search

ctc-oss / fapolicy-analyzer

Tools to assist with the configuration and management of fapolicyd.
https://ctc-oss.github.io/fapolicy-analyzer
GNU General Public License v3.0
12 stars 5 forks source link

Analyzer Time Selection button not working #832

Closed egbicker closed 1 year ago

egbicker commented 1 year ago

When analyzing the syslog entries, adjusting the time filter to a value less than the latest entry does not remove that entry from displaying. Replicate:

  1. cp /usr/bin/ls /usr/bin/my-ls
  2. Add deny_syslog perm=open all : trust=1 to the rules file
  3. start fapolicyd
  4. su to a non-root user
  5. run my-ls
  6. Let a few minutes pass
  7. Launch fapolicy-analyzer and Analyze -> Syslog
  8. See that there is a syslog entry for my-ls
  9. Adjust the time filter to 1 minute
  10. View that the same syslog entry that is older than 1 minute is still present