Re: [PATCH ima-evm-utils] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 1/26/23 11:38, Roberto Sassu wrote:
From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>

Add tests to ensure that, after applying the kernel patch 'ima: Align
ima_file_mmap() parameters with mmap_file LSM hook', the MMAP_CHECK hook
checks the protections applied by the kernel and not those requested by the
application.

Also ensure that after applying 'ima: Introduce MMAP_CHECK_REQPROT hook',
the MMAP_CHECK_REQPROT hook checks the protections requested by the
application.

below LGTM

How do you tell the user that the patches need to be applied for the test to
succeed and not worry about it when the patches are not applied?



Test both with the test_mmap application that by default requests the
PROT_READ protection flag. Its syntax is:


+
+check_mmap() {
+	local hook="$1"
+	local arg="$2"
+	local test_file
+	local fowner
+	local rule
+	local result
+	local test_file_entry
+

you can write them all in one line: 'local test_file fowner rule result test_file_entry'



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux