From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: sha@pengutronix.de, Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 2/2] fixup! test: py: add basic security policy test
Date: Tue, 30 Sep 2025 11:35:28 +0200 [thread overview]
Message-ID: <20250930093532.2329023-2-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20250930093532.2329023-1-a.fatoum@pengutronix.de>
test: py: policies: rework for latest changes
Compared to the RFC, tamper now prohibits the console, so the test will
timeout. Work around this by issuing multiple commands in succession.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
test/py/test_policies.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/test/py/test_policies.py b/test/py/test_policies.py
index b4ece29c9597..7b6d72b4438f 100644
--- a/test/py/test_policies.py
+++ b/test/py/test_policies.py
@@ -29,15 +29,15 @@ def test_security_policies(barebox, env):
assert 'go: Operation not permitted' not in stdout
assert rc == 1
- stdout = barebox.run_check('sconfig -v -s tamper')
+ stdout = barebox.run_check("""
+ sconfig -v -s tamper; echo "POLICY=${security.policy}";
+ sconfig +SCONFIG_CONSOLE_INPUT +SCONFIG_SHELL
+ """)
assert set(['-SCONFIG_BOOT_UNSIGNED_IMAGES',
'-SCONFIG_RATP',
- '-SCONFIG_CMD_GO']) <= set(stdout)
- assert 'Active Policy: tamper' in barebox.run_check('sconfig')
-
- _, _, rc = barebox.run('sconfig -s devel')
- assert rc != 0
- assert 'Active Policy: tamper' in barebox.run_check('sconfig')
+ '-SCONFIG_CMD_GO',
+ 'POLICY=tamper']) <= set(stdout)
+ assert 'Active Policy: debug0' in barebox.run_check('sconfig')
stdout, _, rc = barebox.run('go')
assert 'go - start application at address or file' not in stdout
--
2.47.3
next prev parent reply other threads:[~2025-09-30 9:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-30 9:35 [PATCH 1/2] fixup! Add security policy support Ahmad Fatoum
2025-09-30 9:35 ` Ahmad Fatoum [this message]
2025-09-30 9:55 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250930093532.2329023-2-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=sha@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox