** Description changed: == Justification == In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well. - - In such case, the kernel can pass the test_072_config_debug_rodata check - in the qa-regression-testing test uite. == Test == Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass. A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here: http://people.canonical.com/~phlin/kernel/lp-1766832/ == Fix == Enable the CONFIG_DEBUG_RODATA. Some other configs were enabled just for skipping the interaction during the compilation. == Regression Potential == Minimal. No code changes, just one config enabled without disabling any other configs. - The test failed with: FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest) CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata self.assertEqual(self._test_config(option), expected) AssertionError: False != True Steps to reproduce: Deploy the node with Xenial 4.4 kernel, install linux-kvm sudo apt-get install python-minimal git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest rm -fr autotest/client/tests ln -sf ~/autotest-client-tests autotest/client/tests AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24 ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98 Uname: Linux 4.4.0-1019-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 Date: Mon Apr 2 16:54:36 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install)
** Description changed: == Justification == In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well. == Test == Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass. A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here: - http://people.canonical.com/~phlin/kernel/lp-1766832/ + http://people.canonical.com/~phlin/kernel/lp-1760643/ == Fix == Enable the CONFIG_DEBUG_RODATA. Some other configs were enabled just for skipping the interaction during the compilation. == Regression Potential == Minimal. No code changes, just one config enabled without disabling any other configs. The test failed with: FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest) CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata self.assertEqual(self._test_config(option), expected) AssertionError: False != True Steps to reproduce: Deploy the node with Xenial 4.4 kernel, install linux-kvm sudo apt-get install python-minimal git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest rm -fr autotest/client/tests ln -sf ~/autotest-client-tests autotest/client/tests AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24 ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98 Uname: Linux 4.4.0-1019-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 Date: Mon Apr 2 16:54:36 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1760643 Title: test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1760643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
