From 6493425e76a21a5f92ccea105dcde14fc0d2ef4a Mon Sep 17 00:00:00 2001
From: Yanqiu Zhang <yanqzhan@redhat.com>
Date: Tue, 24 Sep 2024 00:06:47 -0400
Subject: [PATCH] tpm_device.py: clean audit before vm start

Cleaning audit logs should be before vm start, and need clean all
audit.log*(.1, .2, etc) files. Also move it later to wait more time.
And replace ausearch cmd since it can not capture well sometimes,
audit.log can reflect actual info instead.

Signed-off-by: Yanqiu Zhang <yanqzhan@redhat.com>
---
 libvirt/tests/cfg/virtual_device/tpm_device.cfg |  2 +-
 libvirt/tests/src/virtual_device/tpm_device.py  | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/libvirt/tests/cfg/virtual_device/tpm_device.cfg b/libvirt/tests/cfg/virtual_device/tpm_device.cfg
index 4fd1077232..bd3c6f10fa 100644
--- a/libvirt/tests/cfg/virtual_device/tpm_device.cfg
+++ b/libvirt/tests/cfg/virtual_device/tpm_device.cfg
@@ -141,7 +141,7 @@
                     swtpm_path = '/usr/bin/swtpm'
                     variants:
                         - start_vm:
-                            audit_cmd = ausearch -ts recent -m VIRT_RESOURCE| grep 'tpm-external'
+                            audit_cmd = "cat /var/log/audit/audit.log| grep 'tpm-external'"
                             ausearch_check = 'reason=start.*device="/var/tmp/guest-swtpm.sock".*res=success'
                         - suspend_resume:
                             vm_operate = 'resume'
diff --git a/libvirt/tests/src/virtual_device/tpm_device.py b/libvirt/tests/src/virtual_device/tpm_device.py
index a546f79894..24b5a4f40f 100644
--- a/libvirt/tests/src/virtual_device/tpm_device.py
+++ b/libvirt/tests/src/virtual_device/tpm_device.py
@@ -830,6 +830,12 @@ def check_swtpmpidfile(vm_name, test_stage):
             return
         if tpm_model and backend_version != 'default':
             expect_fail = False
+            if ausearch_check:
+                cmd = "truncate -s 0  /var/log/audit/audit.log*"
+                process.run(cmd, shell=True)
+                ausearch_ret = process.run(audit_cmd, verbose=True, shell=True, ignore_status=True)
+                if not ausearch_ret:
+                    test.fail('audit log is not cleaned well.')
             try:
                 vm.start()
             except VMStartError as detail:
@@ -838,10 +844,6 @@ def check_swtpmpidfile(vm_name, test_stage):
                     return
                 else:
                     test.fail(detail)
-            if ausearch_check:
-                process.run("echo > /var/log/audit/audit.log", ignore_status=True)
-                ausearch_result = process.run(audit_cmd, verbose=True, shell=True)
-                libvirt.check_result(ausearch_result, expected_match=ausearch_check)
             if undefine_flag:
                 time.sleep(5)
                 vm.destroy()
@@ -946,6 +948,9 @@ def check_swtpmpidfile(vm_name, test_stage):
                         return
             domid = vm.get_id()
             check_qemu_cmd_line(vm, vm_name, domid)
+            if ausearch_check:
+                ausearch_result = process.run(audit_cmd, verbose=True, shell=True)
+                libvirt.check_result(ausearch_result, expected_match=ausearch_check)
             if backend_type == "passthrough":
                 if tpm_real_v == "1.2" and tpm_model == "tpm-crb":
                     expect_fail = True