From: Jia Zhang <zhang.jia@linux.alibaba.com>
To: zohar@linux.ibm.com, pvorel@suse.cz
Cc: linux-integrity@vger.kernel.org, ltp@lists.linux.it,
zhang.jia@linux.alibaba.com
Subject: [PATCH 6/6] ima/ima_violations: Temporarily remove the printk rate limit
Date: Tue, 15 Jan 2019 10:14:36 +0800 [thread overview]
Message-ID: <1547518476-34008-7-git-send-email-zhang.jia@linux.alibaba.com> (raw)
In-Reply-To: <1547518476-34008-1-git-send-email-zhang.jia@linux.alibaba.com>
The output frequency of audit log is limited by printk_ratelimit()
in kernel if auditd not used. Thus, the test heavily depending on
searching keywords in log file may fail if the matching patterns
are exactly suppressed by printk_ratelimit().
In order to fix such a sort of failure, just temporarily remove
the limit, and recover its setting at the end of test.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
---
.../kernel/security/integrity/ima/tests/ima_violations.sh | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index f3f40d4..a1360b8 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -31,15 +31,27 @@ setup()
FILE="test.txt"
IMA_VIOLATIONS="$SECURITYFS/ima/violations"
LOG="/var/log/messages"
+ PRINTK_RATE_LIMIT="0"
if status_daemon auditd; then
LOG="/var/log/audit/audit.log"
+ else
+ tst_check_cmds sysctl
+
+ PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
+ sysctl -wq kernel.printk_ratelimit=0
fi
[ -f "$LOG" ] || \
tst_brk TBROK "log $LOG does not exist (bug in detection?)"
tst_res TINFO "using log $LOG"
}
+reset_printk_ratelimit()
+{
+ [ "$PRINTK_RATE_LIMIT" != "0" ] && \
+ sysctl -wq kernel.printk_ratelimit=$PRINTK_RATE_LIMIT
+}
+
open_file_read()
{
exec 3< $FILE || exit 1
@@ -151,6 +163,8 @@ test3()
validate $num_violations $count $search
+ reset_printk_ratelimit
+
# wait for ima_mmap to exit, so we can umount
tst_sleep 2s
}
--
1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Jia Zhang <zhang.jia@linux.alibaba.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 6/6] ima/ima_violations: Temporarily remove the printk rate limit
Date: Tue, 15 Jan 2019 10:14:36 +0800 [thread overview]
Message-ID: <1547518476-34008-7-git-send-email-zhang.jia@linux.alibaba.com> (raw)
In-Reply-To: <1547518476-34008-1-git-send-email-zhang.jia@linux.alibaba.com>
The output frequency of audit log is limited by printk_ratelimit()
in kernel if auditd not used. Thus, the test heavily depending on
searching keywords in log file may fail if the matching patterns
are exactly suppressed by printk_ratelimit().
In order to fix such a sort of failure, just temporarily remove
the limit, and recover its setting at the end of test.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
---
.../kernel/security/integrity/ima/tests/ima_violations.sh | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index f3f40d4..a1360b8 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -31,15 +31,27 @@ setup()
FILE="test.txt"
IMA_VIOLATIONS="$SECURITYFS/ima/violations"
LOG="/var/log/messages"
+ PRINTK_RATE_LIMIT="0"
if status_daemon auditd; then
LOG="/var/log/audit/audit.log"
+ else
+ tst_check_cmds sysctl
+
+ PRINTK_RATE_LIMIT=`sysctl -n kernel.printk_ratelimit`
+ sysctl -wq kernel.printk_ratelimit=0
fi
[ -f "$LOG" ] || \
tst_brk TBROK "log $LOG does not exist (bug in detection?)"
tst_res TINFO "using log $LOG"
}
+reset_printk_ratelimit()
+{
+ [ "$PRINTK_RATE_LIMIT" != "0" ] && \
+ sysctl -wq kernel.printk_ratelimit=$PRINTK_RATE_LIMIT
+}
+
open_file_read()
{
exec 3< $FILE || exit 1
@@ -151,6 +163,8 @@ test3()
validate $num_violations $count $search
+ reset_printk_ratelimit
+
# wait for ima_mmap to exit, so we can umount
tst_sleep 2s
}
--
1.8.3.1
next prev parent reply other threads:[~2019-01-15 2:16 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 2:14 [PATCH v2 0/6] LTP IMA fix bundle Jia Zhang
2019-01-15 2:14 ` [LTP] " Jia Zhang
2019-01-15 2:14 ` [PATCH 1/6] ima/ima_boot_aggregate: Fix the definition of event log Jia Zhang
2019-01-15 2:14 ` [LTP] " Jia Zhang
2019-01-15 2:14 ` [PATCH 2/6] ima/ima_boot_aggregate: Don't hard code the length of sha1 hash Jia Zhang
2019-01-15 2:14 ` [LTP] " Jia Zhang
2019-01-15 2:14 ` [PATCH 3/6] ima/ima_boot_aggregate: Fix extending PCRs beyond PCR 0-7 Jia Zhang
2019-01-15 2:14 ` [LTP] " Jia Zhang
2019-01-15 2:14 ` [PATCH 4/6] ima: Code cleanup Jia Zhang
2019-01-15 2:14 ` [LTP] " Jia Zhang
2019-01-15 2:14 ` [PATCH 5/6] ima: Rename the folder name for policy files to datafiles Jia Zhang
2019-01-15 2:14 ` [LTP] " Jia Zhang
2019-01-15 2:14 ` Jia Zhang [this message]
2019-01-15 2:14 ` [LTP] [PATCH 6/6] ima/ima_violations: Temporarily remove the printk rate limit Jia Zhang
2019-01-15 15:07 ` Petr Vorel
2019-01-15 15:07 ` [LTP] " Petr Vorel
2019-01-15 16:42 ` Jia Zhang
2019-01-15 16:42 ` [LTP] " Jia Zhang
2019-01-15 17:24 ` Petr Vorel
2019-01-15 17:24 ` [LTP] " Petr Vorel
2019-01-16 2:53 ` Jia Zhang
2019-01-16 2:53 ` [LTP] " Jia Zhang
2019-01-15 18:34 ` [LTP] [PATCH v2 0/6] LTP IMA fix bundle Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1547518476-34008-7-git-send-email-zhang.jia@linux.alibaba.com \
--to=zhang.jia@linux.alibaba.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.