[PATCH 4/4] ima_{conditionals,measurements}.sh: Use 'su' instead of 'sudo'

Thu, 02 Oct 2025 02:40:49 -0700 

'su' is simpler than 'sudo' (fewer configuration files, less libraries)
and it's usually installed (part of util-linux or busybox). This also
helps to test with initramfs based rapido-linux.

Signed-off-by: Petr Vorel <[email protected]>
---
https://github.com/rapido-linux/rapido

 .../kernel/security/integrity/ima/tests/ima_conditionals.sh   | 4 ++--
 .../kernel/security/integrity/ima/tests/ima_measurements.sh   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh 
b/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh
index f4ee79b2bc..4eca0e88b9 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh
@@ -9,7 +9,7 @@
 # gid and fgroup options test kernel commit 40224c41661b ("ima: add gid
 # support") from v5.16.
 
-TST_NEEDS_CMDS="cat chgrp chown id sg sudo useradd userdel"
+TST_NEEDS_CMDS="cat chgrp chown id sg su useradd userdel"
 TST_SETUP="setup"
 TST_TESTFUNC="test"
 REQUIRE_TMP_USER=1
@@ -82,7 +82,7 @@ test()
                sh -c "$cmd"
                ;;
        gid) sg $IMA_USER "sh -c '$cmd'";;
-       uid) sudo -n -u $IMA_USER sh -c "$cmd";;
+       uid) su - $IMA_USER sh -c "$cmd";;
        esac
 
        ima_check $test_file
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh 
b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
index e92f3efb95..404b63d99f 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
@@ -75,7 +75,7 @@ test3()
 
        # Default policy does not measure user files
        tst_res TINFO "verify not measuring user files"
-       tst_check_cmds sudo || return
+       tst_check_cmds su || return
 
        if [ "$IMA_MISSING_POLICY_CONTENT" = 1 ]; then
                tst_res TCONF "test requires specific policy, try load it with 
LTP_IMA_LOAD_POLICY=1"
@@ -86,7 +86,7 @@ test3()
        chown $IMA_USER $dir
        cd $dir
        # need to read file to get updated $ASCII_MEASUREMENTS
-       sudo -n -u $IMA_USER sh -c "echo $(cat /proc/uptime) user file > $file; 
cat $file > /dev/null"
+       su - $IMA_USER sh -c "echo $(cat /proc/uptime) user file > $file; cat 
$file > /dev/null"
        cd ..
 
        if ! tst_rod "$cmd" 2> /dev/null; then
-- 
2.51.0

Reply via email to