* [RFC PATCH 1/3] Update validate() to support multiple violations
@ 2025-02-20 16:00 Mimi Zohar
2025-02-20 16:00 ` [RFC PATCH 2/3] ima: additional open-writer violation tests Mimi Zohar
` (2 more replies)
0 siblings, 3 replies; 17+ messages in thread
From: Mimi Zohar @ 2025-02-20 16:00 UTC (permalink / raw)
To: linux-integrity, ltp; +Cc: Mimi Zohar, Stefan Berger, Petr Vorel
Add support for the number of expected violations. Include the
expected number of violations in the output.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
.../security/integrity/ima/tests/ima_violations.sh | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index 37d8d473c..7f0382fb8 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -71,20 +71,26 @@ validate()
local num_violations="$1"
local count="$2"
local search="$3"
+ local expected_violations=$4
local max_attempt=3
local count2 i num_violations_new
+ [ -z $expected_violations ] && expected_violations=1
+
for i in $(seq 1 $max_attempt); do
read num_violations_new < $IMA_VIOLATIONS
count2="$(get_count $search)"
- if [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+ if [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then
if [ $count2 -gt $count ]; then
- tst_res TPASS "$search violation added"
+ tst_res TPASS "$expected_violations $search violation(s) added"
return
else
tst_res TINFO "$search not found in $LOG ($i/$max_attempt attempt)..."
tst_sleep 1s
fi
+ elif [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+ tst_res $IMA_FAIL "$search too many violations added"
+ return
else
tst_res $IMA_FAIL "$search violation not added"
return
--
2.48.1
^ permalink raw reply related [flat|nested] 17+ messages in thread* [RFC PATCH 2/3] ima: additional open-writer violation tests 2025-02-20 16:00 [RFC PATCH 1/3] Update validate() to support multiple violations Mimi Zohar @ 2025-02-20 16:00 ` Mimi Zohar 2025-02-20 19:02 ` Petr Vorel 2025-02-20 16:00 ` [RFC PATCH 3/3] ima: additional ToMToU " Mimi Zohar 2025-02-20 18:50 ` [RFC PATCH 1/3] Update validate() to support multiple violations Petr Vorel 2 siblings, 1 reply; 17+ messages in thread From: Mimi Zohar @ 2025-02-20 16:00 UTC (permalink / raw) To: linux-integrity, ltp; +Cc: Mimi Zohar, Stefan Berger, Petr Vorel Kernel patch "ima: limit the number of open-writers integrity violations" prevents superfluous "open-writers" violations. Add corresponding LTP tests. Link: https://lore.kernel.org/linux-integrity/20250219162131.416719-2-zohar@linux.ibm.com/ Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- .../integrity/ima/tests/ima_violations.sh | 87 ++++++++++++++++++- 1 file changed, 86 insertions(+), 1 deletion(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh index 7f0382fb8..65c5c3a92 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh @@ -8,7 +8,7 @@ TST_SETUP="setup" TST_CLEANUP="cleanup" -TST_CNT=3 +TST_CNT=6 REQUIRED_BUILTIN_POLICY="tcb" REQUIRED_POLICY_CONTENT='violations.policy' @@ -60,6 +60,17 @@ close_file_write() exec 4>&- } +open_file_write2() +{ + exec 5> $FILE || exit 1 + echo 'test writing2' >&5 +} + +close_file_write2() +{ + exec 5>&- +} + get_count() { local search="$1" @@ -160,6 +171,80 @@ test3() tst_sleep 2s } +test4() +{ + tst_res TINFO "verify limiting single open writer violation" + + local search="open_writers" + local count num_violations + + read num_violations < $IMA_VIOLATIONS + count="$(get_count $search)" + + open_file_write + open_file_read + close_file_read + + open_file_read + close_file_read + + close_file_write + + validate $num_violations $count $search 1 +} + +test5() +{ + tst_res TINFO "verify limiting multiple open writers violations" + + local search="open_writers" + local count num_violations + + read num_violations < $IMA_VIOLATIONS + count="$(get_count $search)" + + open_file_write + open_file_read + close_file_read + + open_file_write2 + open_file_read + close_file_read + close_file_write2 + + open_file_read + close_file_read + + close_file_write + + validate $num_violations $count $search 1 +} + +test6() +{ + tst_res TINFO "verify new open writer causes additional violation" + + local search="open_writers" + local count num_violations + + read num_violations < $IMA_VIOLATIONS + count="$(get_count $search)" + + open_file_write + open_file_read + close_file_read + + open_file_read + close_file_read + close_file_write + + open_file_write + open_file_read + close_file_read + close_file_write + validate $num_violations $count $search 2 +} + . ima_setup.sh . daemonlib.sh tst_run -- 2.48.1 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 2/3] ima: additional open-writer violation tests 2025-02-20 16:00 ` [RFC PATCH 2/3] ima: additional open-writer violation tests Mimi Zohar @ 2025-02-20 19:02 ` Petr Vorel 0 siblings, 0 replies; 17+ messages in thread From: Petr Vorel @ 2025-02-20 19:02 UTC (permalink / raw) To: Mimi Zohar; +Cc: linux-integrity, ltp, Stefan Berger Hi Mimi, > Kernel patch "ima: limit the number of open-writers integrity > violations" prevents superfluous "open-writers" violations. Add > corresponding LTP tests. > Link: https://lore.kernel.org/linux-integrity/20250219162131.416719-2-zohar@linux.ibm.com/ > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > .../integrity/ima/tests/ima_violations.sh | 87 ++++++++++++++++++- > 1 file changed, 86 insertions(+), 1 deletion(-) > diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh > index 7f0382fb8..65c5c3a92 100755 > --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh > +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh > @@ -8,7 +8,7 @@ > TST_SETUP="setup" > TST_CLEANUP="cleanup" > -TST_CNT=3 > +TST_CNT=6 > REQUIRED_BUILTIN_POLICY="tcb" > REQUIRED_POLICY_CONTENT='violations.policy' > @@ -60,6 +60,17 @@ close_file_write() > exec 4>&- > } > +open_file_write2() > +{ > + exec 5> $FILE || exit 1 maybe: exec 5> $FILE || tst_brk TBROK "exec 5> $FILE failed" Because tst_brk TBROK calls test cleanup. Plain exit kills everything. We also have ROD, but that requires binaries ('exec' is a shell builtin). (It applies to the third patch as well.) > + echo 'test writing2' >&5 > +} > + > +close_file_write2() > +{ > + exec 5>&- > +} > + > get_count() > { > local search="$1" > @@ -160,6 +171,80 @@ test3() > tst_sleep 2s > } > +test4() > +{ > + tst_res TINFO "verify limiting single open writer violation" > + > + local search="open_writers" > + local count num_violations > + > + read num_violations < $IMA_VIOLATIONS > + count="$(get_count $search)" > + > + open_file_write > + open_file_read > + close_file_read > + > + open_file_read > + close_file_read > + > + close_file_write > + > + validate $num_violations $count $search 1 > +} > + > +test5() > +{ > + tst_res TINFO "verify limiting multiple open writers violations" > + > + local search="open_writers" > + local count num_violations > + > + read num_violations < $IMA_VIOLATIONS > + count="$(get_count $search)" > + > + open_file_write > + open_file_read > + close_file_read > + > + open_file_write2 > + open_file_read > + close_file_read > + close_file_write2 > + > + open_file_read > + close_file_read > + > + close_file_write > + > + validate $num_violations $count $search 1 nit: safer to quote validate "$num_violations" "$count" "$search" 1 > +} > + > +test6() > +{ > + tst_res TINFO "verify new open writer causes additional violation" > + > + local search="open_writers" > + local count num_violations > + > + read num_violations < $IMA_VIOLATIONS > + count="$(get_count $search)" > + > + open_file_write > + open_file_read > + close_file_read > + > + open_file_read > + close_file_read > + close_file_write > + > + open_file_write > + open_file_read > + close_file_read > + close_file_write > + validate $num_violations $count $search 2 And here. Kind regards, Petr ^ permalink raw reply [flat|nested] 17+ messages in thread
