From patchwork Thu Apr 19 19:55:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Petr Vorel <pvorel@suse.cz>
X-Patchwork-Id: 901466
X-Patchwork-Delegate: petr.vorel@gmail.com
Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.linux.it
	(client-ip=213.254.12.146; helo=picard.linux.it;
	envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=suse.cz
Received: from picard.linux.it (picard.linux.it [213.254.12.146])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40RqVW3kXSz9s1t
	for <incoming@patchwork.ozlabs.org>;
	Fri, 20 Apr 2018 05:56:03 +1000 (AEST)
Received: from picard.linux.it (localhost [IPv6:::1])
	by picard.linux.it (Postfix) with ESMTP id 79B283E7A61
	for <incoming@patchwork.ozlabs.org>;
	Thu, 19 Apr 2018 21:55:51 +0200 (CEST)
X-Original-To: ltp@lists.linux.it
Delivered-To: ltp@picard.linux.it
Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it [217.194.8.2])
	by picard.linux.it (Postfix) with ESMTP id 13E1B3E74AE
	for <ltp@lists.linux.it>; Thu, 19 Apr 2018 21:55:32 +0200 (CEST)
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by in-2.smtp.seeweb.it (Postfix) with ESMTPS id AEC3A600C2C
	for <ltp@lists.linux.it>; Thu, 19 Apr 2018 21:55:31 +0200 (CEST)
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id 26107AF0A;
	Thu, 19 Apr 2018 19:55:31 +0000 (UTC)
From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Date: Thu, 19 Apr 2018 21:55:01 +0200
Message-Id: <20180419195503.7194-9-pvorel@suse.cz>
X-Mailer: git-send-email 2.16.3
In-Reply-To: <20180419195503.7194-1-pvorel@suse.cz>
References: <20180419195503.7194-1-pvorel@suse.cz>
X-Virus-Scanned: clamav-milter 0.99.2 at in-2.smtp.seeweb.it
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled
	version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	in-2.smtp.seeweb.it
Cc: linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: [LTP] [RFC PATCH v3 08/10] ima/{ima_measurements,
	ima_violations}.sh: Avoid running on tmpfs
X-BeenThere: ltp@lists.linux.it
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Linux Test Project <ltp.lists.linux.it>
List-Unsubscribe: <https://lists.linux.it/options/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=unsubscribe>
List-Archive: <http://lists.linux.it/pipermail/ltp/>
List-Post: <mailto:ltp@lists.linux.it>
List-Help: <mailto:ltp-request@lists.linux.it?subject=help>
List-Subscribe: <https://lists.linux.it/listinfo/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=subscribe>
MIME-Version: 1.0
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

If $TMPDIR is on tmpfs, create loop device, format it to ext3 and run
tests in it.

The reason is that measure.policy excludes tmpfs (TMPFS_MAGIC,
"dont_measure fsmagic=0x01021994"), but TST_TMPDIR is often on tmpfs
filesystem. Lets test on ext3 created on loop device.

http://lists.linux.it/pipermail/ltp/2018-January/006970.html
http://lists.linux.it/pipermail/ltp/2018-March/007488.html

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 .../integrity/ima/tests/ima_measurements.sh        |  1 +
 .../security/integrity/ima/tests/ima_setup.sh      | 40 ++++++++++++++++++++--
 .../security/integrity/ima/tests/ima_violations.sh |  4 +++
 3 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
index 0bceeb71f..294e29d30 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
@@ -22,6 +22,7 @@
 TST_NEEDS_CMDS="awk"
 TST_SETUP="setup"
 TST_CNT=3
+TST_NEEDS_DEVICE=1
 
 . ima_setup.sh
 
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
index c08e2579e..03851167f 100644
--- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -28,6 +28,7 @@ TST_NEEDS_ROOT=1
 
 SYSFS="/sys"
 UMOUNT=
+FS_TYPE="ext3"
 
 mount_helper()
 {
@@ -39,15 +40,30 @@ mount_helper()
 	[ -n "$dir" ] && { echo "$dir"; return; }
 
 	if ! mkdir -p $default_dir; then
-		tst_brk TBROK "Failed to create $default_dir"
+		tst_brk TBROK "failed to create $default_dir"
 	fi
 	if ! mount -t $type $type $default_dir; then
-		tst_brk TBROK "Failed to mount $type"
+		tst_brk TBROK "failed to mount $type"
 	fi
 	UMOUNT="$default_dir $UMOUNT"
 	echo $default_dir
 }
 
+mount_loop_device()
+{
+	local ret
+
+	tst_check_cmds mkfs.$FS_TYPE
+	tst_mkfs $FS_TYPE $TST_DEVICE
+	ROD_SILENT mkdir -p mntpoint
+	mount ${TST_DEVICE} mntpoint
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		tst_brk TBROK "failed to mount device (mount exit = $ret)"
+	fi
+	cd mntpoint
+}
+
 ima_setup()
 {
 	SECURITYFS="$(mount_helper securityfs $SYSFS/kernel/security)"
@@ -57,7 +73,14 @@ ima_setup()
 	ASCII_MEASUREMENTS="$IMA_DIR/ascii_runtime_measurements"
 	BINARY_MEASUREMENTS="$IMA_DIR/binary_runtime_measurements"
 
-	[ -n "$TST_SETUP_CALLER" ] && $TST_SETUP_CALLER
+	if [ "$TST_NEEDS_DEVICE" = 1 ]; then
+		tst_res TINFO "\$TMPDIR is on tmpfs => run on loop device"
+		mount_loop_device
+	fi
+
+	if [ -n "$TST_SETUP_CALLER" ]; then
+		$TST_SETUP_CALLER
+	fi
 }
 
 ima_cleanup()
@@ -66,4 +89,15 @@ ima_cleanup()
 	for dir in $UMOUNT; do
 		umount $dir
 	done
+
+	if [ "$TST_NEEDS_DEVICE" = 1 ]; then
+		cd $TST_TMPDIR
+		tst_umount $TST_DEVICE
+	fi
 }
+
+# loop device is needed to use only for tmpfs
+TMPDIR="${TMPDIR:-/tmp}"
+if [ "$(df -T $TMPDIR | tail -1 | awk '{print $2}')" != "tmpfs" -a -n "$TST_NEEDS_DEVICE" ]; then
+	unset TST_NEEDS_DEVICE
+fi
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index 0e9afa7ff..8742f4593 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -21,6 +21,7 @@
 
 TST_SETUP="setup"
 TST_CNT=3
+TST_NEEDS_DEVICE=1
 
 . ima_setup.sh
 . daemonlib.sh
@@ -149,6 +150,9 @@ test3()
 	close_file_read
 
 	validate $num_violations $count $search
+
+	# wait for ima_mmap to exit, so we can umount
+	tst_sleep 2s
 }
 
 tst_run