From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <pvorel@suse.cz>,
Lachlan Sneff <t-josne@linux.microsoft.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org
Subject: [PATCH v2 1/4] IMA/ima_keys.sh Fix policy content check usage
Date: Fri, 7 Aug 2020 22:46:49 +0200 [thread overview]
Message-ID: <20200807204652.5928-2-pvorel@suse.cz> (raw)
In-Reply-To: <20200807204652.5928-1-pvorel@suse.cz>
require_ima_policy_content cannot be used in subshell $() evaluation,
because tst_brk does not quit the test. It calls cleanup for the
subshell process and main process then continue:
ima_keys 1 TCONF: IMA policy does not specify 'func=KEY_CHECK'
=> Here it's running first cleanup. umount errors are because parent
shell process still has $PWD in directory to be unmounted:
umount: /tmp/LTP_ima_keys.0dIVrwJKIG/mntpoint: target is busy.
ima_keys 1 TINFO: umount(/dev/loop0) failed, try 1 ...
ima_keys 1 TINFO: Likely gvfsd-trash is probing newly mounted fs, kill it to speed up tests.
umount: /tmp/LTP_ima_keys.0dIVrwJKIG/mntpoint: target is busy.
...
ima_keys 1 TINFO: umount(/dev/loop0) failed, try 50 ...
ima_keys 1 TINFO: Likely gvfsd-trash is probing newly mounted fs, kill it to speed up tests.
ima_keys 1 TWARN: Failed to umount(/dev/loop0) after 50 retries
tst_device.c:222: WARN: ioctl(/dev/loop0, LOOP_CLR_FD, 0) no ENXIO for too long
Usage: tst_device acquire [size [filename]]
or: tst_device release /path/to/device
ima_keys 1 TWARN: Failed to release device '/dev/loop0'
rm: cannot remove '/tmp/LTP_ima_keys.0dIVrwJKIG/mntpoint': Device or resource busy
ima_keys 1 TINFO: AppArmor enabled, this may affect test results
ima_keys 1 TINFO: it can be disabled with TST_DISABLE_APPARMOR=1 (requires super/root)
ima_keys 1 TINFO: loaded AppArmor profiles: none
/opt/ltp/testcases/bin/ima_keys.sh: line 25: 6166 Terminated sleep $sec && tst_res TBROK "test killed, timeout! If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1" && kill -9 -$pid (wd: ~)
=> Here it should quit after running cleanup, but instead continue running:
ima_keys 1 TCONF: ima policy does not specify a keyrings to check
Fixes: f20f44d72 ("IMA/ima_keys.sh: Fix policy readability check")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Originally sent as
https://patchwork.ozlabs.org/project/ltp/patch/20200807112929.8984-1-pvorel@suse.cz/
testcases/kernel/security/integrity/ima/tests/ima_keys.sh | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
index 3aea26056..53c289054 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
@@ -16,11 +16,14 @@ TST_NEEDS_DEVICE=1
# (450d0fd51564 - "IMA: Call workqueue functions to measure queued keys")
test1()
{
- local keyrings keycheck_lines keycheck_line templates test_file="file.txt"
+ local keyrings keycheck_lines keycheck_line templates
+ local pattern="func=KEY_CHECK"
+ local test_file="file.txt"
tst_res TINFO "verifying key measurement for keyrings and templates specified in IMA policy file"
- keycheck_lines=$(require_ima_policy_content "func=KEY_CHECK" "")
+ require_ima_policy_content "$pattern"
+ keycheck_lines=$(check_ima_policy_content "$pattern" "")
keycheck_line=$(echo "$keycheck_lines" | grep "keyrings" | head -n1)
if [ -z "$keycheck_line" ]; then
--
2.28.0
WARNING: multiple messages have this Message-ID (diff)
From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v2 1/4] IMA/ima_keys.sh Fix policy content check usage
Date: Fri, 7 Aug 2020 22:46:49 +0200 [thread overview]
Message-ID: <20200807204652.5928-2-pvorel@suse.cz> (raw)
In-Reply-To: <20200807204652.5928-1-pvorel@suse.cz>
require_ima_policy_content cannot be used in subshell $() evaluation,
because tst_brk does not quit the test. It calls cleanup for the
subshell process and main process then continue:
ima_keys 1 TCONF: IMA policy does not specify 'func=KEY_CHECK'
=> Here it's running first cleanup. umount errors are because parent
shell process still has $PWD in directory to be unmounted:
umount: /tmp/LTP_ima_keys.0dIVrwJKIG/mntpoint: target is busy.
ima_keys 1 TINFO: umount(/dev/loop0) failed, try 1 ...
ima_keys 1 TINFO: Likely gvfsd-trash is probing newly mounted fs, kill it to speed up tests.
umount: /tmp/LTP_ima_keys.0dIVrwJKIG/mntpoint: target is busy.
...
ima_keys 1 TINFO: umount(/dev/loop0) failed, try 50 ...
ima_keys 1 TINFO: Likely gvfsd-trash is probing newly mounted fs, kill it to speed up tests.
ima_keys 1 TWARN: Failed to umount(/dev/loop0) after 50 retries
tst_device.c:222: WARN: ioctl(/dev/loop0, LOOP_CLR_FD, 0) no ENXIO for too long
Usage: tst_device acquire [size [filename]]
or: tst_device release /path/to/device
ima_keys 1 TWARN: Failed to release device '/dev/loop0'
rm: cannot remove '/tmp/LTP_ima_keys.0dIVrwJKIG/mntpoint': Device or resource busy
ima_keys 1 TINFO: AppArmor enabled, this may affect test results
ima_keys 1 TINFO: it can be disabled with TST_DISABLE_APPARMOR=1 (requires super/root)
ima_keys 1 TINFO: loaded AppArmor profiles: none
/opt/ltp/testcases/bin/ima_keys.sh: line 25: 6166 Terminated sleep $sec && tst_res TBROK "test killed, timeout! If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1" && kill -9 -$pid (wd: ~)
=> Here it should quit after running cleanup, but instead continue running:
ima_keys 1 TCONF: ima policy does not specify a keyrings to check
Fixes: f20f44d72 ("IMA/ima_keys.sh: Fix policy readability check")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Originally sent as
https://patchwork.ozlabs.org/project/ltp/patch/20200807112929.8984-1-pvorel@suse.cz/
testcases/kernel/security/integrity/ima/tests/ima_keys.sh | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
index 3aea26056..53c289054 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
@@ -16,11 +16,14 @@ TST_NEEDS_DEVICE=1
# (450d0fd51564 - "IMA: Call workqueue functions to measure queued keys")
test1()
{
- local keyrings keycheck_lines keycheck_line templates test_file="file.txt"
+ local keyrings keycheck_lines keycheck_line templates
+ local pattern="func=KEY_CHECK"
+ local test_file="file.txt"
tst_res TINFO "verifying key measurement for keyrings and templates specified in IMA policy file"
- keycheck_lines=$(require_ima_policy_content "func=KEY_CHECK" "")
+ require_ima_policy_content "$pattern"
+ keycheck_lines=$(check_ima_policy_content "$pattern" "")
keycheck_line=$(echo "$keycheck_lines" | grep "keyrings" | head -n1)
if [ -z "$keycheck_line" ]; then
--
2.28.0
next prev parent reply other threads:[~2020-08-07 20:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-07 20:46 [PATCH v2 0/4] IMA: verify measurement of certificate imported into a keyring Petr Vorel
2020-08-07 20:46 ` [LTP] " Petr Vorel
2020-08-07 20:46 ` Petr Vorel [this message]
2020-08-07 20:46 ` [LTP] [PATCH v2 1/4] IMA/ima_keys.sh Fix policy content check usage Petr Vorel
2020-08-07 20:46 ` [PATCH v2 2/4] IMA: Refactor datafiles directory Petr Vorel
2020-08-07 20:46 ` [LTP] " Petr Vorel
2020-08-07 20:46 ` [PATCH v2 3/4] IMA: Add a test to verify measurement of certificate imported into a keyring Petr Vorel
2020-08-07 20:46 ` [LTP] " Petr Vorel
2020-08-07 21:12 ` Lakshmi Ramasubramanian
2020-08-07 21:12 ` [LTP] " Lakshmi Ramasubramanian
2020-08-17 3:21 ` Mimi Zohar
2020-08-17 3:21 ` [LTP] " Mimi Zohar
2020-08-17 5:13 ` Lakshmi Ramasubramanian
2020-08-17 5:13 ` [LTP] " Lakshmi Ramasubramanian
2020-08-17 11:09 ` Petr Vorel
2020-08-17 11:09 ` [LTP] " Petr Vorel
2020-08-07 20:46 ` [PATCH v2 4/4] IMA/ima_keys.sh: Enhance policy checks Petr Vorel
2020-08-07 20:46 ` [LTP] " Petr Vorel
2020-08-12 13:35 ` [PATCH v2 0/4] IMA: verify measurement of certificate imported into a keyring Petr Vorel
2020-08-12 13:35 ` [LTP] " Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200807204652.5928-2-pvorel@suse.cz \
--to=pvorel@suse.cz \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=t-josne@linux.microsoft.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.