* [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 16:00 [RFC PATCH 1/3] Update validate() to support multiple violations Mimi Zohar 2025-02-20 16:00 ` [RFC PATCH 2/3] ima: additional open-writer violation tests Mimi Zohar @ 2025-02-20 16:00 ` Mimi Zohar 2025-02-20 18:16 ` Petr Vorel 2025-02-20 18:50 ` [RFC PATCH 1/3] Update validate() to support multiple violations Petr Vorel 2 siblings, 1 reply; 17+ messages in thread From: Mimi Zohar @ 2025-02-20 16:00 UTC (permalink / raw) To: linux-integrity, ltp; +Cc: Mimi Zohar, Stefan Berger, Petr Vorel Kernel patch "ima: limit the number of ToMToU integrity violations" prevents superfluous ToMToU violations. Add corresponding LTP tests. Link: https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- .../integrity/ima/tests/ima_violations.sh | 46 ++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh index 65c5c3a92..5b6d7e993 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh @@ -8,7 +8,7 @@ TST_SETUP="setup" TST_CLEANUP="cleanup" -TST_CNT=6 +TST_CNT=8 REQUIRED_BUILTIN_POLICY="tcb" REQUIRED_POLICY_CONTENT='violations.policy' @@ -245,6 +245,50 @@ test6() validate $num_violations $count $search 2 } +test7() +{ + tst_res TINFO "verify limiting single open reader ToMToU violations" + + local search="ToMToU" + local count num_violations + + read num_violations < $IMA_VIOLATIONS + count="$(get_count $search)" + + open_file_read + open_file_write + close_file_write + + open_file_write + close_file_write + close_file_read + + validate $num_violations $count $search 1 +} + +test8() +{ + tst_res TINFO "verify new open reader causes additional ToMToU violation" + + local search="ToMToU" + local count num_violations + + read num_violations < $IMA_VIOLATIONS + count="$(get_count $search)" + + open_file_read + open_file_write + close_file_write + close_file_read + + open_file_read + open_file_write + close_file_write + close_file_read + + validate $num_violations $count $search 2 +} + . ima_setup.sh . daemonlib.sh tst_run -- 2.48.1 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 16:00 ` [RFC PATCH 3/3] ima: additional ToMToU " Mimi Zohar @ 2025-02-20 18:16 ` Petr Vorel 2025-02-20 18:46 ` Petr Vorel 2025-02-20 18:59 ` Mimi Zohar 0 siblings, 2 replies; 17+ messages in thread From: Petr Vorel @ 2025-02-20 18:16 UTC (permalink / raw) To: Mimi Zohar; +Cc: linux-integrity, ltp, Stefan Berger Hi Mimi, > Kernel patch "ima: limit the number of ToMToU integrity violations" > prevents superfluous ToMToU violations. Add corresponding LTP tests. > Link: https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Unfortunately tests fail on both mainline kernel and kernel with your patches. Any hint what could be wrong? Mainline kernel (on kernel with your patches it looks the same): ima_violations 1 TINFO: Running: ima_violations.sh ima_violations 1 TINFO: Tested kernel: Linux ts 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 x86_64 x86_64 GNU/Linux ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.cKm34XVZk2 as tmpdir (tmpfs filesystem) tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.cKm34XVZk2/mntpoint ima_violations 1 TINFO: timeout per run is 0h 5m 0s ima_violations 1 TINFO: IMA kernel config: ima_violations 1 TINFO: CONFIG_IMA=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.13.0-2.g0127a37-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device ima_violations 1 TINFO: test requires IMA policy: measure func=FILE_CHECK mask=^MAY_READ euid=0 measure func=FILE_CHECK mask=^MAY_READ uid=0 ima_violations 1 TINFO: SUT has required policy content ima_violations 1 TINFO: using log /var/log/audit/audit.log ima_violations 1 TINFO: verify open writers violation ima_violations 1 TFAIL: open_writers too many violations added ima_violations 2 TINFO: verify ToMToU violation ima_violations 2 TFAIL: ToMToU too many violations added ima_violations 3 TINFO: verify open_writers using mmapped files tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f tst_test.c:1904: TINFO: Tested kernel: 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s ima_mmap.c:38: TINFO: sleep 3s ima_violations 3 TFAIL: open_writers too many violations added ima_mmap.c:41: TPASS: test completed Summary: passed 1 failed 0 broken 0 skipped 0 warnings 0 ima_violations 4 TINFO: verify limiting single open writer violation ima_violations 4 TFAIL: open_writers too many violations added ima_violations 5 TINFO: verify limiting multiple open writers violations ima_violations 5 TFAIL: open_writers too many violations added ima_violations 6 TINFO: verify new open writer causes additional violation ima_violations 6 TFAIL: open_writers too many violations added ima_violations 7 TINFO: verify limiting single open reader ToMToU violations ima_violations 7 TFAIL: ToMToU too many violations added ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation ima_violations 8 TFAIL: ToMToU too many violations added Kind regards, Petr ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 18:16 ` Petr Vorel @ 2025-02-20 18:46 ` Petr Vorel 2025-02-20 21:15 ` Mimi Zohar 2025-02-20 18:59 ` Mimi Zohar 1 sibling, 1 reply; 17+ messages in thread From: Petr Vorel @ 2025-02-20 18:46 UTC (permalink / raw) To: Mimi Zohar, linux-integrity, ltp, Stefan Berger Hi Mimi, > Hi Mimi, > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > Link: https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > Unfortunately tests fail on both mainline kernel and kernel with your patches. > Any hint what could be wrong? > Mainline kernel (on kernel with your patches it looks the same): I'm sorry, I accidentally tested only on vanilla kernel. Rerunning tests with updated kernel. Is it this considered as a security feature? If yes, than failures on vanilla kernel are ok, we just need to later add kernel hashes to let testers know about missing backports. If it's a feature (not to be backported) we should test new feature only on newer kernels. Kind regards, Petr > ima_violations 1 TINFO: Running: ima_violations.sh > ima_violations 1 TINFO: Tested kernel: Linux ts 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 x86_64 x86_64 GNU/Linux > ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.cKm34XVZk2 as tmpdir (tmpfs filesystem) > tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' > ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' > ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.cKm34XVZk2/mntpoint > ima_violations 1 TINFO: timeout per run is 0h 5m 0s > ima_violations 1 TINFO: IMA kernel config: > ima_violations 1 TINFO: CONFIG_IMA=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 > ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y > ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" > ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y > ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y > ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.13.0-2.g0127a37-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel > ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device > ima_violations 1 TINFO: test requires IMA policy: > measure func=FILE_CHECK mask=^MAY_READ euid=0 > measure func=FILE_CHECK mask=^MAY_READ uid=0 > ima_violations 1 TINFO: SUT has required policy content > ima_violations 1 TINFO: using log /var/log/audit/audit.log > ima_violations 1 TINFO: verify open writers violation > ima_violations 1 TFAIL: open_writers too many violations added > ima_violations 2 TINFO: verify ToMToU violation > ima_violations 2 TFAIL: ToMToU too many violations added > ima_violations 3 TINFO: verify open_writers using mmapped files > tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f > tst_test.c:1904: TINFO: Tested kernel: 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 > tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' > tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution > tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s > ima_mmap.c:38: TINFO: sleep 3s > ima_violations 3 TFAIL: open_writers too many violations added > ima_mmap.c:41: TPASS: test completed > Summary: > passed 1 > failed 0 > broken 0 > skipped 0 > warnings 0 > ima_violations 4 TINFO: verify limiting single open writer violation > ima_violations 4 TFAIL: open_writers too many violations added > ima_violations 5 TINFO: verify limiting multiple open writers violations > ima_violations 5 TFAIL: open_writers too many violations added > ima_violations 6 TINFO: verify new open writer causes additional violation > ima_violations 6 TFAIL: open_writers too many violations added > ima_violations 7 TINFO: verify limiting single open reader ToMToU violations > ima_violations 7 TFAIL: ToMToU too many violations added > ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation > ima_violations 8 TFAIL: ToMToU too many violations added > Kind regards, > Petr ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 18:46 ` Petr Vorel @ 2025-02-20 21:15 ` Mimi Zohar 0 siblings, 0 replies; 17+ messages in thread From: Mimi Zohar @ 2025-02-20 21:15 UTC (permalink / raw) To: Petr Vorel, linux-integrity, ltp, Stefan Berger; +Cc: Roberto Sassu Hi Petr, On Thu, 2025-02-20 at 19:46 +0100, Petr Vorel wrote: > Is it this considered as a security feature? If yes, than failures on vanilla > kernel are ok, we just need to later add kernel hashes to let testers know about > missing backports. If it's a feature (not to be backported) we should test new > feature only on newer kernels. I posted these LTP patches as RFC since the kernel patches themselves haven't been upstreamed. I'm still waiting for some kernel patch reviews. Posting these LTP patches might help with that. Having multiple open-writers or ToMToU violations doesn't provide any benefit in terms of attestation. It just clutters the audit log and the IMA measurement list. Not extending the TPM would be a performance improvement. I'm not sure it would be classified as a security feature or bug fix. Mimi ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 18:16 ` Petr Vorel 2025-02-20 18:46 ` Petr Vorel @ 2025-02-20 18:59 ` Mimi Zohar 2025-02-20 19:13 ` Petr Vorel 1 sibling, 1 reply; 17+ messages in thread From: Mimi Zohar @ 2025-02-20 18:59 UTC (permalink / raw) To: Petr Vorel; +Cc: linux-integrity, ltp, Stefan Berger On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > Hi Mimi, > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > Link: > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > Unfortunately tests fail on both mainline kernel and kernel with your patches. The new LTP IMA violations patches should fail without the associated kernel patches. > > Any hint what could be wrong? Of course it's dependent on the IMA policy. The tests assume being booted with the IMA TCB measurement policy or similar policy being loaded. Can you share the IMA policy? e.g. cat /sys/kernel/security/ima/policy thanks, Mimi > > Mainline kernel (on kernel with your patches it looks the same): > ima_violations 1 TINFO: Running: ima_violations.sh > ima_violations 1 TINFO: Tested kernel: Linux ts 6.13.0-2.g0127a37-default #1 SMP > PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 x86_64 x86_64 GNU/Linux > ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.cKm34XVZk2 as tmpdir (tmpfs > filesystem) > tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' > ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' > ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 > /tmp/LTP_ima_violations.cKm34XVZk2/mntpoint > ima_violations 1 TINFO: timeout per run is 0h 5m 0s > ima_violations 1 TINFO: IMA kernel config: > ima_violations 1 TINFO: CONFIG_IMA=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 > ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y > ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" > ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y > ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y > ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.13.0-2.g0127a37- > default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 > plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 > resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto > security=apparmor ignore_loglevel > ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device > ima_violations 1 TINFO: test requires IMA policy: > measure func=FILE_CHECK mask=^MAY_READ euid=0 > measure func=FILE_CHECK mask=^MAY_READ uid=0 > ima_violations 1 TINFO: SUT has required policy content > ima_violations 1 TINFO: using log /var/log/audit/audit.log > ima_violations 1 TINFO: verify open writers violation > ima_violations 1 TFAIL: open_writers too many violations added > ima_violations 2 TINFO: verify ToMToU violation > ima_violations 2 TFAIL: ToMToU too many violations added > ima_violations 3 TINFO: verify open_writers using mmapped files > tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f > tst_test.c:1904: TINFO: Tested kernel: 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC > Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 > tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' > tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow > the execution > tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s > ima_mmap.c:38: TINFO: sleep 3s > ima_violations 3 TFAIL: open_writers too many violations added > ima_mmap.c:41: TPASS: test completed > > Summary: > passed 1 > failed 0 > broken 0 > skipped 0 > warnings 0 > ima_violations 4 TINFO: verify limiting single open writer violation > ima_violations 4 TFAIL: open_writers too many violations added > ima_violations 5 TINFO: verify limiting multiple open writers violations > ima_violations 5 TFAIL: open_writers too many violations added > ima_violations 6 TINFO: verify new open writer causes additional violation > ima_violations 6 TFAIL: open_writers too many violations added > ima_violations 7 TINFO: verify limiting single open reader ToMToU violations > ima_violations 7 TFAIL: ToMToU too many violations added > ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation > ima_violations 8 TFAIL: ToMToU too many violations added > > Kind regards, > Petr > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 18:59 ` Mimi Zohar @ 2025-02-20 19:13 ` Petr Vorel 2025-02-20 20:22 ` Mimi Zohar 0 siblings, 1 reply; 17+ messages in thread From: Petr Vorel @ 2025-02-20 19:13 UTC (permalink / raw) To: Mimi Zohar; +Cc: linux-integrity, ltp, Stefan Berger > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > Hi Mimi, > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > Link: > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > Unfortunately tests fail on both mainline kernel and kernel with your patches. > The new LTP IMA violations patches should fail without the associated kernel patches. > > Any hint what could be wrong? > Of course it's dependent on the IMA policy. The tests assume being booted with the IMA > TCB measurement policy or similar policy being loaded. Can you share the IMA policy? > e.g. cat /sys/kernel/security/ima/policy > thanks, > Mimi Now testing on kernel *with* your patches. First run always fails, regardless whether using ima_policy=tcb or /opt/ltp/testcases/data/ima_violations/violations.policy). Kind regards, Petr First run fails: # LTP_IMA_LOAD_POLICY=1 LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh (policy is /opt/ltp/testcases/data/ima_violations/violations.policy) ima_violations 1 TINFO: Running: ima_violations.sh ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.XR34KhtnDM as tmpdir (tmpfs filesystem) tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.XR34KhtnDM/mntpoint ima_violations 1 TINFO: timeout per run is 0h 5m 0s ima_violations 1 TINFO: IMA kernel config: ima_violations 1 TINFO: CONFIG_IMA=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device ima_violations 1 TINFO: test requires IMA policy: measure func=FILE_CHECK mask=^MAY_READ euid=0 measure func=FILE_CHECK mask=^MAY_READ uid=0 ima_violations 1 TINFO: WARNING: missing required policy content: 'measure func=FILE_CHECK mask=^MAY_READ euid=0' ima_violations 1 TINFO: trying to load '/opt/ltp/testcases/data/ima_violations/violations.policy' policy: measure func=FILE_CHECK mask=^MAY_READ euid=0 measure func=FILE_CHECK mask=^MAY_READ uid=0 ima_violations 1 TINFO: example policy successfully loaded ima_violations 1 TINFO: using log /var/log/audit/audit.log ima_violations 1 TINFO: verify open writers violation ima_violations 1 TFAIL: open_writers too many violations added: 2 - 0 ima_violations 2 TINFO: verify ToMToU violation ima_violations 2 TPASS: 1 ToMToU violation(s) added ima_violations 3 TINFO: verify open_writers using mmapped files tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s ima_mmap.c:38: TINFO: sleep 3s ima_violations 3 TPASS: 1 open_writers violation(s) added ima_mmap.c:41: TPASS: test completed Summary: passed 1 failed 0 broken 0 skipped 0 warnings 0 ima_violations 4 TINFO: verify limiting single open writer violation ima_violations 4 TPASS: 1 open_writers violation(s) added ima_violations 5 TINFO: verify limiting multiple open writers violations ima_violations 5 TPASS: 1 open_writers violation(s) added ima_violations 6 TINFO: verify new open writer causes additional violation ima_violations 6 TPASS: 2 open_writers violation(s) added ima_violations 7 TINFO: verify limiting single open reader ToMToU violations ima_violations 7 TPASS: 1 ToMToU violation(s) added ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation ima_violations 8 TPASS: 2 ToMToU violation(s) added ima_violations 9 TINFO: WARNING: policy loaded via LTP_IMA_LOAD_POLICY=1, reboot recommended Summary: passed 7 failed 1 broken 0 skipped 0 warnings 0 Second run is ok: # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh ima_violations 1 TINFO: Running: ima_violations.sh ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux ima_violations 1 TINFO: Using /var/tmp/LTP_ima_violations.SWERFjvPTp as tmpdir (btrfs filesystem) ima_violations 1 TINFO: timeout per run is 0h 5m 0s