From: Petr Vorel <pvorel@suse.cz>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: ltp@lists.linux.it, Lachlan Sneff <t-josne@linux.microsoft.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Subject: Re: [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring
Date: Thu, 27 Aug 2020 15:23:54 +0200 [thread overview]
Message-ID: <20200827132354.GA20439@dell5510> (raw)
In-Reply-To: <b58057275ecdc06bb512d39ea46118197f33c33f.camel@linux.ibm.com>
Hi Mimi,
...
> > + if ! tst_is_num $KEYRING_ID; then
> > + tst_brk TBROK "unable to parse the new keyring id ('$KEYRING_ID')"
> > + fi
> > +
> Instead of using TST_DATAROOT, which is defined as
> "$LTPROOT/datafiles", use LTPROOT directly to define the path to the
> cert. Adding the following will allow the test to run from the build
> directory.
> if [ ! -f $cert_file ]; then
> cert_file="$LTPROOT/../datafiles/ima_keys/x509_ima.der"
> fi
Yes, this will work if you set LTPROOT to <ltp git>/testcases/kernel/security/integrity/ima/tests/:
$ cd <ltp git>/testcases/kernel/security/integrity/ima/tests/
$ LTPROOT=$PWD PATH="../../../../../lib/:.:$PATH" ./ima_keys.sh
But, according to doc [1] $LTPROOT is "Prefix for installed LTP, the default is
/opt/ltp.". Using it like this is confusing (if we want to misuse $LTPROOT, one
would expect it's a cloned git root directory). Running from git root it'd have
to be:
$ cd <ltp git>
$ LTPROOT=$PWD/testcases/kernel/security/integrity/ima/tests/ \
PATH="testcases/lib:testcases/kernel/security/integrity/ima/tests/:$PATH" ima_keys.sh
TL;DR: I'd really prefer people run IMA from installed LTP (make && make install
in both testcases/lib and testcases/kernel/security/integrity/ima/ is just enough),
but I'll add this hack to make your testing easier :). But fixing this in
tst_test.sh is really needed.
> Mimi
Kind regards,
Petr
[1] https://github.com/linux-test-project/ltp/wiki/User-Guidelines
WARNING: multiple messages have this Message-ID (diff)
From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring
Date: Thu, 27 Aug 2020 15:23:54 +0200 [thread overview]
Message-ID: <20200827132354.GA20439@dell5510> (raw)
In-Reply-To: <b58057275ecdc06bb512d39ea46118197f33c33f.camel@linux.ibm.com>
Hi Mimi,
...
> > + if ! tst_is_num $KEYRING_ID; then
> > + tst_brk TBROK "unable to parse the new keyring id ('$KEYRING_ID')"
> > + fi
> > +
> Instead of using TST_DATAROOT, which is defined as
> "$LTPROOT/datafiles", use LTPROOT directly to define the path to the
> cert. Adding the following will allow the test to run from the build
> directory.
> if [ ! -f $cert_file ]; then
> cert_file="$LTPROOT/../datafiles/ima_keys/x509_ima.der"
> fi
Yes, this will work if you set LTPROOT to <ltp git>/testcases/kernel/security/integrity/ima/tests/:
$ cd <ltp git>/testcases/kernel/security/integrity/ima/tests/
$ LTPROOT=$PWD PATH="../../../../../lib/:.:$PATH" ./ima_keys.sh
But, according to doc [1] $LTPROOT is "Prefix for installed LTP, the default is
/opt/ltp.". Using it like this is confusing (if we want to misuse $LTPROOT, one
would expect it's a cloned git root directory). Running from git root it'd have
to be:
$ cd <ltp git>
$ LTPROOT=$PWD/testcases/kernel/security/integrity/ima/tests/ \
PATH="testcases/lib:testcases/kernel/security/integrity/ima/tests/:$PATH" ima_keys.sh
TL;DR: I'd really prefer people run IMA from installed LTP (make && make install
in both testcases/lib and testcases/kernel/security/integrity/ima/ is just enough),
but I'll add this hack to make your testing easier :). But fixing this in
tst_test.sh is really needed.
> Mimi
Kind regards,
Petr
[1] https://github.com/linux-test-project/ltp/wiki/User-Guidelines
next prev parent reply other threads:[~2020-08-27 14:52 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-20 9:08 [LTP v4 0/5] IMA: verify measurement of certificate imported into a keyring Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-20 9:08 ` [LTP v4 1/5] IMA/ima_keys.sh: Fix policy content check usage Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-24 17:19 ` Petr Vorel
2020-08-24 17:19 ` [LTP] " Petr Vorel
2020-08-24 17:24 ` Lakshmi Ramasubramanian
2020-08-24 17:24 ` [LTP] " Lakshmi Ramasubramanian
2020-08-20 9:08 ` [LTP v4 2/5] IMA/ima_keys.sh: Require template=ima-buf, fix grep pattern Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-20 9:08 ` [LTP v4 3/5] IMA: Refactor datafiles directory Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-28 13:18 ` Petr Vorel
2020-08-28 13:28 ` Petr Vorel
2020-08-28 16:32 ` Mimi Zohar
2020-08-31 7:39 ` Petr Vorel
2020-08-30 16:31 ` Petr Vorel
2020-08-20 9:08 ` [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-26 22:15 ` Mimi Zohar
2020-08-26 22:15 ` [LTP] " Mimi Zohar
2020-08-27 13:23 ` Petr Vorel [this message]
2020-08-27 13:23 ` Petr Vorel
2020-08-27 13:55 ` Petr Vorel
2020-08-27 13:55 ` [LTP] " Petr Vorel
2020-08-27 21:34 ` Mimi Zohar
2020-08-27 21:34 ` [LTP] " Mimi Zohar
2020-08-27 22:54 ` Petr Vorel
2020-08-27 22:54 ` [LTP] " Petr Vorel
2020-08-27 23:37 ` Mimi Zohar
2020-08-27 23:37 ` [LTP] " Mimi Zohar
2020-08-28 6:05 ` Petr Vorel
2020-08-28 6:05 ` [LTP] " Petr Vorel
2020-08-28 11:00 ` Mimi Zohar
2020-08-28 11:00 ` [LTP] " Mimi Zohar
2020-08-28 12:40 ` Petr Vorel
2020-08-28 12:40 ` [LTP] " Petr Vorel
2020-08-28 11:19 ` Mimi Zohar
2020-08-28 11:19 ` [LTP] " Mimi Zohar
2020-08-28 12:49 ` Petr Vorel
2020-08-28 12:49 ` [LTP] " Petr Vorel
2020-08-28 15:21 ` Mimi Zohar
2020-08-28 15:21 ` [LTP] " Mimi Zohar
2020-08-31 10:29 ` Petr Vorel
2020-08-31 10:29 ` [LTP] " Petr Vorel
2020-08-28 10:59 ` Mimi Zohar
2020-08-28 10:59 ` [LTP] " Mimi Zohar
2020-08-20 9:08 ` [LTP v4 5/5] IMA/ima_keys.sh: Enhance policy checks Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200827132354.GA20439@dell5510 \
--to=pvorel@suse.cz \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=t-josne@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.