From: Petr Vorel <[email protected]>
Hi Mimi, all,
this effort allows to load policy LTP provides as example
via LTP_IMA_LOAD_POLICY=1 environment variable (off by default).
This should allow better coverage for these who just run runtest/ima.
But it requires tooling which runs LTP to do the restart after each
test.
Kind regards,
Petr
Petr Vorel (3):
ima: Add TCB policy as an example
ima_setup.sh: Allow to load predefined policy
ima_{kexec,keys,selinux}: Set minimal kernel version
.../kernel/security/integrity/ima/README.md | 6 +++
.../ima/datafiles/ima_measurements/tcb.policy | 20 +++++++
.../security/integrity/ima/tests/ima_kexec.sh | 1 +
.../security/integrity/ima/tests/ima_keys.sh | 1 +
.../integrity/ima/tests/ima_measurements.sh | 17 +++++-
.../integrity/ima/tests/ima_selinux.sh | 1 +
.../security/integrity/ima/tests/ima_setup.sh | 52 ++++++++++++++++---
7 files changed, 89 insertions(+), 9 deletions(-)
create mode 100644
testcases/kernel/security/integrity/ima/datafiles/ima_measurements/tcb.policy
--
2.45.2
