[LTP] [PATCH v2 0/8] LTP tests: load predefined policy, enhancements
Petr Vorel
pvorel@suse.cz
Fri Dec 13 23:20:06 CET 2024
Changes v1->v2:
* Removed ont_measure fsmagic=0x1021994 from TCB example policy
* More reasons to fail when uploading policy
(testcases/kernel/security/integrity/ima/README.md)
* New commits:
- tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA
- ima_setup: Print warning when policy not readable
- ima_kexec.sh: Move checking policy if readable to ima_setup.sh
- IMA: Add example policy for ima_violations.sh
- ima_violations.sh: Check for a required policy
- [RFC] ima_kexec.sh: Relax result on unreadable policy to TCONF
TODO:
* ima_measurements.sh: check for example policy as an variant to
ima_policy=tcb command line parameter.
* Use LTP shell loader for ima_boot_aggregate.c and ima_mmap.c
Petr Vorel (8):
IMA: Add TCB policy as an example for ima_measurements.sh
ima_setup.sh: Allow to load predefined policy
tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA
ima_setup: Print warning when policy not readable
ima_kexec.sh: Move checking policy if readable to ima_setup.sh
IMA: Add example policy for ima_violations.sh
ima_violations.sh: Check for a required policy
[RFC] ima_kexec.sh: Relax result on unreadable policy to TCONF
.../kernel/security/integrity/ima/README.md | 12 ++++
.../ima/datafiles/ima_measurements/tcb.policy | 19 +++++
.../ima_violations/violations.policy | 1 +
.../security/integrity/ima/tests/ima_kexec.sh | 10 +--
.../integrity/ima/tests/ima_measurements.sh | 17 ++++-
.../security/integrity/ima/tests/ima_setup.sh | 72 ++++++++++++++++---
.../integrity/ima/tests/ima_violations.sh | 5 +-
testcases/lib/tst_test.sh | 2 +-
8 files changed, 118 insertions(+), 20 deletions(-)
create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_measurements/tcb.policy
create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy
--
2.47.1
More information about the ltp
mailing list