[2/3] IMA: Refactor datafiles directory

Message ID	20200803184726.2416-3-t-josne@linux.microsoft.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=ghDQ=BN=vger.kernel.org=linux-integrity-owner@kernel.org> From: Lachlan Sneff <t-josne@linux.microsoft.com> To: pvorel@suse.cz, zohar@linux.ibm.com, ltp@lists.linux.it Cc: nramas@linux.microsoft.com, balajib@linux.microsoft.com, linux-integrity@vger.kernel.org, tyhicks@linux.microsoft.com, yaneurabeya@gmail.com, zhang.jia@linux.alibaba.com Subject: [PATCH 2/3] IMA: Refactor datafiles directory Date: Mon, 3 Aug 2020 14:47:25 -0400 Message-Id: <20200803184726.2416-3-t-josne@linux.microsoft.com> In-Reply-To: <20200803184726.2416-1-t-josne@linux.microsoft.com> References: <20200803184726.2416-1-t-josne@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk
Series	Verify measurement of certificate imported into a keyring \| expand [v1,0/3] Verify measurement of certificate imported into a keyring [1/3] IMA: Update key test documentation [2/3] IMA: Refactor datafiles directory [3/3] IMA: Add a test to verify measurement of certificate imported into a keyring

Message ID

20200803184726.2416-3-t-josne@linux.microsoft.com (mailing list archive)

State

New, archived

Headers

From: Lachlan Sneff <t-josne@linux.microsoft.com>
To: pvorel@suse.cz, zohar@linux.ibm.com, ltp@lists.linux.it
Cc: nramas@linux.microsoft.com, balajib@linux.microsoft.com,
        linux-integrity@vger.kernel.org, tyhicks@linux.microsoft.com,
        yaneurabeya@gmail.com, zhang.jia@linux.alibaba.com
Subject: [PATCH 2/3] IMA: Refactor datafiles directory
Date: Mon,  3 Aug 2020 14:47:25 -0400
Message-Id: <20200803184726.2416-3-t-josne@linux.microsoft.com>
In-Reply-To: <20200803184726.2416-1-t-josne@linux.microsoft.com>
References: <20200803184726.2416-1-t-josne@linux.microsoft.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk

Series

Verify measurement of certificate imported into a keyring | expand

Commit Message

Lachlan Sneff Aug. 3, 2020, 6:47 p.m. UTC

The IMA datafiles directory is structured so that it cannot be directly
expanded to include datafiles for tests other than `ima_policy.sh`.

Move the contents of the IMA datafiles directory into an IMA
datafiles/policy directory.

Signed-off-by: Lachlan Sneff <t-josne@linux.microsoft.com>
---
 .../security/integrity/ima/datafiles/Makefile     |  6 ++----
 .../integrity/ima/datafiles/policy/Makefile       | 15 +++++++++++++++
 .../ima/datafiles/{ => policy}/kexec.policy       |  0
 .../ima/datafiles/{ => policy}/keycheck.policy    |  0
 .../ima/datafiles/{ => policy}/measure.policy     |  0
 .../datafiles/{ => policy}/measure.policy-invalid |  0
 6 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/policy/Makefile
 rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/kexec.policy (100%)
 rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/keycheck.policy (100%)
 rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/measure.policy (100%)
 rename testcases/kernel/security/integrity/ima/datafiles/{ => policy}/measure.policy-invalid (100%)

Comments

Petr Vorel Aug. 7, 2020, 7:17 a.m. UTC | #1

Hi Lachlan,

> The IMA datafiles directory is structured so that it cannot be directly
> expanded to include datafiles for tests other than `ima_policy.sh`.

> Move the contents of the IMA datafiles directory into an IMA
> datafiles/policy directory.

Why it's required? Can't you use glob for inclusion?

*.policy for valid policies
*.policy-invalid for invalid policies
*.policy* for all policies

BTW I plan to use policies for other tests than just ima_policy.sh

I don't refuse this patch, I just simply don't understand why it's required.

Kind regards,
Petr

Petr Vorel Aug. 7, 2020, 9:01 a.m. UTC | #2

Hi Lachlan,

> > The IMA datafiles directory is structured so that it cannot be directly
> > expanded to include datafiles for tests other than `ima_policy.sh`.

> > Move the contents of the IMA datafiles directory into an IMA
> > datafiles/policy directory.

> Why it's required? Can't you use glob for inclusion?

