From d1e29adca60855fc4b5a4133bf70441326ef5c47 Mon Sep 17 00:00:00 2001 From: Petr Vorel Date: Tue, 26 Nov 2024 18:38:30 +0100 Subject: [PATCH] ima_{kexec,keys,selinux}: Set minimal kernel version The functionality IMHO was not backported to the enterprise kernels. This helps to avoid false positive in ima_kexec.sh: ima_kexec 1 TWARN: policy not readable, it might not contain required policy '^measure.*func=KEXEC_CMDLINE' ima_kexec 1 TBROK: unable to find a correct measurement Link: https://lore.kernel.org/ltp/20241126173830.98960-4-pvorel@suse.cz/ Reviewed-by: Mimi Zohar Signed-off-by: Petr Vorel --- testcases/kernel/security/integrity/ima/tests/ima_kexec.sh | 1 + testcases/kernel/security/integrity/ima/tests/ima_keys.sh | 1 + testcases/kernel/security/integrity/ima/tests/ima_selinux.sh | 1 + 3 files changed, 3 insertions(+) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh index 62f05f5361e..3446bc24bf8 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh @@ -11,6 +11,7 @@ TST_NEEDS_CMDS="grep kexec sed" TST_CNT=3 TST_SETUP="setup" +TST_MIN_KVER="5.3" IMA_KEXEC_IMAGE="${IMA_KEXEC_IMAGE:-/boot/vmlinuz-$(uname -r)}" REQUIRED_POLICY='^measure.*func=KEXEC_CMDLINE' diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh index 793908d44a4..ff32eb6c432 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh @@ -10,6 +10,7 @@ TST_NEEDS_CMDS="cmp cut grep sed" TST_CNT=2 TST_SETUP=setup TST_CLEANUP=cleanup +TST_MIN_KVER="5.6" FUNC_KEYCHECK='func=KEY_CHECK' REQUIRED_POLICY="^measure.*$FUNC_KEYCHECK" diff --git a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh index f6e392822af..75f9ba84e41 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_selinux.sh @@ -12,6 +12,7 @@ TST_NEEDS_CMDS="awk cut grep tail" TST_CNT=2 TST_SETUP="setup" +TST_MIN_KVER="5.12" FUNC_CRITICAL_DATA='func=CRITICAL_DATA' REQUIRED_POLICY="^measure.*$FUNC_CRITICAL_DATA"