[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel

Mon, 02 Jul 2018 03:20:53 -0700 

** Changed in: linux-kvm (Ubuntu Bionic)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1766780

Title:
  test_250_config_security_perf_events_restrict in kernel security test
  failed with 4.15 KVM kernel

Status in ubuntu-kernel-tests:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Fix Committed
Status in linux-kvm source package in Bionic:
  Fix Committed

Bug description:
  == Justification ==
  In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
  CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
  meet the security team's requirement.

  == Test ==
  Before enabling the config, test case test_190_config_kernel_fortify and
  test_250_config_security_perf_events_restrict will fail in the kernel
  security testsuite for the kernel SRU regression test.

  It will pass with these two patches applied, tested on a KVM node.

  == Fix ==
  Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
  Set CONFIG_FORTIFY_SOURCE to "y".

  == Regression Potential ==
  Minimal.
  No code changes, just two config changes without disabling any other configs.

  BugLink: https://bugs.launchpad.net/bugs/1766780
  BugLink: https://bugs.launchpad.net/bugs/1766774

  --------------------------------------------------
  test_250_config_security_perf_events_restrict from the kernel security test 
suite failed with 4.15.0-1008 KVM kernel.

   FAIL: test_250_config_security_perf_events_restrict 
(__main__.KernelSecurityTest)
    Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 2313, in 
test_250_config_security_perf_events_restrict
        self.assertEqual(expected, self._test_config(config_name))
    AssertionError: True != False

  The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set.
  $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT
  # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
  ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
  Uname: Linux 4.15.0-1008-kvm x86_64
  NonfreeKernelModules: signpost
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  Date: Wed Apr 25 04:41:49 2018
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to