Changes v1->v2: * Removed ont_measure fsmagic=0x1021994 from TCB example policy * More reasons to fail when uploading policy (testcases/kernel/security/integrity/ima/README.md) * New commits: - tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA - ima_setup: Print warning when policy not readable - ima_kexec.sh: Move checking policy if readable to ima_setup.sh - IMA: Add example policy for ima_violations.sh - ima_violations.sh: Check for a required policy - [RFC] ima_kexec.sh: Relax result on unreadable policy to TCONF TODO: * ima_measurements.sh: check for example policy as an variant to ima_policy=tcb command line parameter. * Use LTP shell loader for ima_boot_aggregate.c and ima_mmap.c Petr Vorel (8): IMA: Add TCB policy as an example for ima_measurements.sh ima_setup.sh: Allow to load predefined policy tst_test.sh: IMA: Allow to disable LSM warnings and use it for IMA ima_setup: Print warning when policy not readable ima_kexec.sh: Move checking policy if readable to ima_setup.sh IMA: Add example policy for ima_violations.sh ima_violations.sh: Check for a required policy [RFC] ima_kexec.sh: Relax result on unreadable policy to TCONF .../kernel/security/integrity/ima/README.md | 12 ++++ .../ima/datafiles/ima_measurements/tcb.policy | 19 +++++ .../ima_violations/violations.policy | 1 + .../security/integrity/ima/tests/ima_kexec.sh | 10 +-- .../integrity/ima/tests/ima_measurements.sh | 17 ++++- .../security/integrity/ima/tests/ima_setup.sh | 72 ++++++++++++++++--- .../integrity/ima/tests/ima_violations.sh | 5 +- testcases/lib/tst_test.sh | 2 +- 8 files changed, 118 insertions(+), 20 deletions(-) create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_measurements/tcb.policy create mode 100644 testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy -- 2.47.1
