Paul Moore

Test the ability to filter events based on the different SELinux attributes for both subjects and objects.

Add tests to filter events based on file permissions.

Not related to filesystem watches, test the ability to filter audit events based on individual files.

Add tests to for event filtering based on inode numbering; for obvious reasons this should also include the device major/minor filtering.

Test the ability to filter events based on file, dir, socket, link, char, block, and fifo files.

Different from filesystem watches, use the directory as an event filter.

Create tests to filter based on the associated device. The use of loopback devices could be helpful.

Add tests to filter based on syscall argument values; this may be difficult due to platform differences.

RFE: add tests for UID/GID event filtering

2

Add tests to filter on different UID/GID values, the list currently appears to be: - auid - uid - euid - suid - fsuid - obj_uid - gid - egid...

BUG: test 29 is broken on aarch64

7

It appears that commit 1852fe3d772914d848907f9d0656747776ed3f98 uncovered an issue on aarch64: ``` % ./regression -m c -T bpf-sim -b 29-sim-pseudo_syscall =============== Mon Oct 23 04:51:37 PM EDT 2023 =============== Regression Test...