** Description changed: + == Justification == + In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well. + + In such case, the kernel can pass the test_072_config_debug_rodata check + in the qa-regression-testing test uite. + + == Test == + Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass. + A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here: + http://people.canonical.com/~phlin/kernel/lp-1766832/ + + == Fix == + Enable the CONFIG_DEBUG_RODATA. + Some other configs were enabled just for skipping the interaction during the compilation. + + == Regression Potential == + Minimal. + No code changes, just one config enabled without disabling any other configs. + + The test failed with: - FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest) - CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled - ---------------------------------------------------------------------- - Traceback (most recent call last): - File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata - self.assertEqual(self._test_config(option), expected) - AssertionError: False != True + FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest) + CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled + ---------------------------------------------------------------------- + Traceback (most recent call last): + File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata + self.assertEqual(self._test_config(option), expected) + AssertionError: False != True Steps to reproduce: - Deploy the node with Xenial 4.4 kernel, install linux-kvm - sudo apt-get install python-minimal - git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next - git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest - rm -fr autotest/client/tests - ln -sf ~/autotest-client-tests autotest/client/tests - AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control + Deploy the node with Xenial 4.4 kernel, install linux-kvm + sudo apt-get install python-minimal + git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next + git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest + rm -fr autotest/client/tests + ln -sf ~/autotest-client-tests autotest/client/tests + AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24 ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98 Uname: Linux 4.4.0-1019-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 Date: Mon Apr 2 16:54:36 2018 ProcEnviron: - TERM=xterm-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR=<set> - LANG=en_US.UTF-8 - SHELL=/bin/bash + TERM=xterm-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR=<set> + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1760643 Title: test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm Status in QA Regression Testing: Fix Released Status in linux package in Ubuntu: Invalid Status in linux-kvm package in Ubuntu: In Progress Status in linux source package in Xenial: Invalid Status in linux-kvm source package in Xenial: In Progress Bug description: == Justification == In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well. In such case, the kernel can pass the test_072_config_debug_rodata check in the qa-regression-testing test uite. == Test == Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass. A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here: http://people.canonical.com/~phlin/kernel/lp-1766832/ == Fix == Enable the CONFIG_DEBUG_RODATA. Some other configs were enabled just for skipping the interaction during the compilation. == Regression Potential == Minimal. No code changes, just one config enabled without disabling any other configs. The test failed with: FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest) CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata self.assertEqual(self._test_config(option), expected) AssertionError: False != True Steps to reproduce: Deploy the node with Xenial 4.4 kernel, install linux-kvm sudo apt-get install python-minimal git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest rm -fr autotest/client/tests ln -sf ~/autotest-client-tests autotest/client/tests AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24 ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98 Uname: Linux 4.4.0-1019-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 Date: Mon Apr 2 16:54:36 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1760643/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
