[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Changed in: linux (Ubuntu Xenial) Status: In Progress => Invalid ** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Released ** Changed in: ubuntu-kernel-tests Assignee: Po-Hsu Lin (cypressyew) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
Turning this option off is only significant in 4.12 kernels and newer, where the LSM hooks make use of __ro_after_init if CONFIG_SECURITY_SELINUX_DISABLE is disabled. Per the discussion on the kernel-team list (https://lists.ubuntu.com/archives/kernel-team/2019-July/102026.html), I've made sure the test won't fail for kernels older than 4.12 regardless of whether CONFIG_SECURITY_SELINUX_DISABLE is set or unset: https://git.launchpad.net/qa-regression- testing/commit/?id=3a1752a5f5743fb330336b4d01f0a6a4200fe31f Thanks. ** Changed in: qa-regression-testing Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Also affects: qa-regression-testing Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Tags added: ubuntu-qrt-kernel-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Description changed:
== SRU Justification ==
- Security team requires the CONFIG_SECURITY_SELINUX_DISABLE to be enabled in
all of our kernels.
+ Security team requires the CONFIG_SECURITY_SELINUX_DISABLE should be
+ enabled in all of our kernels.
+
+ Currently it's not enabled for s390x in Xenial. And causing the
+ test_081_config_security_selinux_disable test in ubuntu_kernel_security
+ test suite complaining about this:
+
+ ==
+ FAIL: test_081_config_security_selinux_disable
(__main__.KernelSecurityConfigTest)
+ Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315)
+ --
+ Traceback (most recent call last):
+ File "./test-kernel-security.py", line 2158, in
test_081_config_security_selinux_disable
+ self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected)
+ File "./test-kernel-security.py", line 207, in assertKernelConfig
+ self.assertKernelConfigSet(name)
+ File "./test-kernel-security.py", line 194, in assertKernelConfigSet
+ '%s option was expected to be set in the kernel config' % name)
+ AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in
the kernel config
== Test ==
A test kernel could be found here:
https://people.canonical.com/~phlin/kernel/lp-1813721-s390x-selinux/
- This issue can be verified with test_081_config_security_selinux_disable
- test from q-r-t, the test will pass with the patched kernel.
+ This issue can be verified with a q-r-t test:
+ test_081_config_security_selinux_disable, the test will pass with the
+ patched kernel.
test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest)
Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) ...
(skipped: l) ok
== Regression Potential ==
- Low, we already have this config enabled in all kernels except this specific
Xenial s390x.
+ Low, we already have this config enabled in all kernels except this
+ specific Xenial s390x.
-
- == Original Bug Report ==
-
- This test from q-r-t has failed exclusively on Xenial s390x:
- ==
- FAIL: test_081_config_security_selinux_disable
(__main__.KernelSecurityConfigTest)
- Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315)
- --
- Traceback (most recent call last):
- File "./test-kernel-security.py", line 2158, in
test_081_config_security_selinux_disable
- self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected)
- File "./test-kernel-security.py", line 207, in assertKernelConfig
- self.assertKernelConfigSet(name)
- File "./test-kernel-security.py", line 194, in assertKernelConfigSet
- '%s option was expected to be set in the kernel config' % name)
- AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in
the kernel config
--
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-142-generic 4.4.0-142.168
ProcVersionSignature: Ubuntu 4.4.0-142.168-generic 4.4.167
Uname: Linux 4.4.0-142-generic s390x
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code
2: ls: cannot access '/dev/snd/': No such file or directory
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: s390x
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211
not found.
CurrentDmesg:
Date: Tue Jan 29 02:30:42 2019
HibernationDevice: RESUME=UUID=ca468a9c-9563-442c-85c6-6055e800a66e
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lspci:
Lsusb: Error: command ['lsusb'] failed with exit code 1:
PciMultimedia:
ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb'
ProcKernelCmdLine: root=UUID=b65b756a-ba4e-4c53-aa32-0db2bdb50bb3
crashkernel=196M
RelatedPackageVersions:
linux-restricted-modules-4.4.0-142-generic N/A
linux-backports-modules-4.4.0-142-generic N/A
linux-firmware 1.157.21
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1813721
Title:
SECURITY_SELINUX_DISABLE should be enable on X s390x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions
--
ubuntu-bugs mailing list
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Description changed:
+ == SRU Justification ==
+ Security team requires the CONFIG_SECURITY_SELINUX_DISABLE to be enabled in
all of our kernels.
+
+ == Test ==
+ A test kernel could be found here:
+ https://people.canonical.com/~phlin/kernel/lp-1813721-s390x-selinux/
+
+ This issue can be verified with test_081_config_security_selinux_disable
+ test from q-r-t, the test will pass with the patched kernel.
+
+ test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest)
+ Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) ...
(skipped: l) ok
+
+ == Regression Potential ==
+ Low, we already have this config enabled in all kernels except this specific
Xenial s390x.
+
+
+ == Original Bug Report ==
+
This test from q-r-t has failed exclusively on Xenial s390x:
- ==
- FAIL: test_081_config_security_selinux_disable
(__main__.KernelSecurityConfigTest)
- Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315)
- --
- Traceback (most recent call last):
- File "./test-kernel-security.py", line 2158, in
test_081_config_security_selinux_disable
- self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected)
- File "./test-kernel-security.py", line 207, in assertKernelConfig
- self.assertKernelConfigSet(name)
- File "./test-kernel-security.py", line 194, in assertKernelConfigSet
- '%s option was expected to be set in the kernel config' % name)
- AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in
the kernel config
-
- --
+ ==
+ FAIL: test_081_config_security_selinux_disable
(__main__.KernelSecurityConfigTest)
+ Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315)
+ --
+ Traceback (most recent call last):
+ File "./test-kernel-security.py", line 2158, in
test_081_config_security_selinux_disable
+ self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected)
+ File "./test-kernel-security.py", line 207, in assertKernelConfig
+ self.assertKernelConfigSet(name)
+ File "./test-kernel-security.py", line 194, in assertKernelConfigSet
+ '%s option was expected to be set in the kernel config' % name)
+ AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in
the kernel config
+
+ --
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-142-generic 4.4.0-142.168
ProcVersionSignature: Ubuntu 4.4.0-142.168-generic 4.4.167
Uname: Linux 4.4.0-142-generic s390x
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code
2: ls: cannot access '/dev/snd/': No such file or directory
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: s390x
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211
not found.
CurrentDmesg:
-
+
Date: Tue Jan 29 02:30:42 2019
HibernationDevice: RESUME=UUID=ca468a9c-9563-442c-85c6-6055e800a66e
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lspci:
-
+
Lsusb: Error: command ['lsusb'] failed with exit code 1:
PciMultimedia:
-
+
ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb'
ProcKernelCmdLine: root=UUID=b65b756a-ba4e-4c53-aa32-0db2bdb50bb3
crashkernel=196M
RelatedPackageVersions:
- linux-restricted-modules-4.4.0-142-generic N/A
- linux-backports-modules-4.4.0-142-generic N/A
- linux-firmware 1.157.21
+ linux-restricted-modules-4.4.0-142-generic N/A
+ linux-backports-modules-4.4.0-142-generic N/A
+ linux-firmware 1.157.21
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1813721
Title:
SECURITY_SELINUX_DISABLE should be enable on X s390x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: linux (Ubuntu Xenial) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Xenial) Status: New => Confirmed ** Changed in: linux (Ubuntu) Status: Incomplete => Won't Fix ** Changed in: linux (Ubuntu) Status: Won't Fix => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
