[LTP] [PATCH v3] IMA: Add test for kexec cmdline measurement

Petr Vorel pvorel@suse.cz
Fri Jul 24 08:43:38 CEST 2020 

> Hi Petr,
> Thank you for reviewing
Thanks for your time as well :).

> On 7/23/20 7:46 AM, Petr Vorel wrote:
> > Hi,

> > ...
> > > +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
> > > @@ -0,0 +1,121 @@
> > > +#!/bin/sh
> > > +# SPDX-License-Identifier: GPL-2.0-or-later
> > > +# Copyright (c) 2020 Microsoft Corporation
> > > +# Author: Lachlan Sneff <t-josne@linux.microsoft.com>
> > > +#
> > > +# Verify that kexec cmdline is measured correctly.
> > > +
> > > +TST_NEEDS_CMDS="kexec sed xargs printf grep tr"
> > > +TST_CNT=1
> > > +TST_NEEDS_DEVICE=1
> > > +
> > > +. ima_setup.sh
> > > +
> > > +# Since the test is executed inside some sort of
> > > +# separate shell, *most* environment variables are
> > > +# not accessible, so there's no way to set it from
> > > +# the outside.
> > Do you mean that using this will not work?
> > IMA_KEXEC_IMAGE="${IMA_KEXEC_IMAGE:-/boot/vmlinuz-$(uname -r)}"
> > I don't understand that as I'm able to set variables even I run some tests in
> > dracut.
> I tried doing this in the past, and couldn't get it to work, but I just
> tried it again
> and was able to get it working. Essentially, what I tried before was
> `SOME_VAR="..." sudo runltp ...`, which doesn't work, but `sudo
> SOME_VAR="..." runltp` does pass the variable
> to the test. So, that should be added to this patch.
OK, so no any dracut / initramfs involved :).
Passing variables really works as expected, you need to export it first:
$ sudo su
# export IMA_KEXEC_IMAGE=/tmp/foo
# PATH="/opt/ltp/testcases/bin:$PATH" runltp ...

or just run the script directly:
$ sudo su
# IMA_KEXEC_IMAGE=/tmp/foo PATH="/opt/ltp/testcases/bin:$PATH" ima_kexec.sh

> > Also writing same docs doc on 2 places is not good. High level info should go to
> > README.md, implementation details to shell script.
> This is a good point. I'll reorganize the documentation of this patch.
> > Please hold on with posting new version. I have several fixes, thus I'd like to
> > send it after we sort this (trying to save you time).
> Okay :)
> > Kind regards,
> > Petr
> Thanks,
> Lachlan

Kind regards,
Petr

More information about the ltp mailing list