[v3,04/10] IMA: Add example policy for ima_violations.sh

Message ID	20250114112915.610297-5-pvorel@suse.cz (mailing list archive)
State	New
Headers	show Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4642A2309AC for <linux-integrity@vger.kernel.org>; Tue, 14 Jan 2025 11:29:26 +0000 (UTC) From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Cc: Petr Vorel <pvorel@suse.cz>, Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org Subject: [PATCH v3 04/10] IMA: Add example policy for ima_violations.sh Date: Tue, 14 Jan 2025 12:29:09 +0100 Message-ID: <20250114112915.610297-5-pvorel@suse.cz> In-Reply-To: <20250114112915.610297-1-pvorel@suse.cz> References: <20250114112915.610297-1-pvorel@suse.cz> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	LTP tests: load predefined policy, enhancements \| expand [v3,00/10] LTP tests: load predefined policy, enhancements [v3,01/10] ima_violations.sh: Fix log detection [v3,02/10] IMA: Add TCB policy as an example for ima_measurements.sh [v3,03/10] IMA: Move requirement check to ima_setup.sh [v3,04/10] IMA: Add example policy for ima_violations.sh [v3,05/10] IMA: Read required policy from file [v3,06/10] ima_violations.sh: Declare tcb builtin policy [v3,07/10] ima_setup.sh: Add digest index detection for ima-buf format [v3,08/10] ima_setup.sh: Allow to load predefined policy [v3,09/10] ima_measurements.sh: Check policy for test3 [v3,10/10] tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA

Message ID

20250114112915.610297-5-pvorel@suse.cz (mailing list archive)

State

New

Headers

From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <pvorel@suse.cz>,
	Mimi Zohar <zohar@linux.ibm.com>,
	linux-integrity@vger.kernel.org
Subject: [PATCH v3 04/10] IMA: Add example policy for ima_violations.sh
Date: Tue, 14 Jan 2025 12:29:09 +0100
Message-ID: <20250114112915.610297-5-pvorel@suse.cz>
In-Reply-To: <20250114112915.610297-1-pvorel@suse.cz>
References: <20250114112915.610297-1-pvorel@suse.cz>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

LTP tests: load predefined policy, enhancements | expand

Commit Message

Petr Vorel Jan. 14, 2025, 11:29 a.m. UTC

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 .../kernel/security/integrity/ima/datafiles/Makefile  |  2 +-
 .../integrity/ima/datafiles/ima_violations/Makefile   | 11 +++++++++++
 .../ima/datafiles/ima_violations/violations.policy    |  2 ++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile
 create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy

diff --git a/testcases/kernel/security/integrity/ima/datafiles/Makefile b/testcases/kernel/security/integrity/ima/datafiles/Makefile
index 0f2b4fdb11..2013bfc918 100644
--- a/testcases/kernel/security/integrity/ima/datafiles/Makefile
+++ b/testcases/kernel/security/integrity/ima/datafiles/Makefile
@@ -8,6 +8,6 @@  top_srcdir	?= ../../../../../..
 
 include	$(top_srcdir)/include/mk/env_pre.mk
 
-SUBDIRS	:= ima_kexec ima_keys ima_measurements ima_policy ima_selinux
+SUBDIRS	:= ima_kexec ima_keys ima_measurements ima_policy ima_selinux ima_violations
 
 include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git a/testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile
new file mode 100644
index 0000000000..58d474f076
--- /dev/null
+++ b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile
@@ -0,0 +1,11 @@ 
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) Linux Test Project, 2025
+
+top_srcdir	?= ../../../../../../..
+
+include	$(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_DIR		:= testcases/data/ima_violations
+INSTALL_TARGETS	:= *.policy
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy
new file mode 100644
index 0000000000..466b8c5a64
--- /dev/null
+++ b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy
@@ -0,0 +1,2 @@ 
+measure func=FILE_CHECK mask=^MAY_READ euid=0
+measure func=FILE_CHECK mask=^MAY_READ uid=0

[v3,04/10] IMA: Add example policy for ima_violations.sh

Commit Message

Patch