On Mon, 2023-01-30 at 11:54 -0500, Mimi Zohar wrote:
> On Mon, 2023-01-30 at 17:07 +0100, Roberto Sassu wrote:
> > On Mon, 2023-01-30 at 15:02 +0100, Roberto Sassu wrote:
> > > On Mon, 2023-01-30 at 08:28 -0500, Mimi Zohar wrote:
> > > > [Trimmed Cc list, since this is an ima-evm-utils discussion. Adding
> > > > Petr.]
> > > >
> > > > On Fri, 2023-01-27 at 08:57 +0100, Roberto Sassu wrote:
> > > > > On Thu, 2023-01-26 at 17:25 -0500, Stefan Berger wrote:
> > > > > > How do you tell the user that the patches need to be applied for the test to
> > > > > > succeed and not worry about it when the patches are not applied?
> > > > >
> > > > > Uhm, I agree. I should at least write a comment as for EVM portable
> > > > > signatures, and maybe display a message in the test logs.
> > > >
> > > > This is a generic problem that needs to be addressed. FYI, LTP
> > > > addressed it by introducing "struct test_tag" in commit ca2c76990
> > > > ("lib: Add support for test tags").
> > >
> > > One idea could be to list all the patches the group of tests is going
> > > to check, and add an argument to expect_pass and expect_fail to specify
> > > the indexes of patches required for the test. We print the required
> > > patches in an error message.
> >
> > Ok, here is an example for this patch set. I added the following
> > changes to the mmap_check.test script:
> >
> > PATCHES=(
> > 'ima: Align ima_file_mmap() parameters with mmap_file LSM hook'
> > 'ima: Introduce MMAP_CHECK_REQPROT hook'
> > )
>
> This works for bug fixes, where the patch list is relatively small.
> I'm not sure this will work so well for new kernel features.
For new features, it is probably easier check at the beginning of the
tests if the feature is available and, if not, skip them.
Roberto