ima_violations 1 TINFO: IMA kernel config: ima_violations 1 TINFO: CONFIG_IMA=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel ima_violations 1 TINFO: test requires IMA policy: measure func=FILE_CHECK mask=^MAY_READ euid=0 measure func=FILE_CHECK mask=^MAY_READ uid=0 ima_violations 1 TINFO: SUT has required policy content ima_violations 1 TINFO: using log /var/log/audit/audit.log ima_violations 1 TINFO: verify open writers violation ima_violations 1 TPASS: 1 open_writers violation(s) added ima_violations 2 TINFO: verify ToMToU violation ima_violations 2 TPASS: 1 ToMToU violation(s) added ima_violations 3 TINFO: verify open_writers using mmapped files tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s ima_mmap.c:38: TINFO: sleep 3s ima_violations 3 TPASS: 1 open_writers violation(s) added ima_mmap.c:41: TPASS: test completed Summary: passed 1 failed 0 broken 0 skipped 0 warnings 0 ima_violations 4 TINFO: verify limiting single open writer violation ima_violations 4 TPASS: 1 open_writers violation(s) added ima_violations 5 TINFO: verify limiting multiple open writers violations ima_violations 5 TPASS: 1 open_writers violation(s) added ima_violations 6 TINFO: verify new open writer causes additional violation ima_violations 6 TPASS: 2 open_writers violation(s) added ima_violations 7 TINFO: verify limiting single open reader ToMToU violations ima_violations 7 TPASS: 1 ToMToU violation(s) added ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation ima_violations 8 TPASS: 2 ToMToU violation(s) added Summary: passed 8 failed 0 broken 0 skipped 0 warnings 0 Reboot and running with ima_policy=tcb also fails on the first time: # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh tmpfs is skipped ima_violations 1 TINFO: Running: ima_violations.sh ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.FKQSfezAwR as tmpdir (tmpfs filesystem) tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.FKQSfezAwR/mntpoint ima_violations 1 TINFO: timeout per run is 0h 5m 0s ima_violations 1 TINFO: IMA kernel config: ima_violations 1 TINFO: CONFIG_IMA=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel ima_policy=tcb ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device ima_violations 1 TINFO: booted with IMA policy: tcb ima_violations 1 TINFO: using log /var/log/audit/audit.log ima_violations 1 TINFO: verify open writers violation ima_violations 1 TFAIL: open_writers too many violations added: 3 - 1 ima_violations 2 TINFO: verify ToMToU violation ima_violations 2 TPASS: 1 ToMToU violation(s) added ima_violations 3 TINFO: verify open_writers using mmapped files tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s ima_mmap.c:38: TINFO: sleep 3s ima_violations 3 TPASS: 1 open_writers violation(s) added ima_mmap.c:41: TPASS: test completed Summary: passed 1 failed 0 broken 0 skipped 0 warnings 0 ima_violations 4 TINFO: verify limiting single open writer violation ima_violations 4 TPASS: 1 open_writers violation(s) added ima_violations 5 TINFO: verify limiting multiple open writers violations ima_violations 5 TPASS: 1 open_writers violation(s) added ima_violations 6 TINFO: verify new open writer causes additional violation ima_violations 6 TPASS: 2 open_writers violation(s) added ima_violations 7 TINFO: verify limiting single open reader ToMToU violations ima_violations 7 TPASS: 1 ToMToU violation(s) added ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation ima_violations 8 TPASS: 2 ToMToU violation(s) added Summary: passed 7 failed 1 broken 0 skipped 0 warnings 0 Second and later run is again OK # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh tmpfs is skipped ima_violations 1 TINFO: Running: ima_violations.sh ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.1Qf6qJuSoo as tmpdir (tmpfs filesystem) tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.1Qf6qJuSoo/mntpoint ima_violations 1 TINFO: timeout per run is 0h 5m 0s ima_violations 1 TINFO: IMA kernel config: ima_violations 1 TINFO: CONFIG_IMA=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto security=apparmor ignore_loglevel ima_policy=tcb ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device ima_violations 1 TINFO: booted with IMA policy: tcb ima_violations 1 TINFO: using log /var/log/audit/audit.log ima_violations 1 TINFO: verify open writers violation ima_violations 1 TPASS: 1 open_writers violation(s) added ima_violations 2 TINFO: verify ToMToU violation ima_violations 2 TPASS: 1 ToMToU violation(s) added ima_violations 3 TINFO: verify open_writers using mmapped files tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s ima_mmap.c:38: TINFO: sleep 3s ima_violations 3 TPASS: 1 open_writers violation(s) added ima_mmap.c:41: TPASS: test completed Summary: passed 1 failed 0 broken 0 skipped 0 warnings 0 ima_violations 4 TINFO: verify limiting single open writer violation ima_violations 4 TPASS: 1 open_writers violation(s) added ima_violations 5 TINFO: verify limiting multiple open writers violations ima_violations 5 TPASS: 1 open_writers violation(s) added ima_violations 6 TINFO: verify new open writer causes additional violation ima_violations 6 TPASS: 2 open_writers violation(s) added ima_violations 7 TINFO: verify limiting single open reader ToMToU violations ima_violations 7 TPASS: 1 ToMToU violation(s) added ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation ima_violations 8 TPASS: 2 ToMToU violation(s) added Summary: passed 8 failed 0 broken 0 skipped 0 warnings 0 ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 19:13 ` Petr Vorel @ 2025-02-20 20:22 ` Mimi Zohar 2025-02-20 21:18 ` Mimi Zohar 0 siblings, 1 reply; 17+ messages in thread From: Mimi Zohar @ 2025-02-20 20:22 UTC (permalink / raw) To: Petr Vorel; +Cc: linux-integrity, ltp, Stefan Berger On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote: > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > > Hi Mimi, > > > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > > > Link: > > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > > Unfortunately tests fail on both mainline kernel and kernel with your patches. > > > The new LTP IMA violations patches should fail without the associated kernel patches. > > > > Any hint what could be wrong? > > > Of course it's dependent on the IMA policy. The tests assume being booted with the > > IMA > > TCB measurement policy or similar policy being loaded. Can you share the IMA policy? > > e.g. cat /sys/kernel/security/ima/policy > > > thanks, > > > Mimi > > Now testing on kernel *with* your patches. First run always fails, regardless > whether using ima_policy=tcb or > /opt/ltp/testcases/data/ima_violations/violations.policy). > > Kind regards, > Petr I'm not seeing that on my test machine. Could there be other things running on your system causing violations. In anycase, your original test was less exacting. Similarly, instead of "-eq", try using "-qe" in the following test and removing the subsequent new "gt" test. if [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then > > First run fails: > > # LTP_IMA_LOAD_POLICY=1 LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" > ima_violations.sh > (policy is /opt/ltp/testcases/data/ima_violations/violations.policy) > ima_violations 1 TINFO: Running: ima_violations.sh > ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux > ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.XR34KhtnDM as tmpdir (tmpfs > filesystem) > tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' > ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' > ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 > /tmp/LTP_ima_violations.XR34KhtnDM/mntpoint > ima_violations 1 TINFO: timeout per run is 0h 5m 0s > ima_violations 1 TINFO: IMA kernel config: > ima_violations 1 TINFO: CONFIG_IMA=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 > ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y > ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" > ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y > ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y > ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102- > default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 > plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 > resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto > security=apparmor ignore_loglevel > ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device > ima_violations 1 TINFO: test requires IMA policy: > measure func=FILE_CHECK mask=^MAY_READ euid=0 > measure func=FILE_CHECK mask=^MAY_READ uid=0 > ima_violations 1 TINFO: WARNING: missing required