From: Mimi Zohar <zohar@linux.ibm.com>
To: ltp@lists.linux.it
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Stefan Berger <stefanb@linux.ibm.com>,
Petr Vorel <pvorel@suse.cz>,
linux-integrity@vger.kernel.org
Subject: [PATCH v3 2/5] ima_violations.sh: Update validate() to support multiple violations
Date: Wed, 5 Mar 2025 09:54:18 -0500 [thread overview]
Message-ID: <20250305145421.638857-2-zohar@linux.ibm.com> (raw)
In-Reply-To: <20250305145421.638857-1-zohar@linux.ibm.com>
Add optional support for the number of expected violations. Include the
expected number of violations in the output.
Limit the new expected violations to the new tests, so that the existing
tests continue to work properly with/without the kernel changes.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
.../security/integrity/ima/tests/ima_violations.sh | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index 22863fb72..37bf2182b 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -72,20 +72,27 @@ validate()
local num_violations="$1"
local count="$2"
local search="$3"
+ local expected_violations="$4"
local max_attempt=3
local count2 i num_violations_new
for i in $(seq 1 $max_attempt); do
read num_violations_new < $IMA_VIOLATIONS
count2="$(get_count $search)"
- if [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+ if [ -z "$expected_violations" ] && \
+ [ $(($num_violations_new - $num_violations)) -gt 0 ] || \
+ [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then
+ [ -z "$expected_violations" ] && expected_violations=1
if [ $count2 -gt $count ]; then
- tst_res TPASS "$search violation added"
+ tst_res TPASS "$expected_violations $search violation(s) added"
return
else
tst_res TINFO "$search not found in $LOG ($i/$max_attempt attempt)..."
tst_sleep 1s
fi
+ elif [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+ tst_res $IMA_FAIL "$search too many violations added: $num_violations_new - $num_violations"
+ return
else
tst_res $IMA_FAIL "$search violation not added"
return
--
2.48.1
next prev parent reply other threads:[~2025-03-05 14:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-05 14:54 [PATCH v3 1/5] ima_violations.sh: force $LOG ToMToU violation earlier Mimi Zohar
2025-03-05 14:54 ` Mimi Zohar [this message]
2025-03-05 14:54 ` [PATCH v3 3/5] ima_violations.sh: additional open-writer violation tests Mimi Zohar
2025-03-05 14:54 ` [PATCH v3 4/5] ima_violations.sh: additional ToMToU " Mimi Zohar
2025-03-05 14:54 ` [PATCH v3 5/5] ima_violations.sh: require kernel v6.14 for minimizing violations tests Mimi Zohar
2025-03-06 17:26 ` Petr Vorel
2025-03-06 21:02 ` Mimi Zohar
2025-03-06 17:07 ` [PATCH v3 1/5] ima_violations.sh: force $LOG ToMToU violation earlier Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250305145421.638857-2-zohar@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox