[LTP] [PATCH] ima_violations.sh: Another fix of condition evaluation

[Mimi Zohar]

On Thu, 2025-12-11 at 12:10 +0100, Petr Vorel wrote:
> c0c35509f9 was not enough to fix evaluation against empty
> $expected_violations:
> 
> ima_violations 1 TINFO: verify open writers violation
> /opt/ltp/testcases/bin/ima_violations.sh: line 96: [: 0: unary operator expected
> 
> Therefore split checks into two if.
> 
> Also improvements (readability)
> * shorten line length with saving subtraction into variable
> * evaluate empty variable with ${:-}
> 
> Fixes: 726ed71905 ("ima_violations.sh: Update validate() to support multiple violations")
> Reported-by: Martin Doucha <mdoucha@suse.cz>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>

Thanks, Martin, Petr.  LGTM

> ---
> NOTE: this was found on old SLES 4.4 based kernel which does not log
> validations. But missing validations might be just a Secure Boot related
> setup problem:
> 
> $ mokutil --sb-state
> Secure Boot: EFI variables not supported on SUT
> 
> Events are logged when Secure Boot is off:
> $ mokutil --sb-state
> SecureBoot disabled
> 
> Or maybe violations worked differently on the old kernel (I remember
> only 6.15 change).

Violations only occur when there are policy rules containing "func=FILE_CHECK"
defined.  The secure boot mode should only affects the arch specific policies,
which do not include "func=FILE_CHECK" rules.  There is a slight difference
between the builtin the original "ima_tcb" and newer "ima_policy=tcb" policies,
which might affect violations.

-- 
thanks, 

Mimi