policy content: 'measure > func=FILE_CHECK mask=^MAY_READ euid=0' > ima_violations 1 TINFO: trying to load > '/opt/ltp/testcases/data/ima_violations/violations.policy' policy: > measure func=FILE_CHECK mask=^MAY_READ euid=0 > measure func=FILE_CHECK mask=^MAY_READ uid=0 > ima_violations 1 TINFO: example policy successfully loaded > ima_violations 1 TINFO: using log /var/log/audit/audit.log > ima_violations 1 TINFO: verify open writers violation > ima_violations 1 TFAIL: open_writers too many violations added: 2 - 0 > ima_violations 2 TINFO: verify ToMToU violation > ima_violations 2 TPASS: 1 ToMToU violation(s) added > ima_violations 3 TINFO: verify open_writers using mmapped files > tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f > tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 > tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' > tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow > the execution > tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s > ima_mmap.c:38: TINFO: sleep 3s > ima_violations 3 TPASS: 1 open_writers violation(s) added > ima_mmap.c:41: TPASS: test completed > > Summary: > passed 1 > failed 0 > broken 0 > skipped 0 > warnings 0 > ima_violations 4 TINFO: verify limiting single open writer violation > ima_violations 4 TPASS: 1 open_writers violation(s) added > ima_violations 5 TINFO: verify limiting multiple open writers violations > ima_violations 5 TPASS: 1 open_writers violation(s) added > ima_violations 6 TINFO: verify new open writer causes additional violation > ima_violations 6 TPASS: 2 open_writers violation(s) added > ima_violations 7 TINFO: verify limiting single open reader ToMToU violations > ima_violations 7 TPASS: 1 ToMToU violation(s) added > ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation > ima_violations 8 TPASS: 2 ToMToU violation(s) added > ima_violations 9 TINFO: WARNING: policy loaded via LTP_IMA_LOAD_POLICY=1, reboot > recommended > > Summary: > passed 7 > failed 1 > broken 0 > skipped 0 > warnings 0 > > Second run is ok: > # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh > ima_violations 1 TINFO: Running: ima_violations.sh > ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux > ima_violations 1 TINFO: Using /var/tmp/LTP_ima_violations.SWERFjvPTp as tmpdir (btrfs > filesystem) > ima_violations 1 TINFO: timeout per run is 0h 5m 0s > ima_violations 1 TINFO: IMA kernel config: > ima_violations 1 TINFO: CONFIG_IMA=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 > ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y > ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" > ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y > ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y > ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102- > default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 > plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 > resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto > security=apparmor ignore_loglevel > ima_violations 1 TINFO: test requires IMA policy: > measure func=FILE_CHECK mask=^MAY_READ euid=0 > measure func=FILE_CHECK mask=^MAY_READ uid=0 > ima_violations 1 TINFO: SUT has required policy content > ima_violations 1 TINFO: using log /var/log/audit/audit.log > ima_violations 1 TINFO: verify open writers violation > ima_violations 1 TPASS: 1 open_writers violation(s) added > ima_violations 2 TINFO: verify ToMToU violation > ima_violations 2 TPASS: 1 ToMToU violation(s) added > ima_violations 3 TINFO: verify open_writers using mmapped files > tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f > tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 > tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' > tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow > the execution > tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s > ima_mmap.c:38: TINFO: sleep 3s > ima_violations 3 TPASS: 1 open_writers violation(s) added > ima_mmap.c:41: TPASS: test completed > > Summary: > passed 1 > failed 0 > broken 0 > skipped 0 > warnings 0 > ima_violations 4 TINFO: verify limiting single open writer violation > ima_violations 4 TPASS: 1 open_writers violation(s) added > ima_violations 5 TINFO: verify limiting multiple open writers violations > ima_violations 5 TPASS: 1 open_writers violation(s) added > ima_violations 6 TINFO: verify new open writer causes additional violation > ima_violations 6 TPASS: 2 open_writers violation(s) added > ima_violations 7 TINFO: verify limiting single open reader ToMToU violations > ima_violations 7 TPASS: 1 ToMToU violation(s) added > ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation > ima_violations 8 TPASS: 2 ToMToU violation(s) added > > Summary: > passed 8 > failed 0 > broken 0 > skipped 0 > warnings 0 > > Reboot and running with ima_policy=tcb also fails on the first time: > > # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh > tmpfs is skipped > ima_violations 1 TINFO: Running: ima_violations.sh > ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux > ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.FKQSfezAwR as tmpdir (tmpfs > filesystem) > tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' > ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' > ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 > /tmp/LTP_ima_violations.FKQSfezAwR/mntpoint > ima_violations 1 TINFO: timeout per run is 0h 5m 0s > ima_violations 1 TINFO: IMA kernel config: > ima_violations 1 TINFO: CONFIG_IMA=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 > ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y > ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" > ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y > ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y > ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102- > default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 > plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 > resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto > security=apparmor ignore_loglevel ima_policy=tcb > ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device > ima_violations 1 TINFO: booted with IMA policy: tcb > ima_violations 1 TINFO: using log /var/log/audit/audit.log > ima_violations 1 TINFO: verify open writers violation > ima_violations 1 TFAIL: open_writers too many violations added: 3 - 1 > ima_violations 2 TINFO: verify ToMToU violation > ima_violations 2 TPASS: 1 ToMToU violation(s) added > ima_violations 3 TINFO: verify open_writers using mmapped files > tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f > tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 > tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' > tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow > the execution > tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s > ima_mmap.c:38: TINFO: sleep 3s > ima_violations 3 TPASS: 1 open_writers violation(s) added > ima_mmap.c:41: TPASS: test completed > > Summary: > passed 1 > failed 0 > broken 0 > skipped 0 > warnings 0 > ima_violations 4 TINFO: verify limiting single open writer violation > ima_violations 4 TPASS: 1 open_writers violation(s) added > ima_violations 5 TINFO: verify limiting multiple open writers violations > ima_violations 5 TPASS: 1 open_writers violation(s) added > ima_violations 6 TINFO: verify new open writer causes additional violation > ima_violations 6 TPASS: 2 open_writers violation(s) added > ima_violations 7 TINFO: verify limiting single open reader ToMToU violations > ima_violations 7 TPASS: 1 ToMToU violation(s) added > ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation > ima_violations 8 TPASS: 2 ToMToU violation(s) added > > Summary: > passed 7 > failed 1 > broken 0 > skipped 0 > warnings 0 > > Second and later run is again OK > # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh > tmpfs is skipped > ima_violations 1 TINFO: Running: ima_violations.sh > ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux > ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.1Qf6qJuSoo as tmpdir (tmpfs > filesystem) > tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' > ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' > ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 > /tmp/LTP_ima_violations.1Qf6qJuSoo/mntpoint > ima_violations 1 TINFO: timeout per run is 0h 5m 0s > ima_violations 1 TINFO: IMA kernel config: > ima_violations 1 TINFO: CONFIG_IMA=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 > ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y > ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" > ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y > ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y > ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102- > default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 > plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 > resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto > security=apparmor ignore_loglevel ima_policy=tcb > ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device > ima_violations 1 TINFO: booted with IMA policy: tcb > ima_violations 1 TINFO: using log /var/log/audit/audit.log > ima_violations 1 TINFO: verify open writers violation > ima_violations 1 TPASS: 1 open_writers violation(s) added > ima_violations 2 TINFO: verify ToMToU violation > ima_violations 2 TPASS: 1 ToMToU violation(s) added > ima_violations 3 TINFO: verify open_writers using mmapped files > tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f > tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP > PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 > tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' > tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow > the execution > tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s > ima_mmap.c:38: TINFO: sleep 3s > ima_violations 3 TPASS: 1 open_writers violation(s) added > ima_mmap.c:41: TPASS: test completed > > Summary: > passed 1 > failed 0 > broken 0 > skipped 0 > warnings 0 > ima_violations 4 TINFO: verify limiting single open writer violation > ima_violations 4 TPASS: 1 open_writers violation(s) added > ima_violations 5 TINFO: verify limiting multiple open writers violations > ima_violations 5 TPASS: 1 open_writers violation(s) added > ima_violations 6 TINFO: verify new open writer causes additional violation > ima_violations 6 TPASS: 2 open_writers violation(s) added > ima_violations 7 TINFO: verify limiting single open reader ToMToU violations > ima_violations 7 TPASS: 1 ToMToU violation(s) added > ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation > ima_violations 8 TPASS: 2 ToMToU violation(s) added > > Summary: > passed 8 > failed 0 > broken 0 > skipped 0 > warnings 0 > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 20:22 ` Mimi Zohar @ 2025-02-20 21:18 ` Mimi Zohar 2025-02-20 21:43 ` Petr Vorel 0 siblings, 1 reply; 17+ messages in thread From: Mimi Zohar @ 2025-02-20 21:18 UTC (permalink / raw) To: Petr Vorel; +Cc: linux-integrity, ltp, Stefan Berger On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote: > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote: > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > > > Hi Mimi, > > > > > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > > > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > > > > > Link: > > > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > > > > Unfortunately tests fail on both mainline kernel and kernel with your patches. > > > > > The new LTP IMA violations patches should fail without the associated kernel > > > patches. > > > > > > Any hint what could be wrong? > > > > > Of course it's dependent on the IMA policy. The tests assume being booted with the > > > IMA > > > TCB measurement policy or similar policy being loaded. Can you share the IMA > > > policy? > > > e.g. cat /sys/kernel/security/ima/policy > > > > > thanks, > > > > > Mimi > > > > Now testing on kernel *with* your patches. First run always fails, regardless > > whether using ima_policy=tcb or > > /opt/ltp/testcases/data/ima_violations/violations.policy). > > > > Kind regards, > > Petr > > I'm not seeing that on my test machine. Could there be other things running on your > system causing violations. In anycase, your original test was less exacting. > Similarly, > instead of "-eq", try using "-qe" in the following test and removing the subsequent new > "gt" test. -> "-ge" > > if [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 21:18 ` Mimi Zohar @ 2025-02-20 21:43 ` Petr Vorel 2025-02-21 2:07 ` Mimi Zohar 0 siblings, 1 reply; 17+ messages in thread From: Petr Vorel @ 2025-02-20 21:43 UTC (permalink / raw) To: Mimi Zohar; +Cc: linux-integrity, ltp, Stefan Berger > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote: > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote: > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > > > > Hi Mimi, > > > > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > > > > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > > > > Link: > > > > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > > > Unfortunately tests fail on both mainline kernel and kernel with your patches. > > > > The new LTP IMA violations patches should fail without the associated kernel > > > > patches. > > > > > Any hint what could be wrong? > > > > Of course it's dependent on the IMA policy. The tests assume being booted with the > > > > IMA > > > > TCB measurement policy or similar policy being loaded. Can you share the IMA > > > > policy? > > > > e.g. cat /sys/kernel/security/ima/policy > > > > thanks, > > > > Mimi > > > Now testing on kernel *with* your patches. First run always fails, regardless > > > whether using ima_policy=tcb or > > > /opt/ltp/testcases/data/ima_violations/violations.policy). > > > Kind regards, > > > Petr > > I'm not seeing that on my test machine. Could there be other things running on your > > system causing violations. In anycase, your original test was less exacting. > > Similarly, > > instead of "-eq", try using "-qe" in the following test and removing the subsequent new > > "gt" test. > -> "-ge" Sure, changing to -ge fixes the problem: if [ $(($num_violations_new - $num_violations)) -ge $expected_violations ]; then I guess we need "-ge" for older kernels (unless "fix" for stable). Should we accept "$expected_violations || $expected_violations + 1" for new kernels to avoid problems like the one on my system. I wonder if the problem was somehow caused by the fact that I built kernel. OTOH it's build by OBS (official openSUSE build service). I don't expect you'd have time to look into it, in case you're interested and have time sending a links to rpm binary and src package. https://download.opensuse.org/repositories/home:/pevik:/ima-limit-open-writers-ToMToU/standard/x86_64/kernel-default-6.14~rc3-1.1.gb6b4102.x86_64.rpm https://download.opensuse.org/repositories/home:/pevik:/ima-limit-open-writers-ToMToU/standard/src/kernel-source-6.14~rc3-1.1.gb6b4102.src.rpm Kind regards, Petr > > if [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-20 21:43 ` Petr Vorel @ 2025-02-21 2:07 ` Mimi Zohar 2025-02-21 8:16 ` Petr Vorel 0 siblings, 1 reply; 17+ messages in thread From: Mimi Zohar @ 2025-02-21 2:07 UTC (permalink / raw) To: Petr Vorel; +Cc: linux-integrity, ltp, Stefan Berger On Thu, 2025-02-20 at 22:43 +0100, Petr Vorel wrote: > > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote: > > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote: > > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > > > > > Hi Mimi, > > > > > > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > > > > > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > > > > > > Link: > > > > > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > > > > > Unfortunately tests fail on both mainline kernel and kernel with your patches. > > > > > > The new LTP IMA violations patches should fail without the associated kernel > > > > > patches. > > > > > > > Any hint what could be wrong? > > > > > > Of course it's dependent on the IMA policy. The tests assume being booted with > > > > > the > > > > > IMA > > > > > TCB measurement policy or similar policy being loaded. Can you share the IMA > > > > > policy? > > > > > e.g. cat /sys/kernel/security/ima/policy > > > > > > thanks, > > > > > > Mimi > > > > > Now testing on kernel *with* your patches. First run always fails, regardless > > > > whether using ima_policy=tcb or > > > > /opt/ltp/testcases/data/ima_violations/violations.policy). > > > > > Kind regards, > > > > Petr > > > > I'm not seeing that on my test machine. Could there be other things running on your > > > system causing violations. In anycase, your original test was less exacting. > > > Similarly, > > > instead of "-eq", try using "-qe" in the following test and removing the subsequent > > > new > > > "gt" test. > > > -> "-ge" > > Sure, changing to -ge fixes the problem: > if [ $(($num_violations_new - $num_violations)) -ge $expected_violations ]; then > > I guess we need "-ge" for older kernels (unless "fix" for stable). Should we > accept "$expected_violations || $expected_violations + 1" for new kernels to > avoid problems like the one on my system. The problem is that we don't control what else is running on the system. So there could be other violations independent of these tests. I'll have to think about it some more and get back to you. (There's no rush to do anything with these LTP IMA violation tests.) > > I wonder if the problem was somehow caused by the fact that I built kernel. OTOH > it's build by OBS (official openSUSE build service). As long as you weren't building the kernel and running the tests at the same, I doubt it would be the problem. > > I don't expect you'd have time to look into it, in case you're interested and > have time sending a links to rpm binary and src package. Ok. > > https://download.opensuse.org/repositories/home:/pevik:/ima-limit-open-writers-ToMToU/standard/x86_64/kernel-default-6.14~rc3-1.1.gb6b4102.x86_64.rpm > https://download.opensuse.org/repositories/home:/pevik:/ima-limit-open-writers-ToMToU/standard/src/kernel-source-6.14~rc3-1.1.gb6b4102.src.rpm > thanks, Mimi ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-21 2:07 ` Mimi Zohar @ 2025-02-21 8:16 ` Petr Vorel 2025-02-24 18:48 ` Mimi Zohar 0 siblings, 1 reply; 17+ messages in thread From: Petr Vorel @ 2025-02-21 8:16 UTC (permalink / raw) To: Mimi Zohar; +Cc: linux-integrity, ltp, Stefan Berger > On Thu, 2025-02-20 at 22:43 +0100, Petr Vorel wrote: > > > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote: > > > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote: > > > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > > > > > > Hi Mimi, > > > > > > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > > > > > > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > > > > > > Link: > > > > > > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > > > > > Unfortunately tests fail on both mainline kernel and kernel with your patches. > > > > > > The new LTP IMA violations patches should fail without the associated kernel > > > > > > patches. > > > > > > > Any hint what could be wrong? > > > > > > Of course it's dependent on the IMA policy. The tests assume being booted with > > > > > > the > > > > > > IMA > > > > > > TCB measurement policy or similar policy being loaded. Can you share the IMA > > > > > > policy? > > > > > > e.g. cat /sys/kernel/security/ima/policy > > > > > > thanks, > > > > > > Mimi > > > > > Now testing on kernel *with* your patches. First run always fails, regardless > > > > > whether using ima_policy=tcb or > > > > > /opt/ltp/testcases/data/ima_violations/violations.policy). > > > > > Kind regards, > > > > > Petr > > > > I'm not seeing that on my test machine. Could there be other things running on your > > > > system causing violations. In anycase, your original test was less exacting. > > > > Similarly, > > > > instead of "-eq", try using "-qe" in the following test and removing the subsequent > > > > new > > > > "gt" test. > > > -> "-ge" > > Sure, changing to -ge fixes the problem: > > if [ $(($num_violations_new - $num_violations)) -ge $expected_violations ]; then > > I guess we need "-ge" for older kernels (unless "fix" for stable). Should we > > accept "$expected_violations || $expected_violations + 1" for new kernels to > > avoid problems like the one on my system. > The problem is that we don't control what else is running on the system. So there could > be other violations independent of these tests. I'll have to think about it some more and > get back to you. (There's no rush to do anything with these LTP IMA violation tests.) OK, thank you. The worse scenario would be to use less precise variant "-ge". > > I wonder if the problem was somehow caused by the fact that I built kernel. OTOH > > it's build by OBS (official openSUSE build service). > As long as you weren't building the kernel and running the tests at the same, I doubt it > would be the problem. Understand, just something on openSUSE Tumbleweed system. Kind regards, Petr > > I don't expect you'd have time to look into it, in case you're interested and > > have time sending a links to rpm binary and src package. > Ok. > > https://download.opensuse.org/repositories/home:/pevik:/ima-limit-open-writers-ToMToU/standard/x86_64/kernel-default-6.14~rc3-1.1.gb6b4102.x86_64.rpm > > https://download.opensuse.org/repositories/home:/pevik:/ima-limit-open-writers-ToMToU/standard/src/kernel-source-6.14~rc3-1.1.gb6b4102.src.rpm > thanks, > Mimi ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-21 8:16 ` Petr Vorel @ 2025-02-24 18:48 ` Mimi Zohar 2025-02-25 7:45 ` Petr Vorel 0 siblings, 1 reply; 17+ messages in thread From: Mimi Zohar @ 2025-02-24 18:48 UTC (permalink / raw) To: Petr Vorel; +Cc: linux-integrity, ltp, Stefan Berger On Fri, 2025-02-21 at 09:16 +0100, Petr Vorel wrote: > > On Thu, 2025-02-20 at 22:43 +0100, Petr Vorel wrote: > > > > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote: > > > > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote: > > > > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > > > > > > > Hi Mimi, > > > > > > > > > > Kernel patch "ima: limit the number of ToMToU integrity > > > > > > > > > violations" > > > > > > > > > prevents superfluous ToMToU violations. Add corresponding LTP > > > > > > > > > tests. > > > > > > > > > > Link: > > > > > > > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > > > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > > > > > > > Unfortunately tests fail on both mainline kernel and kernel with > > > > > > > > your patches. > > > > > > > > The new LTP IMA violations patches should fail without the > > > > > > > associated kernel > > > > > > > patches. > > > > > > > > > Any hint what could be wrong? > > > > > > > > Of course it's dependent on the IMA policy. The tests assume > > > > > > > being booted with > > > > > > > the > > > > > > > IMA > > > > > > > TCB measurement policy or similar policy being loaded. Can you > > > > > > > share the IMA > > > > > > > policy? > > > > > > > e.g. cat /sys/kernel/security/ima/policy > > > > > > > > thanks, > > > > > > > > Mimi > > > > > > > Now testing on kernel *with* your patches. First run always fails, > > > > > > regardless > > > > > > whether using ima_policy=tcb or > > > > > > /opt/ltp/testcases/data/ima_violations/violations.policy). > > > > > > > Kind regards, > > > > > > Petr > > > > > > I'm not seeing that on my test machine. Could there be other things > > > > > running on your > > > > > system causing violations. In anycase, your original test was less > > > > > exacting. > > > > > Similarly, > > > > > instead of "-eq", try using "-qe" in the following test and removing > > > > > the subsequent > > > > > new > > > > > "gt" test. > > > > > -> "-ge" > > > > Sure, changing to -ge fixes the problem: > > > if [ $(($num_violations_new - $num_violations)) -ge $expected_violations > > > ]; then > > > > I guess we need "-ge" for older kernels (unless "fix" for stable). Should > > > we > > > accept "$expected_violations || $expected_violations + 1" for new kernels > > > to > > > avoid problems like the one on my system. > > > The problem is that we don't control what else is running on the system. So > > there could > > be other violations independent of these tests. I'll have to think about it > > some more and > > get back to you. (There's no rush to do anything with these LTP IMA > > violation tests.) > > OK, thank you. The worse scenario would be to use less precise variant "-ge". > > > > I wonder if the problem was somehow caused by the fact that I built > > > kernel. OTOH > > > it's build by OBS (official openSUSE build service). > > > As long as you weren't building the kernel and running the tests at the > > same, I doubt it > > would be the problem. > > Understand, just something on openSUSE Tumbleweed system. Peter, thank you for the tumbleweed image. The default IMA tcb policy results is measuring $LOG (/var/log/audit/audit.log) on the first call to validate(). To prevent that from interfering with test1, I would add the following line or something similar in setup() to force measuring $LOG to happen earlier. exec 3< $LOG || exit 1 Assuming that works, I'll update the kernel and LTP tests. thanks, Mimi ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests 2025-02-24 18:48 ` Mimi Zohar @ 2025-02-25 7:45 ` Petr Vorel 0 siblings, 0 replies; 17+ messages in thread From: Petr Vorel @ 2025-02-25 7:45 UTC (permalink / raw) To: Mimi Zohar; +Cc: linux-integrity, ltp, Stefan Berger > On Fri, 2025-02-21 at 09:16 +0100, Petr Vorel wrote: > > > On Thu, 2025-02-20 at 22:43 +0100, Petr Vorel