selftests/bpf: Ensure securityfs mount before writing ima policy

SecurityFS may not be mounted even if it is enabled in the kernel
config. So, check if the mount exists in /proc/mounts by parsing the
file and, if not, mount it on /sys/kernel/security.

Fixes: 34b82d3ac1 ("bpf: Add a selftest for bpf_ima_inode_hash")
Reported-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20201203191437.666737-3-kpsingh@chromium.org
This commit is contained in:
KP Singh 2020-12-03 19:14:35 +00:00 committed by Andrii Nakryiko
parent 3db980449b
commit 1ee076719d

View File

@ -14,6 +14,20 @@ usage()
exit 1
}
ensure_mount_securityfs()
{
local securityfs_dir=$(grep "securityfs" /proc/mounts | awk '{print $2}')
if [ -z "${securityfs_dir}" ]; then
securityfs_dir=/sys/kernel/security
mount -t securityfs security "${securityfs_dir}"
fi
if [ ! -d "${securityfs_dir}" ]; then
echo "${securityfs_dir}: securityfs is not mounted" && exit 1
fi
}
setup()
{
local tmp_dir="$1"
@ -33,6 +47,7 @@ setup()
cp "${TEST_BINARY}" "${mount_dir}"
local mount_uuid="$(blkid ${loop_device} | sed 's/.*UUID="\([^"]*\)".*/\1/')"
ensure_mount_securityfs
echo "measure func=BPRM_CHECK fsuuid=${mount_uuid}" > ${IMA_POLICY_FILE}
}