| Message ID | 20220112150123.13768-1-pvorel@suse.cz (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] ima_measurements.sh: Use /proc/uptime instead of date | expand |
On Wed, 2022-01-12 at 16:01 +0100, Petr Vorel wrote: > It fixes more iterations (e.g. -i2) which is more precise. > date +%s could be used, but it's better use procfs file instead > requiring binary. > > Signed-off-by: Petr Vorel <pvorel@suse.cz> Thanks, Petr. Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Hi Mimi, > On Wed, 2022-01-12 at 16:01 +0100, Petr Vorel wrote: > > It fixes more iterations (e.g. -i2) which is more precise. > > date +%s could be used, but it's better use procfs file instead > > requiring binary. > > Signed-off-by: Petr Vorel <pvorel@suse.cz> > Thanks, Petr. > Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Thanks a lot for your review, merged. Kind regards, Petr
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh index a83c416de0..6c184f3960 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh @@ -55,7 +55,7 @@ check_iversion_support() test1() { tst_res TINFO "verify adding record to the IMA measurement list" - ROD echo "$(date) this is a test file" \> $TEST_FILE + ROD echo "$(cat /proc/uptime) this is a test file" \> $TEST_FILE ima_check $TEST_FILE } @@ -64,7 +64,7 @@ test2() tst_res TINFO "verify updating record in the IMA measurement list" check_iversion_support || return - ROD echo "$(date) modified file" \> $TEST_FILE + ROD echo "$(cat /proc/uptime) modified file" \> $TEST_FILE ima_check $TEST_FILE } @@ -83,11 +83,11 @@ test3() return fi - mkdir -m 0700 $dir + [ -d "$dir" ] || mkdir -m 0700 $dir chown $user $dir cd $dir # need to read file to get updated $ASCII_MEASUREMENTS - sudo -n -u $user sh -c "echo $(date) user file > $file; cat $file > /dev/null" + sudo -n -u $user sh -c "echo $(cat /proc/uptime) user file > $file; cat $file > /dev/null" cd .. EXPECT_FAIL "grep $file $ASCII_MEASUREMENTS"
It fixes more iterations (e.g. -i2) which is more precise. date +%s could be used, but it's better use procfs file instead requiring binary. Signed-off-by: Petr Vorel <pvorel@suse.cz> --- Hi all, I hope to get this merged into upcoming release (git freeze is going to be at January the 14), i.e. this Friday. Kind regards, Petr .../security/integrity/ima/tests/ima_measurements.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)