[LTP] [PATCH v3 09/10] ima_measurements.sh: Check policy for test3
Mimi Zohar
zohar@linux.ibm.com
Thu Jan 23 18:39:52 CET 2025
Hi Petr,
On Tue, 2025-01-14 at 12:29 +0100, Petr Vorel wrote:
> First two tests are working with ima_policy=tcb,
> but 3rd test requires more specific policy.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
Sorry I'm not seeing the difference between "ima_policy=tcb" and the specific policy.
The patch itself looks correct and should allow the test to work even without
specifying the "tcb" policy on the boot command line.
After fixing the patch description, feel free to add:
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> .../kernel/security/integrity/ima/tests/ima_measurements.sh | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> index c42c31c898..35acc6ea78 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> @@ -77,6 +77,11 @@ test3()
> tst_res TINFO "verify not measuring user files"
> tst_check_cmds sudo || return
>
> + if [ "$IMA_POLICY_CHECKED" != 1 ]; then
> + tst_res TCONF "test requires specific policy, try load it with
> LTP_IMA_LOAD_POLICY=1"
> + return
> + fi
> +
> if ! id $user >/dev/null 2>/dev/null; then
> tst_res TCONF "missing system user $user (wrong installation)"
> return
More information about the ltp
mailing list