From: Petr Vorel <pvorel@suse.cz>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: ltp@lists.linux.it, linux-integrity@vger.kernel.org,
Ignaz Forster <iforster@suse.de>
Subject: Re: [RFC PATCH] IMA: Remove evm_overlay.sh
Date: Wed, 12 Mar 2025 16:20:06 +0100 [thread overview]
Message-ID: <20250312152006.GA130182@pevik> (raw)
In-Reply-To: <88e87da5b2d5d731e6ad4e2b4043d39e4221684d.camel@linux.ibm.com>
Hi Mimi, Ignaz,
> On Fri, 2025-03-07 at 11:24 +0100, Petr Vorel wrote:
> > Hi Mimi, Ignaz,
> > > Proof of concept, it was never fixed in the kernel.
> > > Instead we should have some basic EVM tests.
> > gently ping. Is evm_overlay.sh test useful for you?
> > Otherwise I'll delete it.
> Requiring the "ima_policy=appraise_tcb" default policy to run the tests limits
> its usefulness. Perhaps REQUIRED_POLICY_CONTENT could be defined. I'll let you
> know. For now, please don't remove the test.
Sure, I'll keep the test if you want. Also adding REQUIRED_POLICY_CONTENT would
help. But the reason why I wanted to delete the test is the fact, that it's a
proof of concept that
1) It's a reproducer for patchset which haven't been fixed.
2) It requires test setup first "ima_policy=tcb|appraise_tcb ima_appraise=fix evm=fix". [2]
3) I'm not sure if the test even work as expected.
But I try to test it again and test if it will work with
REQUIRED_POLICY_CONTENT.
Kind regards,
Petr
[1] https://lore.kernel.org/linux-integrity/20190211165323.9369-1-iforster@suse.com/
[2] https://github.com/linux-test-project/ltp/tree/master/testcases/kernel/security/integrity/ima#evm-tests
> thanks,
> Mimi
WARNING: multiple messages have this Message-ID (diff)
From: Petr Vorel <pvorel@suse.cz>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Ignaz Forster <iforster@suse.de>,
linux-integrity@vger.kernel.org, ltp@lists.linux.it
Subject: Re: [LTP] [RFC PATCH] IMA: Remove evm_overlay.sh
Date: Wed, 12 Mar 2025 16:20:06 +0100 [thread overview]
Message-ID: <20250312152006.GA130182@pevik> (raw)
In-Reply-To: <88e87da5b2d5d731e6ad4e2b4043d39e4221684d.camel@linux.ibm.com>
Hi Mimi, Ignaz,
> On Fri, 2025-03-07 at 11:24 +0100, Petr Vorel wrote:
> > Hi Mimi, Ignaz,
> > > Proof of concept, it was never fixed in the kernel.
> > > Instead we should have some basic EVM tests.
> > gently ping. Is evm_overlay.sh test useful for you?
> > Otherwise I'll delete it.
> Requiring the "ima_policy=appraise_tcb" default policy to run the tests limits
> its usefulness. Perhaps REQUIRED_POLICY_CONTENT could be defined. I'll let you
> know. For now, please don't remove the test.
Sure, I'll keep the test if you want. Also adding REQUIRED_POLICY_CONTENT would
help. But the reason why I wanted to delete the test is the fact, that it's a
proof of concept that
1) It's a reproducer for patchset which haven't been fixed.
2) It requires test setup first "ima_policy=tcb|appraise_tcb ima_appraise=fix evm=fix". [2]
3) I'm not sure if the test even work as expected.
But I try to test it again and test if it will work with
REQUIRED_POLICY_CONTENT.
Kind regards,
Petr
[1] https://lore.kernel.org/linux-integrity/20190211165323.9369-1-iforster@suse.com/
[2] https://github.com/linux-test-project/ltp/tree/master/testcases/kernel/security/integrity/ima#evm-tests
> thanks,
> Mimi
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2025-03-12 15:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-14 11:32 [RFC PATCH] IMA: Remove evm_overlay.sh Petr Vorel
2025-01-14 11:32 ` [LTP] " Petr Vorel
2025-03-07 10:24 ` Petr Vorel
2025-03-07 10:24 ` [LTP] " Petr Vorel
2025-03-10 15:33 ` Mimi Zohar
2025-03-10 15:33 ` [LTP] " Mimi Zohar
2025-03-12 15:20 ` Petr Vorel [this message]
2025-03-12 15:20 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250312152006.GA130182@pevik \
--to=pvorel@suse.cz \
--cc=iforster@suse.de \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.