Message ID | 20241126173830.98960-4-pvorel@suse.cz |
---|---|
State | Accepted |
Headers | show |
Series | LTP tests: load predefined policy | expand |
On Tue, 2024-11-26 at 18:38 +0100, Petr Vorel wrote: > The functionality IMHO was not backported to the enterprise kernels. > > This helps to avoid false positive in ima_kexec.sh: > ima_kexec 1 TWARN: policy not readable, it might not contain required > policy '^measure.*func=KEXEC_CMDLINE' > ima_kexec 1 TBROK: unable to find a correct measurement > > Signed-off-by: Petr Vorel <pvorel@suse.cz> Looks good. Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Hi Mimi, > On Tue, 2024-11-26 at 18:38 +0100, Petr Vorel wrote: > > The functionality IMHO was not backported to the enterprise kernels. > > This helps to avoid false positive in ima_kexec.sh: > > ima_kexec 1 TWARN: policy not readable, it might not contain required > > policy '^measure.*func=KEXEC_CMDLINE' > > ima_kexec 1 TBROK: unable to find a correct measurement > > Signed-off-by: Petr Vorel <pvorel@suse.cz> > Looks good. > Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Thanks a lot, this patch merged. Kind regards, Petr
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh index 62f05f5361..3446bc24bf 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh @@ -11,6 +11,7 @@ TST_NEEDS_CMDS="grep kexec sed" TST_CNT=3 TST_SETUP="setup" +TST_MIN_KVER="5.3" IMA_KEXEC_IMAGE="${IMA_KEXEC_IMAGE:-/boot/vmlinuz-$(uname -r)}" REQUIRED_POLICY='^measure.*func=KEXEC_CMDLINE' diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh index 793908d44a..ff32eb6c43 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh @@ -10,6 +10,7 @@ TST_NEEDS_CMDS="cmp cut grep sed" TST_CNT=2 TST_SETUP=setup TST_CLEANUP=cleanup +TST_MIN_KVER="5.6" FUNC_KEYCHECK='func=KEY_CHECK' REQUIRED_POLICY="^measure.*$FUNC_KEYCHECK" diff --git a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh index f6e392822a..75f9ba84e4 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh @@ -12,6 +12,7 @@ TST_NEEDS_CMDS="awk cut grep tail" TST_CNT=2 TST_SETUP="setup" +TST_MIN_KVER="5.12" FUNC_CRITICAL_DATA='func=CRITICAL_DATA' REQUIRED_POLICY="^measure.*$FUNC_CRITICAL_DATA"
The functionality IMHO was not backported to the enterprise kernels. This helps to avoid false positive in ima_kexec.sh: ima_kexec 1 TWARN: policy not readable, it might not contain required policy '^measure.*func=KEXEC_CMDLINE' ima_kexec 1 TBROK: unable to find a correct measurement Signed-off-by: Petr Vorel <pvorel@suse.cz> --- testcases/kernel/security/integrity/ima/tests/ima_kexec.sh | 1 + testcases/kernel/security/integrity/ima/tests/ima_keys.sh | 1 + testcases/kernel/security/integrity/ima/tests/ima_selinux.sh | 1 + 3 files changed, 3 insertions(+)