[3/3] ima_{kexec,keys,selinux}: Set minimal kernel version

Message ID	20241126173830.98960-4-pvorel@suse.cz (mailing list archive)
State	New
Headers	show Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5EBAB1DACB4 for <linux-integrity@vger.kernel.org>; Tue, 26 Nov 2024 17:38:35 +0000 (UTC) From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Cc: Petr Vorel <pvorel@suse.cz>, Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org Subject: [PATCH 3/3] ima_{kexec,keys,selinux}: Set minimal kernel version Date: Tue, 26 Nov 2024 18:38:30 +0100 Message-ID: <20241126173830.98960-4-pvorel@suse.cz> In-Reply-To: <20241126173830.98960-1-pvorel@suse.cz> References: <20241126173830.98960-1-pvorel@suse.cz> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	LTP tests: load predefined policy \| expand [0/3] LTP tests: load predefined policy [1/3] ima: Add TCB policy as an example [2/3] ima_setup.sh: Allow to load predefined policy [3/3] ima_{kexec,keys,selinux}: Set minimal kernel version

Message ID

20241126173830.98960-4-pvorel@suse.cz (mailing list archive)

State

New

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <pvorel@suse.cz>,
	Mimi Zohar <zohar@linux.ibm.com>,
	linux-integrity@vger.kernel.org
Subject: [PATCH 3/3] ima_{kexec,keys,selinux}: Set minimal kernel version
Date: Tue, 26 Nov 2024 18:38:30 +0100
Message-ID: <20241126173830.98960-4-pvorel@suse.cz>
In-Reply-To: <20241126173830.98960-1-pvorel@suse.cz>
References: <20241126173830.98960-1-pvorel@suse.cz>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

LTP tests: load predefined policy | expand

Commit Message

Petr Vorel Nov. 26, 2024, 5:38 p.m. UTC

The functionality IMHO was not backported to the enterprise kernels.

This helps to avoid false positive in ima_kexec.sh:
ima_kexec 1 TWARN: policy not readable, it might not contain required
policy '^measure.*func=KEXEC_CMDLINE'
ima_kexec 1 TBROK: unable to find a correct measurement

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 testcases/kernel/security/integrity/ima/tests/ima_kexec.sh   | 1 +
 testcases/kernel/security/integrity/ima/tests/ima_keys.sh    | 1 +
 testcases/kernel/security/integrity/ima/tests/ima_selinux.sh | 1 +
 3 files changed, 3 insertions(+)

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
index 62f05f5361..3446bc24bf 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
@@ -11,6 +11,7 @@ 
 TST_NEEDS_CMDS="grep kexec sed"
 TST_CNT=3
 TST_SETUP="setup"
+TST_MIN_KVER="5.3"
 
 IMA_KEXEC_IMAGE="${IMA_KEXEC_IMAGE:-/boot/vmlinuz-$(uname -r)}"
 REQUIRED_POLICY='^measure.*func=KEXEC_CMDLINE'
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
index 793908d44a..ff32eb6c43 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
@@ -10,6 +10,7 @@  TST_NEEDS_CMDS="cmp cut grep sed"
 TST_CNT=2
 TST_SETUP=setup
 TST_CLEANUP=cleanup
+TST_MIN_KVER="5.6"
 
 FUNC_KEYCHECK='func=KEY_CHECK'
 REQUIRED_POLICY="^measure.*$FUNC_KEYCHECK"
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
index f6e392822a..75f9ba84e4 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
@@ -12,6 +12,7 @@ 
 TST_NEEDS_CMDS="awk cut grep tail"
 TST_CNT=2
 TST_SETUP="setup"
+TST_MIN_KVER="5.12"
 
 FUNC_CRITICAL_DATA='func=CRITICAL_DATA'
 REQUIRED_POLICY="^measure.*$FUNC_CRITICAL_DATA"

[3/3] ima_{kexec,keys,selinux}: Set minimal kernel version

Commit Message

Patch