On Fri, 2023-06-23 at 07:42 -0400, Mimi Zohar wrote: > Hi Roberto, > > On Fri, 2023-06-16 at 21:23 +0200, Roberto Sassu wrote: > > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > > > Add a simple test to ensure that the kernel and evmctl provide the same > > result for the HMAC calculation. Do it with SELinux or Smack, whichever is > > available (if the UML kernel is used, the test is done with both LSMs). > > > > Also add another test to evaluate the HMAC on a directory for which Smack > > added the SMACK64TRANSMUTE xattr. > > > > The second test fails without the kernel patch 'smack: Set the > > SMACK64TRANSMUTE xattr in smack_inode_init_security()', as Smack uses > > __vfs_setxattr() to set SMACK64TRANSMUTE, which does not go through EVM, > > and makes the HMAC invalid. > > > > Require (unless the UML kernel is used) that the TST_EVM_CHANGE_MODE > > environment variable is set to 1, so that users acknowledge that they are > > initializing EVM with a well-known HMAC key, which can introduce obvious > > security concerns. > > > > Finally, enable SELinux, the EVM additional xattrs, and encrypted keys with > > user-decrypted data in the kernel configuration for CI, and set > > TST_EVM_CHANGE_MODE to 1 in the Github Action workflow. > > > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > The simple SELinux and Smack tests are working properly without kernel > changes. Even the Smack transmute test is working is proplery > returning an error message, but is followed by a kernel panic. > > Possibly missing patches: > - smack: Set the SMACK64TRANSMUTE xattr in smack_inode_init_security Hi Mimi that means that the test is failing. A UML kernel panic is used to signal to the caller that a test in that environment failed. It is expected that the test fails, Smack updates its xattr with __vfs_setxattr() which does not involve EVM checking and updating the HMAC. Thanks Roberto > 14.620000][ T1] Kernel panic - not syncing: Attempted to kill > init! exitcode=0x00000100 > [ 14.620000][ T1] CPU: 0 PID: 1 Comm: evm_hmac.test Not tainted > 6.4.0-rc2-dont-use-g95526d13038c #1 > [ 14.620000][ T1] Stack: > [ 14.620000][ T1] 60900a17 e1803be0 e1803c20 606f7598 > [ 14.620000][ T1] 63240701 60043a50 60900a17 00000000 > [ 14.620000][ T1] 60dfc308 00000000 e1803c60 60762e4b > [ 14.620000][ T1] Call Trace: > [ 14.620000][ T1] [<6072ad82>] ? _printk+0x0/0x98 > [ 14.620000][ T1] [<6072274d>] show_stack.cold+0x9d/0xf4 > [ 14.620000][ T1] [<606f7598>] ? dump_stack_print_info+0xd8/0xf0 > [ 14.620000][ T1] [<60043a50>] ? um_set_signals+0x0/0x60 > [ 14.620000][ T1] [<60762e4b>] dump_stack_lvl+0x66/0x9a > [ 14.620000][ T1] [<607715d0>] ? _raw_spin_unlock_irq+0x0/0x60 > [ 14.620000][ T1] [<60762e9d>] dump_stack+0x1e/0x20 > [ 14.620000][ T1] [<6072429d>] panic+0x1a6/0x3a6 > [ 14.620000][ T1] [<607240f7>] ? panic+0x0/0x3a6 > [ 14.620000][ T1] [<600aec6a>] ? lock_release+0xca/0x180 > [ 14.620000][ T1] [<60043a50>] ? um_set_signals+0x0/0x60 > [ 14.620000][ T1] [<60764fe0>] ? > debug_lockdep_rcu_enabled+0x0/0x50 > [ 14.620000][ T1] [<60043a9f>] ? um_set_signals+0x4f/0x60 > [ 14.620000][ T1] [<60764fe0>] ? > debug_lockdep_rcu_enabled+0x0/0x50 > [ 14.620000][ T1] [<60043a50>] ? um_set_signals+0x0/0x60 > [ 14.620000][ T1] [<60064d79>] ? exit_signals+0x139/0x500 > [ 14.620000][ T1] [<60771210>] ? _raw_spin_lock_irq+0x0/0xd0 > [ 14.620000][ T1] [<607715d0>] ? _raw_spin_unlock_irq+0x0/0x60 > [ 14.620000][ T1] [<607249c0>] make_task_dead.cold+0x0/0x9d > [ 14.620000][ T1] [<600557e7>] do_group_exit+0x47/0xe0 > [ 14.620000][ T1] [<6004a0f0>] ? get_fp_registers+0x0/0x80 > [ 14.620000][ T1] [<6005589a>] sys_exit_group+0x1a/0x20 > [ 14.620000][ T1] [<600302a0>] handle_syscall+0xa0/0xd0 > [ 14.620000][ T1] [<60046969>] handle_trap+0xe9/0x1a0 > [ 14.620000][ T1] [<6004a0f0>] ? get_fp_registers+0x0/0x80 > [ 14.620000][ T1] [<6004709f>] userspace+0x29f/0x530 > [ 14.620000][ T1] [<6002c374>] new_thread_handler+0xb4/0xc0 > ./functions.sh: line 72: 8546 Aborted (core dumped) > "$@" > ================================= > Run with FAILEARLY=1 ./evm_hmac.test _cleanup_env cleanup > To stop after first failure >
