Description

This test case tests tests all profiles enable and try to fing if there happen selinux AVCs in all profiles

Setup

1. Check that you have tuned package version 2 or newer installed:

   $ rpm -q tuned

   There must be installed tuned version 2 or newer (but not 1) and tuned-utils subpackage.

   • If not install it:

   # yum install tuned tuned-utils

How to test

1. Start tuned (via systemd):

   # systemctl start tuned.service

2. List all available profiles:

   for I in `tuned-adm list | grep "^- " | cut -d ' ' -f 2` ; do dd if=/dev/null of=/var/log/audit/audit.log >& /dev/null; tuned-adm active ; tuned-adm profile $I ; sleep 5; ausearch -m avc -m user_avc -i ; done

Expected Results

1. No AVC errors in profiles.
2. In case there are some errors like bellow, please fill the bug:

   type=SYSCALL msg=audit(10/10/2012 08:11:23.095:165) : arch=x86_64 syscall=statfs success=no exit=-13(Permission denied) a0=0x9370d0 a1=0x7fffab314cd0 a2=0x7fffab314dd0 a3=0x11 items=0 ppid=12200 pid=12201 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=df exe=/usr/bin/df subj=system_u:system_r:tuned_t:s0 key=(null)

type=AVC msg=audit(10/10/2012 08:11:23.095:165) : avc: denied { getattr } for pid=12201 comm=df name=/ dev="mqueue" ino=7335 scontext=system_u:system_r:tuned_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem

.