From: Mimi Zohar <zohar@linux.ibm.com>
To: Petr Vorel <pvorel@suse.cz>, ltp@lists.linux.it
Cc: linux-integrity@vger.kernel.org
Subject: Re: [LTP] [PATCH v3 09/10] ima_measurements.sh: Check policy for test3
Date: Thu, 23 Jan 2025 12:39:52 -0500 [thread overview]
Message-ID: <457bde4721991e43ceb6deefeee4a3fde33661e6.camel@linux.ibm.com> (raw)
In-Reply-To: <20250114112915.610297-10-pvorel@suse.cz>
Hi Petr,
On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote:
> First two tests are working with ima_policy=tcb,
> but 3rd test requires more specific policy.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
Sorry I'm not seeing the difference between "ima_policy=tcb" and the specific policy.
The patch itself looks correct and should allow the test to work even without
specifying the "tcb" policy on the boot command line.
After fixing the patch description, feel free to add:
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> .../kernel/security/integrity/ima/tests/ima_measurements.sh | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> index c42c31c898..35acc6ea78 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> @@ -77,6 +77,11 @@ test3()
> tst_res TINFO "verify not measuring user files"
> tst_check_cmds sudo || return
>
> + if [ "$IMA_POLICY_CHECKED" != 1 ]; then
> + tst_res TCONF "test requires specific policy, try load it with
> LTP_IMA_LOAD_POLICY=1"
> + return
> + fi
> +
> if ! id $user >/dev/null 2>/dev/null; then
> tst_res TCONF "missing system user $user (wrong installation)"
> return
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2025-01-23 17:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-14 11:29 [LTP] [PATCH v3 00/10] LTP tests: load predefined policy, enhancements Petr Vorel
2025-01-14 11:29 ` [LTP] [PATCH v3 01/10] ima_violations.sh: Fix log detection Petr Vorel
2025-01-23 17:37 ` Mimi Zohar
2025-01-14 11:29 ` [LTP] [PATCH v3 02/10] IMA: Add TCB policy as an example for ima_measurements.sh Petr Vorel
2025-01-23 17:38 ` Mimi Zohar
2025-02-03 15:46 ` Mimi Zohar
2025-01-14 11:29 ` [LTP] [PATCH v3 03/10] IMA: Move requirement check to ima_setup.sh Petr Vorel
2025-01-23 17:38 ` Mimi Zohar
2025-01-14 11:29 ` [LTP] [PATCH v3 04/10] IMA: Add example policy for ima_violations.sh Petr Vorel
2025-02-03 15:51 ` Mimi Zohar
2025-01-14 11:29 ` [LTP] [PATCH v3 05/10] IMA: Read required policy from file Petr Vorel
2025-01-23 17:39 ` Mimi Zohar
2025-02-04 11:17 ` Petr Vorel
2025-01-14 11:29 ` [LTP] [PATCH v3 06/10] ima_violations.sh: Declare tcb builtin policy Petr Vorel
2025-01-23 17:45 ` Mimi Zohar
2025-01-14 11:29 ` [LTP] [PATCH v3 07/10] ima_setup.sh: Add digest index detection for ima-buf format Petr Vorel
2025-02-03 16:00 ` Mimi Zohar
2025-01-14 11:29 ` [LTP] [PATCH v3 08/10] ima_setup.sh: Allow to load predefined policy Petr Vorel
2025-02-03 16:31 ` Mimi Zohar
2025-01-14 11:29 ` [LTP] [PATCH v3 09/10] ima_measurements.sh: Check policy for test3 Petr Vorel
2025-01-23 17:39 ` Mimi Zohar [this message]
2025-01-14 11:29 ` [LTP] [PATCH v3 10/10] tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA Petr Vorel
2025-01-23 17:39 ` Mimi Zohar
2025-01-31 9:26 ` Cyril Hrubis
2025-01-31 12:09 ` Petr Vorel
2025-01-23 17:37 ` [LTP] [PATCH v3 00/10] LTP tests: load predefined policy, enhancements Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=457bde4721991e43ceb6deefeee4a3fde33661e6.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox