[LTP] [PATCH 1/1] IMA/ima_keys.sh Fix policy content check usage
Lakshmi Ramasubramanian
nramas@linux.microsoft.com
Fri Aug 7 16:19:35 CEST 2020
On 8/7/20 7:15 AM, Petr Vorel wrote:
> Hi all,
>
> ...
>> --- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
>> +++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
>> @@ -16,11 +16,14 @@ TST_NEEDS_DEVICE=1
>> # (450d0fd51564 - "IMA: Call workqueue functions to measure queued keys")
>> test1()
>> {
>> - local keyrings keycheck_lines keycheck_line templates test_file="file.txt"
>> + local keyrings keycheck_lines keycheck_line templates
>> + local policy="func=KEY_CHECK"
>> + local test_file="file.txt"
>
>> tst_res TINFO "verifying key measurement for keyrings and templates specified in IMA policy file"
>
>> - keycheck_lines=$(require_ima_policy_content "func=KEY_CHECK" "")
>> + require_ima_policy_content $policy
>> + keycheck_lines=$(check_ima_policy_content $policy "")
>> keycheck_line=$(echo "$keycheck_lines" | grep "keyrings" | head -n1)
> While working on this patchset, I wonder, why we don't check for
> 'func=KEY_CHECK.*keyrings' in single grep call instead of grepping it twice.
> IMHO single grep call is enough. Or am I missing something?
>
Instead require_ima_policy_content calling "tst_brk" in error condition,
it can just return false and the caller can handle it as appropriate.
Would that avoid two grep calls?
thanks,
-lakshmi
More information about the ltp
mailing list