All of lore.kernel.org
 help / color / mirror / Atom feed
From: djacobs7@binghamton.edu
To: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: zohar@linux.ibm.com, pvorel@suse.cz, vt@altlinux.org,
	David Jacobson <djacobs7@binghamton.edu>
Subject: [PATCH v2 7/8] emvtest: Add ability to run all tests
Date: Fri, 22 Mar 2019 04:34:40 -0400	[thread overview]
Message-ID: <20190322083441.31084-7-djacobs7@binghamton.edu> (raw)
In-Reply-To: <20190322083441.31084-1-djacobs7@binghamton.edu>

From: David Jacobson <djacobs7@binghamton.edu>

evmtest tests functionality of different IMA-Appraisal policies.

To simplify testing, this patch defines an evmtest config file.  This
allows for running all tests at once, rather than invoking each test
individually. Variables can be set once rather than specifying
parameters at runtime on the command line.

Signed-off-by: David Jacobson <djacobs7@binghamton.edu>

changelog:
* removed [OPTIONS] for runall
* added CONFIGURATION PATHNAME -> configuration file
* shellcheck compliant
---
 evmtest/README       | 31 +++++++++++++++++++++++++-
 evmtest/evmtest      | 52 ++++++++++++++++++++++++++++++++++++++++++++
 evmtest/example.conf | 14 ++++++++++++
 3 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 evmtest/example.conf

diff --git a/evmtest/README b/evmtest/README
index 4dddbc0..d202559 100644
--- a/evmtest/README
+++ b/evmtest/README
@@ -13,6 +13,7 @@ SYNOPSIS
 
 evmtest runtest <test name> [OPTIONS]
 
+evmtest runall <configuration pathname>
 
 DESCRIPTION
 -----------
@@ -34,7 +35,7 @@ OPTIONS
 
 
 TEST NAMES
-----------
+---------
 
  boot_aggregate - verify the IMA boot-aggregate
  env_validate - verify kernel build
@@ -45,6 +46,34 @@ TEST NAMES
  xattr_preserve - test metadata preservation on file move
 
 
+
+CONFIGURATION PATHNAME
+----------------------
+
+The configuration pathname should point to the runall configuration file.
+
+
+=== Configuration File
+
+The evmtest configuration file allows all tests to be run by executing a single
+command. The configuration file contains all the options that needed for
+various tests and allows tests to be run non-interactively, so they can be
+integrated in a larger testing suite.
+
+The `example.conf` file provides a skeleton configuration file, where the only
+variable that *must* be defined is `IMA_KEY`. Defaults are described below.
+
+* `IMA_KEY` - The private key for the certificate on the IMA Trusted Keyring
+
+* `KBUILD_DIR` - Should point to a kernel build tree. If not provided, the test
+will use `/lib/modules/$(uname -r)/build`.
+
+* `KERN_IMAGE` - Should point towards an unsigned kernel image. If not provided,
+the test will attempt to use the running kernel.
+
+* `VERBOSE` - If set to 1, will add -v to all tests run
+
+
 Introduction
 ------------
 
