** Description changed:

  == Justification ==
  In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
  CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
  meet the security team's requirement.
  
  == Test ==
  Before enabling the config, test case test_190_config_kernel_fortify and
  test_250_config_security_perf_events_restrict will fail in the kernel
  security testsuite for the kernel SRU regression test.
  
  It will pass with these two patches applied, tested on a KVM node.
  
  == Fix ==
  Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
  Set CONFIG_FORTIFY_SOURCE to "y".
  
  == Regression Potential ==
  Minimal.
- No code changes, just two config change without disabling any other configs.
+ No code changes, just two config changes without disabling any other configs.
  
  BugLink: https://bugs.launchpad.net/bugs/1766780
  BugLink: https://bugs.launchpad.net/bugs/1766774
  
  --------------------------------------------------
  test_250_config_security_perf_events_restrict from the kernel security test 
suite failed with 4.15.0-1008 KVM kernel.
  
   FAIL: test_250_config_security_perf_events_restrict 
(__main__.KernelSecurityTest)
    Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 2313, in 
test_250_config_security_perf_events_restrict
        self.assertEqual(expected, self._test_config(config_name))
    AssertionError: True != False
  
  The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set.
  $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT
  # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
  ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
  Uname: Linux 4.15.0-1008-kvm x86_64
  NonfreeKernelModules: signpost
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  Date: Wed Apr 25 04:41:49 2018
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1766780

Title:
  test_250_config_security_perf_events_restrict in kernel security test
  failed with 4.15 KVM kernel

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to