From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: zohar@linux.ibm.com, agk@redhat.com, snitzer@redhat.com,
gmazyland@gmail.com, pvorel@suse.cz
Cc: nramas@linux.microsoft.com, linux-integrity@vger.kernel.org,
dm-devel@redhat.com, ltp@lists.linux.it
Subject: [PATCH v2 0/2] IMA: Add test for dm-crypt measurement
Date: Sun, 27 Sep 2020 20:56:03 -0700 [thread overview]
Message-ID: <20200928035605.22701-1-tusharsu@linux.microsoft.com> (raw)
New functionality is being added to IMA to measure data provided by
kernel components. With this feature, IMA policy can be set to enable
measuring data provided by device-mapper targets. Currently one such
device-mapper target - dm-crypt, is being updated to use this
functionality. This new functionality needs test automation in LTP.
Some of the existing functionality in ima_keys.sh can be reused for
this, but it needs to be refactored into generic functions first.
Add a testcase which verifies that the IMA subsystem correctly measures
the data coming from a device-mapper target - dm-crypt.
Refactor common functionality in ima_keys.sh for this, and move the
generic functions to ima_setup.sh.
This series needs a kernel built on the following repo/branch/patches:
repo: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
branch: next-integrity
commit aa662fc04f5b ("ima: Fix NULL pointer dereference in ima_file_hash")
And the following patch series should be applied in the following order:
1. https://patchwork.kernel.org/patch/11795559/
2. https://patchwork.kernel.org/patch/11801525/
3. https://patchwork.kernel.org/patch/11743715/
Change Log v2:
Incorporated feedback from Petr Vorel on v1.
- Updated TST_NEEDS_CMDS to correctly reflects commands used in tests.
- Removed unnecessary debugging info.
- Refactored common functionality in ima_keys.sh, and moved the generic
functions to ima_setup.sh.
- Removed the use of eval, and replaced it with the recommended ROD()
function.
- All temporary files now get created under $TST_TMPDIR, instead of
current directory.
- Removed unnecessary TFAIL, to avoid double counting failures.
- Updated log messages to be consistent.
- Moved code to cleanup() to avoid code duplication.
Tushar Sugandhi (2):
IMA: generalize key measurement tests
IMA: Add test for dm-crypt measurement
runtest/ima | 1 +
.../kernel/security/integrity/ima/README.md | 20 +++++
.../integrity/ima/tests/ima_dm_crypt.sh | 60 ++++++++++++++
.../security/integrity/ima/tests/ima_keys.sh | 62 +++------------
.../security/integrity/ima/tests/ima_setup.sh | 79 +++++++++++++++++++
5 files changed, 173 insertions(+), 49 deletions(-)
create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_dm_crypt.sh
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu-1pm0nblsJy7Jp67UH1NAhkEOCMrvLtNR@public.gmane.org>
To: zohar-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org,
agk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
snitzer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
gmazyland-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
pvorel-AlSwsSmVLrQ@public.gmane.org
Cc: nramas-1pm0nblsJy7Jp67UH1NAhkEOCMrvLtNR@public.gmane.org,
linux-integrity-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
dm-devel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ltp-cunTk1MwBs91InPhgRC9rw@public.gmane.org
Subject: [PATCH v2 0/2] IMA: Add test for dm-crypt measurement
Date: Sun, 27 Sep 2020 20:56:03 -0700 [thread overview]
Message-ID: <20200928035605.22701-1-tusharsu@linux.microsoft.com> (raw)
New functionality is being added to IMA to measure data provided by
kernel components. With this feature, IMA policy can be set to enable
measuring data provided by device-mapper targets. Currently one such
device-mapper target - dm-crypt, is being updated to use this
functionality. This new functionality needs test automation in LTP.
Some of the existing functionality in ima_keys.sh can be reused for
this, but it needs to be refactored into generic functions first.
Add a testcase which verifies that the IMA subsystem correctly measures
the data coming from a device-mapper target - dm-crypt.
Refactor common functionality in ima_keys.sh for this, and move the
generic functions to ima_setup.sh.
This series needs a kernel built on the following repo/branch/patches:
repo: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
branch: next-integrity
commit aa662fc04f5b ("ima: Fix NULL pointer dereference in ima_file_hash")
And the following patch series should be applied in the following order:
1. https://patchwork.kernel.org/patch/11795559/
2. https://patchwork.kernel.org/patch/11801525/
3. https://patchwork.kernel.org/patch/11743715/
Change Log v2:
Incorporated feedback from Petr Vorel on v1.
- Updated TST_NEEDS_CMDS to correctly reflects commands used in tests.
- Removed unnecessary debugging info.
- Refactored common functionality in ima_keys.sh, and moved the generic
functions to ima_setup.sh.
- Removed the use of eval, and replaced it with the recommended ROD()
function.
- All temporary files now get created under $TST_TMPDIR, instead of
current directory.
- Removed unnecessary TFAIL, to avoid double counting failures.
- Updated log messages to be consistent.
- Moved code to cleanup() to avoid code duplication.
