[LTP] [PATCH 2/2] ima_selinux.sh: Detect SELinux before loading policy
Andrea Cervesato
andrea.cervesato@suse.com
Mon Feb 17 14:26:28 CET 2025
Hi!
On 2/17/25 14:08, Petr Vorel wrote:
> Adding TST_SETUP_EARLY to run test specific setup before loading policy.
> That allows to avoid loading IMA policy (which usually request reboot)
> if the test would be skipped anyway.
>
> Fixes: aac97cca96 ("ima_setup.sh: Allow to load predefined policy")
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> testcases/kernel/security/integrity/ima/tests/ima_selinux.sh | 3 ++-
> testcases/kernel/security/integrity/ima/tests/ima_setup.sh | 2 ++
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
> index 97c5d64ec5..577f7c2aca 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
> @@ -13,9 +13,10 @@
>
> TST_NEEDS_CMDS="awk cut grep tail"
> TST_CNT=2
> -TST_SETUP="setup"
> TST_MIN_KVER="5.12"
>
> +TST_SETUP_EARLY="setup"
> +
> REQUIRED_POLICY_CONTENT='selinux.policy'
>
> setup()
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> index 1f1c267c4b..2a9f64978e 100644
> --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> @@ -265,6 +265,8 @@ ima_setup()
> cd "$TST_MNTPOINT"
> fi
>
> + [ -n "$TST_SETUP_EARLY" ] && $TST_SETUP_EARLY
> +
Why not doing ". ima_setup.sh" at the end of setup() ?
> if ! verify_ima_policy; then
> load_ima_policy
> fi
Andrea
More information about the ltp
mailing list