[RFC][PATCH ima-evm-utils 0/7] ima-evm-utils: Add UML support and tests for EVM portable signatures

From: Roberto Sassu <roberto.sassu@huawei.com>
To: <zohar@linux.ibm.com>
Cc: <pvorel@suse.cz>, <vt@altlinux.org>,
	<linux-integrity@vger.kernel.org>,
	Roberto Sassu <roberto.sassu@huawei.com>
Subject: [RFC][PATCH ima-evm-utils 0/7] ima-evm-utils: Add UML support and tests for EVM portable signatures
Date: Thu, 22 Jul 2021 19:34:07 +0200	[thread overview]
Message-ID: <20210722173414.1738041-1-roberto.sassu@huawei.com> (raw)

During the development of the tests for the 'evm: Improve usability of
portable signatures' patch set, it became clear that a testing environment
available to a regular user was not sufficient. First, because some
operations needs to be executed with the privileges of the root user (for
example, writing to securityfs), which not always is available (for example
in a public testing plaform). Second, because some configuration steps
performed on the kernel cannot be undone.

The first goal of this patch set is to overcome these limitations by
adding support for running tests with a UML (User Mode Linux) kernel. In
this environment, a test script might operate as root with the objects
created in the new environment. It still has the limitations of the user
that launched the UML kernel, if the test script interacts with the rest of
the system.

The second goal of this patch set is to introduce the tests for the 'evm:
Improve usability of portable signatures' patch set.

Patches 1-2 download the UML kernel, its signing key and mount-idmapped (to
perform the tests on an idmapped mount). Patch 3 adds additional options
for the container engine to execute the UML kernel. Patch 4-5 adds the
infrastructure necessary to launch the UML kernel. Patch 6 adds the
possibility of executing tests individually and, lastly, Patch 7 adds the
tests for the 'evm: Improve usability of portable signatures' patch set.

To test this patch set, a new workflow for Github Actions has been defined
in the kernel repository. The patches to introduce it and the UML kernel
configuration are available at:

https://github.com/robertosassu/linux/commit/b3122b23a1e5f3ef5e3f1932204da39974a50257
https://github.com/robertosassu/linux/commit/9ccb667217fd1fdd933a5d6816ba0281a09bf980

Roberto Sassu (7):
  Download UML kernel and signing key
  Download mount-idmapped
  Add additional options to the container engine
  Add functions to the testing library to run a test script with UML
  Signal failures of tests executed by UML kernel with unclean shutdown
  Introduce TST_LIST variable to select a test to execute
  Add tests for EVM portable signatures

 .github/workflows/ci.yml       |   21 +
 .travis.yml                    |   19 +-
 build.sh                       |    1 +
 ci/alpine.sh                   |    8 +-
 ci/alt.sh                      |    1 +
 ci/debian.sh                   |    8 +
 ci/fedora.sh                   |   16 +-
 ci/tumbleweed.sh               |    9 +-
 tests/Makefile.am              |    3 +-
 tests/functions.sh             |   67 ++
 tests/portable_signatures.test | 1157 ++++++++++++++++++++++++++++++++
 11 files changed, 1305 insertions(+), 5 deletions(-)
 create mode 100755 tests/portable_signatures.test

-- 
2.25.1