[v3,06/10] ima_violations.sh: Declare tcb builtin policy

Message ID	20250114112915.610297-7-pvorel@suse.cz (mailing list archive)
State	New
Headers	show Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDEA52309AC for <linux-integrity@vger.kernel.org>; Tue, 14 Jan 2025 11:29:28 +0000 (UTC) From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Cc: Petr Vorel <pvorel@suse.cz>, Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org Subject: [PATCH v3 06/10] ima_violations.sh: Declare tcb builtin policy Date: Tue, 14 Jan 2025 12:29:11 +0100 Message-ID: <20250114112915.610297-7-pvorel@suse.cz> In-Reply-To: <20250114112915.610297-1-pvorel@suse.cz> References: <20250114112915.610297-1-pvorel@suse.cz> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit default: False [-6.80 / 50.00]; REPLY(-4.00)[]; BAYES_HAM(-3.00)[100.00%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-0.999]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:email,suse.cz:mid]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]
Series	LTP tests: load predefined policy, enhancements \| expand [v3,00/10] LTP tests: load predefined policy, enhancements [v3,01/10] ima_violations.sh: Fix log detection [v3,02/10] IMA: Add TCB policy as an example for ima_measurements.sh [v3,03/10] IMA: Move requirement check to ima_setup.sh [v3,04/10] IMA: Add example policy for ima_violations.sh [v3,05/10] IMA: Read required policy from file [v3,06/10] ima_violations.sh: Declare tcb builtin policy [v3,07/10] ima_setup.sh: Add digest index detection for ima-buf format [v3,08/10] ima_setup.sh: Allow to load predefined policy [v3,09/10] ima_measurements.sh: Check policy for test3 [v3,10/10] tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA

Message ID

20250114112915.610297-7-pvorel@suse.cz (mailing list archive)

State

New

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <pvorel@suse.cz>,
	Mimi Zohar <zohar@linux.ibm.com>,
	linux-integrity@vger.kernel.org
Subject: [PATCH v3 06/10] ima_violations.sh: Declare tcb builtin policy
Date: Tue, 14 Jan 2025 12:29:11 +0100
Message-ID: <20250114112915.610297-7-pvorel@suse.cz>
In-Reply-To: <20250114112915.610297-1-pvorel@suse.cz>
References: <20250114112915.610297-1-pvorel@suse.cz>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

LTP tests: load predefined policy, enhancements | expand

Commit Message

Petr Vorel Jan. 14, 2025, 11:29 a.m. UTC

IMA builtin policy contains required rules, allow using it.
This helps more reliable results on kernels without
CONFIG_IMA_READ_POLICY=y.

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 testcases/kernel/security/integrity/ima/tests/ima_violations.sh | 1 +
 1 file changed, 1 insertion(+)

Comments

Mimi Zohar Jan. 23, 2025, 5:45 p.m. UTC | #1

On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote:
> IMA builtin policy contains required rules, allow using it.
> This helps more reliable results on kernels without
> CONFIG_IMA_READ_POLICY=y.
> 
> Signed-off-by: Petr Vorel <pvorel@suse.cz>

Thanks, Petr.

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>

> ---
>  testcases/kernel/security/integrity/ima/tests/ima_violations.sh | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> index 1852e8bc74..37d8d473c2 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -10,6 +10,7 @@ TST_SETUP="setup"
>  TST_CLEANUP="cleanup"
>  TST_CNT=3
>  
> +REQUIRED_BUILTIN_POLICY="tcb"
>  REQUIRED_POLICY_CONTENT='violations.policy'
>  
>  setup()

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index 1852e8bc74..37d8d473c2 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -10,6 +10,7 @@  TST_SETUP="setup"
 TST_CLEANUP="cleanup"
 TST_CNT=3
 
+REQUIRED_BUILTIN_POLICY="tcb"
 REQUIRED_POLICY_CONTENT='violations.policy'
 
 setup()

[v3,06/10] ima_violations.sh: Declare tcb builtin policy

Commit Message

Comments

Patch