Re: [LTP] ltp: IMA cross platform fixes

Thu, 23 Jul 2009 04:09:31 -0700 

On Wed, 2009-07-22 at 20:28 -0400, Mike Frysinger wrote: 
> On Wednesday 22 July 2009 17:20:19 Mimi Zohar wrote:
> > testcases/kernel/security/integrity/ima/tests/ima_policy.sh
> >
> > -           if [ "${line:0:1}" != "#" ] ; then
> > +           firstch=`expr substr "${line}" 1 1`
> > +           if [ "${firstch}" != "#" ] ; then
> 
> the `expr` util, while pretty flexible, tends to not get used.  so it'll 
> probably be easier for people to grok:
>       if [ "${line#\#}" = "${line}" ] ; then

Other than the comparison needing to be '!=', this works. Thanks!

> > -   RC=$((`expr $RC1 + $RC2`))
> > -   if [ $RC -eq 1 ]; then
> > +   if [ $RC1 -eq 0 ] && [ $RC2 -eq 0 ]; then
> 
> i dont see what was wrong with the original here, but if you really want to 
> rewrite this, then just change the one line to:
>       RC=$((RC1 + RC2))

The test opens the policy file and attempts to open it again, while it
is still open.  The test now explicitly checks the return code from both
opens.  The return code from both opens shouldn't be 0.

> > testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> >
> > +   zero="0000000000000000000000000000000000000000"
> >
> > +   ima_aggr=`expr substr "${line}" 49 40`
> >
> > -           [ "${line:49:40}" -eq 0 ] || RC=$?
> > +           [ "${ima_aggr}" = "${zero}" ] || RC=$?
> 
> these changes arent exactly equivalent.  if the subst of line only returned 
> say 5 zeros, then your check wouldnt work.  do you even need this ?  simply 
> changing the line to ima_aggr via substr looks good enough to me.  this 
> should 
> work fine in POSIX shells:
>       [ "00000" -eq 0 ]

Although the statements aren't equivalent, the current check is more
correct.  If the TPM is not enabled, the first entry
in /sys/kernel/security/ascii_runtime, the boot aggregate, will be a
string of zeroes.

> > testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> >
> > +                   tst_res TINFO $LTPTMP/imalog.$$\
> > +                    "$TCID: (message ratelimiting?)"
> 
> this shows up a few times in the patch ... if you're going to line wrap 
> things, there needs to be a space before the continuation marker for style.
> -mike

Ok.

Thanks!

Mimi


------------------------------------------------------------------------------
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to