Track security audit messages in test plans (master)

Description

We need to have a clear report of the applications/services/platform components creating security infringements (this is related to "running as non-root").

For this, it would be appreciated to have a specific "security report" posted along with test results.

Typically, creating a report with ' journalctl | grep "audit:" ' at the end of the tests could be a good start (to be refined).

Environment

None

Activity

Stephane Desneux

November 28, 2019 at 11:42 AM

Thanks Edi. That's good news

Edi Feschiyan

November 28, 2019 at 10:32 AM

@Stephane Desneux, I am testing master today again, SMACK is pretty quiet, I have restarted pipewire for tests and nothing is being denied or crashing due to SMACK policies so from my current experience with it everything seems taken care of in relation to audit messages/security policies.

Stephane Desneux

November 27, 2019 at 10:16 PM

I agree : we can probably close.

@Edi Feschiyan, just to keep up to date: do we still have audit messages in the logs that we should take care of?

Edi Feschiyan

November 27, 2019 at 1:35 PM

I suggest we close this ticket - I've been attaching full dmesg and journals since the beginning of September in every cycle.

The logs can be found in the "Core" tests per board.

Edi Feschiyan

August 29, 2019 at 11:23 AM

Okay, I'll do this for the next test cycle.

Resize work item view side panel

Fixed

Details

Assignee

Edi Feschiyan

Reporter

Stephane Desneux

Labels

ProposeClosing

Hardware Platform(s) Affected

Intel Minnowboard

Intel Upsquare

Raspberry Pi 3

Renesas H3

Renesas M3

Renesas M3+KF

Priority

Major

Created August 28, 2019 at 1:24 PM

Updated December 5, 2019 at 8:11 PM

Resolved November 27, 2019 at 1:36 PM