> *.policy for valid policies
> *.policy-invalid for invalid policies
> *.policy* for all policies

> BTW I plan to use policies for other tests than just ima_policy.sh

> I don't refuse this patch, I just simply don't understand why it's required.

OK, I got that. Looking into $TST_DATAROOT is self explanatory.
Reviewed-by: Petr Vorel <pvorel@suse.cz>

And I plan to use IMA policy as well for more tests will require some trick,
but that's another story.

Kind regards,
Petr

Petr Vorel Aug. 7, 2020, 12:27 p.m. UTC | #3

Hi Lachlan,

> > > The IMA datafiles directory is structured so that it cannot be directly
> > > expanded to include datafiles for tests other than `ima_policy.sh`.

> > > Move the contents of the IMA datafiles directory into an IMA
> > > datafiles/policy directory.

> > Why it's required? Can't you use glob for inclusion?

> > *.policy for valid policies
> > *.policy-invalid for invalid policies
> > *.policy* for all policies

> > BTW I plan to use policies for other tests than just ima_policy.sh

> > I don't refuse this patch, I just simply don't understand why it's required.

> OK, I got that. Looking into $TST_DATAROOT is self explanatory.
> Reviewed-by: Petr Vorel <pvorel@suse.cz>

> And I plan to use IMA policy as well for more tests will require some trick,
> but that's another story.

Thinking about it twice, keycheck.policy and kexec.policy should not be in
/opt/ltp/testcases/data/ima_policy/ as they belong to the their tests
(ima_keys.sh resp. ima_kexec.sh). I forget where are installed due "policy"
(the name of the directory).

I'll send v2 (altogether with fixes for the test) to speedup the things.

Kind regards,
Petr

diff --git a/testcases/kernel/security/integrity/ima/datafiles/Makefile b/testcases/kernel/security/integrity/ima/datafiles/Makefile
index 369407112..3772e9a03 100644
--- a/testcases/kernel/security/integrity/ima/datafiles/Makefile
+++ b/testcases/kernel/security/integrity/ima/datafiles/Makefile
@@ -24,8 +24,6 @@  top_srcdir		?= ../../../../../..
 
 include	$(top_srcdir)/include/mk/env_pre.mk
 
-INSTALL_DIR		:= testcases/data/ima_policy
+SUBDIRS			:= policy
 
-INSTALL_TARGETS		:= measure.policy-invalid *.policy
-
-include $(top_srcdir)/include/mk/generic_leaf_target.mk
+include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git a/testcases/kernel/security/integrity/ima/datafiles/policy/Makefile b/testcases/kernel/security/integrity/ima/datafiles/policy/Makefile
new file mode 100644
index 000000000..84d1424c6
--- /dev/null
+++ b/testcases/kernel/security/integrity/ima/datafiles/policy/Makefile
@@ -0,0 +1,15 @@ 
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) 2020 Microsoft Corporation
+# Author: Lachlan Sneff <t-josne@linux.microsoft.com>
+#
+# IMA datafiles/policy Makefile
+
+top_srcdir		?= ../../../../../../..
+
+include	$(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_DIR		:= testcases/data/ima_policy
+
+INSTALL_TARGETS		:= measure.policy-invalid *.policy
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
\ No newline at end of file
diff --git a/testcases/kernel/security/integrity/ima/datafiles/kexec.policy b/testcases/kernel/security/integrity/ima/datafiles/policy/kexec.policy
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/kexec.policy
rename to testcases/kernel/security/integrity/ima/datafiles/policy/kexec.policy
diff --git a/testcases/kernel/security/integrity/ima/datafiles/keycheck.policy b/testcases/kernel/security/integrity/ima/datafiles/policy/keycheck.policy
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/keycheck.policy
rename to testcases/kernel/security/integrity/ima/datafiles/policy/keycheck.policy
diff --git a/testcases/kernel/security/integrity/ima/datafiles/measure.policy b/testcases/kernel/security/integrity/ima/datafiles/policy/measure.policy
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/measure.policy
rename to testcases/kernel/security/integrity/ima/datafiles/policy/measure.policy
diff --git a/testcases/kernel/security/integrity/ima/datafiles/measure.policy-invalid b/testcases/kernel/security/integrity/ima/datafiles/policy/measure.policy-invalid
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/measure.policy-invalid
rename to testcases/kernel/security/integrity/ima/datafiles/policy/measure.policy-invalid

[2/3] IMA: Refactor datafiles directory

Commit Message

Comments

Patch