On 1/26/23 11:38, Roberto Sassu wrote:
From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Add tests to ensure that, after applying the kernel patch 'ima: Align
ima_file_mmap() parameters with mmap_file LSM hook', the MMAP_CHECK hook
checks the protections applied by the kernel and not those requested by the
application.
Also ensure that after applying 'ima: Introduce MMAP_CHECK_REQPROT hook',
the MMAP_CHECK_REQPROT hook checks the protections requested by the
application.
below LGTM
How do you tell the user that the patches need to be applied for the test to
succeed and not worry about it when the patches are not applied?
Test both with the test_mmap application that by default requests the
PROT_READ protection flag. Its syntax is:
+
+check_mmap() {
+ local hook="$1"
+ local arg="$2"
+ local test_file
+ local fowner
+ local rule
+ local result
+ local test_file_entry
+
you can write them all in one line: 'local test_file fowner rule result test_file_entry'
