Add support for the number of expected violations. Include the expected number of violations in the output. Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> --- .../security/integrity/ima/tests/ima_violations.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh index 22863fb72..3f9f1d342 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh @@ -72,20 +72,26 @@ validate() local num_violations="$1" local count="$2" local search="$3" + local expected_violations="$4" local max_attempt=3 local count2 i num_violations_new + [ -z "$expected_violations" ] && expected_violations=1 + for i in $(seq 1 $max_attempt); do read num_violations_new < $IMA_VIOLATIONS count2="$(get_count $search)" - if [ $(($num_violations_new - $num_violations)) -gt 0 ]; then + if [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then if [ $count2 -gt $count ]; then - tst_res TPASS "$search violation added" + tst_res TPASS "$expected_violations $search violation(s) added" return else tst_res TINFO "$search not found in $LOG ($i/$max_attempt attempt)..." tst_sleep 1s fi + elif [ $(($num_violations_new - $num_violations)) -gt 0 ]; then + tst_res $IMA_FAIL "$search too many violations added: $num_violations_new - $num_violations" + return else tst_res $IMA_FAIL "$search violation not added" return -- 2.48.1