Tushar Sugandhi (2):
IMA: generalize key measurement tests
IMA: Add test for dm-crypt measurement
runtest/ima | 1 +
.../kernel/security/integrity/ima/README.md | 20 +++++
.../integrity/ima/tests/ima_dm_crypt.sh | 60 ++++++++++++++
.../security/integrity/ima/tests/ima_keys.sh | 62 +++------------
.../security/integrity/ima/tests/ima_setup.sh | 79 +++++++++++++++++++
5 files changed, 173 insertions(+), 49 deletions(-)
create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_dm_crypt.sh
--
2.17.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v2 0/2] IMA: Add test for dm-crypt measurement
Date: Sun, 27 Sep 2020 20:56:03 -0700 [thread overview]
Message-ID: <20200928035605.22701-1-tusharsu@linux.microsoft.com> (raw)
New functionality is being added to IMA to measure data provided by
kernel components. With this feature, IMA policy can be set to enable
measuring data provided by device-mapper targets. Currently one such
device-mapper target - dm-crypt, is being updated to use this
functionality. This new functionality needs test automation in LTP.
Some of the existing functionality in ima_keys.sh can be reused for
this, but it needs to be refactored into generic functions first.
Add a testcase which verifies that the IMA subsystem correctly measures
the data coming from a device-mapper target - dm-crypt.
Refactor common functionality in ima_keys.sh for this, and move the
generic functions to ima_setup.sh.
This series needs a kernel built on the following repo/branch/patches:
repo: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
branch: next-integrity
commit aa662fc04f5b ("ima: Fix NULL pointer dereference in ima_file_hash")
And the following patch series should be applied in the following order:
1. https://patchwork.kernel.org/patch/11795559/
2. https://patchwork.kernel.org/patch/11801525/
3. https://patchwork.kernel.org/patch/11743715/
Change Log v2:
Incorporated feedback from Petr Vorel on v1.
- Updated TST_NEEDS_CMDS to correctly reflects commands used in tests.
- Removed unnecessary debugging info.
- Refactored common functionality in ima_keys.sh, and moved the generic
functions to ima_setup.sh.
- Removed the use of eval, and replaced it with the recommended ROD()
function.
- All temporary files now get created under $TST_TMPDIR, instead of
current directory.
- Removed unnecessary TFAIL, to avoid double counting failures.
- Updated log messages to be consistent.
- Moved code to cleanup() to avoid code duplication.
Tushar Sugandhi (2):
IMA: generalize key measurement tests
IMA: Add test for dm-crypt measurement
runtest/ima | 1 +
.../kernel/security/integrity/ima/README.md | 20 +++++
.../integrity/ima/tests/ima_dm_crypt.sh | 60 ++++++++++++++
.../security/integrity/ima/tests/ima_keys.sh | 62 +++------------
.../security/integrity/ima/tests/ima_setup.sh | 79 +++++++++++++++++++
5 files changed, 173 insertions(+), 49 deletions(-)
create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_dm_crypt.sh
--
2.17.1
next reply other threads:[~2020-09-28 3:56 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-28 3:56 Tushar Sugandhi [this message]
2020-09-28 3:56 ` [LTP] [PATCH v2 0/2] IMA: Add test for dm-crypt measurement Tushar Sugandhi
2020-09-28 3:56 ` Tushar Sugandhi
2020-09-28 3:56 ` [PATCH v2 1/2] IMA: generalize key measurement tests Tushar Sugandhi
2020-09-28 3:56 ` [LTP] " Tushar Sugandhi
2020-09-28 3:56 ` Tushar Sugandhi
2020-12-21 23:05 ` Petr Vorel
2020-12-21 23:05 ` [LTP] " Petr Vorel
2020-12-21 23:05 ` [dm-devel] " Petr Vorel
2021-02-22 18:54 ` Tushar Sugandhi
2021-02-22 18:54 ` [LTP] " Tushar Sugandhi
2021-02-22 18:54 ` [dm-devel] " Tushar Sugandhi
2021-02-23 22:38 ` Petr Vorel
2021-02-23 22:38 ` [LTP] " Petr Vorel
2021-02-23 22:38 ` [dm-devel] " Petr Vorel
2020-09-28 3:56 ` [PATCH v2 2/2] IMA: Add test for dm-crypt measurement Tushar Sugandhi
2020-09-28 3:56 ` [LTP] " Tushar Sugandhi
2020-09-28 3:56 ` Tushar Sugandhi
2021-01-12 23:13 ` Petr Vorel
2021-01-12 23:13 ` [LTP] " Petr Vorel
2021-01-12 23:13 ` [dm-devel] " Petr Vorel
2021-05-06 9:14 ` Petr Vorel
2021-05-06 9:14 ` [LTP] " Petr Vorel
2021-05-06 9:14 ` [dm-devel] " Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200928035605.22701-1-tusharsu@linux.microsoft.com \
--to=tusharsu@linux.microsoft.com \
--cc=agk@redhat.com \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=pvorel@suse.cz \
--cc=snitzer@redhat.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.