[v3,01/10] ima_violations.sh: Fix log detection

Message ID	20250114112915.610297-2-pvorel@suse.cz (mailing list archive)
State	New
Headers	show Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F3EE224B1A for <linux-integrity@vger.kernel.org>; Tue, 14 Jan 2025 11:29:25 +0000 (UTC) From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Cc: Petr Vorel <pvorel@suse.cz>, Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org Subject: [PATCH v3 01/10] ima_violations.sh: Fix log detection Date: Tue, 14 Jan 2025 12:29:06 +0100 Message-ID: <20250114112915.610297-2-pvorel@suse.cz> In-Reply-To: <20250114112915.610297-1-pvorel@suse.cz> References: <20250114112915.610297-1-pvorel@suse.cz> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit default: False [-6.80 / 50.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:email,suse.cz:mid]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]
Series	LTP tests: load predefined policy, enhancements \| expand [v3,00/10] LTP tests: load predefined policy, enhancements [v3,01/10] ima_violations.sh: Fix log detection [v3,02/10] IMA: Add TCB policy as an example for ima_measurements.sh [v3,03/10] IMA: Move requirement check to ima_setup.sh [v3,04/10] IMA: Add example policy for ima_violations.sh [v3,05/10] IMA: Read required policy from file [v3,06/10] ima_violations.sh: Declare tcb builtin policy [v3,07/10] ima_setup.sh: Add digest index detection for ima-buf format [v3,08/10] ima_setup.sh: Allow to load predefined policy [v3,09/10] ima_measurements.sh: Check policy for test3 [v3,10/10] tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA

Message ID

20250114112915.610297-2-pvorel@suse.cz (mailing list archive)

State

New

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <pvorel@suse.cz>,
	Mimi Zohar <zohar@linux.ibm.com>,
	linux-integrity@vger.kernel.org
Subject: [PATCH v3 01/10] ima_violations.sh: Fix log detection
Date: Tue, 14 Jan 2025 12:29:06 +0100
Message-ID: <20250114112915.610297-2-pvorel@suse.cz>
In-Reply-To: <20250114112915.610297-1-pvorel@suse.cz>
References: <20250114112915.610297-1-pvorel@suse.cz>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

LTP tests: load predefined policy, enhancements | expand

Commit Message

Petr Vorel Jan. 14, 2025, 11:29 a.m. UTC

Fix TBROK on systems which does not have /var/log/messages
(any modern distro is using systemd) not auditd installed:

    ima_violations 1 TBROK: log /var/log/messages does not exist (bug in detection?)

Instead TCONF with more meaningful message:

    ima_violations 1 TCONF: log file not found, install auditd

Fixes: https://github.com/linux-test-project/ltp/issues/372
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 .../kernel/security/integrity/ima/tests/ima_violations.sh   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Mimi Zohar Jan. 23, 2025, 5:37 p.m. UTC | #1

Hi Petr,

On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote:
> Fix TBROK on systems which does not have /var/log/messages
> (any modern distro is using systemd) not auditd installed:

-> and auditd is not installed:

> 
>     ima_violations 1 TBROK: log /var/log/messages does not exist (bug in
> detection?)
> 
> Instead TCONF with more meaningful message:
> 
>     ima_violations 1 TCONF: log file not found, install auditd
> 
> Fixes: https://github.com/linux-test-project/ltp/issues/372

Perhaps /var/log/messages was being rate limited.

> Signed-off-by: Petr Vorel <pvorel@suse.cz>

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>

> ---
>  .../kernel/security/integrity/ima/tests/ima_violations.sh   | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> index 0f710dea2e..b2b597ad08 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -23,8 +23,10 @@ setup()
>  		PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
>  		sysctl -wq kernel.printk_ratelimit=0
>  	fi
> -	[ -f "$LOG" ] || \
> -		tst_brk TBROK "log $LOG does not exist (bug in detection?)"
> +
> +	if [ ! -e "$LOG" ]; then
> +		tst_brk TCONF "log file not found, install auditd"
> +	fi
>  	tst_res TINFO "using log $LOG"
>  }
>

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index 0f710dea2e..b2b597ad08 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -23,8 +23,10 @@  setup()
 		PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
 		sysctl -wq kernel.printk_ratelimit=0
 	fi
-	[ -f "$LOG" ] || \
-		tst_brk TBROK "log $LOG does not exist (bug in detection?)"
+
+	if [ ! -e "$LOG" ]; then
+		tst_brk TCONF "log file not found, install auditd"
+	fi
 	tst_res TINFO "using log $LOG"
 }

[v3,01/10] ima_violations.sh: Fix log detection

Commit Message

Comments

Patch