Not to be fixed
Created: Jun 13, 2016
Updated: Mar 6, 2019
Resolved Date: Feb 19, 2019
Found In Version: 8.0.0.6
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace
1) Prepare
#login as root and make sure audit is running
$ systemctl start auditd
$ newrole -r auditadm_r -- -c "/sbin/auditctl -l"
$ useradd t3
$ passwd t3
$ newrole -r auditadm_r
# No rules by now
$ auditctl -l
2) Add new rules
$ P=/home/t3/1
$ auditctl -w $P -k HOME
$ auditctl -l
# keep exiting until logout system
$ exit
3) login as t3 and do some operation
$ ls
$ pwd
/home/t3
$ echo "something written by normal_tester1 again" >> 1
$ ls -lt 1
$ cat 1
4) relogin as root and check the audit log
$ J=t3
$ newrole -r auditadm_r -l s15:c0.c1023 -- -c "/sbin/ausearch -k HOME -ue $J -c ls"
<no matches> found here
$ newrole -r auditadm_r -l s15:c0.c1023 -- -c "/sbin/ausearch -k HOME -ue $J -c cat"
<no matches> found here
configure --enable-test=yes --enable-board=intel-x86-64 --enable-rootfs=secure-core --enable-kernel=secure --with-template=feature/firewall,feature/ids-basic,feature/secure-backup,feature/session-manager,feature/task-scheduler,feature/selinux,feature/polyinstantiation,feature/secure-configuration,feature/package-management,feature/certification-test,feature/nfsd, --with-layer=/lpg-build/cdc/WASSP_LINUX_80/testcases/wrlinux/wr-testing/userspace --enable-reconfig --enable-internet-download=yes
make fs
start the board with selinux=1, enforcing=1