[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: Fix Released Status in linux-kvm package in Ubuntu: Fix Released Status in linux-kvm source package in Bionic: Fix Released Status in linux-kvm source package in Cosmic: Fix Released Status in linux-kvm source package in Disco: Fix Released Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
This bug was fixed in the package linux-kvm - 5.0.0-1002.2 --- linux-kvm (5.0.0-1002.2) disco; urgency=medium * linux-kvm: 5.0.0-1002.2 -proposed tracker (LP: #1823222) * Packaging resync (LP: #1786013) - [Packaging] update update.conf * Set CONFIG_RANDOM_TRUST_CPU=y (LP: #1823754) - [Config] CONFIG_RANDOM_TRUST_CPU=y * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel (LP: #1812153) - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE * Miscellaneous Ubuntu changes - [Packaging] enable nvidia dkms build - [Config] update configs after rebase to 5.0.0-10.11 [ Ubuntu: 5.0.0-10.11 ] * linux: 5.0.0-10.11 -proposed tracker (LP: #1823936) * Apparmor enforcement failure in lxc selftests (LP: #1823379) - SAUCE: apparmor: Restore Y/N in /sys for apparmor's "enabled" * systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) - openvswitch: fix flow actions reallocation [ Ubuntu: 5.0.0-9.10 ] * linux: 5.0.0-9.10 -proposed tracker (LP: #1823228) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log - [Packaging] update helper scripts - [Packaging] resync retpoline extraction * Huawei Hi1822 NIC has poor performance (LP: #1820187) - net-next/hinic: replace disable_irq_nosync/enable_irq * Add uid shifting overlay filesystem (shiftfs) (LP: #1823186) - shiftfs: uid/gid shifting bind mount - shiftfs: rework and extend - shiftfs: support some btrfs ioctls - [Config] enable shiftfs * Cannot boot or install - have to use nomodeset (LP: #1821820) - Revert "drm/i915/fbdev: Actually configure untiled displays" * Disco update: v5.0.6 upstream stable release (LP: #1823060) - netfilter: nf_tables: fix set double-free in abort path - dccp: do not use ipv6 header for ipv4 flow - genetlink: Fix a memory leak on error path - gtp: change NET_UDP_TUNNEL dependency to select - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL - mac8390: Fix mmio access size probe - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 - net: datagram: fix unbounded loop in __skb_try_recv_datagram() - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: phy: meson-gxl: fix interrupt support - net: rose: fix a possible stack overflow - net: stmmac: fix memory corruption with large MTUs - net-sysfs: call dev_hold if kobject_init_and_add success - net: usb: aqc111: Extend HWID table by QNAP device - packets: Always register packet sk in the same order - rhashtable: Still do rehash when we get EEXIST - sctp: get sctphdr by offset in sctp_compute_cksum - sctp: use memdup_user instead of vmemdup_user - tcp: do not use ipv6 header for ipv4 flow - tipc: allow service ranges to be connect()'ed on RDM/DGRAM - tipc: change to check tipc_own_id to return in tipc_net_stop - tipc: fix cancellation of topology subscriptions - tun: properly test for IFF_UP - vrf: prevent adding upper devices - vxlan: Don't call gro_cells_destroy() before device is unregistered - thunderx: enable page recycling for non-XDP case - thunderx: eliminate extra calls to put_page() for pages held for recycling - net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode - net: mii: Fix PAUSE cap advertisement from linkmode_adv_to_lcl_adv_t() helper - net: phy: don't clear BMCR in genphy_soft_reset - r8169: fix cable re-plugging issue - ila: Fix rhashtable walker list corruption - tun: add a missing rcu_read_unlock() in error path - powerpc/fsl: Fix the flush of branch predictor. - Btrfs: fix incorrect file size after shrinking truncate and fsync - btrfs: remove WARN_ON in log_dir_items - btrfs: don't report readahead errors and don't update statistics - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size - Btrfs: fix assertion failure on fsync with NO_HOLES enabled - locks: wake any locks blocked on request before deadlock check - tracing: initialize variable in create_dyn_event() - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time - powerpc: bpf: Fix generation of load/store DW instructions - vfio: ccw: only free cp on final interrupt - NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data() - NFS: fix mount/umount race in nlmclnt. - NFSv4.1 don't free interrupted slot on open - net: dsa: qca8k: remove leftover phy accessors - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: seq: oss: Fix Spectre v1 vulnerability - ALSA: pcm: Fix possible OOB access in PCM oss plugins - ALSA: pcm: Don't suspend stream in
