** Description changed:
+ == Justification ==
+ In the Bionic KVM kernel, the CONFIG_DEBUG_WX was not set, which is needed to
meet the security team's requirement.
+
+
+ == Test ==
+ Before enabling the config, test_330_config_debug_wx will fail in the kernel
security testsuite for the kernel SRU regression test.
+
+ It will pass with this patche applied, tested on a KVM node.
+
+ == Fix ==
+ UBUNTU: [Config]: enable CONFIG_DEBUG_WX
+
+ == Regression Potential ==
+ Minimal.
+ No code changes, just a config changes without disabling any other configs.
+
+ ----------------------------------------------------------
+
The kernel security test require this config to be enabled.
FAIL: test_330_config_debug_wx (__main__.KernelSecurityConfigTest)
Ensure DEBUG_WX is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2537, in test_330_config_debug_wx
self.assertKernelConfig('DEBUG_WX', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: DEBUG_WX option was expected to be set in the kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1016-kvm 4.15.0-1016.16
ProcVersionSignature: User Name 4.15.0-1016.16-kvm 4.15.18
Uname: Linux 4.15.0-1016-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.3
Architecture: amd64
Date: Fri Jul 20 07:56:06 2018
ProcEnviron:
- TERM=xterm-256color
- PATH=(custom, no user)
- XDG_RUNTIME_DIR=<set>
- LANG=C.UTF-8
- SHELL=/bin/bash
+ TERM=xterm-256color
+ PATH=(custom, no user)
+ XDG_RUNTIME_DIR=<set>
+ LANG=C.UTF-8
+ SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1782721
Title:
DEBUG_WX is not set in Bionic KVM kernel
Status in ubuntu-kernel-tests:
New
Status in linux-kvm package in Ubuntu:
New
Bug description:
== Justification ==
In the Bionic KVM kernel, the CONFIG_DEBUG_WX was not set, which is needed to
meet the security team's requirement.
== Test ==
Before enabling the config, test_330_config_debug_wx will fail in the kernel
security testsuite for the kernel SRU regression test.
It will pass with this patche applied, tested on a KVM node.
== Fix ==
UBUNTU: [Config]: enable CONFIG_DEBUG_WX
== Regression Potential ==
Minimal.
No code changes, just a config changes without disabling any other configs.
----------------------------------------------------------
The kernel security test require this config to be enabled.
FAIL: test_330_config_debug_wx (__main__.KernelSecurityConfigTest)
Ensure DEBUG_WX is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2537, in test_330_config_debug_wx
self.assertKernelConfig('DEBUG_WX', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: DEBUG_WX option was expected to be set in the kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1016-kvm 4.15.0-1016.16
ProcVersionSignature: User Name 4.15.0-1016.16-kvm 4.15.18
Uname: Linux 4.15.0-1016-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.3
Architecture: amd64
Date: Fri Jul 20 07:56:06 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1782721/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
