Hi MImi, ... > > +++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh > > @@ -1,6 +1,7 @@ > > #!/bin/sh > > # SPDX-License-Identifier: GPL-2.0-or-later > > # Copyright (c) 2021 Microsoft Corporation > > +# Copyright (c) Linux Test Project, 2021-2025 > > # Author: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx> > > # > > # Verify measurement of SELinux policy hash and state. > > @@ -14,15 +15,12 @@ TST_CNT=2 > > TST_SETUP="setup" > > TST_MIN_KVER="5.12" > > > > -FUNC_CRITICAL_DATA='func=CRITICAL_DATA' > > -REQUIRED_POLICY="^measure.*$FUNC_CRITICAL_DATA" > > +REQUIRED_POLICY_CONTENT='selinux.policy' > The selinux.policy contains a specific critical data measurement rule: > measure func=CRITICAL_DATA label=selinux. However the test would work with the > generic policy rule "measure func=CRITICAL_DATA", which can be specified on the . > boot command line via "ima_policy=critical_data". > As long as being able to read the IMA policy is required, in addition to checking > whether the specific critical data rule exists, check whether the generic rule exists > before loading the specific one. > Perhaps all that is needed is defining REQUIRED_BUILTIN_POLICY like: > REQUIRED_BUILTIN_POLICY="critical_data" Thanks for a hint, I'll retest ima_policy=critical_data and add it as an alternative (as a separate patch). In a meanwhile I (hopefully) fixed all mistakes in the commit messages and merged. Thanks a lot for your patient review! ... Kind regards, Petr