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
This bug was fixed in the package linux-kvm - 4.18.0-1009.9 --- linux-kvm (4.18.0-1009.9) cosmic; urgency=medium * linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621) * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel (LP: #1812153) - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was expected to be set in C-KVM (LP: #1812624) - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO [ Ubuntu: 4.18.0-17.18 ] * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts * C++ demangling support missing from perf (LP: #1396654) - [Packaging] fix a mistype * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162) - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747) - nvme-pci: fix out of bounds access in nvme_cqe_pending * CVE-2019-9003 - ipmi: fix use-after-free of user->release_barrier.rda * CVE-2019-9162 - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs * CVE-2019-9213 - mm: enforce min addr even if capable() in expand_downwards() * CVE-2019-3460 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt * tun/tap: unable to manage carrier state from userland (LP: #1806392) - tun: implement carrier change * CVE-2019-8980 - exec: Fix mem leak in kernel_read_file * [Packaging] Allow overlay of config annotations (LP: #1752072) - [Packaging] config-check: Add an include directive * amdgpu with mst WARNING on blanking (LP: #1814308) - drm/amd/display: Fix MST dp_blank REG_WAIT timeout * CVE-2019-7308 - bpf: move {prev_,}insn_idx into verifier env - bpf: move tmp variable into ax register in interpreter - bpf: enable access to ax register also from verifier rewrite - bpf: restrict map value pointer arithmetic for unprivileged - bpf: restrict stack pointer arithmetic for unprivileged - bpf: restrict unknown scalars of mixed signed bounds for unprivileged - bpf: fix check_map_access smin_value test when pointer contains offset - bpf: prevent out of bounds speculation on pointer arithmetic - bpf: fix sanitation of alu op with pointer / scalar type from different paths - bpf: add various test cases to test_verifier - bpf: add various test cases to selftests * CVE-2017-5753 - bpf: fix inner map masking to prevent oob under speculation * Use memblock quirk instead of delayed allocation for GICv3 LPI tables (LP: #1816425) - efi/arm: Revert "Defer persistent reservations until after paging_init()" - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982) - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted * Update ENA driver to version 2.0.3K (LP: #1816806) - net: ena: update driver version from 2.0.2 to 2.0.3 - net: ena: fix race between link up and device initalization - net: ena: fix crash during failed resume from hibernation * Silent "Unknown key" message when pressing keyboard backlight hotkey (LP: #1817063) - platform/x86: dell-wmi: Ignore new keyboard backlight change event * CVE-2018-19824 - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c * CVE-2019-3459 - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer * CONFIG_TEST_BPF is disabled (LP: #1813955) - [Config]: Reenable TEST_BPF * installer does not support iSCSI iBFT (LP: #1817321) - d-i: add iscsi_ibft to scsi-modules * CVE-2019-7222 - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) * CVE-2019-7221 - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) * CVE-2019-6974 - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) * hns3 nic speed may not match optical port speed (LP: #1817969) - net: hns3: Config NIC port speed same as that of optical module * [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021) - srcu: Lock srcu_data structure in srcu_gp_start() * libsas disks can have non-unique by-path names (LP: #1817784) - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached * Bluetooth not working (Intel CyclonePeak) (LP: #1817518) - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029 * CVE-2019-8912 - net: crypto set sk to NULL when af_alg_release. - net: socket: set sock->sk to NULL after calling proto_ops::release() * 4.18.0 thinkpad_acpi : thresholds for BAT1 not writable (LP: #1812099)
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
