Hi all,
FYI patch merged.
Kind regards,
Petr
> kernel commit e9c38f9fc2cc ("Documentation,selinux: deprecate setting
> checkreqprot to 1") from v5.10-rc1 deprecated checkreqprot value 1
> (emit warning in dmesg). Code is used only in ima_selinux.sh
> which requires 5.12. Touching /sys/fs/selinux/checkreqprot is required
> to trigger the measurement via selinux_ima_measure_state().
> Using the same value (0 by default) works on recent 6.14, it should be
> safe changing to use the same value. This way misleading warning is
> avoided and hopefully kept working in the future.
> Also, this way it does not modify SUT setting (don't influence other
> tests), which is always better.
> Fixes: 36c695e497 ("tst_security.sh: Add helper tst_update_selinux_state()")
> Signed-off-by: Petr Vorel <pvo...@suse.cz>
> ---
> @SELinux developers: FYI tst_security.sh is used in LTP test in
> ima_selinux.sh [1] test.
> Kind regards,
> Petr
> [1]
> https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh
> testcases/lib/tst_security.sh | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
> diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh
> index 4e2d34ca98..820736c723 100644
> --- a/testcases/lib/tst_security.sh
> +++ b/testcases/lib/tst_security.sh
> @@ -142,11 +142,10 @@ tst_get_enforce()
> tst_update_selinux_state()
> {
> - local cur_val new_val
> + local val
> local dir=$(tst_get_selinux_dir)
> [ -n "$dir" ] || return 1
> - cur_val=$(cat $dir/checkreqprot)
> - [ $cur_val = 1 ] && new_val=0 || new_val=1
> - echo $new_val > $dir/checkreqprot
> + val=$(cat $dir/checkreqprot)
> + echo $val > $dir/checkreqprot
> }
