diff mbox series

[v4,3/5] IMA: Refactor datafiles directory

Message ID 20200820090824.3033-4-pvorel@suse.cz
State Accepted
Headers show
Series IMA: verify measurement of certificate imported into a keyring | expand

Commit Message

Petr Vorel Aug. 20, 2020, 9:08 a.m. UTC 
The IMA datafiles directory is structured so that it cannot be directly
expanded to include datafiles for tests other than `ima_policy.sh`
as it's installed into /opt/ltp/testcases/data/ima_policy.

Also not all policies are meant to be for ima_policy.sh, thus
move policies into their own directories based on the test which they
belong to. Rename policy directory to ima_policy to follow the
pattern that directory in sources match the installed directory.

Reported-by: Lachlan Sneff <t-josne@linux.microsoft.com>
Signed-off-by: Lachlan Sneff <t-josne@linux.microsoft.com>
[ pvorel: based on Lachlan's patch, rewritten ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
The same as in v3.

 .../kernel/security/integrity/ima/datafiles/Makefile  | 10 +++++-----
 .../integrity/ima/datafiles/ima_kexec/Makefile        | 11 +++++++++++
 .../ima/datafiles/{ => ima_kexec}/kexec.policy        |  0
 .../integrity/ima/datafiles/ima_keys/Makefile         | 11 +++++++++++
 .../ima/datafiles/{ => ima_keys}/keycheck.policy      |  0
 .../integrity/ima/datafiles/ima_policy/Makefile       | 11 +++++++++++
 .../ima/datafiles/{ => ima_policy}/measure.policy     |  0
 .../datafiles/{ => ima_policy}/measure.policy-invalid |  0
 8 files changed, 38 insertions(+), 5 deletions(-)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_kexec/Makefile
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_kexec}/kexec.policy (100%)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_keys/Makefile
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_keys}/keycheck.policy (100%)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_policy/Makefile
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_policy}/measure.policy (100%)
 rename testcases/kernel/security/integrity/ima/datafiles/{ => ima_policy}/measure.policy-invalid (100%)

Comments

Petr Vorel Aug. 28, 2020, 1:18 p.m. UTC | #1 
Hi,

> --- a/testcases/kernel/security/integrity/ima/datafiles/Makefile
> +++ b/testcases/kernel/security/integrity/ima/datafiles/Makefile
> @@ -1,6 +1,8 @@

>  #    testcases/kernel/security/integrity/ima/policy testcases Makefile.

> +#    Copyright (c) Linux Test Project, 2019-2020
> +#    Copyright (c) 2020 Microsoft Corporation
>  #    Copyright (C) 2009, Cisco Systems Inc.

>  #    This program is free software; you can redistribute it and/or modify
> @@ -20,12 +22,10 @@
>  # Ngie Cooper, July 2009


> -top_srcdir		?= ../../../../../..
> +top_srcdir	?= ../../../../../..

>  include	$(top_srcdir)/include/mk/env_pre.mk

> -INSTALL_DIR		:= testcases/data/ima_policy
> +SUBDIRS	:= ima_*
It looks this broke build on out-of-tree build:
https://travis-ci.org/github/linux-test-project/ltp/builds/722003659
https://travis-ci.org/github/linux-test-project/ltp/jobs/722003661
https://travis-ci.org/github/linux-test-project/ltp/jobs/722003662
https://travis-ci.org/github/linux-test-project/ltp/jobs/722003663
...

I'm sorry I overlooked that. I'll have look on Monday (unless anybody fixes it).

Kind regards,
Petr

> -INSTALL_TARGETS		:= measure.policy-invalid *.policy
> -
> -include $(top_srcdir)/include/mk/generic_leaf_target.mk
> +include $(top_srcdir)/include/mk/generic_trunk_target.mk
Petr Vorel Aug. 28, 2020, 1:28 p.m. UTC | #2 
Hi,

> > +SUBDIRS	:= ima_*
I guess this could fix it:
SUBDIRS	:= $(shell ls ima_*) 

I'm surprised that glob does not work on SUBDIRS.

> It looks this broke build on out-of-tree build:
> https://travis-ci.org/github/linux-test-project/ltp/builds/722003659
> https://travis-ci.org/github/linux-test-project/ltp/jobs/722003661
> https://travis-ci.org/github/linux-test-project/ltp/jobs/722003662
> https://travis-ci.org/github/linux-test-project/ltp/jobs/722003663
> ...

Kind regards,
Petr
Mimi Zohar Aug. 28, 2020, 4:32 p.m. UTC | #3 
On Fri, 2020-08-28 at 15:28 +0200, Petr Vorel wrote:
> Hi,
> 
> > > +SUBDIRS	:= ima_*
> I guess this could fix it:
> SUBDIRS	:= $(shell ls ima_*) 

Other LTP makefiles are using "wildcard".  Like this - $(wildcard
ima_*/)?

Mimi
> 
> I'm surprised that glob does not work on SUBDIRS.
> 
> > It looks this broke build on out-of-tree build:
> > https://travis-ci.org/github/linux-test-project/ltp/builds/722003659
> > https://travis-ci.org/github/linux-test-project/ltp/jobs/722003661
> > https://travis-ci.org/github/linux-test-project/ltp/jobs/722003662
> > https://travis-ci.org/github/linux-test-project/ltp/jobs/722003663
> > ...
> 
> Kind regards,
> Petr
Petr Vorel Aug. 30, 2020, 4:31 p.m. UTC | #4 
Hi,

> > > +SUBDIRS	:= ima_*
> I guess this could fix it:
> SUBDIRS	:= $(shell ls ima_*) 
This didn't work. Fixed in 4231003f3.