wrote: > > > > > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote: > > > > > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote: > > > > > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > > > > > > > > > Hi Mimi, > > > > > > > > > > Kernel patch "ima: limit the number of ToMToU integrity > > > > > > > > > > violations" > > > > > > > > > > prevents superfluous ToMToU violations. Add corresponding LTP > > > > > > > > > > tests. > > > > > > > > > > Link: > > > > > > > > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@linux.ibm.com/ > > > > > > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > > > > > > > Unfortunately tests fail on both mainline kernel and kernel with > > > > > > > > > your patches. > > > > > > > > The new LTP IMA violations patches should fail without the > > > > > > > > associated kernel > > > > > > > > patches. > > > > > > > > > Any hint what could be wrong? > > > > > > > > Of course it's dependent on the IMA policy. The tests assume > > > > > > > > being booted with > > > > > > > > the > > > > > > > > IMA > > > > > > > > TCB measurement policy or similar policy being loaded. Can you > > > > > > > > share the IMA > > > > > > > > policy? > > > > > > > > e.g. cat /sys/kernel/security/ima/policy > > > > > > > > thanks, > > > > > > > > Mimi > > > > > > > Now testing on kernel *with* your patches. First run always fails, > > > > > > > regardless > > > > > > > whether using ima_policy=tcb or > > > > > > > /opt/ltp/testcases/data/ima_violations/violations.policy). > > > > > > > Kind regards, > > > > > > > Petr > > > > > > I'm not seeing that on my test machine. Could there be other things > > > > > > running on your > > > > > > system causing violations. In anycase, your original test was less > > > > > > exacting. > > > > > > Similarly, > > > > > > instead of "-eq", try using "-qe" in the following test and removing > > > > > > the subsequent > > > > > > new > > > > > > "gt" test. > > > > > -> "-ge" > > > > Sure, changing to -ge fixes the problem: > > > > if [ $(($num_violations_new - $num_violations)) -ge $expected_violations > > > > ]; then > > > > I guess we need "-ge" for older kernels (unless "fix" for stable). Should > > > > we > > > > accept "$expected_violations || $expected_violations + 1" for new kernels > > > > to > > > > avoid problems like the one on my system. > > > The problem is that we don't control what else is running on the system. So > > > there could > > > be other violations independent of these tests. I'll have to think about it > > > some more and > > > get back to you. (There's no rush to do anything with these LTP IMA > > > violation tests.) > > OK, thank you. The worse scenario would be to use less precise variant "-ge". > > > > I wonder if the problem was somehow caused by the fact that I built > > > > kernel. OTOH > > > > it's build by OBS (official openSUSE build service). > > > As long as you weren't building the kernel and running the tests at the > > > same, I doubt it > > > would be the problem. > > Understand, just something on openSUSE Tumbleweed system. Hi Mimi, > Peter, thank you for the tumbleweed image. Thanks for debugging on the image! > The default IMA tcb policy results is measuring $LOG (/var/log/audit/audit.log) > on the first call to validate(). To prevent that from interfering with test1, I > would add the following line or something similar in setup() to force measuring > $LOG to happen earlier. +1 > exec 3< $LOG || exit 1 Ideally use: exec 3< $LOG || tst_brk TBROK "some explanation..." > Assuming that works, I'll update the kernel and LTP tests. +1 (patch from you is preferred) Kind regards, Petr > thanks, > Mimi ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [RFC PATCH 1/3] Update validate() to support multiple violations 2025-02-20 16:00 [RFC PATCH 1/3] Update validate() to support multiple violations Mimi Zohar 2025-02-20 16:00 ` [RFC PATCH 2/3] ima: additional open-writer violation tests Mimi Zohar 2025-02-20 16:00 ` [RFC PATCH 3/3] ima: additional ToMToU " Mimi Zohar @ 2025-02-20 18:50 ` Petr Vorel 2 siblings, 0 replies; 17+ messages in thread From: Petr Vorel @ 2025-02-20 18:50 UTC (permalink / raw) To: Mimi Zohar; +Cc: linux-integrity, ltp, Stefan Berger Hi Mimi, > Add support for the number of expected violations. Include the > expected number of violations in the output. > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > .../security/integrity/ima/tests/ima_violations.sh | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh > index 37d8d473c..7f0382fb8 100755 > --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh > +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh > @@ -71,20 +71,26 @@ validate() > local num_violations="$1" > local count="$2" > local search="$3" > + local expected_violations=$4 nit: safer to quote as much as possible (="$4") to avoid errors. > local max_attempt=3 > local count2 i num_violations_new > + [ -z $expected_violations ] && expected_violations=1 Also here: -z "$expected_violations" I can add quotes before merge if you don't want to bother (I would send you a diff to ack it before merging). > + > for i in $(seq 1 $max_attempt); do > read num_violations_new < $IMA_VIOLATIONS > count2="$(get_count $search)" > - if [ $(($num_violations_new - $num_violations)) -gt 0 ]; then > + if [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then > if [ $count2 -gt $count ]; then > - tst_res TPASS "$search violation added" > + tst_res TPASS "$expected_violations $search violation(s) added" > return > else > tst_res TINFO "$search not found in $LOG ($i/$max_attempt attempt)..." > tst_sleep 1s > fi > + elif [ $(($num_violations_new - $num_violations)) -gt 0 ]; then > + tst_res $IMA_FAIL "$search too many violations added" nit: maybe print values for debugging? tst_res $IMA_FAIL "$search too many violations added: $num_violations_new - $num_violations" FYI failing tests has 2 or 3 higher: ima_violations 1 TINFO: SUT has required policy content ima_violations 1 TINFO: using log /var/log/audit/audit.log ima_violations 1 TINFO: verify open writers violation ima_violations 1 TFAIL: open_writers too many violations added: 106 - 104 ima_violations 2 TINFO: verify ToMToU violation ima_violations 2 TFAIL: ToMToU too many violations added: 109 - 107 ima_violations 3 TINFO: verify open_writers using mmapped files tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f tst_test.c:1904: TINFO: Tested kernel: 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow the execution tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s ima_mmap.c:38: TINFO: sleep 3s ima_violations 3 TFAIL: open_writers too many violations added: 112 - 110 ima_mmap.c:41: TPASS: test completed Summary: passed 1 failed 0 broken 0 skipped 0 warnings 0 ima_violations 4 TINFO: verify limiting single open writer violation ima_violations 4 TFAIL: open_writers too many violations added: 116 - 113 ima_violations 5 TINFO: verify limiting multiple open writers violations ima_violations 5 TFAIL: open_writers too many violations added: 121 - 117 ima_violations 6 TINFO: verify new open writer causes additional violation ima_violations 6 TFAIL: open_writers too many violations added: 126 - 122 ima_violations 7 TINFO: verify limiting single open reader ToMToU violations ima_violations 7 TFAIL: ToMToU too many violations added: 130 - 127 ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation ima_violations 8 TFAIL: ToMToU too many violations added: 134 - 131 As I noted in previous mail, either has of a backport (can be added later, we don't have to wait for merging) or skip on older kernels (tst_kvcmp -lt ...). Kind regards, Petr ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2025-02-25 7:45 UTC | newest] Thread overview: 17+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-02-20 16:00 [RFC PATCH 1/3] Update validate() to support multiple violations Mimi Zohar 2025-02-20 16:00 ` [RFC PATCH 2/3] ima: additional open-writer violation tests Mimi Zohar 2025-02-20 19:02 ` Petr Vorel 2025-02-20 16:00 ` [RFC PATCH 3/3] ima: additional ToMToU " Mimi Zohar 2025-02-20 18:16 ` Petr Vorel 2025-02-20 18:46 ` Petr Vorel 2025-02-20 21:15 ` Mimi Zohar 2025-02-20 18:59 ` Mimi Zohar 2025-02-20 19:13 ` Petr Vorel 2025-02-20 20:22 ` Mimi Zohar 2025-02-20 21:18 ` Mimi Zohar 2025-02-20 21:43 ` Petr Vorel 2025-02-21 2:07 ` Mimi Zohar 2025-02-21 8:16 ` Petr Vorel 2025-02-24 18:48 ` Mimi Zohar 2025-02-25 7:45 ` Petr Vorel 2025-02-20 18:50 ` [RFC PATCH 1/3] Update validate() to support multiple violations Petr Vorel
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox