[LTP] [PATCH] tst_security.sh: Use enforce toggle to trigger SELinux measurement
Avinesh Kumar
avinesh.kumar@suse.com
Fri Jun 12 18:38:04 CEST 2026
Upstream kernel commit
644132a48f4e ("selinux: prune /sys/fs/selinux/checkreqprot") [0]
removed the selinux_ima_measure_state() call from the checkreqprot
write handler.
This broke tst_update_selinux_state() which relied on writing to
checkreqprot to trigger IMA measurements of SELinux state.
Switch to toggling the enforce value instead, which still triggers
selinux_ima_measure_state() on all kernel versions >= 5.12.
[0] https://github.com/torvalds/linux/commit/644132a48f4e28a1d949d162160869286f3e75de
Signed-off-by: Avinesh Kumar <avinesh.kumar@suse.com>
---
testcases/lib/tst_security.sh | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh
index 820736c72..e9f7147e3 100644
--- a/testcases/lib/tst_security.sh
+++ b/testcases/lib/tst_security.sh
@@ -146,6 +146,9 @@ tst_update_selinux_state()
local dir=$(tst_get_selinux_dir)
[ -n "$dir" ] || return 1
- val=$(cat $dir/checkreqprot)
- echo $val > $dir/checkreqprot
+ # Toggle enforce to trigger SELinux state measurement
+ orig_val=$(cat $dir/enforce)
+ val=$((1 - orig_val))
+ echo $val > $dir/enforce
+ echo $orig_val > $dir/enforce
}
--
2.54.0
More information about the ltp
mailing list