diff --git a/evmtest/evmtest b/evmtest/evmtest
index 18cb98d..d6f46f5 100755
--- a/evmtest/evmtest
+++ b/evmtest/evmtest
@@ -16,6 +16,7 @@ source "$EVMDIR"/files/common.sh
 usage (){
 	echo "Usage:"
 	echo "	evmtest runtest <test name> [OPTIONS]"
+	echo "	evmtest	runall <configuration file>"
 	echo ""
 	echo "Options:"
 	echo "	-h	Displays this help message"
@@ -67,6 +68,57 @@ elif [ "$1" == "runtest" ]; then
 		runtest "$@"
 		exit $?
 	fi
+elif [ "$1" == "runall" ]; then
+	if [ -z "$2" ] || [ ! -e "$2" ]; then
+		echo "evmtest runall <config file>"
+		echo "[!] Please provide a config file"
+		exit 1
+	fi
+	source "$2" # Load in config
+	if [ "$VERBOSE" -eq 1 ]; then
+		V="-v"
+	fi
+
+	# Key is not optional
+	if [ -z "$IMA_KEY" ]; then
+		echo "[*] Please correct your config file"
+		exit 1
+	fi
+
+	EVMTEST_require_root
+	FAIL=0
+	echo "[*] Running tests..."
+	# 1
+	"$EVMDIR"/tests/env_validate.sh -r "$V"
+	FAIL=$((FAIL+$?))
+	# 2
+	if [ -z "$KERN_IMAGE" ]; then
+		"$EVMDIR"/tests/kexec_sig.sh -k "$IMA_KEY" "$V"
+	else
+		"$EVMDIR"/tests/kexec_sig.sh -k "$IMA_KEY" -i \
+			"$KERN_IMAGE" "$V"
+	fi
+	FAIL=$((FAIL+$?))
+	# 3
+	if [ -z "$KBUILD_DIR" ]; then
+		"$EVMDIR"/tests/kmod_sig.sh -k "$IMA_KEY" "$V"
+	else
+		"$EVMDIR"/tests/kmod_sig.sh -b "$KBUILD_DIR" \
+			-k "$IMA_KEY" "$V"
+	fi
+	FAIL=$((FAIL+$?))
+	# 4
+	"$EVMDIR"/tests/policy_sig.sh -k "$IMA_KEY" "$V"
+	FAIL=$((FAIL+$?))
+	# 5
+	"$EVMDIR"/tests/boot_aggregate.sh "$V"
+	FAIL=$((FAIL+$?))
+	# 6
+	"$EVMDIR"/tests/xattr_preserve.sh "$V"
+	FAIL=$((FAIL+$?))
+	echo "..."
+	echo "[*] TESTS PASSED: $((6-FAIL))"
+	echo "[*] TESTS FAILED: $FAIL"
 else
 	usage
 fi
diff --git a/evmtest/example.conf b/evmtest/example.conf
new file mode 100644
index 0000000..fd1c8fe
--- /dev/null
+++ b/evmtest/example.conf
@@ -0,0 +1,14 @@
+# This is an example config file
+# There are three variables that can be set when using evmtest runall
+
+#Set this to 1 for verbose output
+VERBOSE=0
+# Path to the private key for the IMA Trusted Keyring
+# This is required
+IMA_KEY=/path/to/your/ima_key
+
+# If this is not provided, tests will run but attempt to copy the running kernel
+KERN_IMAGE=/path/to/unsigned/kernel_image
+
+# If this is not defined, tests will try to find build tree
+KBUILD_DIR=/path/to/kernel/build/tree
-- 
2.20.1


  parent reply	other threads:[~2019-03-22  8:35 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-22  8:34 [PATCH v2 1/8] evmtest: Regression testing integrity subsystem djacobs7
2019-03-22  8:34 ` [PATCH v2 2/8] evmtest: test loading IMA policies djacobs7
2019-03-22  8:34 ` [PATCH v2 3/8] evmtest: test kernel module loading djacobs7
2019-03-22  8:34 ` [PATCH v2 4/8] evmtest: test kexec signature policy djacobs7
2019-03-22  8:34 ` [PATCH v2 5/8] evmtest: validate boot record djacobs7
2019-03-22  8:34 ` [PATCH v2 6/8] evmtest: test the preservation of extended attributes djacobs7
2019-03-22  8:34 ` djacobs7 [this message]
2019-03-22  8:34 ` [PATCH v2 8/8] evmtest: virtual machine compatibility djacobs7
2019-03-22 12:18 ` [PATCH v2 1/8] evmtest: Regression testing integrity subsystem Petr Vorel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190322083441.31084-7-djacobs7@binghamton.edu \
    --to=djacobs7@binghamton.edu \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pvorel@suse.cz \
    --cc=vt@altlinux.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.