From: Petr Vorel <pvorel@suse.cz>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: ltp@lists.linux.it, Lachlan Sneff <t-josne@linux.microsoft.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Subject: Re: [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring
Date: Fri, 28 Aug 2020 00:54:17 +0200 [thread overview]
Message-ID: <20200827225417.GA29921@dell5510> (raw)
In-Reply-To: <b72657042d13f9b8f30d5bdea7e2d06835e4a1d1.camel@linux.ibm.com>
Hi Mimi,
...
> > > > Instead of using TST_DATAROOT, which is defined as
> > > > "$LTPROOT/datafiles", use LTPROOT directly to define the path to the
> > > > cert. Adding the following will allow the test to run from the build
> > > > directory.
> > > > if [ ! -f $cert_file ]; then
> > > > cert_file="$LTPROOT/../datafiles/ima_keys/x509_ima.der"
> > > > fi
> > > Yes, this will work if you set LTPROOT to <ltp git>/testcases/kernel/security/integrity/ima/tests/:
> When running any of the tests from build tree test directory -
> ltp/testcases/kernel/security/integrity/ima/tests, supplying LTPROOT
> isn't necessary. "IMA: Refactor datafiles directory" broke running the
> other tests directly from the build tree as well.
Correct, I overlooked $LTPROOT does not have to be set.
You're right, there is export LTPROOT="$PWD" in tst_test.sh.
The only broken tests are ima_policy.sh and ima_keys.sh. I fixed that workaround
in the commit "IMA: Refactor datafiles directory":
+++ testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -160,6 +160,11 @@ ima_setup()
BINARY_MEASUREMENTS="$IMA_DIR/binary_runtime_measurements"
IMA_POLICY="$IMA_DIR/policy"
+ # hack when running tests locally from tests directory
+ if [ ! -d "$TST_DATAROOT" ]; then
+ TST_DATAROOT="$LTPROOT/../datafiles/$TST_ID/"
+ fi
+
print_ima_config
if [ "$TST_NEEDS_DEVICE" = 1 ]; then
---
Again, pushed to:
https://github.com/pevik/ltp/tree/Lachlan_Sneff/ima_keys.sh-second-test.v4.fixes
Kind regards,
Petr
WARNING: multiple messages have this Message-ID (diff)
From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring
Date: Fri, 28 Aug 2020 00:54:17 +0200 [thread overview]
Message-ID: <20200827225417.GA29921@dell5510> (raw)
In-Reply-To: <b72657042d13f9b8f30d5bdea7e2d06835e4a1d1.camel@linux.ibm.com>
Hi Mimi,
...
> > > > Instead of using TST_DATAROOT, which is defined as
> > > > "$LTPROOT/datafiles", use LTPROOT directly to define the path to the
> > > > cert. Adding the following will allow the test to run from the build
> > > > directory.
> > > > if [ ! -f $cert_file ]; then
> > > > cert_file="$LTPROOT/../datafiles/ima_keys/x509_ima.der"
> > > > fi
> > > Yes, this will work if you set LTPROOT to <ltp git>/testcases/kernel/security/integrity/ima/tests/:
> When running any of the tests from build tree test directory -
> ltp/testcases/kernel/security/integrity/ima/tests, supplying LTPROOT
> isn't necessary. "IMA: Refactor datafiles directory" broke running the
> other tests directly from the build tree as well.
Correct, I overlooked $LTPROOT does not have to be set.
You're right, there is export LTPROOT="$PWD" in tst_test.sh.
The only broken tests are ima_policy.sh and ima_keys.sh. I fixed that workaround
in the commit "IMA: Refactor datafiles directory":
+++ testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -160,6 +160,11 @@ ima_setup()
BINARY_MEASUREMENTS="$IMA_DIR/binary_runtime_measurements"
IMA_POLICY="$IMA_DIR/policy"
+ # hack when running tests locally from tests directory
+ if [ ! -d "$TST_DATAROOT" ]; then
+ TST_DATAROOT="$LTPROOT/../datafiles/$TST_ID/"
+ fi
+
print_ima_config
if [ "$TST_NEEDS_DEVICE" = 1 ]; then
---
Again, pushed to:
https://github.com/pevik/ltp/tree/Lachlan_Sneff/ima_keys.sh-second-test.v4.fixes
Kind regards,
Petr
next prev parent reply other threads:[~2020-08-27 22:54 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-20 9:08 [LTP v4 0/5] IMA: verify measurement of certificate imported into a keyring Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-20 9:08 ` [LTP v4 1/5] IMA/ima_keys.sh: Fix policy content check usage Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-24 17:19 ` Petr Vorel
2020-08-24 17:19 ` [LTP] " Petr Vorel
2020-08-24 17:24 ` Lakshmi Ramasubramanian
2020-08-24 17:24 ` [LTP] " Lakshmi Ramasubramanian
2020-08-20 9:08 ` [LTP v4 2/5] IMA/ima_keys.sh: Require template=ima-buf, fix grep pattern Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-20 9:08 ` [LTP v4 3/5] IMA: Refactor datafiles directory Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-28 13:18 ` Petr Vorel
2020-08-28 13:28 ` Petr Vorel
2020-08-28 16:32 ` Mimi Zohar
2020-08-31 7:39 ` Petr Vorel
2020-08-30 16:31 ` Petr Vorel
2020-08-20 9:08 ` [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
2020-08-26 22:15 ` Mimi Zohar
2020-08-26 22:15 ` [LTP] " Mimi Zohar
2020-08-27 13:23 ` Petr Vorel
2020-08-27 13:23 ` [LTP] " Petr Vorel
2020-08-27 13:55 ` Petr Vorel
2020-08-27 13:55 ` [LTP] " Petr Vorel
2020-08-27 21:34 ` Mimi Zohar
2020-08-27 21:34 ` [LTP] " Mimi Zohar
2020-08-27 22:54 ` Petr Vorel [this message]
2020-08-27 22:54 ` Petr Vorel
2020-08-27 23:37 ` Mimi Zohar
2020-08-27 23:37 ` [LTP] " Mimi Zohar
2020-08-28 6:05 ` Petr Vorel
2020-08-28 6:05 ` [LTP] " Petr Vorel
2020-08-28 11:00 ` Mimi Zohar
2020-08-28 11:00 ` [LTP] " Mimi Zohar
2020-08-28 12:40 ` Petr Vorel
2020-08-28 12:40 ` [LTP] " Petr Vorel
2020-08-28 11:19 ` Mimi Zohar
2020-08-28 11:19 ` [LTP] " Mimi Zohar
2020-08-28 12:49 ` Petr Vorel
2020-08-28 12:49 ` [LTP] " Petr Vorel
2020-08-28 15:21 ` Mimi Zohar
2020-08-28 15:21 ` [LTP] " Mimi Zohar
2020-08-31 10:29 ` Petr Vorel
2020-08-31 10:29 ` [LTP] " Petr Vorel
2020-08-28 10:59 ` Mimi Zohar
2020-08-28 10:59 ` [LTP] " Mimi Zohar
2020-08-20 9:08 ` [LTP v4 5/5] IMA/ima_keys.sh: Enhance policy checks Petr Vorel
2020-08-20 9:08 ` [LTP] " Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200827225417.GA29921@dell5510 \
--to=pvorel@suse.cz \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=t-josne@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.