Previously policy was checked in setup and in all tests
(redundant in test1). It should be enough to test in setup and after
write in test1, but let's being careful and test before writing the
policy in load_policy().
Signed-off-by: Petr Vorel <pvo...@suse.cz>
---
.../kernel/security/integrity/ima/tests/ima_policy.sh | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
index af1fb0028c..1c4763d838 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
@@ -1,7 +1,7 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0-or-later
# Copyright (c) 2009 IBM Corporation
-# Copyright (c) 2018-2020 Petr Vorel <pvo...@suse.cz>
+# Copyright (c) 2018-2025 Petr Vorel <pvo...@suse.cz>
# Author: Mimi Zohar <zo...@linux.ibm.com>
#
# Test replacing the default integrity measurement policy.
@@ -11,8 +11,6 @@ TST_CNT=2
setup()
{
- require_policy_writable
-
VALID_POLICY="$TST_DATAROOT/measure.policy"
[ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY"
@@ -24,6 +22,7 @@ load_policy()
{
local ret
+ require_policy_writable
exec 2>/dev/null 4>$IMA_POLICY
[ $? -eq 0 ] || exit 1
@@ -43,7 +42,6 @@ test1()
local p1
- require_policy_writable
load_policy $INVALID_POLICY & p1=$!
wait "$p1"
if [ $? -ne 0 ]; then
@@ -59,7 +57,6 @@ test2()
local p1 p2 rc1 rc2
- require_policy_writable
load_policy $VALID_POLICY & p1=$!
load_policy $VALID_POLICY & p2=$!
wait "$p1"; rc1=$?
--
2.51.0
