"measure func=CRITICAL_DATA label=selinux" in selinux.policy LTP example policy is a subset of "measure func=CRITICAL_DATA" loaded by ima_policy=critical_data kernel command line option.
Therefore ima_selinux.sh require only one of them, not both. Reported-by: Mimi Zohar <[email protected]> Signed-off-by: Petr Vorel <[email protected]> --- Thanks Mimi! Kind regards, Petr testcases/kernel/security/integrity/ima/tests/ima_selinux.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh index 1a0de21efd..e64a7739f9 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh @@ -18,13 +18,12 @@ TST_SETUP="setup" TST_MIN_KVER="5.12" REQUIRED_POLICY_CONTENT='selinux.policy' +REQUIRED_BUILTIN_POLICY='critical_data' setup() { SELINUX_DIR=$(tst_get_selinux_dir) [ "$SELINUX_DIR" ] || tst_brk TCONF "SELinux is not enabled" - - require_ima_policy_cmdline "critical_data" } # Format of the measured SELinux state data. -- 2.51.0
