Hi Andrea, > Hi!
> On Thu Oct 2, 2025 at 10:36 AM CEST, Petr Vorel wrote: > > This helps to run all testcases on systems without CONFIG_IMA_WRITE_POLICY=y > > (disabled by default in mainline, therefore disabled for some distros, > > e.g. openSUSE Tumbleweed), if SUT reboots. > > The downside is creating user account 4x instead just once. > > Signed-off-by: Petr Vorel <[email protected]> > > --- > > runtest/ima | 5 +- > > .../integrity/ima/tests/ima_conditionals.sh | 67 ++++++++++++------- > > 2 files changed, 47 insertions(+), 25 deletions(-) > > diff --git a/runtest/ima b/runtest/ima > > index 01942eefa3..c8d0c6801e 100644 > > --- a/runtest/ima > > +++ b/runtest/ima > > @@ -6,5 +6,8 @@ ima_violations ima_violations.sh > > ima_keys ima_keys.sh > > ima_kexec ima_kexec.sh > > ima_selinux ima_selinux.sh > > -ima_conditionals ima_conditionals.sh > > +ima_conditionals_uid ima_conditionals.sh -r uid > > +ima_conditionals_fowner ima_conditionals.sh -r fowner > > +ima_conditionals_gid ima_conditionals.sh -r gid > > +ima_conditionals_fgroup ima_conditionals.sh -r fgroup > Why not using multiple test cases inside the test? That would not help. I hoped I explained the reason well in the commit message but obviously I didn't. verify_measurement() writes into /sys/kernel/security/ima/policy which on kernels without CONFIG_IMA_WRITE_POLICY requires SUT reboot. Because LTP does not support any reboot, this needs to be handled after test finishes. That's why I separated the tests. This helps to cover more than the first test case out of four. Kind regards, Petr
