From: Jia Zhang <zhang.jia@linux.alibaba.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v3 6/6] ima/ima_violations: Temporarily remove the printk rate limit
Date: Mon, 21 Jan 2019 09:49:36 +0800 [thread overview]
Message-ID: <f06ff349-0dcb-b86b-35ef-e9aca48c65fd@linux.alibaba.com> (raw)
In-Reply-To: <1548009534.3982.216.camel@linux.ibm.com>
On 2019/1/21 上午2:38, Mimi Zohar wrote:
> On Wed, 2019-01-16 at 10:57 +0800, Jia Zhang wrote:
>> The output frequency of audit log is limited by printk_ratelimit()
>> in kernel if auditd not used. Thus, the test cases heavily depending
>> on searching certain keywords in log file may fail if the matching
>> patterns are exactly suppressed by printk_ratelimit().
>>
>> In order to fix such a sort of failure, just temporarily remove the
>> printk rate limit, and restore its original setting when doing
>> cleanup.
>>
>> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
>
> Thanks, I wasn't aware of the sysctl. If the message isn't in
> /var/log/messages or /var/log/audit/audit.log, do we now need to also
> check journalctl?
Not necessary. If user land's auditd is not used, kauditd will send the
log to /var/log/message with printk rate limit:
static void kauditd_printk_skb(struct sk_buff *skb)
{
struct nlmsghdr *nlh = nlmsg_hdr(skb);
char *data = nlmsg_data(nlh);
if (nlh->nlmsg_type != AUDIT_EOE && printk_ratelimit())
pr_notice("type=%d %s\n", nlh->nlmsg_type, data);
}
So just work around the potential loss with sysctl to temporarily
disable the limit.
Jia
>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
>
>> ---
>> .../kernel/security/integrity/ima/tests/ima_setup.sh | 2 +-
>> .../kernel/security/integrity/ima/tests/ima_violations.sh | 15 +++++++++++++++
>> 2 files changed, 16 insertions(+), 1 deletion(-)
>>
>> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
>> index 6dfb4d2..fe60981 100644
>> --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
>> +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
>> @@ -20,7 +20,7 @@
>> TST_TESTFUNC="test"
>> TST_SETUP_CALLER="$TST_SETUP"
>> TST_SETUP="ima_setup"
>> -TST_CLEANUP="ima_cleanup"
>> +TST_CLEANUP="${TST_CLEANUP:-ima_cleanup}"
>> TST_NEEDS_TMPDIR=1
>> TST_NEEDS_ROOT=1
>>
>> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
>> index f3f40d4..74223c2 100755
>> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
>> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
>> @@ -20,6 +20,7 @@
>> # Test whether ToMToU and open_writer violations invalidatethe PCR and are logged.
>>
>> TST_SETUP="setup"
>> +TST_CLEANUP="cleanup"
>> TST_CNT=3
>> TST_NEEDS_DEVICE=1
>>
>> @@ -31,15 +32,29 @@ setup()
>> FILE="test.txt"
>> IMA_VIOLATIONS="$SECURITYFS/ima/violations"
>> LOG="/var/log/messages"
>> + PRINTK_RATE_LIMIT="0"
>>
>> if status_daemon auditd; then
>> LOG="/var/log/audit/audit.log"
>> + else
>> + tst_check_cmds sysctl
>> +
>> + PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
>> + sysctl -wq kernel.printk_ratelimit=0
>> fi
>> [ -f "$LOG" ] || \
>> tst_brk TBROK "log $LOG does not exist (bug in detection?)"
>> tst_res TINFO "using log $LOG"
>> }
>>
>> +cleanup()
>> +{
>> + [ "$PRINTK_RATE_LIMIT" != "0" ] && \
>> + sysctl -wq kernel.printk_ratelimit=$PRINTK_RATE_LIMIT
>> +
>> + ima_cleanup
>> +}
>> +
>> open_file_read()
>> {
>> exec 3< $FILE || exit 1
next prev parent reply other threads:[~2019-01-21 1:49 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-16 2:57 [LTP] [PATCH v3 0/6] LTP IMA fix bundle Jia Zhang
2019-01-16 2:57 ` [LTP] [PATCH v3 1/6] ima/ima_boot_aggregate: Fix the definition of event log Jia Zhang
2019-01-20 18:13 ` Mimi Zohar
2019-01-20 18:37 ` Mimi Zohar
2019-01-16 2:57 ` [LTP] [PATCH v3 2/6] ima/ima_boot_aggregate: Don't hard code the length of sha1 hash Jia Zhang
2019-01-16 2:57 ` [LTP] [PATCH v3 3/6] ima/ima_boot_aggregate: Fix extending PCRs beyond PCR 0-7 Jia Zhang
2019-01-16 2:57 ` [LTP] [PATCH v3 4/6] ima: Code cleanup Jia Zhang
2019-01-16 2:57 ` [LTP] [PATCH v3 5/6] ima: Rename the folder name for policy files to datafiles Jia Zhang
2019-01-23 17:04 ` Petr Vorel
2019-01-24 5:11 ` Jia Zhang
2019-01-24 7:38 ` Petr Vorel
2019-01-24 7:49 ` Jia Zhang
2019-01-16 2:57 ` [LTP] [PATCH v3 6/6] ima/ima_violations: Temporarily remove the printk rate limit Jia Zhang
2019-01-20 18:38 ` Mimi Zohar
2019-01-21 1:49 ` Jia Zhang [this message]
2019-01-16 7:20 ` [LTP] [PATCH v3 0/6] LTP IMA fix bundle Petr Vorel
2019-01-20 14:59 ` Jia Zhang
2019-01-24 2:19 ` Jia Zhang
2019-01-24 7:40 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f06ff349-0dcb-b86b-35ef-e9aca48c65fd@linux.alibaba.com \
--to=zhang.jia@linux.alibaba.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox