Profiler testing over Rhel86 observations

ctc-oss / fapolicy-analyzer

Tools to assist with the configuration and management of fapolicyd.

https://ctc-oss.github.io/fapolicy-analyzer

GNU General Public License v3.0

12 stars 5 forks source link

Profiler testing over Rhel86 observations #808

Closed tparchambault closed 1 year ago

tparchambault commented 1 year ago

Summary

Directly invoking fapolicyd --debug --permissive outputs to stderr not stdout wrt Profiler Tool Target Output pane section titles.
Specifying a user w/o specifying a working directory sets the working directory to the root user's HOME.
Specifying only the basename of a target binary while specifying a working directory, and a PATH env var results in no output in the Profiler Tool Target Output pane

Please see https://github.com/ctc-oss/fapolicy-analyzer/pull/770 for details and images.

jw3 commented 1 year ago

Thanks for these reports @tparchambault. Couple of easy fixes for the first two in #809. Third one is a good catch too, I'll add it to the same PR.

If you can pull the rpm from the PR and test it and let me know... before I merge :wink:

tparchambault commented 1 year ago

Currently testing over RHEL86 w/latest CI rpm...

jw3 commented 1 year ago

The last observation... With a specified user and unspecified working directory, the target is executed in the root user's home directory. The first iteration used the specified user's home directory as its pwd in the event the profiling target performed relative file r/w operations.

https://github.com/ctc-oss/fapolicy-analyzer/pull/770#issuecomment-1456746192

@tparchambault I am testing v0.6.8 and it doesnt appear that this is implemented back there

Profile the pwd command as user dave and the output is /root