[LTP] [PATCH] security/ima: limit the scope of the LTP policy rules based on the UUID
Petr Vorel
pvorel@suse.cz
Thu Dec 15 19:39:12 CET 2022
Hi Mimi,
I'm sorry, it took me long time to look into the issue.
> Only the ima_conditionals.sh and ima_policy.sh tests define policy
> rules based on fsuuid. The other tests are still based on the builtin
> "ima_policy=tcb" rules.
Yes.
> Without seeing the output of "cat /sys/kernel/security/ima/policy" it's
> hard to understand what's causing these errors.
1) In current master content of /sys/kernel/security/ima/policy when booted with
ima_policy=tcb, which is required by ima_policy.sh:
dont_measure fsmagic=0x9fa0
dont_measure fsmagic=0x62656572
dont_measure fsmagic=0x64626720
dont_measure fsmagic=0x1021994
dont_measure fsmagic=0x1cd1
dont_measure fsmagic=0x42494e4d
dont_measure fsmagic=0x73636673
dont_measure fsmagic=0xf97cff8c
dont_measure fsmagic=0x43415d53
dont_measure fsmagic=0x27e0eb
dont_measure fsmagic=0x63677270
dont_measure fsmagic=0x6e736673
dont_measure fsmagic=0xde5e81e4
measure func=MMAP_CHECK mask=MAY_EXEC
measure func=BPRM_CHECK mask=MAY_EXEC
measure func=FILE_CHECK mask=^MAY_READ euid=0
measure func=FILE_CHECK mask=^MAY_READ uid=0
measure func=MODULE_CHECK
measure func=FIRMWARE_CHECK
measure func=POLICY_CHECK
2) if I run ima_violations.sh now (in runtest/ima is run after ima_policy.sh.),
policy does not change as test does not touch it and test pass.
3) Then run ima_policy.sh, the policy changed:
dont_measure fsmagic=0x9fa0
dont_measure fsmagic=0x62656572
dont_measure fsmagic=0x64626720
dont_measure fsmagic=0x1021994
dont_measure fsmagic=0x73636673
measure func=MMAP_CHECK mask=MAY_EXEC
measure func=BPRM_CHECK mask=MAY_EXEC
measure func=FILE_CHECK mask=MAY_READ uid=0
4) Obviously the policy file is the same after repeated run of ima_policy.sh.
Now with your patchset.
The policy file after 1) and 2) is obviously the same.
3) Now ima_policy.sh with your patchset:
ima_policy 1 TINFO: Formatting ext3 with opts='/dev/loop0'
ima_policy 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_policy.c0pGs7haPF/mntpoint
ima_policy 1 TINFO: timeout per run is 0h 5m 0s
ima_policy 1 TINFO: IMA kernel config:
ima_policy 1 TINFO: CONFIG_IMA=y
ima_policy 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
ima_policy 1 TINFO: CONFIG_IMA_LSM_RULES=y
ima_policy 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
ima_policy 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
ima_policy 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
ima_policy 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
ima_policy 1 TINFO: CONFIG_IMA_READ_POLICY=y
ima_policy 1 TINFO: CONFIG_IMA_APPRAISE=y
ima_policy 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
ima_policy 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
ima_policy 1 TINFO: CONFIG_IMA_TRUSTED_KEYRING=y
ima_policy 1 TINFO: CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
ima_policy 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
ima_policy 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
ima_policy 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.0.7-1-default root=UUID=6de93d21-b5ed-4aa4-a9e4-00a7ab77c6d9 splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/570474ff-969e-41e6-883e-ecff2fd15015 mitigations=auto ignore_loglevel lsm=integrity ima_policy=tcb
ima_policy 1 TINFO: $TMPDIR is on tmpfs => run on loop device
ima_policy 1 TINFO: LTP IMA policy rules based on fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
ima_policy 1 TINFO: verify that invalid policy isn't loaded
ima_policy 1 TPASS: didn't load invalid policy
ima_policy 2 TINFO: verify that policy file is not opened concurrently and able to loaded multiple times
ima_policy 2 TPASS: policy was loaded just by one process and able to loaded multiple times
The default ima_policy=tcb is changed by fsuuid in ima_policy.sh:
dont_measure fsmagic=0x9fa0 fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
dont_measure fsmagic=0x62656572 fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
dont_measure fsmagic=0x64626720 fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
dont_measure fsmagic=0x1021994 fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
dont_measure fsmagic=0x73636673 fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
measure func=MMAP_CHECK mask=MAY_EXEC fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
measure func=BPRM_CHECK mask=MAY_EXEC fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f
measure func=FILE_CHECK mask=MAY_READ fsuuid=7e3ca343-13c0-4464-8375-489cd3a57c0f uid=0
4) running ima_violations.sh after ima_policy.sh no longer works, because
there is nothing new in /var/log/audit/audit.log. I don't know why, but
ima_violations.sh requires either the default ima_policy=tcb policy or policy
created by ima_policy.sh *without* fsuuid.
FYI below is content of /var/log/audit/audit.log.
Also looking at things twice, fsuuid does not help testing much.
Because main blocker for testing is not the scope of the policy, but write once
policy - CONFIG_IMA_WRITE_POLICY not being set on distro kernels thus repeated
write of the policy will need reboot.
Rebooting actually might be possible sooner or later with new runltp-ng from
Andrea [1] (the feature is not here yet, but will be sooner or later). runltp-ng
is close to upstream, there was first attempt [2].
Other option would be to prepare policy which would be suitable for all tests,
with help of fsuuid. But that has drawback:
Currently we use LTP API to mount directories on loop device after test has started.
These devices are temporary, e.g.
/tmp/LTP_ima_violations.pEvyfJO7Af/mntpoint/test.txt will be unmounted and
deleted after each test run. But for fsuuid we'd need to first permanently
mount the devices to get their UUID. Therefore there would have to be some
special setup script needed to be run for all tests. This has proven to be
problematic in the past. I'd have to extend the API to create something permanent.
Other question is whether IMA is tested by anybody with different build configuration.
I also looked to kselftest, but the only tests I found are some bpf related
(bpf_ima_*_hash tests: bpf/ima_setup.sh, used by bpf/prog_tests/test_ima.c,
bpf/progs/ima.c, which require also CONFIG_IMA_WRITE_POLICY, thus not usable on
distro kernels). There are tests in ima-evm-utils, but I thought they target to test evmctl,
although that's actually some testing of whole kernel and userspace IMA.
Kind regards,
Petr
[1] https://github.com/acerv/runltp-ng
[2] https://lore.kernel.org/ltp/20221202103011.12206-1-andrea.cervesato@suse.com/
=== current master ===
# PATH="/opt/ltp/testcases/bin:$PATH" ./ima_violations.sh
type=INTEGRITY_PCR msg=audit(1670857707.178:126): pid=1438 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857707.186:127): pid=1374 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="ima_violations." name="/tmp/LTP_ima_violations.pEvyfJO7Af/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857707.190:128): pid=1441 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857707.202:129): pid=1445 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857707.206:130): pid=1374 uid=0 auid=0 ses=3 op=invalid_pcr cause=ToMToU comm="ima_violations." name="/tmp/LTP_ima_violations.pEvyfJO7Af/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857707.210:131): pid=1448 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857707.218:132): pid=1452 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857708.230:133): pid=1374 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="ima_violations." name="/tmp/LTP_ima_violations.pEvyfJO7Af/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857708.246:134): pid=1458 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
=> test passes
# PATH="/opt/ltp/testcases/bin:$PATH" ./ima_policy.sh
type=INTEGRITY_STATUS msg=audit(1670857735.235:139): pid=1476 uid=0 auid=0 ses=3 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_STATUS msg=audit(1670857735.243:140): pid=1476 uid=0 auid=0 ses=3 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.247:141): action=dont_measure fsmagic=0x9fa0 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.247:142): action=dont_measure fsmagic=0x62656572 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.247:143): action=dont_measure fsmagic=0x64626720 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.247:144): action=dont_measure fsmagic=0x01021994 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.247:145): UNKNOWN=dnt_measure res=0
type=INTEGRITY_STATUS msg=audit(1670857735.247:146): pid=1519 uid=0 auid=0 ses=3 op=update_policy cause=invalid-policy comm="cat" res=0 errno=0
type=INTEGRITY_STATUS msg=audit(1670857735.251:147): pid=1518 uid=0 auid=0 ses=3 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_STATUS msg=audit(1670857735.259:148): pid=1476 uid=0 auid=0 ses=3 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:149): action=dont_measure fsmagic=0x9fa0 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:150): action=dont_measure fsmagic=0x62656572 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:151): action=dont_measure fsmagic=0x64626720 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:152): action=dont_measure fsmagic=0x01021994 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:153): action=dont_measure fsmagic=0x73636673 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:154): action=measure func=FILE_MMAP mask=MAY_EXEC res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:155): action=measure func=BPRM_CHECK mask=MAY_EXEC res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857735.263:156): action=measure func=FILE_CHECK mask=MAY_READ uid=0 res=1
type=INTEGRITY_STATUS msg=audit(1670857735.267:157): pid=1523 uid=0 auid=0 ses=3 op=policy_update cause=completed comm="ima_policy.sh" res=1 errno=0
# PATH="/opt/ltp/testcases/bin:$PATH" ./ima_violations.sh
type=INTEGRITY_PCR msg=audit(1670857748.427:158): pid=1581 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857748.435:159): pid=1539 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="ima_violations." name="/tmp/LTP_ima_violations.F0oDEcjtAh/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857748.439:160): pid=1584 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857748.451:161): pid=1588 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857748.451:162): pid=1539 uid=0 auid=0 ses=3 op=invalid_pcr cause=ToMToU comm="ima_violations." name="/tmp/LTP_ima_violations.F0oDEcjtAh/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857748.455:163): pid=1591 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857748.467:164): pid=1595 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857749.475:165): pid=1539 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="ima_violations." name="/tmp/LTP_ima_violations.F0oDEcjtAh/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857749.487:166): pid=1601 uid=0 auid=0 ses=3 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
=> again, test passes, logs produced by ima_violations.sh are the same as were on previous run
=== your v1 patchset ===
# PATH="/opt/ltp/testcases/bin:$PATH" ./ima_violations.sh
type=INTEGRITY_PCR msg=audit(1670857298.171:130): pid=1504 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857298.179:131): pid=1434 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="ima_violations." name="/tmp/LTP_ima_violations.gLp6AVWCuS/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857298.183:132): pid=1507 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857298.191:133): pid=1511 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857298.195:134): pid=1434 uid=0 auid=0 ses=1 op=invalid_pcr cause=ToMToU comm="ima_violations." name="/tmp/LTP_ima_violations.gLp6AVWCuS/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857298.199:135): pid=1514 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857298.211:136): pid=1518 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857299.223:137): pid=1434 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="ima_violations." name="/tmp/LTP_ima_violations.gLp6AVWCuS/mntpoint/test.txt" dev="loop0" ino=6073 res=1 errno=0
type=INTEGRITY_PCR msg=audit(1670857299.235:138): pid=1524 uid=0 auid=0 ses=1 op=invalid_pcr cause=open_writers comm="grep" name="/var/log/audit/audit.log" dev="vda2" ino=8182 res=1 errno=0
=> so far so good
# PATH="/opt/ltp/testcases/bin:$PATH" ./ima_policy.sh
type=INTEGRITY_STATUS msg=audit(1670857346.435:139): pid=1541 uid=0 auid=0 ses=1 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_STATUS msg=audit(1670857346.443:140): pid=1541 uid=0 auid=0 ses=1 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.447:141): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x9fa0 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.447:142): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x62656572 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.447:143): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x64626720 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.447:144): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x01021994 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.447:145): UNKNOWN=dnt_measure res=0
type=INTEGRITY_STATUS msg=audit(1670857346.447:146): pid=1594 uid=0 auid=0 ses=1 op=update_policy cause=invalid-policy comm="sed" res=0 errno=0
type=INTEGRITY_STATUS msg=audit(1670857346.451:147): pid=1593 uid=0 auid=0 ses=1 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_STATUS msg=audit(1670857346.455:148): pid=1541 uid=0 auid=0 ses=1 op=policy_update cause=failed comm="ima_policy.sh" res=0 errno=0
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:149): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x9fa0 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:150): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x62656572 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:151): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x64626720 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:152): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x01021994 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:153): action=dont_measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa fsmagic=0x73636673 res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:154): action=measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa func=FILE_MMAP mask=MAY_EXEC res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:155): action=measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa func=BPRM_CHECK mask=MAY_EXEC res=1
type=INTEGRITY_POLICY_RULE msg=audit(1670857346.463:156): action=measure fsuuid=23a85f4a-3f53-49e4-9079-2c7e5ba1c9fa func=FILE_CHECK mask=MAY_READ uid=0 res=1
type=INTEGRITY_STATUS msg=audit(1670857346.463:157): pid=1598 uid=0 auid=0 ses=1 op=policy_update cause=completed comm="ima_policy.sh" res=1 errno=0
=> obviously, there is fsuuid=... and comm="sed" instead of comm="cat"
# PATH="/opt/ltp/testcases/bin:$PATH" ./ima_violations.sh
tst_device.c:93: TINFO: Found free device 0 '/dev/loop0'
ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0'
ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 /tmp/LTP_ima_violations.6QLCCXonjt/mntpoint
ima_violations 1 TINFO: timeout per run is 0h 5m 0s
ima_violations 1 TINFO: IMA kernel config:
ima_violations 1 TINFO: CONFIG_IMA=y
ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y
ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y
ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y
ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
ima_violations 1 TINFO: CONFIG_IMA_TRUSTED_KEYRING=y
ima_violations 1 TINFO: CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.0.7-1-default root=UUID=6de93d21-b5ed-4aa4-a9e4-00a7ab77c6d9 splash=silent video=1024x768 plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 resume=/dev/disk/by-uuid/570474ff-969e-41e6-883e-ecff2fd15015 mitigations=auto ignore_loglevel lsm=integrity ima_policy=tcb
ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device
ima_violations 1 TINFO: LTP IMA policy rules based on fsuuid=b1314073-12d0-49c7-bbd0-19bcbaa37182
ima_violations 1 TINFO: using log /var/log/audit/audit.log
ima_violations 1 TINFO: verify open writers violation
ima_violations 1 TFAIL: open_writers violation not added
ima_violations 2 TINFO: verify ToMToU violation
ima_violations 2 TFAIL: ToMToU violation not added
ima_violations 3 TINFO: verify open_writers using mmapped files
tst_test.c:1558: TINFO: Timeout per run is 0h 00m 30s
ima_mmap.c:38: TINFO: sleep 3s
ima_violations 3 TFAIL: open_writers violation not added
ima_mmap.c:41: TPASS: test completed
=> There is no outpout in /var/log/audit/audit.log, thus test is correct that
it fails. On a previous (good) run, 2 new violations are added to
/sys/kernel/security/ima/violations, on the following (bad) run no new
violation is added (obviously).
> thanks,
> Mimi
More information about the ltp
mailing list