Re: [RFC PATCH 3/3] ima: additional ToMToU violation tests

Mimi Zohar <zohar@xxxxxxxxxxxxx> · Thu, 20 Feb 2025 15:22:01 -0500

On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote:
> > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote:
> > > Hi Mimi,
> 
> > > > Kernel patch "ima: limit the number of ToMToU integrity violations"
> > > > prevents superfluous ToMToU violations.  Add corresponding LTP tests.
> 
> > > > Link:
> > > > https://lore.kernel.org/linux-integrity/20250219162131.416719-3-zohar@xxxxxxxxxxxxx/
> > > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> 
> > > Unfortunately tests fail on both mainline kernel and kernel with your patches.
> 
> > The new LTP IMA violations patches should fail without the associated kernel patches.
> 
> > > Any hint what could be wrong?
> 
> > Of course it's dependent on the IMA policy.  The tests assume being booted with the
> > IMA
> > TCB measurement policy or similar policy being loaded.  Can you share the IMA policy?
> > e.g. cat /sys/kernel/security/ima/policy
> 
> > thanks,
> 
> > Mimi
> 
> Now testing on kernel *with* your patches. First run always fails, regardless
> whether using ima_policy=tcb or
> /opt/ltp/testcases/data/ima_violations/violations.policy).
> 
> Kind regards,
> Petr

I'm not seeing that on my test machine.  Could there be other things running on your
system causing violations.  In anycase, your original test was less exacting.   Similarly,
instead of "-eq", try using "-qe" in the following test and removing the subsequent new
"gt" test.

if [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then

> 
> First run fails:
> 
> # LTP_IMA_LOAD_POLICY=1 LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH"
> ima_violations.sh
> (policy is /opt/ltp/testcases/data/ima_violations/violations.policy)
> ima_violations 1 TINFO: Running: ima_violations.sh 
> ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux
> ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.XR34KhtnDM as tmpdir (tmpfs
> filesystem)
> tst_device.c:99: TINFO: Found free device 0 '/dev/loop0'
> ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0'
> ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0
> /tmp/LTP_ima_violations.XR34KhtnDM/mntpoint 
> ima_violations 1 TINFO: timeout per run is 0h 5m 0s
> ima_violations 1 TINFO: IMA kernel config:
> ima_violations 1 TINFO: CONFIG_IMA=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
> ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y
> ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
> ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y
> ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y
> ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-
> default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768
> plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1
> resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto
> security=apparmor ignore_loglevel
> ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device
> ima_violations 1 TINFO: test requires IMA policy:
> measure func=FILE_CHECK mask=^MAY_READ euid=0
> measure func=FILE_CHECK mask=^MAY_READ uid=0
> ima_violations 1 TINFO: WARNING: missing required policy content: 'measure
> func=FILE_CHECK mask=^MAY_READ euid=0'
> ima_violations 1 TINFO: trying to load
> '/opt/ltp/testcases/data/ima_violations/violations.policy' policy:
> measure func=FILE_CHECK mask=^MAY_READ euid=0
> measure func=FILE_CHECK mask=^MAY_READ uid=0
> ima_violations 1 TINFO: example policy successfully loaded
> ima_violations 1 TINFO: using log /var/log/audit/audit.log
> ima_violations 1 TINFO: verify open writers violation
> ima_violations 1 TFAIL: open_writers too many violations added: 2 - 0
> ima_violations 2 TINFO: verify ToMToU violation
> ima_violations 2 TPASS: 1 ToMToU violation(s) added
> ima_violations 3 TINFO: verify open_writers using mmapped files
> tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f
> tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow
> the execution
> tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s
> ima_mmap.c:38: TINFO: sleep 3s
> ima_violations 3 TPASS: 1 open_writers violation(s) added
> ima_mmap.c:41: TPASS: test completed
> 
> Summary:
> passed   1
> failed   0
> broken   0
> skipped  0
> warnings 0
> ima_violations 4 TINFO: verify limiting single open writer violation
> ima_violations 4 TPASS: 1 open_writers violation(s) added
> ima_violations 5 TINFO: verify limiting multiple open writers violations
> ima_violations 5 TPASS: 1 open_writers violation(s) added
> ima_violations 6 TINFO: verify new open writer causes additional violation
> ima_violations 6 TPASS: 2 open_writers violation(s) added
> ima_violations 7 TINFO: verify limiting single open reader ToMToU violations
> ima_violations 7 TPASS: 1 ToMToU violation(s) added
> ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation
> ima_violations 8 TPASS: 2 ToMToU violation(s) added
> ima_violations 9 TINFO: WARNING: policy loaded via LTP_IMA_LOAD_POLICY=1, reboot
> recommended
> 
> Summary:
> passed   7
> failed   1
> broken   0
> skipped  0
> warnings 0
> 
> Second run is ok:
> # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh
> ima_violations 1 TINFO: Running: ima_violations.sh 
> ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux
> ima_violations 1 TINFO: Using /var/tmp/LTP_ima_violations.SWERFjvPTp as tmpdir (btrfs
> filesystem)
> ima_violations 1 TINFO: timeout per run is 0h 5m 0s
> ima_violations 1 TINFO: IMA kernel config:
> ima_violations 1 TINFO: CONFIG_IMA=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
> ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y
> ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
> ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y
> ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y
> ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-
> default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768
> plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1
> resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto
> security=apparmor ignore_loglevel
> ima_violations 1 TINFO: test requires IMA policy:
> measure func=FILE_CHECK mask=^MAY_READ euid=0
> measure func=FILE_CHECK mask=^MAY_READ uid=0
> ima_violations 1 TINFO: SUT has required policy content
> ima_violations 1 TINFO: using log /var/log/audit/audit.log
> ima_violations 1 TINFO: verify open writers violation
> ima_violations 1 TPASS: 1 open_writers violation(s) added
> ima_violations 2 TINFO: verify ToMToU violation
> ima_violations 2 TPASS: 1 ToMToU violation(s) added
> ima_violations 3 TINFO: verify open_writers using mmapped files
> tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f
> tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow
> the execution
> tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s
> ima_mmap.c:38: TINFO: sleep 3s
> ima_violations 3 TPASS: 1 open_writers violation(s) added
> ima_mmap.c:41: TPASS: test completed
> 
> Summary:
> passed   1
> failed   0
> broken   0
> skipped  0
> warnings 0
> ima_violations 4 TINFO: verify limiting single open writer violation
> ima_violations 4 TPASS: 1 open_writers violation(s) added
> ima_violations 5 TINFO: verify limiting multiple open writers violations
> ima_violations 5 TPASS: 1 open_writers violation(s) added
> ima_violations 6 TINFO: verify new open writer causes additional violation
> ima_violations 6 TPASS: 2 open_writers violation(s) added
> ima_violations 7 TINFO: verify limiting single open reader ToMToU violations
> ima_violations 7 TPASS: 1 ToMToU violation(s) added
> ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation
> ima_violations 8 TPASS: 2 ToMToU violation(s) added
> 
> Summary:
> passed   8
> failed   0
> broken   0
> skipped  0
> warnings 0
> 
> Reboot and running with ima_policy=tcb also fails on the first time:
> 
> # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh 
> tmpfs is skipped
> ima_violations 1 TINFO: Running: ima_violations.sh 
> ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux
> ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.FKQSfezAwR as tmpdir (tmpfs
> filesystem)
> tst_device.c:99: TINFO: Found free device 0 '/dev/loop0'
> ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0'
> ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0
> /tmp/LTP_ima_violations.FKQSfezAwR/mntpoint 
> ima_violations 1 TINFO: timeout per run is 0h 5m 0s
> ima_violations 1 TINFO: IMA kernel config:
> ima_violations 1 TINFO: CONFIG_IMA=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
> ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y
> ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
> ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y
> ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y
> ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-
> default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768
> plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1
> resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto
> security=apparmor ignore_loglevel ima_policy=tcb
> ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device
> ima_violations 1 TINFO: booted with IMA policy: tcb
> ima_violations 1 TINFO: using log /var/log/audit/audit.log
> ima_violations 1 TINFO: verify open writers violation
> ima_violations 1 TFAIL: open_writers too many violations added: 3 - 1
> ima_violations 2 TINFO: verify ToMToU violation
> ima_violations 2 TPASS: 1 ToMToU violation(s) added
> ima_violations 3 TINFO: verify open_writers using mmapped files
> tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f
> tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow
> the execution
> tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s
> ima_mmap.c:38: TINFO: sleep 3s
> ima_violations 3 TPASS: 1 open_writers violation(s) added
> ima_mmap.c:41: TPASS: test completed
> 
> Summary:
> passed   1
> failed   0
> broken   0
> skipped  0
> warnings 0
> ima_violations 4 TINFO: verify limiting single open writer violation
> ima_violations 4 TPASS: 1 open_writers violation(s) added
> ima_violations 5 TINFO: verify limiting multiple open writers violations
> ima_violations 5 TPASS: 1 open_writers violation(s) added
> ima_violations 6 TINFO: verify new open writer causes additional violation
> ima_violations 6 TPASS: 2 open_writers violation(s) added
> ima_violations 7 TINFO: verify limiting single open reader ToMToU violations
> ima_violations 7 TPASS: 1 ToMToU violation(s) added
> ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation
> ima_violations 8 TPASS: 2 ToMToU violation(s) added
> 
> Summary:
> passed   7
> failed   1
> broken   0
> skipped  0
> warnings 0
> 
> Second and later run is again OK
> # LTPROOT="/opt/ltp" PATH="/opt/ltp/testcases/bin:$PATH" ima_violations.sh 
> tmpfs is skipped
> ima_violations 1 TINFO: Running: ima_violations.sh 
> ima_violations 1 TINFO: Tested kernel: Linux ts 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64 x86_64 x86_64 GNU/Linux
> ima_violations 1 TINFO: Using /tmp/LTP_ima_violations.1Qf6qJuSoo as tmpdir (tmpfs
> filesystem)
> tst_device.c:99: TINFO: Found free device 0 '/dev/loop0'
> ima_violations 1 TINFO: Formatting ext3 with opts='/dev/loop0'
> ima_violations 1 TINFO: Mounting device: mount -t ext3 /dev/loop0
> /tmp/LTP_ima_violations.1Qf6qJuSoo/mntpoint 
> ima_violations 1 TINFO: timeout per run is 0h 5m 0s
> ima_violations 1 TINFO: IMA kernel config:
> ima_violations 1 TINFO: CONFIG_IMA=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_PCR_IDX=10
> ima_violations 1 TINFO: CONFIG_IMA_LSM_RULES=y
> ima_violations 1 TINFO: CONFIG_IMA_NG_TEMPLATE=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH_SHA256=y
> ima_violations 1 TINFO: CONFIG_IMA_DEFAULT_HASH="sha256"
> ima_violations 1 TINFO: CONFIG_IMA_READ_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE=y
> ima_violations 1 TINFO: CONFIG_IMA_ARCH_POLICY=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_BOOTPARAM=y
> ima_violations 1 TINFO: CONFIG_IMA_APPRAISE_MODSIG=y
> ima_violations 1 TINFO: CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> ima_violations 1 TINFO: CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> ima_violations 1 TINFO: CONFIG_IMA_DISABLE_HTABLE=y
> ima_violations 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-rc3-1.gb6b4102-
> default root=UUID=e36b2366-1af2-4408-903c-1fca82c60f4c splash=silent video=1024x768
> plymouth.ignore-serial-consoles console=ttyS0 console=tty kernel.softlockup_panic=1
> resume=/dev/disk/by-uuid/c3b865f9-5d5b-410e-a6d1-9ebcf721584c mitigations=auto
> security=apparmor ignore_loglevel ima_policy=tcb
> ima_violations 1 TINFO: $TMPDIR is on tmpfs => run on loop device
> ima_violations 1 TINFO: booted with IMA policy: tcb
> ima_violations 1 TINFO: using log /var/log/audit/audit.log
> ima_violations 1 TINFO: verify open writers violation
> ima_violations 1 TPASS: 1 open_writers violation(s) added
> ima_violations 2 TINFO: verify ToMToU violation
> ima_violations 2 TPASS: 1 ToMToU violation(s) added
> ima_violations 3 TINFO: verify open_writers using mmapped files
> tst_test.c:1900: TINFO: LTP version: 20250130-22-gcd2215702f
> tst_test.c:1904: TINFO: Tested kernel: 6.14.0-rc3-1.gb6b4102-default #1 SMP
> PREEMPT_DYNAMIC Thu Feb 20 12:26:55 UTC 2025 (b6b4102) x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_kconfig.c:676: TINFO: CONFIG_FAULT_INJECTION kernel option detected which might slow
> the execution
> tst_test.c:1722: TINFO: Overall timeout per run is 0h 02m 00s
> ima_mmap.c:38: TINFO: sleep 3s
> ima_violations 3 TPASS: 1 open_writers violation(s) added
> ima_mmap.c:41: TPASS: test completed
> 
> Summary:
> passed   1
> failed   0
> broken   0
> skipped  0
> warnings 0
> ima_violations 4 TINFO: verify limiting single open writer violation
> ima_violations 4 TPASS: 1 open_writers violation(s) added
> ima_violations 5 TINFO: verify limiting multiple open writers violations
> ima_violations 5 TPASS: 1 open_writers violation(s) added
> ima_violations 6 TINFO: verify new open writer causes additional violation
> ima_violations 6 TPASS: 2 open_writers violation(s) added
> ima_violations 7 TINFO: verify limiting single open reader ToMToU violations
> ima_violations 7 TPASS: 1 ToMToU violation(s) added
> ima_violations 8 TINFO: verify new open reader causes additional ToMToU violation
> ima_violations 8 TPASS: 2 ToMToU violation(s) added
> 
> Summary:
> passed   8
> failed   0
> broken   0
> skipped  0
> warnings 0
> 