[PATCH bpf-next v2 3/3] bpf: Update LSM selftests for bpf_ima_inode_hash
Mimi Zohar
zohar at linux.ibm.com
Mon Nov 23 13:24:35 UTC 2020
On Sat, 2020-11-21 at 00:50 +0000, KP Singh wrote:
> From: KP Singh <kpsingh at google.com>
>
> - Update the IMA policy before executing the test binary (this is not an
> override of the policy, just an append that ensures that hashes are
> calculated on executions).
Assuming the builtin policy has been replaced with a custom policy and
CONFIG_IMA_WRITE_POLICY is enabled, then yes the rule is appended. If
a custom policy has not yet been loaded, loading this rule becomes the
defacto custom policy.
Even if a custom policy has been loaded, potentially additional
measurements unrelated to this test would be included the measurement
list. One way of limiting a rule to a specific test is by loopback
mounting a file system and defining a policy rule based on the loopback
mount unique uuid.
Mimi
More information about the Linux-security-module-archive
mailing list