From patchwork Wed Mar 14 15:57:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 885875 X-Patchwork-Delegate: petr.vorel@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 401bwN1Fhgz9sVV for ; Thu, 15 Mar 2018 02:57:55 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 550773E76D7 for ; Wed, 14 Mar 2018 16:57:53 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [IPv6:2001:4b78:1:20::7]) by picard.linux.it (Postfix) with ESMTP id 1D53B3E76E0 for ; Wed, 14 Mar 2018 16:57:51 +0100 (CET) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id A0685200BA5 for ; Wed, 14 Mar 2018 16:57:50 +0100 (CET) Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 4E077AED3; Wed, 14 Mar 2018 15:57:50 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Wed, 14 Mar 2018 16:57:29 +0100 Message-Id: <20180314155731.5943-3-pvorel@suse.cz> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180314155731.5943-1-pvorel@suse.cz> References: <20180314155731.5943-1-pvorel@suse.cz> X-Virus-Scanned: clamav-milter 0.99.2 at in-7.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-7.smtp.seeweb.it Cc: linux-integrity@vger.kernel.org, Mimi Zohar Subject: [LTP] [RFC PATCH v2 2/4] security/ima: Run measurements after policy X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" This fixes failing policy tests when no IMA is configured on SUT. Signed-off-by: Petr Vorel --- Mimi suggested in [1]: The current ordering of the tests assume that the system was booted with the builtin "ima_tcb" policy enabled on the boot command line. Assuming that the kernel doesn't require policies to be signed, changing the order of the tests is fine. Or simply test whether the system was booted with either "ima_tcb" or "ima_policy=tcb" boot command line options. Mimi, do I understand it correctly that ima_policy.sh should be called first when using ima_tcb (original order) and second otherwise? That would be problematic, as we need a fixed order of tests in runtest file. [1] http://lists.linux.it/pipermail/ltp/2018-January/007025.html --- runtest/ima | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtest/ima b/runtest/ima index bcae16bb7..06bfd7720 100644 --- a/runtest/ima +++ b/runtest/ima @@ -1,5 +1,5 @@ #DESCRIPTION:Integrity Measurement Architecture (IMA) -ima_measurements ima_measurements.sh ima_policy ima_policy.sh +ima_measurements ima_measurements.sh ima_tpm ima_tpm.sh ima_violations ima_violations.sh