Hi Mimi, > Thanks, Petr. This works properly. To remove the "hack", would > require running the test from "ima", not "ima/tests", but that would > require fixing how ima_setup.sh is called. It also would still > require setting TST_DATAROOT to TST_DATAROOT/$TST_ID. Let's keep it and suppose people run tests from ima/tests. This needs to be fixed on LTP side, I have it on my TODO list. Anything else? After that I'll work on ima_tpm.sh and after on policy automatic loading. BTW there are also plans for reboot support [1] [2], that could be used as workaround for configuration without CONFIG_IMA_READ_POLICY=y and CONFIG_IMA_WRITE_POLICY=y. [1] http://lists.linux.it/pipermail/ltp/2020-August/018636.html [2] http://lists.linux.it/pipermail/ltp/2020-August/018658.html > Mimi Kind regards, Petr
