[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Changed in: linux (Ubuntu Xenial) Status: In Progress => Invalid ** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Released ** Changed in: ubuntu-kernel-tests Assignee: Po-Hsu Lin (cypressyew) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
Turning this option off is only significant in 4.12 kernels and newer, where the LSM hooks make use of __ro_after_init if CONFIG_SECURITY_SELINUX_DISABLE is disabled. Per the discussion on the kernel-team list (https://lists.ubuntu.com/archives/kernel-team/2019-July/102026.html), I've made sure the test won't fail for kernels older than 4.12 regardless of whether CONFIG_SECURITY_SELINUX_DISABLE is set or unset: https://git.launchpad.net/qa-regression- testing/commit/?id=3a1752a5f5743fb330336b4d01f0a6a4200fe31f Thanks. ** Changed in: qa-regression-testing Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Also affects: qa-regression-testing Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Tags added: ubuntu-qrt-kernel-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Description changed: == SRU Justification == - Security team requires the CONFIG_SECURITY_SELINUX_DISABLE to be enabled in all of our kernels. + Security team requires the CONFIG_SECURITY_SELINUX_DISABLE should be + enabled in all of our kernels. + + Currently it's not enabled for s390x in Xenial. And causing the + test_081_config_security_selinux_disable test in ubuntu_kernel_security + test suite complaining about this: + + == + FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) + Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) + -- + Traceback (most recent call last): + File "./test-kernel-security.py", line 2158, in test_081_config_security_selinux_disable + self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) + File "./test-kernel-security.py", line 207, in assertKernelConfig + self.assertKernelConfigSet(name) + File "./test-kernel-security.py", line 194, in assertKernelConfigSet + '%s option was expected to be set in the kernel config' % name) + AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in the kernel config == Test == A test kernel could be found here: https://people.canonical.com/~phlin/kernel/lp-1813721-s390x-selinux/ - This issue can be verified with test_081_config_security_selinux_disable - test from q-r-t, the test will pass with the patched kernel. + This issue can be verified with a q-r-t test: + test_081_config_security_selinux_disable, the test will pass with the + patched kernel. test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) ... (skipped: l) ok == Regression Potential == - Low, we already have this config enabled in all kernels except this specific Xenial s390x. + Low, we already have this config enabled in all kernels except this + specific Xenial s390x. - - == Original Bug Report == - - This test from q-r-t has failed exclusively on Xenial s390x: - == - FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) - Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) - -- - Traceback (most recent call last): - File "./test-kernel-security.py", line 2158, in test_081_config_security_selinux_disable - self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) - File "./test-kernel-security.py", line 207, in assertKernelConfig - self.assertKernelConfigSet(name) - File "./test-kernel-security.py", line 194, in assertKernelConfigSet - '%s option was expected to be set in the kernel config' % name) - AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in the kernel config -- ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-142-generic 4.4.0-142.168 ProcVersionSignature: Ubuntu 4.4.0-142.168-generic 4.4.167 Uname: Linux 4.4.0-142-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.18 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: Date: Tue Jan 29 02:30:42 2019 HibernationDevice: RESUME=UUID=ca468a9c-9563-442c-85c6-6055e800a66e IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=b65b756a-ba4e-4c53-aa32-0db2bdb50bb3 crashkernel=196M RelatedPackageVersions: linux-restricted-modules-4.4.0-142-generic N/A linux-backports-modules-4.4.0-142-generic N/A linux-firmware 1.157.21 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Description changed: + == SRU Justification == + Security team requires the CONFIG_SECURITY_SELINUX_DISABLE to be enabled in all of our kernels. + + == Test == + A test kernel could be found here: + https://people.canonical.com/~phlin/kernel/lp-1813721-s390x-selinux/ + + This issue can be verified with test_081_config_security_selinux_disable + test from q-r-t, the test will pass with the patched kernel. + + test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) + Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) ... (skipped: l) ok + + == Regression Potential == + Low, we already have this config enabled in all kernels except this specific Xenial s390x. + + + == Original Bug Report == + This test from q-r-t has failed exclusively on Xenial s390x: - == - FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) - Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) - -- - Traceback (most recent call last): - File "./test-kernel-security.py", line 2158, in test_081_config_security_selinux_disable - self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) - File "./test-kernel-security.py", line 207, in assertKernelConfig - self.assertKernelConfigSet(name) - File "./test-kernel-security.py", line 194, in assertKernelConfigSet - '%s option was expected to be set in the kernel config' % name) - AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in the kernel config - - -- + == + FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest) + Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) + -- + Traceback (most recent call last): + File "./test-kernel-security.py", line 2158, in test_081_config_security_selinux_disable + self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected) + File "./test-kernel-security.py", line 207, in assertKernelConfig + self.assertKernelConfigSet(name) + File "./test-kernel-security.py", line 194, in assertKernelConfigSet + '%s option was expected to be set in the kernel config' % name) + AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in the kernel config + + -- ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-142-generic 4.4.0-142.168 ProcVersionSignature: Ubuntu 4.4.0-142.168-generic 4.4.167 Uname: Linux 4.4.0-142-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.18 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: - + Date: Tue Jan 29 02:30:42 2019 HibernationDevice: RESUME=UUID=ca468a9c-9563-442c-85c6-6055e800a66e IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: - + Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: - + ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=b65b756a-ba4e-4c53-aa32-0db2bdb50bb3 crashkernel=196M RelatedPackageVersions: - linux-restricted-modules-4.4.0-142-generic N/A - linux-backports-modules-4.4.0-142-generic N/A - linux-firmware 1.157.21 + linux-restricted-modules-4.4.0-142-generic N/A + linux-backports-modules-4.4.0-142-generic N/A + linux-firmware 1.157.21 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: linux (Ubuntu Xenial) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x
** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Xenial) Status: New => Confirmed ** Changed in: linux (Ubuntu) Status: Incomplete => Won't Fix ** Changed in: linux (Ubuntu) Status: Won't Fix => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813721 Title: SECURITY_SELINUX_DISABLE should be enable on X s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs