PURPOSE of /CoreOS/audit/Sanity/flush Description: Smoke test for flush config option Author: Ondrej Moris Smoke testing that flush option setting works as expected. Valid values are none, incremental, incremental_async, data, and sync. * none - no special effort is made to flush the audit records to disk. * incremental - the freq parameter is used to determine how often an explicit flush to disk is issued. * incremental_async - very much like incremental except the flushing is done asynchronously for higher performance. * data - tells the audit daemon to keep the data portion of the disk file sync’d at all times. * sync - tells the audit daemon to keep both the data and meta-data fully sync’d with every write to disk. This is not a reliable way to test flush option thoroughly, it only test very basic sanity. In general, testing flush/freq options automatically and reliably via black-box testing is non-trivial. We can only test very basic sanity scenarios as follows: * flush=none - data are in the log at least when auditd is restarted * flush=incremental, freq=x - after x messages, data are in the log * flush=incremental_async, freq=x - after x messages, data are in the log * flush=data - data are in the log immediately * flush=sync - data are in the log immediately Without performance testing, we cannot distinguish between incremental and incremental_async strategy. We also cannot distinguish between data and sync without syscall "tracing".