From: Mimi Zohar <zohar@linux.ibm.com>
To: Jia Zhang <zhang.jia@linux.alibaba.com>, pvorel@suse.cz
Cc: linux-integrity@vger.kernel.org, ltp@lists.linux.it
Subject: Re: [PATCH v3 6/6] ima/ima_violations: Temporarily remove the printk rate limit
Date: Sun, 20 Jan 2019 13:38:54 -0500 [thread overview]
Message-ID: <1548009534.3982.216.camel@linux.ibm.com> (raw)
In-Reply-To: <1547607461-11233-7-git-send-email-zhang.jia@linux.alibaba.com>
On Wed, 2019-01-16 at 10:57 +0800, Jia Zhang wrote:
> The output frequency of audit log is limited by printk_ratelimit()
> in kernel if auditd not used. Thus, the test cases heavily depending
> on searching certain keywords in log file may fail if the matching
> patterns are exactly suppressed by printk_ratelimit().
>
> In order to fix such a sort of failure, just temporarily remove the
> printk rate limit, and restore its original setting when doing
> cleanup.
>
> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Thanks, I wasn't aware of the sysctl. If the message isn't in
/var/log/messages or /var/log/audit/audit.log, do we now need to also
check journalctl?
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> .../kernel/security/integrity/ima/tests/ima_setup.sh | 2 +-
> .../kernel/security/integrity/ima/tests/ima_violations.sh | 15 +++++++++++++++
> 2 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> index 6dfb4d2..fe60981 100644
> --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> @@ -20,7 +20,7 @@
> TST_TESTFUNC="test"
> TST_SETUP_CALLER="$TST_SETUP"
> TST_SETUP="ima_setup"
> -TST_CLEANUP="ima_cleanup"
> +TST_CLEANUP="${TST_CLEANUP:-ima_cleanup}"
> TST_NEEDS_TMPDIR=1
> TST_NEEDS_ROOT=1
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> index f3f40d4..74223c2 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -20,6 +20,7 @@
> # Test whether ToMToU and open_writer violations invalidatethe PCR and are logged.
>
> TST_SETUP="setup"
> +TST_CLEANUP="cleanup"
> TST_CNT=3
> TST_NEEDS_DEVICE=1
>
> @@ -31,15 +32,29 @@ setup()
> FILE="test.txt"
> IMA_VIOLATIONS="$SECURITYFS/ima/violations"
> LOG="/var/log/messages"
> + PRINTK_RATE_LIMIT="0"
>
> if status_daemon auditd; then
> LOG="/var/log/audit/audit.log"
> + else
> + tst_check_cmds sysctl
> +
> + PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
> + sysctl -wq kernel.printk_ratelimit=0
> fi
> [ -f "$LOG" ] || \
> tst_brk TBROK "log $LOG does not exist (bug in detection?)"
> tst_res TINFO "using log $LOG"
> }
>
> +cleanup()
> +{
> + [ "$PRINTK_RATE_LIMIT" != "0" ] && \
> + sysctl -wq kernel.printk_ratelimit=$PRINTK_RATE_LIMIT
> +
> + ima_cleanup
> +}
> +
> open_file_read()
> {
> exec 3< $FILE || exit 1
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v3 6/6] ima/ima_violations: Temporarily remove the printk rate limit
Date: Sun, 20 Jan 2019 13:38:54 -0500 [thread overview]
Message-ID: <1548009534.3982.216.camel@linux.ibm.com> (raw)
In-Reply-To: <1547607461-11233-7-git-send-email-zhang.jia@linux.alibaba.com>
On Wed, 2019-01-16 at 10:57 +0800, Jia Zhang wrote:
> The output frequency of audit log is limited by printk_ratelimit()
> in kernel if auditd not used. Thus, the test cases heavily depending
> on searching certain keywords in log file may fail if the matching
> patterns are exactly suppressed by printk_ratelimit().
>
> In order to fix such a sort of failure, just temporarily remove the
> printk rate limit, and restore its original setting when doing
> cleanup.
>
> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Thanks, I wasn't aware of the sysctl. Â If the message isn't in
/var/log/messages or /var/log/audit/audit.log, do we now need to also
check journalctl?
