[LTP] [PATCH 6/6] ima: Use ima tcb policy files for test
Petr Vorel
pvorel@suse.cz
Tue Jan 15 11:50:05 CET 2019
Hi Mimi, Jia,
> On Mon, 2019-01-07 at 10:26 +0800, Jia Zhang wrote:
> > In order to make all tests running smoothly, the policy files should
> > keep up with the default ima tcb policy.
> Keeping the policy rules in sync is a good idea, but some of the rules
> might cause a regression with older kernels (eg. NSFS magic). Not
> including the rule, also poses a problem.
Mimi, you added NSFS_MAGIC into policy in v4.2 (cd025f7f9410 "ima: do not
measure or appraise the NSFS filesystem"), in the commit is Cc for 3.19, but
it's not in origin/linux-3.19.y stable tree (v3.19.8). So regression could be
from kernel <= 4.1.
> The kernel headers package includes magic.h. One solution would be to check whether a magic name is included in magic.h.
Interesting approach, I like this approach. Policy would have to be generated on
the fly, but that shouldn't be a problem.
Kind regards,
Petr
More information about the ltp
mailing list