[PATCH ima-evm-utils v4] Add tests for MMAP_CHECK and MMAP_CHECK_REQPROT hooks
Roberto Sassu
roberto.sassu at huaweicloud.com
Fri Feb 3 08:21:16 UTC 2023
On Thu, 2023-02-02 at 15:40 -0500, Mimi Zohar wrote:
> On Thu, 2023-02-02 at 17:23 +0100, Roberto Sassu wrote:
> > > > + if (ptr == MAP_FAILED) {
> > > > + ret = ERR_SETUP;
> > > > + if (argv[2] && !strcmp(argv[2], "exec_on_writable") &&
> > > > + errno == EACCES)
> > > > + ret = ERR_TEST;
> > > > +
> > >
> > > FYI, on an older distro kernel, the mmap fails and results in following
> > > without any explanation.
> > >
> > > Test: check_mmap (hook="MMAP_CHECK", test_mmap arg: "exec")
> > > Unexpected exit status 1 from test_mmap
> > >
> > > With some additional debugging, I'm seeing:
> > > Failed mmap() /tmp/tmp.4gD2UjSvC4/tmp.PlzUEm09hO, err: -13 (Permission
> > > denied)b
> >
> > Uhm, ok. Which kernel is failing?
>
> I'm able to reproduce the error on a next-integrity or next-integrity-
> testing kernel, by running the tests multiple times. The error doesn't
> occur the first time running the test, but subsequent times.
Ops, yes. The problem was that the fowners of the measure and appraise
rules were shared. Will not work, unless the files used in the measure
tests are signed too.
Roberto
More information about the Linux-security-module-archive
mailing list