| Message ID | 20250114112915.610297-10-pvorel@suse.cz (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | LTP tests: load predefined policy, enhancements | expand |
Hi Petr, On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote: > First two tests are working with ima_policy=tcb, > but 3rd test requires more specific policy. > > Signed-off-by: Petr Vorel <pvorel@suse.cz> Sorry I'm not seeing the difference between "ima_policy=tcb" and the specific policy. The patch itself looks correct and should allow the test to work even without specifying the "tcb" policy on the boot command line. After fixing the patch description, feel free to add: Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> > --- > .../kernel/security/integrity/ima/tests/ima_measurements.sh | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh > b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh > index c42c31c898..35acc6ea78 100755 > --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh > +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh > @@ -77,6 +77,11 @@ test3() > tst_res TINFO "verify not measuring user files" > tst_check_cmds sudo || return > > + if [ "$IMA_POLICY_CHECKED" != 1 ]; then > + tst_res TCONF "test requires specific policy, try load it with > LTP_IMA_LOAD_POLICY=1" > + return > + fi > + > if ! id $user >/dev/null 2>/dev/null; then > tst_res TCONF "missing system user $user (wrong installation)" > return
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh index c42c31c898..35acc6ea78 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh @@ -77,6 +77,11 @@ test3() tst_res TINFO "verify not measuring user files" tst_check_cmds sudo || return + if [ "$IMA_POLICY_CHECKED" != 1 ]; then + tst_res TCONF "test requires specific policy, try load it with LTP_IMA_LOAD_POLICY=1" + return + fi + if ! id $user >/dev/null 2>/dev/null; then tst_res TCONF "missing system user $user (wrong installation)" return
First two tests are working with ima_policy=tcb, but 3rd test requires more specific policy. Signed-off-by: Petr Vorel <pvorel@suse.cz> --- .../kernel/security/integrity/ima/tests/ima_measurements.sh | 5 +++++ 1 file changed, 5 insertions(+)