Test process tracking across fork/clone even if these syscalls are fi… #388

Workflow file for this run

	on:
	push:
	paths:
	- src/**
	- audit-specs/**
	- build.rs
	- Cargo.toml
	- Cargo.lock
	- .github/workflows/build.yml
	tags-ignore:
	- "v*"
	pull_request:
	paths:
	- src/**
	- audit-specs/**
	- build.rs
	- Cargo.toml
	- Cargo.lock
	- .github/workflows/build.yml

	jobs:
	check_fmt:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- uses: actions-rs/toolchain@v1
	with:
	toolchain: stable

	- name: check formatting
	run: cargo fmt --check

	build_n_test:
	runs-on: ubuntu-latest
	container: ubuntu:latest
	steps:
	- uses: actions/checkout@v2
	- name: Install dependency
	run: \|
	apt-get -qq update
	apt-get -qqy dist-upgrade
	apt-get -qqy install curl build-essential libclang-dev libacl1-dev selinux-policy-dev libgoogle-perftools-dev

	- uses: actions-rs/toolchain@v1
	with:
	toolchain: stable

	- uses: actions/cache@v3
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	target/
	key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}"

	- run: cargo build
	- run: cargo test
	- run: cargo bench --no-run
	- run: make -C contrib/selinux

	build_static_musl:
	runs-on: ubuntu-latest
	container: alpine:3.18
	steps:
	- name: Prepare
	run: \|
	apk add git ca-certificates rust cargo clang-dev acl-static musl-dev linux-headers make pandoc
	apk add binutils file jq
	- uses: actions/checkout@v2
	- name: Build
	run: \|
	RUSTFLAGS='-C target-feature=+crt-static -L /lib -l static=acl' \
	cargo build --target x86_64-alpine-linux-musl
	make -C man
	- name: Show binary charcteristics
	run: \|
	set -x
	file target/x86_64-alpine-linux-musl/debug/laurel
	ldd target/x86_64-alpine-linux-musl/debug/laurel
	objdump -x target/x86_64-alpine-linux-musl/debug/laurel \| grep NEEDED \|\| true
	set +x
	if [ -n "$(objdump -x target/x86_64-alpine-linux-musl/debug/laurel \| grep NEEDED)" ]; then
	echo "laurel is linked against shared libraries" >&2
	exit 1
	fi

	build_dynamic_glibc:
	runs-on: ubuntu-latest
	container: debian:bookworm-slim
	steps:
	- name: Prepare
	run: \|
	apt-get -qq update
	apt-get -qqy upgrade
	apt-get -qqy install ca-certificates rustc cargo clang libacl1-dev jq file
	- uses: actions/checkout@v2
	- name: Build
	run: \|
	cargo build
	- name: Show binary charcteristics
	run: \|
	set -x
	file target/debug/laurel
	ldd target/debug/laurel
	objdump -x target/debug/laurel \| grep NEEDED \|\| true

	- name: Launch test
	run: \|
	pid1=$$
	pid2=$(($$ + 1000))
	pid3=$(($$ + 2000))
	now=$(date +%s)

	./target/debug/laurel <<EOF
	type=SYSCALL msg=audit($now.276:327308): arch=c000003e syscall=59 success=yes exit=0 a0=5645feb17d20 a1=5645feba4100 a2=5645feb24c30 a3=fffffffffffff286 items=3 ppid=$pid1 pid=$pid2 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts7 ses=3 comm="sh" exe="/usr/bin/dash" subj==unconfined key=(null)
	type=EXECVE msg=audit($now.276:327308): argc=3 a0="sh" a1="-c" a2="whoami"
	type=CWD msg=audit($now.276:327308): cwd="/home/user/tmp"
	type=PATH msg=audit($now.276:327308): item=0 name="/usr/bin/sh" inode=393917 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
	type=PATH msg=audit($now.276:327308): item=1 name="/usr/bin/sh" inode=393927 dev=fd:01 mode=0120777 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
	type=PATH msg=audit($now.276:327308): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=404798 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
	type=PROCTITLE msg=audit($now.276:327308): proctitle=7368002D630077686F616D69
	type=EOE msg=audit($now.276:327308):
	type=SYSCALL msg=audit($now.276:327309): arch=c000003e syscall=59 success=yes exit=0 a0=56362955c9c0 a1=56362955c858 a2=56362955c868 a3=8 items=3 ppid=$pid2 pid=$pid3 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts7 ses=3 comm="whoami" exe="/usr/bin/whoami" subj==unconfined key=(null)
	type=EXECVE msg=audit($now.276:327309): argc=1 a0="whoami"
	type=CWD msg=audit($now.276:327309): cwd="/home/user/tmp"
	type=PATH msg=audit($now.276:327309): item=0 name="/usr/bin/whoami" inode=393829 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
	type=PATH msg=audit($now.276:327309): item=1 name="/usr/bin/whoami" inode=393829 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
	type=PATH msg=audit($now.276:327309): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=404798 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
	type=PROCTITLE msg=audit($now.276:327309): proctitle="whoami"
	type=EOE msg=audit($now.276:327309):
	EOF

	jq . < audit.log

	build_dynamic_oldglibc:
	runs-on: ubuntu-latest
	container: centos:7
	steps:
	- name: Prepare
	run: \|
	yum -q -y update
	yum -q -y install centos-release-scl
	yum -q -y install gcc llvm-toolset-7-clang file libacl-devel
	- name: Install Rust toolchain (stable)
	uses: actions-rs/toolchain@v1
	with:
	profile: minimal
	toolchain: stable
	- uses: actions/checkout@v2
	- name: Build
	run: \|
	scl enable llvm-toolset-7 "cargo build"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test process tracking across fork/clone even if these syscalls are fi… #388

Workflow file

Test process tracking across fork/clone even if these syscalls are fi… #388

Jobs

Run details

Workflow file for this run