This bug was fixed in the package linux-kvm - 4.18.0-1009.9 --- linux-kvm (4.18.0-1009.9) cosmic; urgency=medium * linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621) * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel (LP: #1812153) - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was expected to be set in C-KVM (LP: #1812624) - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO [ Ubuntu: 4.18.0-17.18 ] * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts * C++ demangling support missing from perf (LP: #1396654) - [Packaging] fix a mistype * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162) - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747) - nvme-pci: fix out of bounds access in nvme_cqe_pending * CVE-2019-9003 - ipmi: fix use-after-free of user->release_barrier.rda * CVE-2019-9162 - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs * CVE-2019-9213 - mm: enforce min addr even if capable() in expand_downwards() * CVE-2019-3460 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt * tun/tap: unable to manage carrier state from userland (LP: #1806392) - tun: implement carrier change * CVE-2019-8980 - exec: Fix mem leak in kernel_read_file * [Packaging] Allow overlay of config annotations (LP: #1752072) - [Packaging] config-check: Add an include directive * amdgpu with mst WARNING on blanking (LP: #1814308) - drm/amd/display: Fix MST dp_blank REG_WAIT timeout * CVE-2019-7308 - bpf: move {prev_,}insn_idx into verifier env - bpf: move tmp variable into ax register in interpreter - bpf: enable access to ax register also from verifier rewrite - bpf: restrict map value pointer arithmetic for unprivileged - bpf: restrict stack pointer arithmetic for unprivileged - bpf: restrict unknown scalars of mixed signed bounds for unprivileged - bpf: fix check_map_access smin_value test when pointer contains offset - bpf: prevent out of bounds speculation on pointer arithmetic - bpf: fix sanitation of alu op with pointer / scalar type from different paths - bpf: add various test cases to test_verifier - bpf: add various test cases to selftests * CVE-2017-5753 - bpf: fix inner map masking to prevent oob under speculation * Use memblock quirk instead of delayed allocation for GICv3 LPI tables (LP: #1816425) - efi/arm: Revert "Defer persistent reservations until after paging_init()" - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982) - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted * Update ENA driver to version 2.0.3K (LP: #1816806) - net: ena: update driver version from 2.0.2 to 2.0.3 - net: ena: fix race between link up and device initalization - net: ena: fix crash during failed resume from hibernation * Silent "Unknown key" message when pressing keyboard backlight hotkey (LP: #1817063) - platform/x86: dell-wmi: Ignore new keyboard backlight change event * CVE-2018-19824 - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c * CVE-2019-3459 - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer * CONFIG_TEST_BPF is disabled (LP: #1813955) - [Config]: Reenable TEST_BPF * installer does not support iSCSI iBFT (LP: #1817321) - d-i: add iscsi_ibft to scsi-modules * CVE-2019-7222 - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) * CVE-2019-7221 - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) * CVE-2019-6974 - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) * hns3 nic speed may not match optical port speed (LP: #1817969) - net: hns3: Config NIC port speed same as that of optical module * [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021) - srcu: Lock srcu_data structure in srcu_gp_start() * libsas disks can have non-unique by-path names (LP: #1817784) - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached * Bluetooth not working (Intel CyclonePeak) (LP: #1817518) - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029 * CVE-2019-8912 - net: crypto set sk to NULL when af_alg_release. - net: socket: set sock->sk to NULL after calling proto_ops::release() * 4.18.0 thinkpad_acpi : thresholds for BAT1 not writable (LP: #1812099)
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Changed in: linux-kvm (Ubuntu Disco) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: Fix Committed Status in linux-kvm source package in Bionic: Fix Released Status in linux-kvm source package in Cosmic: Fix Committed Status in linux-kvm source package in Disco: Fix Committed Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Changed in: linux-kvm (Ubuntu Cosmic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Status in linux-kvm source package in Bionic: Fix Released Status in linux-kvm source package in Cosmic: Fix Committed Status in linux-kvm source package in Disco: In Progress Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Also affects: linux-kvm (Ubuntu Disco) Importance: Undecided Assignee: Po-Hsu Lin (cypressyew) Status: In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Status in linux-kvm source package in Bionic: Fix Released Status in linux-kvm source package in Cosmic: In Progress Status in linux-kvm source package in Disco: In Progress Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Also affects: linux-kvm (Ubuntu Cosmic) Importance: Undecided Status: New ** Changed in: linux-kvm (Ubuntu Cosmic) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: linux-kvm (Ubuntu Cosmic) Status: New => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Status in linux-kvm source package in Bionic: Fix Released Status in linux-kvm source package in Cosmic: In Progress Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
This bug was fixed in the package linux-kvm - 4.15.0-1030.30 --- linux-kvm (4.15.0-1030.30) bionic; urgency=medium * linux-kvm: 4.15.0-1030.30 -proposed tracker (LP: #1814736) * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel (LP: #1812153) - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS [ Ubuntu: 4.15.0-46.49 ] * linux: 4.15.0-46.49 -proposed tracker (LP: #1814726) * mprotect fails on ext4 with dax (LP: #1799237) - x86/speculation/l1tf: Exempt zeroed PTEs from inversion * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086) - iscsi target: fix session creation failure handling - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails - scsi: iscsi: target: Fix conn_ops double free * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel (LP: #1812198) - selftests: user: return Kselftest Skip code for skipped tests - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS - selftests: kselftest: Remove outdated comment * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472) - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled - [Config] CONFIG_RTLWIFI_DEBUG_ST=n - SAUCE: Add r8822be to signature inclusion list * kernel oops in bcache module (LP: #1793901) - SAUCE: bcache: never writeback a discard operation * CVE-2018-18397 - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas - userfaultfd: shmem: add i_size checks - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set * Ignore "incomplete report" from Elan touchpanels (LP: #1813733) - HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels * Vsock connect fails with ENODEV for large CID (LP: #1813934) - vhost/vsock: fix vhost vsock cid hashing inconsistent * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604) - ACPI / LPSS: Force LPSS quirks on boot * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229) - scsi: sd_zbc: Fix variable type and bogus comment - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/apm: Don't access __preempt_count with zeroed fs - x86/events/intel/ds: Fix bts_interrupt_threshold alignment - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk - ARCv2: [plat-hsdk]: Save accl reg pair by default - ARC: Fix CONFIG_SWAP - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - mm/huge_memory.c: fix data loss when splitting a file pmd - cpufreq: intel_pstate: Register when ACPI PCCH is present - vfio/pci: Fix potential Spectre v1 - stop_machine: Disable preemption when waking two stopper threads - drm/i915: Fix hotplug irq ack on i965/g4x - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors - drm/nouveau: Avoid looping through fake MST connectors - gen_stats: Fix netlink stats dumping in the presence of padding - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - ipv6: ila: select CONFIG_DST_CACHE - lib/rhashtable: consider param->min_size when setting initial table size - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - qmi_wwan: add support for Quectel EG91 - tg3: Add higher cpu clock for 5762. - hv_netvsc: Fix napi reschedule while receive completion is busy - net/mlx4_en: Don't reuse RX page when XDP is set - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite - ipv6: make DAD fail with enhanced DAD when nonce length differs - net: usb: asix: replace mii_nway_restart in resume path - alpha: fix osf_wait4() breakage - cxl_getfile(): fix double-iput() on alloc_file() failures - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) - xhci: Fix perceived dead host due to runtime suspend race with event handler - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock - ALSA: hda/realtek - Yet another Clevo P950 quirk entry
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
