Hi Petr,
On Fri, 2024-12-13 at 23:20 +0100, Petr Vorel wrote:
> Add check for ^func=FILE_CHECK'
>
> Signed-off-by: Petr Vorel <[email protected]>
>
> Signed-off-by: Petr Vorel <[email protected]>
> ---
> .../kernel/security/integrity/ima/tests/ima_violations.sh | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> index 0f710dea2e..73b9fe6f30 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -1,7 +1,7 @@
> #!/bin/sh
> # SPDX-License-Identifier: GPL-2.0-or-later
> # Copyright (c) 2009 IBM Corporation
> -# Copyright (c) 2018-2020 Petr Vorel <[email protected]>
> +# Copyright (c) 2018-2024 Petr Vorel <[email protected]>
> # Author: Mimi Zohar <[email protected]>
> #
> # Test whether ToMToU and open_writer violations invalidatethe PCR and are
> logged.
> @@ -9,6 +9,7 @@
> TST_SETUP="setup"
> TST_CLEANUP="cleanup"
> TST_CNT=3
> +REQUIRED_POLICY='^func=FILE_CHECK'
The first field of an IMA policy rule is the 'action', followed by the
condition. Use "func=FILE_CHECK" instead.
thanks,
Mimi
>
> setup()
> {
> @@ -17,6 +18,8 @@ setup()
> LOG="/var/log/messages"
> PRINTK_RATE_LIMIT=
>
> + require_ima_policy_content_if_readable "$REQUIRED_POLICY"
> +
> if status_daemon auditd; then
> LOG="/var/log/audit/audit.log"
> elif tst_check_cmds sysctl; then
