[LTP] [PATCH 0/3] IMA + shell API fixes on umount

[LTP] [PATCH 0/3] IMA + shell API fixes on umount

[Petr Vorel]

NOTE this is based on my patchset "tst_test.sh: Fix filesystem support
detection" [1] which is based on Martin's patch [2] (4 more commits
needed). Also available in my fork [3].

All these 7 commits would be great to get to the release.

Kind regards,
Petr

[1] https://patchwork.ozlabs.org/project/ltp/list/?series=319660&state=*
[2] https://patchwork.ozlabs.org/project/ltp/patch/20220921155006.13360-1-mdoucha@suse.cz/
[3] https://github.com/pevik/ltp/commits/fix/TST_ALL_FILESYSTEMS.v2.ima

Petr Vorel (3):
  tst_test.sh: cd to $LTPROOT before umount
  ima_setup.sh: Use TST_MOUNT_DEVICE
  ima_setup.sh: Use tst_supported_fs instead of df

 .../security/integrity/ima/tests/ima_setup.sh | 29 +++++--------------
 testcases/lib/tst_test.sh                     |  3 +-
 2 files changed, 10 insertions(+), 22 deletions(-)

-- 
2.37.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 1/3] tst_test.sh: cd to $LTPROOT before umount

[Petr Vorel]

It's safer not to expect tests go away from the mountpoint
before trying to unmount it, because tests can cd to $TST_MNTPOINT
if they use TST_MOUNT_DEVICE=1. Also better to handle it in the library
than in all tests which may need it.

This fix ima_keys.sh and other following IMA/EVM tests which fail on
systems with tmpfs on $TMPDIR since 1f6bd6e66:

        ima_keys 1 TCONF: IMA policy does not specify '^measure.*func=KEY_CHECK'
        tst_device.c:255: TWARN: ioctl(/dev/loop0, LOOP_CLR_FD, 0) no ENXIO for too long

        Usage:
        tst_device acquire [size [filename]]
        tst_device release /path/to/device
        tst_device clear /path/to/device

        ima_keys 1 TWARN: Failed to release device '/dev/loop0'
        rm: cannot remove '/tmp/LTP_ima_keys.YArl935DCg/mntpoint': Device or resource busy

Fixme: 1f6bd6e66 ("tst_test.sh: Add $TST_ALL_FILESYSTEMS")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 testcases/lib/tst_test.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/testcases/lib/tst_test.sh b/testcases/lib/tst_test.sh
index 01c01b79b..7ec744cac 100644
--- a/testcases/lib/tst_test.sh
+++ b/testcases/lib/tst_test.sh
@@ -29,6 +29,7 @@ _tst_do_exit()
 	local ret=0
 	TST_DO_EXIT=1
 
+	cd "$LTPROOT"
 	[ "$TST_MOUNT_FLAG" = 1 ] && tst_umount
 
 	if [ "$TST_NEEDS_DEVICE" = 1 -a "$TST_DEVICE_FLAG" = 1 ]; then
@@ -38,7 +39,6 @@ _tst_do_exit()
 	fi
 
 	if [ "$TST_NEEDS_TMPDIR" = 1 -a -n "$TST_TMPDIR" ]; then
-		cd "$LTPROOT"
 		rm -r "$TST_TMPDIR"
 		[ "$TST_TMPDIR_RHOST" = 1 ] && tst_cleanup_rhost
 	fi
@@ -794,6 +794,7 @@ _tst_run_iterations()
 	fi
 
 	if [ "$TST_MOUNT_FLAG" = 1 ]; then
+		cd "$LTPROOT"
 		tst_umount
 		TST_MOUNT_FLAG=
 	fi
-- 
2.37.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 2/3] ima_setup.sh: Use TST_MOUNT_DEVICE

[Petr Vorel]

Use TST_MOUNT_DEVICE instead of mounting loop device manually.

Also move unset TST_NEEDS_DEVICE before loading tst_test.sh, as it's not
a good idea to modify the API variables after loading tst_test.sh.

NOTE: removed cd before umount as it has been resolved in the shell API
(tst_test.sh) in the previous commit.

Fixes: 04021637f ("tst_test.sh: Cleanup getopts usage")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 .../security/integrity/ima/tests/ima_setup.sh | 29 +++++--------------
 1 file changed, 8 insertions(+), 21 deletions(-)

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
index a626aae44..055701aff 100644
--- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -10,8 +10,9 @@ TST_SETUP="ima_setup"
 TST_CLEANUP_CALLER="$TST_CLEANUP"
 TST_CLEANUP="ima_cleanup"
 TST_NEEDS_ROOT=1
+TST_MOUNT_DEVICE=1
 
-# TST_NEEDS_DEVICE can be unset, therefore specify explicitly
+# TST_MOUNT_DEVICE can be unset, therefore specify explicitly
 TST_NEEDS_TMPDIR=1
 
 SYSFS="/sys"
@@ -142,15 +143,6 @@ mount_helper()
 	echo $default_dir
 }
 
-mount_loop_device()
-{
-	local ret
-
-	tst_mkfs
-	tst_mount
-	cd $TST_MNTPOINT
-}
-
 print_ima_config()
 {
 	local config="${KCONFIG_PATH:-/boot/config-$(uname -r)}"
@@ -183,9 +175,9 @@ ima_setup()
 
 	print_ima_config
 
-	if [ "$TST_NEEDS_DEVICE" = 1 ]; then
+	if [ "$TST_MOUNT_DEVICE" = 1 ]; then
 		tst_res TINFO "\$TMPDIR is on tmpfs => run on loop device"
-		mount_loop_device
+		cd "$TST_MNTPOINT"
 	fi
 
