[LTP] [PATCH 2/3] ima_setup.sh: Allow to load predefined policy
Petr Vorel
pvorel@suse.cz
Tue Nov 26 23:09:30 CET 2024
Hi Mimi, all,
...
> +load_ima_policy()
> +{
> + local policy="$(ls $TST_DATAROOT/*.policy 2>/dev/null)"
> +
> + if [ "$LTP_IMA_LOAD_POLICY" != 1 -a "$policy" -a -f "$policy" ]; then
> + tst_res TINFO "NOTE: set LTP_IMA_LOAD_POLICY=1 to load policy for this test"
> + return
> + fi
> +
> + if [ -z "$policy" -o ! -f "$policy" ]; then
> + tst_res TINFO "no policy for this test"
FYI here needs to be a flag to not warn in the cleanup about needed reboot.
> + return
> + fi
> +
> + tst_res TINFO "trying to load '$policy' policy:"
> + cat $policy
> + if ! check_policy_writable; then
> + tst_res TINFO "WARNING: IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y), reboot required"
> + return
> + fi
> +
> + cat "$policy" 2> log > $IMA_POLICY
> + if grep -q "Device or resource busy" log; then
> + tst_brk TBROK "Loading policy failed"
Also here.
diff, which should solve it.
Kind regards,
Petr
+++ testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -175,6 +175,7 @@ load_ima_policy()
if [ -z "$policy" -o ! -f "$policy" ]; then
tst_res TINFO "no policy for this test"
+ LTP_IMA_LOAD_POLICY=
return
fi
@@ -182,6 +183,7 @@ load_ima_policy()
cat $policy
if ! check_policy_writable; then
tst_res TINFO "WARNING: IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y), reboot required"
+ LTP_IMA_LOAD_POLICY=
return
fi
More information about the ltp
mailing list