From: Mimi Zohar <zohar@linux.ibm.com>
To: Petr Vorel <pvorel@suse.cz>, ltp@lists.linux.it
Cc: Lachlan Sneff <t-josne@linux.microsoft.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v3 0/4] IMA: verify measurement of certificate imported into a keyring
Date: Mon, 17 Aug 2020 15:18:01 -0400 [thread overview]
Message-ID: <bc89bf8e0c40e6d66c86b42f55f9bf69ec7e335e.camel@linux.ibm.com> (raw)
In-Reply-To: <20200817130916.27634-1-pvorel@suse.cz>
On Mon, 2020-08-17 at 15:09 +0200, Petr Vorel wrote:
> Hi Mimi, Lakshmi,
>
> changes v2->v3:
> fixed regression in my third commit.
> (please verify it on installed LTP, or at least run make install in
> testcases/kernel/security/integrity/ima/datafiles/ima_keys/)
I did, but nothing changed. I probably need to set an environment
variable.
After building and installing LTP, it's finding the file, but some of
the issues still exist:
ima_keys 1 TINFO: $TMPDIR is on tmpfs => run on loop device
ima_keys 1 TINFO: Formatting /dev/loop0 with ext3 extra opts=''
ima_keys 1 TINFO: verify key measurement for keyrings and templates specified in IMA policy
grep: Unmatched ( or \(
ima_keys 1 TPASS: specified keyrings were measured correctly
ima_keys 2 TINFO: verify measurement of certificate imported into a keyring
keyctl_session_to_parent: Operation not permitted
ima_keys 2 TPASS: logged certificate matches the original
IMA policy:
measure func=KEY_CHECK keyrings=.ima|.evm|.builtin_trusted_keys|.blacklist|key_import_test template=ima-buf
measure func=KEY_CHECK keyrings=key_import_test template=ima-buf
Mimi
next prev parent reply other threads:[~2020-08-17 19:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 13:09 [PATCH v3 0/4] IMA: verify measurement of certificate imported into a keyring Petr Vorel
2020-08-17 13:09 ` [PATCH v3 1/4] IMA/ima_keys.sh: Fix policy content check usage Petr Vorel
2020-08-17 13:09 ` [PATCH v3 2/4] IMA: Refactor datafiles directory Petr Vorel
2020-08-17 13:09 ` [PATCH v3 3/4] IMA: Add a test to verify measurement of certificate imported into a keyring Petr Vorel
2020-08-17 13:09 ` [PATCH v3 4/4] IMA/ima_keys.sh: Enhance policy checks Petr Vorel
2020-08-17 14:37 ` [PATCH v3 0/4] IMA: verify measurement of certificate imported into a keyring Lakshmi Ramasubramanian
2020-08-17 19:18 ` Mimi Zohar [this message]
2020-08-17 19:52 ` Petr Vorel
2020-08-17 20:02 ` Lakshmi Ramasubramanian
2020-08-17 20:39 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bc89bf8e0c40e6d66c86b42f55f9bf69ec7e335e.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=pvorel@suse.cz \
--cc=t-josne@linux.microsoft.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox