Re: [LTP] ltp: IMA cross platform fixes

Sat, 18 Jul 2009 22:16:15 -0700 

On Thu, Jul 16, 2009 at 3:59 AM, Mimi Zohar<[email protected]> wrote:
> - Instead of using the default platform shell, explicitly use bash.
> - To create a file using 'sudo -u', some platforms require 'user' to exist.
> - Document verifying PCR-10 fails on Ubuntu on reboot due to kexec.
>
> Signed-off-by: Mimi Zohar <[email protected]>
>
> Index: 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> ===================================================================
> --- 
> ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> +++ 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
> @@ -1,4 +1,4 @@
> -#!/bin/sh
> +#!/bin/bash
>
>  ################################################################################
>  ##                                                                           
>  ##
> @@ -137,12 +137,13 @@ test03()
>
>        # create file user-test.txt
>        mkdir -m 0700 $LTPIMA/user
> -       chown 99.99 $LTPIMA/user
> +       chown nobody.nobody $LTPIMA/user
>        cd $LTPIMA/user
>        hash=0
>
> -       # As user 99, create and cat the new file
> -       sudo -u \#99 sh -c "echo `date` - create test.txt > ./test.txt;
> +       # As user nobody, create and cat the new file
> +       # (The LTP tests assumes existence of 'nobody'.)
> +       sudo -u nobody sh -c "echo `date` - create test.txt > ./test.txt;
>                                cat ./test.txt > /dev/null"
>
>        # Calculating the hash will add the measurement to the measurement
> Index: 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
> ===================================================================
> --- 
> ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
> +++ 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
> @@ -1,4 +1,4 @@
> -#!/bin/sh
> +#!/bin/bash
>  ################################################################################
>  ##                                                                           
>  ##
>  ## Copyright (C) 2009 IBM Corporation                                        
>  ##
> Index: 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> ===================================================================
> --- 
> ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> +++ 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> @@ -1,4 +1,4 @@
> -#!/bin/sh
> +#!/bin/bash
>  ################################################################################
>  ##                                                                           
>  ##
>  ## Copyright (C) 2009 IBM Corporation                                        
>  ##
> Index: 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> ===================================================================
> --- 
> ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> @@ -1,4 +1,4 @@
> -#!/bin/sh
> +#!/bin/bash
>
>  ################################################################################
>  ##                                                                           
>  ##
> Index: 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> ===================================================================
> --- 
> ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ 
> ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -1,4 +1,4 @@
> -#!/bin/sh
> +#!/bin/bash
>  ################################################################################
>  ##                                                                           
>  ##
>  ## Copyright (C) 2009 IBM Corporation                                        
>  ##
> Index: ltp-full-20090531/testcases/kernel/security/integrity/ima/README
> ===================================================================
> --- ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/README
> +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/README
> @@ -52,6 +52,10 @@ open for read by root. If the default po
>  another measurement policy will fail, as the policy may only be replaced
>  once per boot. Some of the policy dependency tests might also fail as well.
>
> +ima_tpm.sh: test02, verifying the PCR-10 value, requires a hard reboot.
> +[On Ubuntu, before running the ltp tests, disable /etc/init.d/kexec-load
> +and reboot.]
> +
>  Run tests

Hi Mimi,
    The change to
testcases/kernel/security/integrity/ima/tests/ima_measurements.sh,
minus the shebang change looks ok.
    /bin/sh should remain the standard, but a number of changes need
to happen to the .sh scripts to make them POSIX compatible, e.g.
backticks execution should become $(), etc. Let's not make things
bash-only...
Thanks,
-Garrett

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to