[LTP] [PATCH v3 01/10] ima_violations.sh: Fix log detection
Mimi Zohar
zohar@linux.ibm.com
Thu Jan 23 18:37:51 CET 2025
Hi Petr,
On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote:
> Fix TBROK on systems which does not have /var/log/messages
> (any modern distro is using systemd) not auditd installed:
-> and auditd is not installed:
>
> ima_violations 1 TBROK: log /var/log/messages does not exist (bug in
> detection?)
>
> Instead TCONF with more meaningful message:
>
> ima_violations 1 TCONF: log file not found, install auditd
>
> Fixes: https://github.com/linux-test-project/ltp/issues/372
Perhaps /var/log/messages was being rate limited.
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> .../kernel/security/integrity/ima/tests/ima_violations.sh | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> index 0f710dea2e..b2b597ad08 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -23,8 +23,10 @@ setup()
> PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
> sysctl -wq kernel.printk_ratelimit=0
> fi
> - [ -f "$LOG" ] || \
> - tst_brk TBROK "log $LOG does not exist (bug in detection?)"
> +
> + if [ ! -e "$LOG" ]; then
> + tst_brk TCONF "log file not found, install auditd"
> + fi
> tst_res TINFO "using log $LOG"
> }
>
More information about the ltp
mailing list