diff mbox series

tst_security.sh: Use the same value for checkreqprot

Message ID 20250425125057.38992-1-pvorel@suse.cz
State Needs Review / ACK
Headers show
Series tst_security.sh: Use the same value for checkreqprot | expand

Checks

Context Check Description
ltpci/opensuse-leap_latest_gcc fail failure
ltpci/debian_stable_s390x-linux-gnu-gcc_s390x success success
ltpci/debian_stable_aarch64-linux-gnu-gcc_arm64 success success
ltpci/debian_stable_powerpc64le-linux-gnu-gcc_ppc64el success success
ltpci/ubuntu_jammy_gcc success success
ltpci/debian_stable_gcc success success
ltpci/quay-io-centos-centos_stream9_gcc success success
ltpci/ubuntu_bionic_gcc success success
ltpci/debian_oldstable_clang success success
ltpci/debian_stable_gcc success success
ltpci/opensuse-archive_42-2_gcc success success
ltpci/alpine_latest_gcc success success
ltpci/fedora_latest_clang success success
ltpci/debian_testing_gcc success success
ltpci/debian_oldstable_gcc success success
ltpci/debian_testing_clang success success
ltpci/opensuse-leap_latest fail asdf
ltpci/opensuse-leap_latest fail pending
ltpci/opensuse-leap_latest pending skip
ltpci/opensuse-leap_latest pending result
ltpci/opensuse-leap_latest pending pending
ltpci/opensuse-leap_latest pending pending
ltpci/opensuse-leap_latest pending Skipping job broken repositories
ltpci/opensuse-leap_latest pending Skipping job due broken repositories

Commit Message

Petr Vorel April 25, 2025, 12:50 p.m. UTC 
kernel commit e9c38f9fc2cc ("Documentation,selinux: deprecate setting
checkreqprot to 1") from v5.10-rc1 deprecated checkreqprot value 1
(emit warning in dmesg). Code is used only in ima_selinux.sh
which requires 5.12. Touching /sys/fs/selinux/checkreqprot is required
to trigger the measurement via selinux_ima_measure_state().

Using the same value (0 by default) works on recent 6.14, it should be
safe changing to use the same value. This way misleading warning is
avoided and hopefully kept working in the future.

Also, this way it does not modify SUT setting (don't influence other
tests), which is always better.

Fixes: 36c695e497 ("tst_security.sh: Add helper tst_update_selinux_state()")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
@SELinux developers: FYI tst_security.sh is used in LTP test in
ima_selinux.sh [1] test.

Kind regards,
Petr

[1] https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh

 testcases/lib/tst_security.sh | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh
index 4e2d34ca98..820736c723 100644
--- a/testcases/lib/tst_security.sh
+++ b/testcases/lib/tst_security.sh
@@ -142,11 +142,10 @@  tst_get_enforce()
 
 tst_update_selinux_state()
 {
-	local cur_val new_val
+	local val
 	local dir=$(tst_get_selinux_dir)
 	[ -n "$dir" ] || return 1
 
-	cur_val=$(cat $dir/checkreqprot)
-	[ $cur_val = 1 ] && new_val=0 || new_val=1
-	echo $new_val > $dir/checkreqprot
+	val=$(cat $dir/checkreqprot)
+	echo $val > $dir/checkreqprot
 }