 	[ -n "$TST_SETUP_CALLER" ] && $TST_SETUP_CALLER
@@ -200,11 +192,6 @@ ima_cleanup()
 	for dir in $UMOUNT; do
 		umount $dir
 	done
-
-	if [ "$TST_NEEDS_DEVICE" = 1 ]; then
-		cd $TST_TMPDIR
-		tst_umount
-	fi
 }
 
 set_digest_index()
@@ -348,10 +335,10 @@ require_evmctl()
 	fi
 }
 
-. tst_test.sh
-
 # loop device is needed to use only for tmpfs
 TMPDIR="${TMPDIR:-/tmp}"
-if [ "$(df -T $TMPDIR | tail -1 | awk '{print $2}')" != "tmpfs" -a -n "$TST_NEEDS_DEVICE" ]; then
-	unset TST_NEEDS_DEVICE
+if [ "$(df -T $TMPDIR | tail -1 | awk '{print $2}')" != "tmpfs" -a -n "$TST_MOUNT_DEVICE" ]; then
+	unset TST_MOUNT_DEVICE
 fi
+
+. tst_test.sh
-- 
2.37.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 3/3] ima_setup.sh: Use tst_supported_fs instead of df

[Petr Vorel]

LTP prefers it's helpers instead of external dependency
(be friendly for embedded or other minimal environments).

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 testcases/kernel/security/integrity/ima/tests/ima_setup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
index 055701aff..df3fc5603 100644
--- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -337,7 +337,7 @@ require_evmctl()
 
 # loop device is needed to use only for tmpfs
 TMPDIR="${TMPDIR:-/tmp}"
-if [ "$(df -T $TMPDIR | tail -1 | awk '{print $2}')" != "tmpfs" -a -n "$TST_MOUNT_DEVICE" ]; then
+if tst_supported_fs -d $TMPDIR -s "tmpfs"; then
 	unset TST_MOUNT_DEVICE
 fi
 
-- 
2.37.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/3] tst_test.sh: cd to $LTPROOT before umount

[Cyril Hrubis]

Hi!
> It's safer not to expect tests go away from the mountpoint
> before trying to unmount it, because tests can cd to $TST_MNTPOINT
> if they use TST_MOUNT_DEVICE=1. Also better to handle it in the library
> than in all tests which may need it.
> 
> This fix ima_keys.sh and other following IMA/EVM tests which fail on
> systems with tmpfs on $TMPDIR since 1f6bd6e66:
> 
>         ima_keys 1 TCONF: IMA policy does not specify '^measure.*func=KEY_CHECK'
>         tst_device.c:255: TWARN: ioctl(/dev/loop0, LOOP_CLR_FD, 0) no ENXIO for too long
> 
>         Usage:
>         tst_device acquire [size [filename]]
>         tst_device release /path/to/device
>         tst_device clear /path/to/device
> 
>         ima_keys 1 TWARN: Failed to release device '/dev/loop0'
>         rm: cannot remove '/tmp/LTP_ima_keys.YArl935DCg/mntpoint': Device or resource busy
> 
> Fixme: 1f6bd6e66 ("tst_test.sh: Add $TST_ALL_FILESYSTEMS")
  ^
  Fixes?

Otherwise:

Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 3/3] ima_setup.sh: Use tst_supported_fs instead of df

[Cyril Hrubis]

Hi!
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 1/3] tst_test.sh: cd to $LTPROOT before umount

[Petr Vorel]

> Hi!
> > It's safer not to expect tests go away from the mountpoint
> > before trying to unmount it, because tests can cd to $TST_MNTPOINT
> > if they use TST_MOUNT_DEVICE=1. Also better to handle it in the library
> > than in all tests which may need it.

> > This fix ima_keys.sh and other following IMA/EVM tests which fail on
> > systems with tmpfs on $TMPDIR since 1f6bd6e66:

> >         ima_keys 1 TCONF: IMA policy does not specify '^measure.*func=KEY_CHECK'
> >         tst_device.c:255: TWARN: ioctl(/dev/loop0, LOOP_CLR_FD, 0) no ENXIO for too long

> >         Usage:
> >         tst_device acquire [size [filename]]
> >         tst_device release /path/to/device
> >         tst_device clear /path/to/device

> >         ima_keys 1 TWARN: Failed to release device '/dev/loop0'
> >         rm: cannot remove '/tmp/LTP_ima_keys.YArl935DCg/mntpoint': Device or resource busy

> > Fixme: 1f6bd6e66 ("tst_test.sh: Add $TST_ALL_FILESYSTEMS")
>   ^
>   Fixes?
Lol, thanks for spotting this.

> Otherwise:

> Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Thanks!

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 2/3] ima_setup.sh: Use TST_MOUNT_DEVICE

[Cyril Hrubis]

Hi!
Reviwed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 2/3] ima_setup.sh: Use TST_MOUNT_DEVICE

[Petr Vorel]

> Hi!
> Reviwed-by: Cyril Hrubis <chrubis@suse.cz>

OK, on Monday I'll fix all problems you reported and merge
(unless anybody complains or wants me to send it to ML first).

Thanks for your review.

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 3/3] ima_setup.sh: Use tst_supported_fs instead of df

[Petr Vorel]

Hi all,

[ Cc linux-integrity ML ]

Cyril, thanks a lot for your review, patchset merged.

@linux-integrity Last 7 fixes made IMA working on my setup, if anything broken
please speak up, so that we can fix it before LTP release (git freeze is going
to be very soon, likely this week).

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp