write something for demonstration and we can then decide whether it is useful or not...?

from audit-testsuite.

@The-Mule yes, that makes sense to me (and I think what the original tempfile/tempdir code did), I just don't currently know how to do signal/exit handlers in perl; if you can write up a demonstration I think that would be very helpful.

from audit-testsuite.

It's not clear how much effort we want to put into RHEL-6.x at this point so let's close this out for now.

from audit-testsuite.