From: Avinesh Kumar <akumar@suse.de>
To: Petr Vorel <pvorel@suse.cz>
Cc: ltp@lists.linux.it, Coiby Xu <coxu@redhat.com>,
selinux@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: Re: [LTP] [PATCH 1/2] ima_policy.sh: Optimize check for policy writable
Date: Mon, 15 Sep 2025 10:10:39 +0200 [thread overview]
Message-ID: <12750853.O9o76ZdvQC@thinkpad> (raw)
In-Reply-To: <20250912073210.47637-2-pvorel@suse.cz>
Hi,
On Friday, September 12, 2025 9:32:08 AM CEST Petr Vorel wrote:
> Previously policy was checked in setup and in all tests
> (redundant in test1). It should be enough to test in setup and after
> write in test1, but let's being careful and test before writing the
nit:
s/let's being/let's be
> policy in load_policy().
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Avinesh Kumar <akumar@suse.de>
for both the patches.
Regards,
Avinesh
> ---
> .../kernel/security/integrity/ima/tests/ima_policy.sh | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
> index af1fb0028c..1c4763d838 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
> @@ -1,7 +1,7 @@
> #!/bin/sh
> # SPDX-License-Identifier: GPL-2.0-or-later
> # Copyright (c) 2009 IBM Corporation
> -# Copyright (c) 2018-2020 Petr Vorel <pvorel@suse.cz>
> +# Copyright (c) 2018-2025 Petr Vorel <pvorel@suse.cz>
> # Author: Mimi Zohar <zohar@linux.ibm.com>
> #
> # Test replacing the default integrity measurement policy.
> @@ -11,8 +11,6 @@ TST_CNT=2
>
> setup()
> {
> - require_policy_writable
> -
> VALID_POLICY="$TST_DATAROOT/measure.policy"
> [ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY"
>
> @@ -24,6 +22,7 @@ load_policy()
> {
> local ret
>
> + require_policy_writable
> exec 2>/dev/null 4>$IMA_POLICY
> [ $? -eq 0 ] || exit 1
>
> @@ -43,7 +42,6 @@ test1()
>
> local p1
>
> - require_policy_writable
> load_policy $INVALID_POLICY & p1=$!
> wait "$p1"
> if [ $? -ne 0 ]; then
> @@ -59,7 +57,6 @@ test2()
>
> local p1 p2 rc1 rc2
>
> - require_policy_writable
> load_policy $VALID_POLICY & p1=$!
> load_policy $VALID_POLICY & p2=$!
> wait "$p1"; rc1=$?
>
next prev parent reply other threads:[~2025-09-15 8:10 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-12 7:32 [PATCH 0/2] LTP IMA pre-release fixes Petr Vorel
2025-09-12 7:32 ` [PATCH 1/2] ima_policy.sh: Optimize check for policy writable Petr Vorel
2025-09-12 13:18 ` Mimi Zohar
2025-09-15 8:10 ` Avinesh Kumar [this message]
2025-09-15 11:55 ` Cyril Hrubis
2025-09-12 7:32 ` [PATCH 2/2] ima_{conditionals,policy}: Handle policy required to be signed Petr Vorel
2025-09-12 13:23 ` Mimi Zohar
2025-09-16 16:41 ` Petr Vorel
2025-09-15 12:12 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=12750853.O9o76ZdvQC@thinkpad \
--to=akumar@suse.de \
--cc=coxu@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).