[LTP] [RFC PATCH v3 10/10] ima: Print /proc/cmdline and IMA kernel config

[Petr Vorel]

Hi Cyril,

> Hi!
> > > Just a small remark here: not all distributions have /boot/config-* files
> > > in place. I don't remember which ones this were.
> > > Wouldn't it make sense to check this file, if it does not exist check
> > > if /proc/config.gz is available? 
> > I haven't found any normal distro not having config in place (openSUSE/SLE, Debian/Ubuntu,
> > CentOS/Red Hat), but there might be some. I guess most of embedded devices don't have
> > that (it's a question if they have IKCONFIG_PROC=y) but why not to try it.

> Embedded usually dont have neither of them.
I think so as well.

> Also depending on the existence of /boot/config-* is really bad idea,
> just imagine you compiled and kexeced testing kernel and testcases are
> starting to fail for no good reason.
Do you NACK this commit? This code is just for debugging (nothing happen if /boot/config-*
doesn't exist)...

> > I wonder if we'd benefit from having these functions in shell API:
> > is_enabled(CONFIG_FOO)
> > is_module(CONFIG_FOO)
> > is_builtin(CONFIG_FOO)

> > which would do simple grep of either /boot/config-$(uname -r) or /proc/config.gz.

> Generally you cannot detect features of the running kernel by the
> /boot/config-* files. We tried that and it failed miserably.

> We cannot rely on /proc/config.gz because many kernels have that
> disabled to spare some space.

> It's sad but the only reasonable way how to detect if kernel does
> support something is to try to call the syscall/open and read sysfs
> file/etc. and detect ENOSYS/ENOTTY/etc.

OK, dropping idea about is_enabled etc. in shell API.

Thanks for your comments.

Kind regards,
Petr