From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v3 0/4] IMA: verify measurement of certificate imported into a keyring
Date: Mon, 17 Aug 2020 21:52:44 +0200 [thread overview]
Message-ID: <20200817195244.GA112397@x230> (raw)
In-Reply-To: <bc89bf8e0c40e6d66c86b42f55f9bf69ec7e335e.camel@linux.ibm.com>
> On Mon, 2020-08-17 at 15:09 +0200, Petr Vorel wrote:
> > Hi Mimi, Lakshmi,
> > changes v2->v3:
> > fixed regression in my third commit.
> > (please verify it on installed LTP, or at least run make install in
> > testcases/kernel/security/integrity/ima/datafiles/ima_keys/)
> I did, but nothing changed. I probably need to set an environment
> variable.
You also need to set LTPROOT (prefix, e.g. /opt/ltp).
> After building and installing LTP, it's finding the file, but some of
> the issues still exist:
> ima_keys 1 TINFO: $TMPDIR is on tmpfs => run on loop device
> ima_keys 1 TINFO: Formatting /dev/loop0 with ext3 extra opts=''
> ima_keys 1 TINFO: verify key measurement for keyrings and templates specified in IMA policy
> grep: Unmatched ( or \(
This should be fixed by v3 (fixed by for loop and sort -u)
https://patchwork.ozlabs.org/project/ltp/patch/20200817130916.27634-5-pvorel@suse.cz/
But I'll test it tomorrow with your IMA policy.
Thank you for testing!
Kind regards,
Petr
> ima_keys 1 TPASS: specified keyrings were measured correctly
> ima_keys 2 TINFO: verify measurement of certificate imported into a keyring
> keyctl_session_to_parent: Operation not permitted
> ima_keys 2 TPASS: logged certificate matches the original
> IMA policy:
> measure func=KEY_CHECK keyrings=.ima|.evm|.builtin_trusted_keys|.blacklist|key_import_test template=ima-buf
> measure func=KEY_CHECK keyrings=key_import_test template=ima-buf
> Mimi
next prev parent reply other threads:[~2020-08-17 19:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 13:09 [LTP] [PATCH v3 0/4] IMA: verify measurement of certificate imported into a keyring Petr Vorel
2020-08-17 13:09 ` [LTP] [PATCH v3 1/4] IMA/ima_keys.sh: Fix policy content check usage Petr Vorel
2020-08-17 13:09 ` [LTP] [PATCH v3 2/4] IMA: Refactor datafiles directory Petr Vorel
2020-08-17 13:09 ` [LTP] [PATCH v3 3/4] IMA: Add a test to verify measurement of certificate imported into a keyring Petr Vorel
2020-08-17 13:09 ` [LTP] [PATCH v3 4/4] IMA/ima_keys.sh: Enhance policy checks Petr Vorel
2020-08-17 14:37 ` [LTP] [PATCH v3 0/4] IMA: verify measurement of certificate imported into a keyring Lakshmi Ramasubramanian
2020-08-17 19:18 ` Mimi Zohar
2020-08-17 19:52 ` Petr Vorel [this message]
2020-08-17 20:02 ` Lakshmi Ramasubramanian
2020-08-17 20:39 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200817195244.GA112397@x230 \
--to=pvorel@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox