A test kernel could be found here (along with the patch for bug 1766780:
http://people.canonical.com/~phlin/kernel/lp-1766774-1766780/
** No longer affects: qa-regression-testing
** Changed in: ubuntu-kernel-tests
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: linux-kvm (Ubuntu)
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: ubuntu-kernel-tests
Status: New => In Progress
** Changed in: linux-kvm (Ubuntu)
Status: New => In Progress
** Description changed:
+ == Justification ==
+ In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
+ CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
+ meet the security team's requirement.
+
+ == Test ==
+ Before enabling the config, test case test_190_config_kernel_fortify and
+ test_250_config_security_perf_events_restrict will fail in the kernel
+ security testsuite for the kernel SRU regression test.
+
+ It will pass with these two patches applied, tested on a KVM node.
+
+ == Fix ==
+ Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
+ Set CONFIG_FORTIFY_SOURCE to "y".
+
+ == Regression Potential ==
+ Minimal.
+ No code changes, just two config change without disabling any other configs.
+
+
Test test_190_config_kernel_fortify from the kernel security test suite
failed with 4.15.0-1008 KVM kernel.
- ======================================================================
- FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest)
- Ensure CONFIG_FORTIFY_SOURCE is set
- ----------------------------------------------------------------------
- Traceback (most recent call last):
- File "./test-kernel-security.py", line 2186, in
test_190_config_kernel_fortify
- self.assertTrue(self._test_config(config_name))
- AssertionError: False is not true
-
+ ======================================================================
+ FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest)
+ Ensure CONFIG_FORTIFY_SOURCE is set
+ ----------------------------------------------------------------------
+ Traceback (most recent call last):
+ File "./test-kernel-security.py", line 2186, in
test_190_config_kernel_fortify
+ self.assertTrue(self._test_config(config_name))
+ AssertionError: False is not true
The CONFIG_FORTIFY_SOURCE is not set.
$ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE
# CONFIG_FORTIFY_SOURCE is not set
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 04:28:13 2018
ProcEnviron:
- TERM=xterm-256color
- PATH=(custom, no user)
- XDG_RUNTIME_DIR=<set>
- LANG=C.UTF-8
- SHELL=/bin/bash
+ TERM=xterm-256color
+ PATH=(custom, no user)
+ XDG_RUNTIME_DIR=<set>
+ LANG=C.UTF-8
+ SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
** Description changed:
== Justification ==
In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
meet the security team's requirement.
== Test ==
Before enabling the config, test case test_190_config_kernel_fortify and
test_250_config_security_perf_events_restrict will fail in the kernel
security testsuite for the kernel SRU regression test.
It will pass with these two patches applied, tested on a KVM node.
== Fix ==
Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
Set CONFIG_FORTIFY_SOURCE to "y".
== Regression Potential ==
Minimal.
No code changes, just two config change without disabling any other configs.
- Test test_190_config_kernel_fortify from the kernel security test suite
- failed with 4.15.0-1008 KVM kernel.
+ --------------------------------------------------
+ Test test_190_config_kernel_fortify from the kernel security test suite
failed with 4.15.0-1008 KVM kernel.
======================================================================
FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest)
Ensure CONFIG_FORTIFY_SOURCE is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2186, in
test_190_config_kernel_fortify
self.assertTrue(self._test_config(config_name))
AssertionError: False is not true
The CONFIG_FORTIFY_SOURCE is not set.
$ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE
# CONFIG_FORTIFY_SOURCE is not set
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 04:28:13 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
** Description changed:
== Justification ==
In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
meet the security team's requirement.
== Test ==
Before enabling the config, test case test_190_config_kernel_fortify and
test_250_config_security_perf_events_restrict will fail in the kernel
security testsuite for the kernel SRU regression test.
It will pass with these two patches applied, tested on a KVM node.
== Fix ==
Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
Set CONFIG_FORTIFY_SOURCE to "y".
== Regression Potential ==
Minimal.
No code changes, just two config change without disabling any other configs.
+ BugLink: https://bugs.launchpad.net/bugs/1766780
+ BugLink: https://bugs.launchpad.net/bugs/1766774
--------------------------------------------------
Test test_190_config_kernel_fortify from the kernel security test suite
failed with 4.15.0-1008 KVM kernel.
======================================================================
FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest)
Ensure CONFIG_FORTIFY_SOURCE is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2186, in
test_190_config_kernel_fortify
self.assertTrue(self._test_config(config_name))
AssertionError: False is not true
The CONFIG_FORTIFY_SOURCE is not set.
$ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE
# CONFIG_FORTIFY_SOURCE is not set
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 04:28:13 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1766774
Title:
test_190_config_kernel_fortify in kernel security test failed with
4.15 KVM kernel
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Bug description:
== Justification ==
In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
meet the security team's requirement.
== Test ==
Before enabling the config, test case test_190_config_kernel_fortify and
test_250_config_security_perf_events_restrict will fail in the kernel
security testsuite for the kernel SRU regression test.
It will pass with these two patches applied, tested on a KVM node.
== Fix ==
Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
Set CONFIG_FORTIFY_SOURCE to "y".
== Regression Potential ==
Minimal.
No code changes, just two config change without disabling any other configs.
BugLink: https://bugs.launchpad.net/bugs/1766780
BugLink: https://bugs.launchpad.net/bugs/1766774
--------------------------------------------------
Test test_190_config_kernel_fortify from the kernel security test suite
failed with 4.15.0-1008 KVM kernel.
======================================================================
FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest)
Ensure CONFIG_FORTIFY_SOURCE is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2186, in
test_190_config_kernel_fortify
self.assertTrue(self._test_config(config_name))
AssertionError: False is not true
The CONFIG_FORTIFY_SOURCE is not set.
$ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE
# CONFIG_FORTIFY_SOURCE is not set
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 04:28:13 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