This bug was fixed in the package linux-kvm - 4.15.0-1030.30 --- linux-kvm (4.15.0-1030.30) bionic; urgency=medium * linux-kvm: 4.15.0-1030.30 -proposed tracker (LP: #1814736) * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel (LP: #1812153) - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS [ Ubuntu: 4.15.0-46.49 ] * linux: 4.15.0-46.49 -proposed tracker (LP: #1814726) * mprotect fails on ext4 with dax (LP: #1799237) - x86/speculation/l1tf: Exempt zeroed PTEs from inversion * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086) - iscsi target: fix session creation failure handling - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails - scsi: iscsi: target: Fix conn_ops double free * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel (LP: #1812198) - selftests: user: return Kselftest Skip code for skipped tests - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS - selftests: kselftest: Remove outdated comment * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472) - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled - [Config] CONFIG_RTLWIFI_DEBUG_ST=n - SAUCE: Add r8822be to signature inclusion list * kernel oops in bcache module (LP: #1793901) - SAUCE: bcache: never writeback a discard operation * CVE-2018-18397 - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas - userfaultfd: shmem: add i_size checks - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set * Ignore "incomplete report" from Elan touchpanels (LP: #1813733) - HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels * Vsock connect fails with ENODEV for large CID (LP: #1813934) - vhost/vsock: fix vhost vsock cid hashing inconsistent * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604) - ACPI / LPSS: Force LPSS quirks on boot * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229) - scsi: sd_zbc: Fix variable type and bogus comment - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/apm: Don't access __preempt_count with zeroed fs - x86/events/intel/ds: Fix bts_interrupt_threshold alignment - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk - ARCv2: [plat-hsdk]: Save accl reg pair by default - ARC: Fix CONFIG_SWAP - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - mm/huge_memory.c: fix data loss when splitting a file pmd - cpufreq: intel_pstate: Register when ACPI PCCH is present - vfio/pci: Fix potential Spectre v1 - stop_machine: Disable preemption when waking two stopper threads - drm/i915: Fix hotplug irq ack on i965/g4x - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors - drm/nouveau: Avoid looping through fake MST connectors - gen_stats: Fix netlink stats dumping in the presence of padding - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - ipv6: ila: select CONFIG_DST_CACHE - lib/rhashtable: consider param->min_size when setting initial table size - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - qmi_wwan: add support for Quectel EG91 - tg3: Add higher cpu clock for 5762. - hv_netvsc: Fix napi reschedule while receive completion is busy - net/mlx4_en: Don't reuse RX page when XDP is set - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite - ipv6: make DAD fail with enhanced DAD when nonce length differs - net: usb: asix: replace mii_nway_restart in resume path - alpha: fix osf_wait4() breakage - cxl_getfile(): fix double-iput() on alloc_file() failures - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) - xhci: Fix perceived dead host due to runtime suspend race with event handler - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock - ALSA: hda/realtek - Yet another Clevo P950 quirk entry
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Changed in: linux-kvm (Ubuntu Bionic) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Status in linux-kvm source package in Bionic: Fix Committed Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Also affects: linux-kvm (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: linux-kvm (Ubuntu Bionic) Importance: Undecided => Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Status in linux-kvm source package in Bionic: New Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Also affects: ubuntu-kernel-tests Importance: Undecided Status: New ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Po-Hsu Lin (cypressyew) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812153] Re: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
** Changed in: linux-kvm (Ubuntu) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: linux-kvm (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1812153 Title: CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel Status in linux-kvm package in Ubuntu: In Progress Bug description: The test_081_config_security_selinux_disable test failed on the Bionic KVM kernel FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) -- Traceback (most recent call last): File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) File "./test-kernel-security.py", line 209, in assertKernelConfig self.assertKernelConfigUnset(name) File "./test-kernel-security.py", line 200, in assertKernelConfigUnset '%s option was expected to be unset in the kernel config' % name) AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 04:31:59 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1812153/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp