[LTP] [PATCH 7/7] Add lsm_set_self_attr01 test
Andrea Cervesato
andrea.cervesato@suse.com
Wed Jan 8 09:50:17 CET 2025
Hi Petr,
On 12/18/24 20:03, Petr Vorel wrote:
> Hi Andrea,
>
>> Verify that lsm_set_self_attr syscall is raising errors when invalid
>> data is provided.
> As I wrote at 2nd patch [1], booting with lsm= breaks all but
> lsm_list_modules0[12].c. E.g. in this patch:
>
> # ./lsm_set_self_attr01
> tst_buffers.c:57: TINFO: Test is using guarded buffers
> tst_test.c:1893: TINFO: LTP version: 20240930-146-gccd20cd77
> tst_test.c:1897: TINFO: Tested kernel: 6.10.0-rc7-3.g92abc10-default #1 SMP PREEMPT_DYNAMIC Wed Jul 10 14:15:11 UTC 2024 (92abc10) x86_64
> tst_test.c:1728: TINFO: Timeout per run is 0h 00m 30s
> lsm_common.h:51: TINFO: selinux is running
> lsm_common.h:51: TINFO: apparmor is running
> lsm_common.h:51: TINFO: smack is running
> lsm_set_self_attr01.c:110: TBROK: Can't read LSM current attribute
>
> FYI lsm= bot parameter causes setup (at least on Tumbleweed kernel config):
> $ cat /sys/kernel/security/lsm
> lockdown,capability,ima,evm
Are you sure about it? In the logs I clearly see that selinux, apparmor
and smack are running. The way this is checked is exactly by looking at
the string coming from /sys/kernel/security/lsm
>
> Kind regards,
> Petr
>
> [2] https://lore.kernel.org/ltp/20241218185508.GA77804@pevik/
Andrea
More information about the ltp
mailing list