Re: [RFC PATCH] audit-testsuite: tests for subject and object correctness

On 2020-11-02 13:54, Casey Schaufler wrote: > Verify that there are subj= and obj= fields in a record > if and only if they are expected. A system without a security > module that provides these fields should not include them. > A system with multiple security modules providing these fields > (e.g. SELinux and AppArmor) should always provide "?" for the > data and also include a AUDIT_MAC_TASK_CONTEXTS or > AUDIT_MAC_OBJ_CONTEXTS record. The test uses the LSM list from > /sys/kernel/security/lsm to determine which format is expected. > > Signed-off-by: Casey Schaufler <casey(a)schaufler-ca.com&gt; > --- > tests/Makefile | 1 + > tests/multiple_contexts/Makefile | 12 +++ > tests/multiple_contexts/test | 166 +++++++++++++++++++++++++++++++ > 3 files changed, 179 insertions(+) > create mode 100644 tests/multiple_contexts/Makefile > create mode 100755 tests/multiple_contexts/test > > diff --git a/tests/Makefile b/tests/Makefile > index a7f242a..f20f6b1 100644 > --- a/tests/Makefile > +++ b/tests/Makefile > @@ -18,6 +18,7 @@ TESTS := \ > file_create \ > file_delete \ > file_rename \ > + multiple_contexts \ "context" is a bit ambiguous. Could this be named something to indicate a security context rather than any other sort, such as audit or user context?