** Description changed: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. - No code changes, just two config change without disabling any other configs. + No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -------------------------------------------------- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Bug description: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -------------------------------------------------- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
