[0/3] LTP tests: load predefined policy

Message ID	20241126173830.98960-1-pvorel@suse.cz (mailing list archive)
Headers	show Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB4831D5177 for <linux-integrity@vger.kernel.org>; Tue, 26 Nov 2024 17:38:34 +0000 (UTC) From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Cc: Petr Vorel <petr.vorel@gmail.com>, Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org Subject: [PATCH 0/3] LTP tests: load predefined policy Date: Tue, 26 Nov 2024 18:38:27 +0100 Message-ID: <20241126173830.98960-1-pvorel@suse.cz> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit default: False [-1.30 / 50.00]; BAYES_HAM(-3.00)[99.99%]; SUSPICIOUS_RECIPS(1.50)[]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,suse.cz:mid]; RCVD_VIA_SMTP_AUTH(0.00)[]; TAGGED_RCPT(0.00)[]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_CC(0.00)[gmail.com,linux.ibm.com,vger.kernel.org]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCPT_COUNT_THREE(0.00)[4]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FREEMAIL_ENVRCPT(0.00)[gmail.com]
Series	LTP tests: load predefined policy \| expand [0/3] LTP tests: load predefined policy [1/3] ima: Add TCB policy as an example [2/3] ima_setup.sh: Allow to load predefined policy [3/3] ima_{kexec,keys,selinux}: Set minimal kernel version

Message ID

20241126173830.98960-1-pvorel@suse.cz (mailing list archive)

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <petr.vorel@gmail.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	linux-integrity@vger.kernel.org
Subject: [PATCH 0/3] LTP tests: load predefined policy
Date: Tue, 26 Nov 2024 18:38:27 +0100
Message-ID: <20241126173830.98960-1-pvorel@suse.cz>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

LTP tests: load predefined policy | expand

Message

Petr Vorel Nov. 26, 2024, 5:38 p.m. UTC

From: Petr Vorel <petr.vorel@gmail.com>

Hi Mimi, all,

this effort allows to load policy LTP provides as example
via LTP_IMA_LOAD_POLICY=1 environment variable (off by default).

This should allow better coverage for these who just run runtest/ima.
But it requires tooling which runs LTP to do the restart after each
test.

Kind regards,
Petr

Petr Vorel (3):
  ima: Add TCB policy as an example
  ima_setup.sh: Allow to load predefined policy
  ima_{kexec,keys,selinux}: Set minimal kernel version

 .../kernel/security/integrity/ima/README.md   |  6 +++
 .../ima/datafiles/ima_measurements/tcb.policy | 20 +++++++
 .../security/integrity/ima/tests/ima_kexec.sh |  1 +
 .../security/integrity/ima/tests/ima_keys.sh  |  1 +
 .../integrity/ima/tests/ima_measurements.sh   | 17 +++++-
 .../integrity/ima/tests/ima_selinux.sh        |  1 +
 .../security/integrity/ima/tests/ima_setup.sh | 52 ++++++++++++++++---
 7 files changed, 89 insertions(+), 9 deletions(-)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_measurements/tcb.policy