On Thu, 2023-03-02 at 12:20 -0500, Mimi Zohar wrote:
> Hi Roberto,
>
> > diff --git a/tests/mmap_check.test b/tests/mmap_check.test
> > new file mode 100755
> > index 00000000000..3a42fec179e
> > --- /dev/null
> > +++ b/tests/mmap_check.test
> > @@ -0,0 +1,407 @@
> > +#!/bin/bash
> > +# SPDX-License-Identifier: GPL-2.0
> > +#
> > +# Copyright (C) 2022-2023 Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > +#
> > +# Check the behavior of MMAP_CHECK and MMAP_CHECK_REQPROT
> > +
> > +trap '_report_exit_and_cleanup _cleanup_env cleanup' SIGINT SIGTERM SIGSEGV EXIT
> > +
> > +PATCHES=(
> > +'ima: Align ima_file_mmap() parameters with mmap_file LSM hook'
> > +'ima: Introduce MMAP_CHECK_REQPROT hook'
> > +)
> > +
> > +(( ret_invalid_rule=1 ))
> > +(( ret_rule_overlap=2 ))
> > +(( ret_same_rule_exists=4 ))
>
> New to v6 is the defintiion of these variables. Is there a reason for
> defining them here as opposed to in check_load_ima_rule(), where they
> could be defined as local? Here they're global and should be in upper
> case like the the variables below.
Ok, will make them in upper case.
> > +
> > +(( EVM_INIT_HMAC=0x0001 ))
> > +(( EVM_INIT_X509=0x0002 ))
>
> Is there a reason for initializing these variables differently than
> those below? For example, EVM_INIT_HMAC could be define as
> EVM_INIT_HMAC=$((0x0001)).
Oh, I took them from evm.h. I can initialize those above in the same
way.
Thanks
Roberto
> +# Base VERBOSE on the environment variable, if set.
> > +VERBOSE="${VERBOSE:-0}"
> > +
> > +# Errors defined in test_mmap
> > +ERR_SETUP=1
> > +ERR_TEST=2
