Menu
▾
▴
[Linux-ima-user] ltp: IMA cross platform fixes
|
From: Mimi Z. <zo...@li...> - 2009-07-13 23:40:12
|
- Instead of using the default platform shell, explicitly use bash. - To create a file using 'sudo -u', some platforms require 'user' to exist. - Document verifying PCR-10 fails on Ubuntu 9 on reboot due to kexec. Signed-off-by: Mimi Zohar <zo...@us...> Index: ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh =================================================================== --- ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ################################################################################ ## ## @@ -137,12 +137,13 @@ test03() # create file user-test.txt mkdir -m 0700 $LTPIMA/user - chown 99.99 $LTPIMA/user + chown nobody.nobody $LTPIMA/user cd $LTPIMA/user hash=0 - # As user 99, create and cat the new file - sudo -u \#99 sh -c "echo `date` - create test.txt > ./test.txt; + # As user nobody, create and cat the new file + # (The LTP tests assumes existence of 'nobody'.) + sudo -u nobody sh -c "echo `date` - create test.txt > ./test.txt; cat ./test.txt > /dev/null" # Calculating the hash will add the measurement to the measurement Index: ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_policy.sh =================================================================== --- ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_policy.sh +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_policy.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ################################################################################ ## ## ## Copyright (C) 2009 IBM Corporation ## Index: ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_setup.sh =================================================================== --- ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ################################################################################ ## ## ## Copyright (C) 2009 IBM Corporation ## Index: ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh =================================================================== --- ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ################################################################################ ## ## Index: ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_violations.sh =================================================================== --- ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/tests/ima_violations.sh +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/tests/ima_violations.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ################################################################################ ## ## ## Copyright (C) 2009 IBM Corporation ## Index: ltp-full-20090531/testcases/kernel/security/integrity/ima/README =================================================================== --- ltp-full-20090531.orig/testcases/kernel/security/integrity/ima/README +++ ltp-full-20090531/testcases/kernel/security/integrity/ima/README @@ -52,6 +52,10 @@ open for read by root. If the default po another measurement policy will fail, as the policy may only be replaced once per boot. Some of the policy dependency tests might also fail as well. +ima_tpm.sh: test02, verifying the PCR-10 value, requires a hard reboot. +[On Ubuntu 9, before running the ltp tests, disable /etc/init.d/kexec-load +and reboot.] + Run tests --------- After doing 'make' and 'make install' from the top-level, |
