• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1Always look here for latest version of these tests:
2http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools/kernel_test/?root=tomoyo
3
4These testcases test the TOMOYO Security Module. And they are not part of
5default LTP build/install/run.
6
7A kernel with TOMOYO configured is required to run the TOMOYO testsuite.
8The securityfs filesystem must be mounted at /sys/kernel/security .
9
10Preparation steps are:
11
121) Download tomoyo-tools package and extract and build and install.
13
14  # wget -O tomoyo-tools.tar.gz 'http://sourceforge.jp/projects/tomoyo/svn/view/trunk/2.3.x/tomoyo-tools.tar.gz?root=tomoyo&view=tar'
15  # tar -zxf tomoyo-tools.tar.gz
16  # make -C tomoyo-tools/ install
17
18  Programs are installed in /usr/sbin/ with prefix "tomoyo-" and
19  /usr/lib/tomoyo/ directory without prefix "tomoyo-".
20
21  You can make a RPM package by "rpmbuild -bb tomoyo-tools/tomoyo-tools.spec" and
22  a DEB package by "alien -k" after "rpmbuild -bb".
23
242) Run /usr/lib/tomoyo/init_policy .
25
26   This will take several minutes.
27
28   Hiding kernel source directory by "mount -t tmpfs none /usr/src/linux/"
29   would save some time.
30
31   Configuration files are saved in /etc/tomoyo/ directory.
32   You can do "rm -fR /etc/tomoyo/" if you want to uninstall.
33
343) Reboot the system with TOMOYO enabled kernel.
35
36   To make sure TOMOYO is selected, you can add security=tomoyo to kernel's
37   command line.
38
394) Build the tests.
40
41   # (extract the tar ball containing the tests.)
42   # make autotools
43   # ./configure
44   # cd testcases/kernel/security/tomoyo/
45   # make
46   # find `/bin/pwd` -type f -perm +100 >> /etc/tomoyo/manager.conf
47   # /usr/sbin/tomoyo-loadpolicy m
48
49Test steps are:
50
511) Run the tests from the directory you ran "make".
52
53   # ./testall.sh
54
55   Please don't run the tests inside /tmp/ directory, for /tmp/ directory is
56   hidden by "newns" (a wrapper program to run the test in a new namespace).
57
58   You can use "| grep -vF OK" to pick up only failed tests as testall.sh does.
59