From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75783C433E3 for ; Fri, 24 Jul 2020 06:43:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5828A2074A for ; Fri, 24 Jul 2020 06:43:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726554AbgGXGnm (ORCPT ); Fri, 24 Jul 2020 02:43:42 -0400 Received: from mx2.suse.de ([195.135.220.15]:48664 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725942AbgGXGnl (ORCPT ); Fri, 24 Jul 2020 02:43:41 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 95338AC20; Fri, 24 Jul 2020 06:43:48 +0000 (UTC) Date: Fri, 24 Jul 2020 08:43:38 +0200 From: Petr Vorel To: Lachlan Sneff Cc: zohar@linux.ibm.com, ltp@lists.linux.it, nramas@linux.microsoft.com, balajib@linux.microsoft.com, linux-integrity@vger.kernel.org Subject: Re: [PATCH v3] IMA: Add test for kexec cmdline measurement Message-ID: <20200724064338.GF32086@dell5510> Reply-To: Petr Vorel References: <20200722184739.19460-1-t-josne@linux.microsoft.com> <20200723114600.GB31591@dell5510> <0a970e3c-a10f-f032-eb26-d738bc220458@linux.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0a970e3c-a10f-f032-eb26-d738bc220458@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org > Hi Petr, > Thank you for reviewing Thanks for your time as well :). > On 7/23/20 7:46 AM, Petr Vorel wrote: > > Hi, > > ... > > > +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh > > > @@ -0,0 +1,121 @@ > > > +#!/bin/sh > > > +# SPDX-License-Identifier: GPL-2.0-or-later > > > +# Copyright (c) 2020 Microsoft Corporation > > > +# Author: Lachlan Sneff > > > +# > > > +# Verify that kexec cmdline is measured correctly. > > > + > > > +TST_NEEDS_CMDS="kexec sed xargs printf grep tr" > > > +TST_CNT=1 > > > +TST_NEEDS_DEVICE=1 > > > + > > > +. ima_setup.sh > > > + > > > +# Since the test is executed inside some sort of > > > +# separate shell, *most* environment variables are > > > +# not accessible, so there's no way to set it from > > > +# the outside. > > Do you mean that using this will not work? > > IMA_KEXEC_IMAGE="${IMA_KEXEC_IMAGE:-/boot/vmlinuz-$(uname -r)}" > > I don't understand that as I'm able to set variables even I run some tests in > > dracut. > I tried doing this in the past, and couldn't get it to work, but I just > tried it again > and was able to get it working. Essentially, what I tried before was > `SOME_VAR="..." sudo runltp ...`, which doesn't work, but `sudo > SOME_VAR="..." runltp` does pass the variable > to the test. So, that should be added to this patch. OK, so no any dracut / initramfs involved :). Passing variables really works as expected, you need to export it first: $ sudo su # export IMA_KEXEC_IMAGE=/tmp/foo # PATH="/opt/ltp/testcases/bin:$PATH" runltp ... or just run the script directly: $ sudo su # IMA_KEXEC_IMAGE=/tmp/foo PATH="/opt/ltp/testcases/bin:$PATH" ima_kexec.sh > > Also writing same docs doc on 2 places is not good. High level info should go to > > README.md, implementation details to shell script. > This is a good point. I'll reorganize the documentation of this patch. > > Please hold on with posting new version. I have several fixes, thus I'd like to > > send it after we sort this (trying to save you time). > Okay :) > > Kind regards, > > Petr > Thanks, > Lachlan Kind regards, Petr