From: Petr Vorel <pvorel@suse.cz>
To: Mimi Zohar <zohar@linux.ibm.com>,
linux-integrity@vger.kernel.org, ltp@lists.linux.it,
Stefan Berger <stefanb@linux.ibm.com>
Subject: Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests
Date: Thu, 20 Feb 2025 19:46:31 +0100 [thread overview]
Message-ID: <20250220184631.GA2713854@pevik> (raw)
In-Reply-To: <20250220181604.GA2709977@pevik>
Hi Mimi,
> Hi Mimi,
> > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > prevents superfluous ToMToU violations. Add corresponding LTP tests.
> > Link: https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> Unfortunately tests fail on both mainline kernel and kernel with your patches.
> Any hint what could be wrong?
> Mainline kernel (on kernel with your patches it looks the same):
I'm sorry, I accidentally tested only on vanilla kernel. Rerunning tests with
updated kernel.
Is it this considered as a security feature? If yes, than failures on vanilla
kernel are ok, we just need to later add kernel hashes to let testers know about
missing backports. If it's a feature (not to be backported) we should test new
feature only on newer kernels.
Kind regards,
Petr
> ima_violations 1 TINFO: Running: ima_violations.sh
> ima_violations 1 TINFO: Tested kernel: Linux ts 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 x86_64 x86_64 GNU/Linux
> ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.cKm34XVZk2 as tmpdir (tmpfs filesystem)
> tst_device.c:99: TINFO: Found free device 0 '/dev/loop0'
> ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0'
> ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.cKm34XVZk2/mntpoint
> ima_violations 1 TINFO: timeout per run is 0h 5m 0s
> ima_violations 1 TINFO: IMA kernel config:
> ima_violations 1 TINFO: CONFIG_IMA=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
> ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y
> ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
> ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y
> ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y
> ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.13.0-2.g0127a37-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel
> ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device
> ima_violations 1 TINFO: test requires IMA policy:
> measure func=FILE_CHECK mask=^MAY_READ euid=0
> measure func=FILE_CHECK mask=^MAY_READ uid=0
> ima_violations 1 TINFO: SUT has required policy content
> ima_violations 1 TINFO: using log /var/log/audit/audit.log
> ima_violations 1 TINFO: verify open writers violation
> ima_violations 1 TFAIL: open_writers too many violations added
> ima_violations 2 TINFO: verify ToMToU violation
> ima_violations 2 TFAIL: ToMToU too many violations added
> ima_violations 3 TINFO: verify open_writers using mmapped files
> tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f
> tst_test.c:1904: TINFO: Tested kernel: 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution
> tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s
> ima_mmap.c:38: TINFO: sleep 3s
> ima_violations 3 TFAIL: open_writers too many violations added
> ima_mmap.c:41: TPASS: test completed
> Summary:
> passed 1
> failed 0
> broken 0
> skipped 0
> warnings 0
> ima_violations 4 TINFO: verify limiting single open writer violation
> ima_violations 4 TFAIL: open_writers too many violations added
> ima_violations 5 TINFO: verify limiting multiple open writers violations
> ima_violations 5 TFAIL: open_writers too many violations added
> ima_violations 6 TINFO: verify new open writer causes additional violation
> ima_violations 6 TFAIL: open_writers too many violations added
> ima_violations 7 TINFO: verify limiting single open reader ToMToU violations
> ima_violations 7 TFAIL: ToMToU too many violations added
> ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation
> ima_violations 8 TFAIL: ToMToU too many violations added
> Kind regards,
> Petr
WARNING: multiple messages have this Message-ID (diff)
From: Petr Vorel <pvorel@suse.cz>
To: Mimi Zohar <zohar@linux.ibm.com>,
linux-integrity@vger.kernel.org, ltp@lists.linux.it,
Stefan Berger <stefanb@linux.ibm.com>
Subject: Re: [LTP] [RFC PATCH 3/3] ima: additional ToMToU violation tests
Date: Thu, 20 Feb 2025 19:46:31 +0100 [thread overview]
Message-ID: <20250220184631.GA2713854@pevik> (raw)
In-Reply-To: <20250220181604.GA2709977@pevik>
Hi Mimi,
> Hi Mimi,
> > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > prevents superfluous ToMToU violations. Add corresponding LTP tests.
> > Link: https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> Unfortunately tests fail on both mainline kernel and kernel with your patches.
> Any hint what could be wrong?
> Mainline kernel (on kernel with your patches it looks the same):
I'm sorry, I accidentally tested only on vanilla kernel. Rerunning tests with
updated kernel.
Is it this considered as a security feature? If yes, than failures on vanilla
kernel are ok, we just need to later add kernel hashes to let testers know about
missing backports. If it's a feature (not to be backported) we should test new
feature only on newer kernels.
