[Kernel-packages] [Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel

Thu, 21 Jun 2018 20:16:03 -0700 

** Changed in: linux-kvm (Ubuntu)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1766774

Title:
  test_190_config_kernel_fortify in kernel security test failed with
  4.15 KVM kernel

Status in ubuntu-kernel-tests:
  In Progress
Status in linux-kvm package in Ubuntu:
  Fix Committed

Bug description:
  == Justification ==
  In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
  CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
  meet the security team's requirement.

  == Test ==
  Before enabling the config, test case test_190_config_kernel_fortify and
  test_250_config_security_perf_events_restrict will fail in the kernel
  security testsuite for the kernel SRU regression test.

  It will pass with these two patches applied, tested on a KVM node.

  == Fix ==
  Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
  Set CONFIG_FORTIFY_SOURCE to "y".

  == Regression Potential ==
  Minimal.
  No code changes, just two config changes without disabling any other configs.

  BugLink: https://bugs.launchpad.net/bugs/1766780
  BugLink: https://bugs.launchpad.net/bugs/1766774

  --------------------------------------------------
  Test test_190_config_kernel_fortify from the kernel security test suite 
failed with 4.15.0-1008 KVM kernel.

    ======================================================================
    FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest)
    Ensure CONFIG_FORTIFY_SOURCE is set
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 2186, in 
test_190_config_kernel_fortify
        self.assertTrue(self._test_config(config_name))
    AssertionError: False is not true

  The CONFIG_FORTIFY_SOURCE is not set.
  $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE
  # CONFIG_FORTIFY_SOURCE is not set

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
  ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
  Uname: Linux 4.15.0-1008-kvm x86_64
  NonfreeKernelModules: signpost
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  Date: Wed Apr 25 04:28:13 2018
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to