[LTP] [PATCH v3] IMA: Add test for kexec cmdline measurement

[Lachlan Sneff]

Hi Petr,
Thank you for reviewing

On 7/23/20 7:46 AM, Petr Vorel wrote:
> Hi,
>
> ...
>> +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
>> @@ -0,0 +1,121 @@
>> +#!/bin/sh
>> +# SPDX-License-Identifier: GPL-2.0-or-later
>> +# Copyright (c) 2020 Microsoft Corporation
>> +# Author: Lachlan Sneff <t-josne@linux.microsoft.com>
>> +#
>> +# Verify that kexec cmdline is measured correctly.
>> +
>> +TST_NEEDS_CMDS="kexec sed xargs printf grep tr"
>> +TST_CNT=1
>> +TST_NEEDS_DEVICE=1
>> +
>> +. ima_setup.sh
>> +
>> +# Since the test is executed inside some sort of
>> +# separate shell, *most* environment variables are
>> +# not accessible, so there's no way to set it from
>> +# the outside.
> Do you mean that using this will not work?
> IMA_KEXEC_IMAGE="${IMA_KEXEC_IMAGE:-/boot/vmlinuz-$(uname -r)}"
> I don't understand that as I'm able to set variables even I run some tests in
> dracut.
I tried doing this in the past, and couldn't get it to work, but I just 
tried it again
and was able to get it working. Essentially, what I tried before was
`SOME_VAR="..." sudo runltp ...`, which doesn't work, but `sudo 
SOME_VAR="..." runltp` does pass the variable
to the test. So, that should be added to this patch.
>
> Also writing same docs doc on 2 places is not good. High level info should go to
> README.md, implementation details to shell script.
This is a good point. I'll reorganize the documentation of this patch.
> Please hold on with posting new version. I have several fixes, thus I'd like to
> send it after we sort this (trying to save you time).
Okay :)
> Kind regards,
> Petr
Thanks,
Lachlan