Kind regards,
Petr
> ima_violations 1 TINFO: Running: ima_violations.sh
> ima_violations 1 TINFO: Tested kernel: Linux ts 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 x86_64 x86_64 GNU/Linux
> ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.cKm34XVZk2 as tmpdir (tmpfs filesystem)
> tst_device.c:99: TINFO: Found free device 0 '/dev/loop0'
> ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0'
> ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.cKm34XVZk2/mntpoint
> ima_violations 1 TINFO: timeout per run is 0h 5m 0s
> ima_violations 1 TINFO: IMA kernel config:
> ima_violations 1 TINFO: CONFIG_IMA=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
> ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y
> ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
> ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y
> ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y
> ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.13.0-2.g0127a37-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel
> ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device
> ima_violations 1 TINFO: test requires IMA policy:
> measure func=FILE_CHECK mask=^MAY_READ euid=0
> measure func=FILE_CHECK mask=^MAY_READ uid=0
> ima_violations 1 TINFO: SUT has required policy content
> ima_violations 1 TINFO: using log /var/log/audit/audit.log
> ima_violations 1 TINFO: verify open writers violation
> ima_violations 1 TFAIL: open_writers too many violations added
> ima_violations 2 TINFO: verify ToMToU violation
> ima_violations 2 TFAIL: ToMToU too many violations added
> ima_violations 3 TINFO: verify open_writers using mmapped files
> tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f
> tst_test.c:1904: TINFO: Tested kernel: 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution
> tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s
> ima_mmap.c:38: TINFO: sleep 3s
> ima_violations 3 TFAIL: open_writers too many violations added
> ima_mmap.c:41: TPASS: test completed
> Summary:
> passed 1
> failed 0
> broken 0
> skipped 0
> warnings 0
> ima_violations 4 TINFO: verify limiting single open writer violation
> ima_violations 4 TFAIL: open_writers too many violations added
> ima_violations 5 TINFO: verify limiting multiple open writers violations
> ima_violations 5 TFAIL: open_writers too many violations added
> ima_violations 6 TINFO: verify new open writer causes additional violation
> ima_violations 6 TFAIL: open_writers too many violations added
> ima_violations 7 TINFO: verify limiting single open reader ToMToU violations
> ima_violations 7 TFAIL: ToMToU too many violations added
> ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation
> ima_violations 8 TFAIL: ToMToU too many violations added
> Kind regards,
> Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2025-02-20 18:46 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-20 16:00 [RFC PATCH 1/3] Update validate() to support multiple violations Mimi Zohar
2025-02-20 16:00 ` [LTP] " Mimi Zohar
2025-02-20 16:00 ` [RFC PATCH 2/3] ima: additional open-writer violation tests Mimi Zohar
2025-02-20 16:00 ` [LTP] " Mimi Zohar
2025-02-20 19:02 ` Petr Vorel
2025-02-20 19:02 ` [LTP] " Petr Vorel
2025-02-20 16:00 ` [RFC PATCH 3/3] ima: additional ToMToU " Mimi Zohar
2025-02-20 16:00 ` [LTP] " Mimi Zohar
2025-02-20 18:16 ` Petr Vorel
2025-02-20 18:16 ` [LTP] " Petr Vorel
2025-02-20 18:46 ` Petr Vorel [this message]
2025-02-20 18:46 ` Petr Vorel
2025-02-20 21:15 ` Mimi Zohar
2025-02-20 21:15 ` [LTP] " Mimi Zohar
2025-02-20 18:59 ` Mimi Zohar
2025-02-20 18:59 ` [LTP] " Mimi Zohar
2025-02-20 19:13 ` Petr Vorel
2025-02-20 19:13 ` [LTP] " Petr Vorel
2025-02-20 20:22 ` Mimi Zohar
2025-02-20 20:22 ` [LTP] " Mimi Zohar
2025-02-20 21:18 ` Mimi Zohar
2025-02-20 21:18 ` [LTP] " Mimi Zohar
2025-02-20 21:43 ` Petr Vorel
2025-02-20 21:43 ` [LTP] " Petr Vorel
2025-02-21 2:07 ` Mimi Zohar
2025-02-21 2:07 ` [LTP] " Mimi Zohar
2025-02-21 8:16 ` Petr Vorel
2025-02-21 8:16 ` [LTP] " Petr Vorel
2025-02-24 18:48 ` Mimi Zohar
2025-02-24 18:48 ` [LTP] " Mimi Zohar
2025-02-25 7:45 ` Petr Vorel
2025-02-25 7:45 ` [LTP] " Petr Vorel
2025-02-20 18:50 ` [RFC PATCH 1/3] Update validate() to support multiple violations Petr Vorel
2025-02-20 18:50 ` [LTP] " Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250220184631.GA2713854@pevik \
--to=pvorel@suse.cz \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=stefanb@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.