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> .../kernel/security/integrity/ima/tests/ima_setup.sh | 2 +-
> .../kernel/security/integrity/ima/tests/ima_violations.sh | 15 +++++++++++++++
> 2 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> index 6dfb4d2..fe60981 100644
> --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> @@ -20,7 +20,7 @@
> TST_TESTFUNC="test"
> TST_SETUP_CALLER="$TST_SETUP"
> TST_SETUP="ima_setup"
> -TST_CLEANUP="ima_cleanup"
> +TST_CLEANUP="${TST_CLEANUP:-ima_cleanup}"
> TST_NEEDS_TMPDIR=1
> TST_NEEDS_ROOT=1
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> index f3f40d4..74223c2 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -20,6 +20,7 @@
> # Test whether ToMToU and open_writer violations invalidatethe PCR and are logged.
>
> TST_SETUP="setup"
> +TST_CLEANUP="cleanup"
> TST_CNT=3
> TST_NEEDS_DEVICE=1
>
> @@ -31,15 +32,29 @@ setup()
> FILE="test.txt"
> IMA_VIOLATIONS="$SECURITYFS/ima/violations"
> LOG="/var/log/messages"
> + PRINTK_RATE_LIMIT="0"
>
> if status_daemon auditd; then
> LOG="/var/log/audit/audit.log"
> + else
> + tst_check_cmds sysctl
> +
> + PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
> + sysctl -wq kernel.printk_ratelimit=0
> fi
> [ -f "$LOG" ] || \
> tst_brk TBROK "log $LOG does not exist (bug in detection?)"
> tst_res TINFO "using log $LOG"
> }
>
> +cleanup()
> +{
> + [ "$PRINTK_RATE_LIMIT" != "0" ] && \
> + sysctl -wq kernel.printk_ratelimit=$PRINTK_RATE_LIMIT
> +
> + ima_cleanup
> +}
> +
> open_file_read()
> {
> exec 3< $FILE || exit 1
next prev parent reply other threads:[~2019-01-20 18:39 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-16 2:57 [LTP][PATCH v3 0/6] LTP IMA fix bundle Jia Zhang
2019-01-16 2:57 ` [LTP] [PATCH " Jia Zhang
2019-01-16 2:57 ` [PATCH v3 1/6] ima/ima_boot_aggregate: Fix the definition of event log Jia Zhang
2019-01-16 2:57 ` [LTP] " Jia Zhang
2019-01-20 18:13 ` Mimi Zohar
2019-01-20 18:13 ` [LTP] " Mimi Zohar
2019-01-20 18:37 ` Mimi Zohar
2019-01-20 18:37 ` [LTP] " Mimi Zohar
2019-01-16 2:57 ` [PATCH v3 2/6] ima/ima_boot_aggregate: Don't hard code the length of sha1 hash Jia Zhang
2019-01-16 2:57 ` [LTP] " Jia Zhang
2019-01-16 2:57 ` [PATCH v3 3/6] ima/ima_boot_aggregate: Fix extending PCRs beyond PCR 0-7 Jia Zhang
2019-01-16 2:57 ` [LTP] " Jia Zhang
2019-01-16 2:57 ` [PATCH v3 4/6] ima: Code cleanup Jia Zhang
2019-01-16 2:57 ` [LTP] " Jia Zhang
2019-01-16 2:57 ` [PATCH v3 5/6] ima: Rename the folder name for policy files to datafiles Jia Zhang
2019-01-16 2:57 ` [LTP] " Jia Zhang
2019-01-23 17:04 ` Petr Vorel
2019-01-23 17:04 ` [LTP] " Petr Vorel
2019-01-24 5:11 ` Jia Zhang
2019-01-24 5:11 ` [LTP] " Jia Zhang
2019-01-24 7:38 ` Petr Vorel
2019-01-24 7:49 ` Jia Zhang
2019-01-16 2:57 ` [PATCH v3 6/6] ima/ima_violations: Temporarily remove the printk rate limit Jia Zhang
2019-01-16 2:57 ` [LTP] " Jia Zhang
2019-01-20 18:38 ` Mimi Zohar [this message]
2019-01-20 18:38 ` Mimi Zohar
2019-01-21 1:49 ` Jia Zhang
2019-01-16 7:20 ` [LTP][PATCH v3 0/6] LTP IMA fix bundle Petr Vorel
2019-01-16 7:20 ` [LTP] [PATCH " Petr Vorel
2019-01-20 14:59 ` [LTP][PATCH " Jia Zhang
2019-01-20 14:59 ` [LTP] [PATCH " Jia Zhang
2019-01-24 2:19 ` [LTP][PATCH " Jia Zhang
2019-01-24 2:19 ` [LTP] [PATCH " Jia Zhang
2019-01-24 7:40 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1548009534.3982.216.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
--cc=zhang.jia@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.