[LTP] [PATCH v3 08/10] ima_setup.sh: Allow to load predefined policy
Mimi Zohar
zohar@linux.ibm.com
Mon Feb 3 17:31:35 CET 2025
On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote:
> environment variable LTP_IMA_LOAD_POLICY=1 tries to load example policy
> if available. This should be used only if tooling running LTP tests
> allows to reboot afterwards because policy may be writable only once,
> e.g. missing CONFIG_IMA_WRITE_POLICY=y, or policies can influence each
> other.
>
> Loading may fail due various reasons (e.g. previously mentioned missing
> CONFIG_IMA_WRITE_POLICY=y and policy already loaded or when secure boot is
> enabled and the kernel is configured with CONFIG_IMA_ARCH_POLICY enabled, an
> appraise func=POLICY_CHECK appraise_type=imasig rule is loaded, requiring the
> IMA policy itself to be signed).
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
Looks good. Thanks, Petr.
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
More information about the ltp
mailing list