On Fri, Nov 20, 2020 at 7:11 PM Yonghong Song <yhs@xxxxxx> wrote:
>
>
>
> On 11/20/20 5:17 AM, KP Singh wrote:
> > From: KP Singh <kpsingh@xxxxxxxxxx>
> >
> > - Update the IMA policy before executing the test binary (this is not an
> > override of the policy, just an append that ensures that hashes are
> > calculated on executions).
> >
> > - Call the bpf_ima_inode_hash in the bprm_committed_creds hook and check
> > if the call succeeded and a hash was calculated.
> >
> > Signed-off-by: KP Singh <kpsingh@xxxxxxxxxx>
>
> LGTM with a few nits below.
>
> Acked-by: Yonghong Song <yhs@xxxxxx>
>
> > ---
> > tools/testing/selftests/bpf/config | 3 ++
[...]
> > }
> >
> [...]
> > +
> > void test_test_lsm(void)
> > {
> > struct lsm *skel = NULL;
> > @@ -66,6 +88,10 @@ void test_test_lsm(void)
> > if (CHECK(err, "attach", "lsm attach failed: %d\n", err))
> > goto close_prog;
> >
> > + err = update_ima_policy();
> > + if (CHECK(err != 0, "update_ima_policy", "error = %d\n", err))
> > + goto close_prog;
>
> "err != 0" => err?
> "error = %d" => "err %d" for consistency with other usage in this function.
Done.
>
> > +
> > err = exec_cmd(&skel->bss->monitored_pid);
> > if (CHECK(err < 0, "exec_cmd", "err %d errno %d\n", err, errno))
> > goto close_prog;
> > @@ -83,6 +109,12 @@ void test_test_lsm(void)
[...]
> > int mprotect_count = 0;
> > int bprm_count = 0;
> > +int ima_hash_ret = -1;
>
> The helper returns type "long", but "int" type here should be fine too.
Changed it to long for correctness.
