** Description changed: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. - No code changes, just two config change without disabling any other configs. + No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -------------------------------------------------- Test test_190_config_kernel_fortify from the kernel security test suite failed with 4.15.0-1008 KVM kernel. ====================================================================== FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest) Ensure CONFIG_FORTIFY_SOURCE is set ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 2186, in test_190_config_kernel_fortify self.assertTrue(self._test_config(config_name)) AssertionError: False is not true The CONFIG_FORTIFY_SOURCE is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE # CONFIG_FORTIFY_SOURCE is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:28:13 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
