Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
|
|
|
# $FreeBSD$
|
|
|
|
|
|
|
|
|
|
TESTSDIR= ${TESTSBASE}/sys/audit
|
|
|
|
|
|
2018-06-10 21:36:29 +00:00
|
|
|
ATF_TESTS_C= file-attribute-access
|
2018-06-14 14:53:01 +00:00
|
|
|
ATF_TESTS_C+= file-attribute-modify
|
2018-06-10 21:36:29 +00:00
|
|
|
ATF_TESTS_C+= file-create
|
2018-06-01 21:24:10 +00:00
|
|
|
ATF_TESTS_C+= file-delete
|
2018-06-03 23:36:29 +00:00
|
|
|
ATF_TESTS_C+= file-close
|
2018-06-01 16:23:47 +00:00
|
|
|
ATF_TESTS_C+= file-write
|
2018-06-01 01:37:07 +00:00
|
|
|
ATF_TESTS_C+= file-read
|
2018-06-05 20:13:24 +00:00
|
|
|
ATF_TESTS_C+= open
|
2018-06-19 01:32:33 +00:00
|
|
|
ATF_TESTS_C+= ioctl
|
2018-06-15 16:41:28 +00:00
|
|
|
ATF_TESTS_C+= network
|
2018-06-16 18:22:35 +00:00
|
|
|
ATF_TESTS_C+= inter-process
|
2018-06-17 16:24:46 +00:00
|
|
|
ATF_TESTS_C+= administrative
|
audit(4): add tests for the process-control audit class
Tested syscalls include rfork(2), chdir(2), fchdir(2), chroot(2),
getresuid(2), getresgid(2), setpriority(2), setgroups(2), setpgrp(2),
setrlimit(2), setlogin(2), mlock(2), munlock(2), minherit(2), rtprio(2),
profil(2), ktrace(2), ptrace(2), fork(2), umask(2), setuid(2), setgid(2),
seteuid(2), and setegid(2). The last six are only tested in the success
case, either because they're infalliable or a failure is difficult to cause
on-demand.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15966
2018-06-26 20:26:57 +00:00
|
|
|
ATF_TESTS_C+= process-control
|
2018-07-29 20:34:44 +00:00
|
|
|
ATF_TESTS_C+= miscellaneous
|
Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
|
|
|
|
2018-06-10 21:36:29 +00:00
|
|
|
SRCS.file-attribute-access+= file-attribute-access.c
|
|
|
|
|
SRCS.file-attribute-access+= utils.c
|
2018-06-14 13:42:58 +00:00
|
|
|
SRCS.file-attribute-modify+= file-attribute-modify.c
|
|
|
|
|
SRCS.file-attribute-modify+= utils.c
|
Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
|
|
|
SRCS.file-create+= file-create.c
|
|
|
|
|
SRCS.file-create+= utils.c
|
2018-06-01 21:24:10 +00:00
|
|
|
SRCS.file-delete+= file-delete.c
|
|
|
|
|
SRCS.file-delete+= utils.c
|
2018-06-03 23:36:29 +00:00
|
|
|
SRCS.file-close+= file-close.c
|
|
|
|
|
SRCS.file-close+= utils.c
|
2018-06-01 16:23:47 +00:00
|
|
|
SRCS.file-write+= file-write.c
|
|
|
|
|
SRCS.file-write+= utils.c
|
2018-06-01 01:37:07 +00:00
|
|
|
SRCS.file-read+= file-read.c
|
|
|
|
|
SRCS.file-read+= utils.c
|
2018-06-05 20:13:24 +00:00
|
|
|
SRCS.open+= open.c
|
|
|
|
|
SRCS.open+= utils.c
|
2018-06-19 01:32:33 +00:00
|
|
|
SRCS.ioctl+= ioctl.c
|
|
|
|
|
SRCS.ioctl+= utils.c
|
2018-06-15 16:41:28 +00:00
|
|
|
SRCS.network+= network.c
|
|
|
|
|
SRCS.network+= utils.c
|
2018-06-16 18:22:35 +00:00
|
|
|
SRCS.inter-process+= inter-process.c
|
|
|
|
|
SRCS.inter-process+= utils.c
|
2018-06-17 16:24:46 +00:00
|
|
|
SRCS.administrative+= administrative.c
|
|
|
|
|
SRCS.administrative+= utils.c
|
audit(4): add tests for the process-control audit class
Tested syscalls include rfork(2), chdir(2), fchdir(2), chroot(2),
getresuid(2), getresgid(2), setpriority(2), setgroups(2), setpgrp(2),
setrlimit(2), setlogin(2), mlock(2), munlock(2), minherit(2), rtprio(2),
profil(2), ktrace(2), ptrace(2), fork(2), umask(2), setuid(2), setgid(2),
seteuid(2), and setegid(2). The last six are only tested in the success
case, either because they're infalliable or a failure is difficult to cause
on-demand.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15966
2018-06-26 20:26:57 +00:00
|
|
|
SRCS.process-control+= process-control.c
|
|
|
|
|
SRCS.process-control+= utils.c
|
2018-07-29 20:34:44 +00:00
|
|
|
SRCS.miscellaneous+= miscellaneous.c
|
|
|
|
|
SRCS.miscellaneous+= utils.c
|
Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
|
|
|
|
|
|
|
|
TEST_METADATA+= timeout="30"
|
|
|
|
|
TEST_METADATA+= required_user="root"
|
2021-02-18 10:14:27 +00:00
|
|
|
# Only one process can be auditing, if we attempt to run these tests in parallel
|
|
|
|
|
# some of them will fail to start auditing.
|
|
|
|
|
# TODO: it would be nice to be able to run them in parallel with other non-audit
|
|
|
|
|
# tests using some internal form of synchronization.
|
|
|
|
|
# TODO: In addititon to test failures, running in parallel can trigger a kernel
|
|
|
|
|
# panic: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253616
|
2018-06-01 21:24:10 +00:00
|
|
|
TEST_METADATA+= is_exclusive="true"
|
2020-06-18 15:41:16 +00:00
|
|
|
TEST_METADATA+= required_files="/etc/rc.d/auditd /dev/auditpipe"
|
Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
|
|
|
|
2021-02-19 01:41:33 +00:00
|
|
|
MK_PIE:= no # XXX libprivateauditd.a is not PIE
|
2018-06-03 23:36:29 +00:00
|
|
|
LDFLAGS+= -lbsm -lutil
|
2021-02-18 10:14:27 +00:00
|
|
|
OPENBSMDIR=${SRCTOP}/contrib/openbsm
|
|
|
|
|
CFLAGS+= -I${OPENBSMDIR}
|
|
|
|
|
LDADD+= ${LIBAUDITD}
|
Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
|
|
|
|
2019-04-01 14:21:32 +00:00
|
|
|
CFLAGS.process-control.c+= -I${SRCTOP}/tests
|
|
|
|
|
|
Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12. The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
|
|
|
.include <bsd.test.mk>
|
