From Fedora Project Wiki
No edit summary |
No edit summary |
||
Line 11: | Line 11: | ||
#:<pre># systemctl start tuned.service</pre> | #:<pre># systemctl start tuned.service</pre> | ||
# Do test for all available profiles in tuned: | # Do test for all available profiles in tuned: | ||
#:<pre>for I in `tuned-adm list | grep "^- " | cut -d ' ' -f 2` ; do | #:<pre> # copy commands bellow to open terminal (as root) | ||
setenforce 1 | |||
for I in `tuned-adm list | grep "^- " | cut -d ' ' -f 2` ; do | |||
dd if=/dev/null of=/var/log/audit/audit.log >& /dev/null | dd if=/dev/null of=/var/log/audit/audit.log >& /dev/null | ||
tuned-adm active ; tuned-adm profile $I | tuned-adm active ; tuned-adm profile $I |
Revision as of 12:28, 10 October 2012
Description
This test case tests tests all profiles enable and try to fing if there happen selinux AVCs in all profiles
Setup
- Check that you have
tuned package
version 2 or newer installed:$ rpm -q tuned
- There must be installed tuned version 2 or newer (but not 1) and tuned-utils subpackage.
- If not install it:
# yum install tuned tuned-utils
How to test
- Start tuned (via systemd):
# systemctl start tuned.service
- Do test for all available profiles in tuned:
# copy commands bellow to open terminal (as root)
setenforce 1 for I in `tuned-adm list | grep "^- " | cut -d ' ' -f 2` ; do dd if=/dev/null of=/var/log/audit/audit.log >& /dev/null tuned-adm active ; tuned-adm profile $I sleep 5 ausearch -m avc -m user_avc -i done
Expected Results
- No AVC errors in profiles.
- In case there are some errors like bellow, please fill the bug:
type=SYSCALL msg=audit(10/10/2012 08:11:23.095:165) : arch=x86_64 syscall=statfs success=no exit=-13(Permission denied) ...
.