Hi Mimi,
> Depending on the IMA policy and the number of violations, the kernel
> patches for minimizing the number of open-writers and ToMToU (Time of
> Measure Time of Use) violations may be a major performance improvement.
I would prefer this to be squashed into "ima_violations.sh: additional
open-writer violation tests" commit, which adds this incompatibility.
But it's a minor detail, therefore I merged whole patchset as is.
Thanks!
Kind regards,
Petr
> Most likely the kernel patches will be back ported, but for now limit
> the new tests to new kernels with the applied patches. Bail after the
> first new test.
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> ---
> .../kernel/security/integrity/ima/tests/ima_violations.sh | 4 ++++
> 1 file changed, 4 insertions(+)
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> index 0395f8d0a..8e988fca6 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
> @@ -177,6 +177,10 @@ test4()
> {
> tst_res TINFO "verify limiting single open writer violation"
> + if tst_kvcmp -lt 6.14; then
> + tst_brk TCONF "Minimizing violations requires kernel 6.14 or newer"
> + fi
> +
> local search="open_writers"
> local count num_violations
