Add optional support for the number of expected violations. Include the
expected number of violations in the output.
Limit the new expected violations to the new tests, so that the existing
tests continue to work properly with/without the kernel changes.
Signed-off-by: Mimi Zohar <zo...@linux.ibm.com>
---
.../security/integrity/ima/tests/ima_violations.sh | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index 22863fb72..37bf2182b 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -72,20 +72,27 @@ validate()
local num_violations="$1"
local count="$2"
local search="$3"
+ local expected_violations="$4"
local max_attempt=3
local count2 i num_violations_new
for i in $(seq 1 $max_attempt); do
read num_violations_new < $IMA_VIOLATIONS
count2="$(get_count $search)"
- if [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+ if [ -z "$expected_violations" ] && \
+ [ $(($num_violations_new - $num_violations)) -gt 0 ] || \
+ [ $(($num_violations_new - $num_violations)) -eq
$expected_violations ]; then
+ [ -z "$expected_violations" ] && expected_violations=1
if [ $count2 -gt $count ]; then
- tst_res TPASS "$search violation added"
+ tst_res TPASS "$expected_violations $search
violation(s) added"
return
else
tst_res TINFO "$search not found in $LOG
($i/$max_attempt attempt)..."
tst_sleep 1s
fi
+ elif [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+ tst_res $IMA_FAIL "$search too many violations added:
$num_violations_new - $num_violations"
+ return
else
tst_res $IMA_FAIL "$search violation not added"
return
--
2.48.1
