summary: Smoke test for flush config option description: | Smoke testing that flush option setting works as expected. Valid values are none, incremental, incremental_async, data, and sync. * none - no special effort is made to flush the audit records to disk. * incremental - the freq parameter is used to determine how often an explicit flush to disk is issued. * incremental_async - very much like incremental except the flushing is done asynchronously for higher performance. * data - tells the audit daemon to keep the data portion of the disk file sync’d at all times. * sync - tells the audit daemon to keep both the data and meta-data fully sync’d with every write to disk. This is not a reliable way to test flush option thoroughly, it only test very basic sanity. In general, testing flush/freq options automatically and reliably via black-box testing is non-trivial. We can only test very basic sanity scenarios as follows: * flush=none - data are in the log at least when auditd is restarted * flush=incremental, freq=x - after x messages, data are in the log * flush=incremental_async, freq=x - after x messages, data are in the log * flush=data - data are in the log immediately * flush=sync - data are in the log immediately Without performance testing, we cannot distinguish between incremental and incremental_async strategy. We also cannot distinguish between data and sync without syscall "tracing". contact: Ondrej Moris component: - audit test: ./runtest.sh require: - library(audit/testing) recommend: - audit - bc duration: 30m enabled: true tag: - TIPfail_Security - fedora-wanted - NoTier link: - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1459065 extra-nitrate: TC#0545900 extra-summary: /CoreOS/audit/Sanity/flush extra-task: /CoreOS/audit/Sanity/flush