On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote: > Hi Mimi, > > > Kernel patch "ima: limit the number of ToMToU integrity violations" > > prevents superfluous ToMToU violations. Add corresponding LTP tests. > > > Link: > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@xxxxxxxxxxxxx/ > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > > Unfortunately tests fail on both mainline kernel and kernel with your patches. The new LTP IMA violations patches should fail without the associated kernel patches. > > Any hint what could be wrong? Of course it's dependent on the IMA policy. The tests assume being booted with the IMA TCB measurement policy or similar policy being loaded. Can you share the IMA policy? e.g. cat /sys/kernel/security/ima/policy thanks, Mimi > > Mainline kernel (on kernel with your patches it looks the same): > ima_violations 1 TINFO: Running: ima_violations.sh > ima_violations 1 TINFO: Tested kernel: Linux ts 6.13.0-2.g0127a37-default #1 SMP > PREEMPT_DYNAMIC Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 x86_64 x86_64 GNU/Linux > ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.cKm34XVZk2 as tmpdir (tmpfs > filesystem) > tst_device.c:99: TINFO: Found free device 0 '/dev/loop0' > ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0' > ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0 > /tmp/LTP_ima_violations.cKm34XVZk2/mntpoint > ima_violations 1 TINFO: timeout per run is 0h 5m 0s > ima_violations 1 TINFO: IMA kernel config: > ima_violations 1 TINFO: CONFIG_IMA=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10 > ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y > ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y > ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256" > ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y > ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y > ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y > ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y > ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.13.0-2.g0127a37- > default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768 > plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1 > resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto > security=apparmor ignore_loglevel > ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device > ima_violations 1 TINFO: test requires IMA policy: > measure func=FILE_CHECK mask=^MAY_READ euid=0 > measure func=FILE_CHECK mask=^MAY_READ uid=0 > ima_violations 1 TINFO: SUT has required policy content > ima_violations 1 TINFO: using log /var/log/audit/audit.log > ima_violations 1 TINFO: verify open writers violation > ima_violations 1 TFAIL: open_writers too many violations added > ima_violations 2 TINFO: verify ToMToU violation > ima_violations 2 TFAIL: ToMToU too many violations added > ima_violations 3 TINFO: verify open_writers using mmapped files > tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f > tst_test.c:1904: TINFO: Tested kernel: 6.13.0-2.g0127a37-default #1 SMP PREEMPT_DYNAMIC > Thu Jan 23 11:21:55 UTC 2025 (0127a37) x86_64 > tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz' > tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow > the execution > tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s > ima_mmap.c:38: TINFO: sleep 3s > ima_violations 3 TFAIL: open_writers too many violations added > ima_mmap.c:41: TPASS: test completed > > Summary: > passed 1 > failed 0 > broken 0 > skipped 0 > warnings 0 > ima_violations 4 TINFO: verify limiting single open writer violation > ima_violations 4 TFAIL: open_writers too many violations added > ima_violations 5 TINFO: verify limiting multiple open writers violations > ima_violations 5 TFAIL: open_writers too many violations added > ima_violations 6 TINFO: verify new open writer causes additional violation > ima_violations 6 TFAIL: open_writers too many violations added > ima_violations 7 TINFO: verify limiting single open reader ToMToU violations > ima_violations 7 TFAIL: ToMToU too many violations added > ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation > ima_violations 8 TFAIL: ToMToU too many violations added > > Kind regards, > Petr >
