[LTP] [PATCH v2 2/4] ima_violations.sh: Update validate() to support multiple violations
Petr Vorel
pvorel@suse.cz
Tue Mar 4 18:43:42 CET 2025
> On Tue, 2025-03-04 at 09:44 -0500, Mimi Zohar wrote:
> > On Tue, 2025-03-04 at 14:31 +0100, Petr Vorel wrote:
> > > Hi Mimi,
> > > > Add support for the number of expected violations. Include the
> > > > expected number of violations in the output.
> > > Unfortunately this works only on fixed kernel (e.g. the one with v1 of your
> > > "ima: limit both open-writers and ToMToU violations" kernel patchset [1]
> > > (I haven't built v2 [2], but it's really just
> > > s/IMA_LIMIT_VIOLATIONS/IMA_EMITTED_OPENWRITERS/ => it will work)
> > > Testing on any other kernel it fails on first testing after reboot:
> > Hi Petr,
> > I only tested by specifying the "ima_policy=tcb" on the boot command line. This
> > failure happens when loading the test specific policy rules. If setup() is
> > called before loading the test specific policy rules, forcing the $LOG file
> > violation at setup() would be too early.
> Sorry, that doesn't seem to be the case.
> With the changes to validate(), even the original tests will only work on a new
> kernel. I'll rework the patch set, so at least the original tests will continue
> to work.
+1, thank you!
Kind regards,
Petr
> Mimi
More information about the ltp
mailing list