** Description changed:
+ == Justification ==
+ In the Bionic and Xenial KVM kernel, the CONFIG_MODULE_UNLOAD was not set,
this will cause the rmmod command in test_072_strict_devmem test from the
kernel security test suite fail to run, and induce a failure in the following
test_140_kernel_modules_not_tainted test.
+
+ == Fix ==
+ Set CONFIG_MODULE_UNLOAD to "y" to allow user to unload a module.
+
+ == Regression Potential ==
+ Minimal.
+ No code changes, just one config change without disabling any other configs.
+
+
Similar to bug 1760654.
But this time the test_072_strict_devmem passed on the testing node.
And the test_140_kernel_modules_not_tainted test still failed with the same
error message:
- FAIL: test_140_kernel_modules_not_tainted (__main__.KernelSecurityTest)
- kernel modules are not marked with a taint flag (especially 'E' for
TAINT_UNSIGNED_MODULE)
- ----------------------------------------------------------------------
- Traceback (most recent call last):
- File "./test-kernel-security.py", line 1865, in
test_140_kernel_modules_not_tainted
- self.fail('Module \'%s\' is tainted: %s' % (fields[0], last_field))
- AssertionError: Module 'signpost' is tainted: (OE)
+ FAIL: test_140_kernel_modules_not_tainted (__main__.KernelSecurityTest)
+ kernel modules are not marked with a taint flag (especially 'E' for
TAINT_UNSIGNED_MODULE)
+ ----------------------------------------------------------------------
+ Traceback (most recent call last):
+ File "./test-kernel-security.py", line 1865, in
test_140_kernel_modules_not_tainted
+ self.fail('Module \'%s\' is tainted: %s' % (fields[0], last_field))
+ AssertionError: Module 'signpost' is tainted: (OE)
If you try to remove the module after this, you will get:
$ sudo rmmod signpost
rmmod: ERROR: Module signpost is in use
And the lsmod shows:
$ lsmod | grep signpost
signpost 12288 -2
From the Internet [1], the "-2" here indicates that the CONFIG_MODULE_UNLOAD
is not set.
Which is true for the Bionic KVM kernel.
$ grep -i CONFIG_MODULE_UNLOAD debian.kvm/config/config.common.ubuntu
# CONFIG_MODULE_UNLOAD is not set
https://unix.stackexchange.com/questions/269500/lsmod-shows-2-in-the-
used-by-colum
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 08:35:29 2018
ProcEnviron:
- TERM=xterm-256color
- PATH=(custom, no user)
- XDG_RUNTIME_DIR=<set>
- LANG=C.UTF-8
- SHELL=/bin/bash
+ TERM=xterm-256color
+ PATH=(custom, no user)
+ XDG_RUNTIME_DIR=<set>
+ LANG=C.UTF-8
+ SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1766832
Title:
test_140_kernel_modules_not_tainted in kernel security test failed
with 4.15 kvm kernel
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1766832/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
