Test requires not only func=CRITICAL_DATA IMA policy content but also ima_policy=critical_data kernel cmdline. Without cmdline no measures are done. https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-policy-critical-data https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdd1ffe8a812 Fixes: 4944a63ed9 ("IMA: Add test for SELinux measurement") Signed-off-by: Petr Vorel <pvorel@xxxxxxx> --- FYI this is supposed to be applied on the top of "ima_setup.sh: Postpone loading policy after test setup" patchset https://patchwork.ozlabs.org/project/ltp/list/?series=445166&state=* https://lore.kernel.org/ltp/20250219181926.2620960-1-pvorel@xxxxxxx/t/#u testcases/kernel/security/integrity/ima/tests/ima_selinux.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh index 97c5d64ec5..1a0de21efd 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh @@ -5,7 +5,8 @@ # Author: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx> # # Verify measurement of SELinux policy hash and state. -# Test requires example IMA policy loadable with LTP_IMA_LOAD_POLICY=1. +# Test requires ima_policy=critical_data kernel command line and example IMA +# policy loadable with LTP_IMA_LOAD_POLICY=1. # # Relevant kernel commits: # * fdd1ffe8a812 ("selinux: include a consumer of the new IMA critical data hook") @@ -22,6 +23,8 @@ setup() { SELINUX_DIR=$(tst_get_selinux_dir) [ "$SELINUX_DIR" ] || tst_brk TCONF "SELinux is not enabled" + + require_ima_policy_cmdline "critical_data" } # Format of the measured SELinux state data. -- 2.47.2
