* [PATCH] ima_selinux.sh: Require ima_policy=critical_data kernel cmdline
@ 2025-02-24 10:59 Petr Vorel
2025-03-04 8:49 ` Petr Vorel
0 siblings, 1 reply; 2+ messages in thread
From: Petr Vorel @ 2025-02-24 10:59 UTC (permalink / raw)
To: ltp; +Cc: Petr Vorel, Mimi Zohar, linux-integrity
Test requires not only func=CRITICAL_DATA IMA policy content but also
ima_policy=critical_data kernel cmdline. Without cmdline no measures are
done.
https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-policy-critical-data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdd1ffe8a812
Fixes: 4944a63ed9 ("IMA: Add test for SELinux measurement")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
FYI this is supposed to be applied on the top of "ima_setup.sh: Postpone
loading policy after test setup" patchset
https://patchwork.ozlabs.org/project/ltp/list/?series=445166&state=*
https://lore.kernel.org/ltp/20250219181926.2620960-1-pvorel@suse.cz/t/#u
testcases/kernel/security/integrity/ima/tests/ima_selinux.sh | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
index 97c5d64ec5..1a0de21efd 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
@@ -5,7 +5,8 @@
# Author: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
#
# Verify measurement of SELinux policy hash and state.
-# Test requires example IMA policy loadable with LTP_IMA_LOAD_POLICY=1.
+# Test requires ima_policy=critical_data kernel command line and example IMA
+# policy loadable with LTP_IMA_LOAD_POLICY=1.
#
# Relevant kernel commits:
# * fdd1ffe8a812 ("selinux: include a consumer of the new IMA critical data hook")
@@ -22,6 +23,8 @@ setup()
{
SELINUX_DIR=$(tst_get_selinux_dir)
[ "$SELINUX_DIR" ] || tst_brk TCONF "SELinux is not enabled"
+
+ require_ima_policy_cmdline "critical_data"
}
# Format of the measured SELinux state data.
--
2.47.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ima_selinux.sh: Require ima_policy=critical_data kernel cmdline
2025-02-24 10:59 [PATCH] ima_selinux.sh: Require ima_policy=critical_data kernel cmdline Petr Vorel
@ 2025-03-04 8:49 ` Petr Vorel
0 siblings, 0 replies; 2+ messages in thread
From: Petr Vorel @ 2025-03-04 8:49 UTC (permalink / raw)
To: ltp; +Cc: Mimi Zohar, linux-integrity
Hi all,
> Test requires not only func=CRITICAL_DATA IMA policy content but also
> ima_policy=critical_data kernel cmdline. Without cmdline no measures are
> done.
FYI merged.
Kind regards,
Petr
> https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-policy-critical-data
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdd1ffe8a812
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-03-04 8:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-24 10:59 [PATCH] ima_selinux.sh: Require ima_policy=critical_data kernel cmdline Petr Vorel
2025-03-04 8:49 ` Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox