[LTP] [PATCH ltp v3 1/2] IMA: Move check_policy_writable to ima_setup.sh and rename it
Petr Vorel
pvorel@suse.cz
Fri Sep 17 13:16:35 CEST 2021
Hi Alex,
...
> --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
As it's now a generally used function I'll add a comment:
# Because we don't grep kernel config for CONFIG_IMA_WRITE_POLICY, we just try
# to write empty string (invalid), thus policy must be repeatedly checked.
# Because after first write to policy policy will be removed on systems without
# CONFIG_IMA_WRITE_POLICY.
> +require_policy_writable()
> +{
> + local err="IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y)"
> +
> + [ -f $IMA_POLICY ] || tst_brk TCONF "$err"
> + # CONFIG_IMA_READ_POLICY
> + echo "" 2> log > $IMA_POLICY
> + grep -q "Device or resource busy" log && tst_brk TCONF "$err"
> +}
> +
Kind regards,
Petr
More information about the ltp
mailing list