Kind regards,
Petr
Petr Vorel Aug. 31, 2020, 7:39 a.m. UTC | #5 
Hi Mimi,

> On Fri, 2020-08-28 at 15:28 +0200, Petr Vorel wrote:
> > Hi,

> > > > +SUBDIRS	:= ima_*
> > I guess this could fix it:
> > SUBDIRS	:= $(shell ls ima_*) 

> Other LTP makefiles are using "wildcard".  Like this - $(wildcard
> ima_*/)?
Thanks for a tip. But it looks like wildchard doesn't work on out-of-tree
either:

/usr/src/ltp/include/mk/generic_trunk_target.inc:97: *** SUBDIRS empty -- did you want generic_leaf_target instead?.  Stop.

It's visible only on powerpc64le-linux-gnu-gcc build, because that is the only
one from out-of-tree builds which also does make install.
(We removed make install from most of the builds in order  1) avoid sporadic
build failures due lack of space on Travis docker 2) safe time.)

Thus I fixed it in 4231003f3 with just simple listing the targets:
-SUBDIRS        := ima_*
+SUBDIRS        := ima_kexec ima_keys ima_policy

Kind regards,
Petr
diff mbox series

Patch

diff --git a/testcases/kernel/security/integrity/ima/datafiles/Makefile b/testcases/kernel/security/integrity/ima/datafiles/Makefile
index 369407112..6857ccfee 100644
--- a/testcases/kernel/security/integrity/ima/datafiles/Makefile
+++ b/testcases/kernel/security/integrity/ima/datafiles/Makefile
@@ -1,6 +1,8 @@ 
 #
 #    testcases/kernel/security/integrity/ima/policy testcases Makefile.
 #
+#    Copyright (c) Linux Test Project, 2019-2020
+#    Copyright (c) 2020 Microsoft Corporation
 #    Copyright (C) 2009, Cisco Systems Inc.
 #
 #    This program is free software; you can redistribute it and/or modify
@@ -20,12 +22,10 @@ 
 # Ngie Cooper, July 2009
 #
 
-top_srcdir		?= ../../../../../..
+top_srcdir	?= ../../../../../..
 
 include	$(top_srcdir)/include/mk/env_pre.mk
 
-INSTALL_DIR		:= testcases/data/ima_policy
+SUBDIRS	:= ima_*
 
-INSTALL_TARGETS		:= measure.policy-invalid *.policy
-
-include $(top_srcdir)/include/mk/generic_leaf_target.mk
+include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git a/testcases/kernel/security/integrity/ima/datafiles/ima_kexec/Makefile b/testcases/kernel/security/integrity/ima/datafiles/ima_kexec/Makefile
new file mode 100644
index 000000000..5e0d632a7
--- /dev/null
+++ b/testcases/kernel/security/integrity/ima/datafiles/ima_kexec/Makefile
@@ -0,0 +1,11 @@ 
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) Linux Test Project, 2020
+
+top_srcdir	?= ../../../../../../..
+
+include	$(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_DIR		:= testcases/data/ima_kexec
+INSTALL_TARGETS	:= *.policy
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/security/integrity/ima/datafiles/kexec.policy b/testcases/kernel/security/integrity/ima/datafiles/ima_kexec/kexec.policy
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/kexec.policy
rename to testcases/kernel/security/integrity/ima/datafiles/ima_kexec/kexec.policy
diff --git a/testcases/kernel/security/integrity/ima/datafiles/ima_keys/Makefile b/testcases/kernel/security/integrity/ima/datafiles/ima_keys/Makefile
new file mode 100644
index 000000000..452321843
--- /dev/null
+++ b/testcases/kernel/security/integrity/ima/datafiles/ima_keys/Makefile
@@ -0,0 +1,11 @@ 
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) Linux Test Project, 2020
+
+top_srcdir	?= ../../../../../../..
+
+include	$(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_DIR		:= testcases/data/ima_keys
+INSTALL_TARGETS	:= *.policy
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/security/integrity/ima/datafiles/keycheck.policy b/testcases/kernel/security/integrity/ima/datafiles/ima_keys/keycheck.policy
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/keycheck.policy
rename to testcases/kernel/security/integrity/ima/datafiles/ima_keys/keycheck.policy
diff --git a/testcases/kernel/security/integrity/ima/datafiles/ima_policy/Makefile b/testcases/kernel/security/integrity/ima/datafiles/ima_policy/Makefile
new file mode 100644
index 000000000..953e21556
--- /dev/null
+++ b/testcases/kernel/security/integrity/ima/datafiles/ima_policy/Makefile
@@ -0,0 +1,11 @@ 
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) Linux Test Project, 2020
+
+top_srcdir	?= ../../../../../../..
+
+include	$(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_DIR		:= testcases/data/ima_policy
+INSTALL_TARGETS	:= *.policy-invalid *.policy
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/security/integrity/ima/datafiles/measure.policy b/testcases/kernel/security/integrity/ima/datafiles/ima_policy/measure.policy
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/measure.policy
rename to testcases/kernel/security/integrity/ima/datafiles/ima_policy/measure.policy
diff --git a/testcases/kernel/security/integrity/ima/datafiles/measure.policy-invalid b/testcases/kernel/security/integrity/ima/datafiles/ima_policy/measure.policy-invalid
similarity index 100%
rename from testcases/kernel/security/integrity/ima/datafiles/measure.policy-invalid
rename to testcases/kernel/security/integrity/ima/datafiles/ima_policy/measure.policy-invalid