group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1813721] Re: SECURITY_SELINUX_DISABLE should be enable on X s390x

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Steve Beattie <sbeattie@xxxxxxxxxx>
Date: Tue, 16 Jul 2019 21:01:13 -0000
Reply-to: Bug 1813721 <1813721@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Turning this option off is only significant in 4.12 kernels and newer,
where the LSM hooks make use of __ro_after_init if
CONFIG_SECURITY_SELINUX_DISABLE is disabled.

Per the discussion on the kernel-team list
(https://lists.ubuntu.com/archives/kernel-team/2019-July/102026.html),
I've made sure the test won't fail for kernels older than 4.12
regardless of whether CONFIG_SECURITY_SELINUX_DISABLE is set or unset:
https://git.launchpad.net/qa-regression-
testing/commit/?id=3a1752a5f5743fb330336b4d01f0a6a4200fe31f

Thanks.

** Changed in: qa-regression-testing
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1813721

Title:
  SECURITY_SELINUX_DISABLE should be enable on X s390x

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  In Progress
Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  In Progress

Bug description:
  == SRU Justification ==
  Security team requires the CONFIG_SECURITY_SELINUX_DISABLE should be
  enabled in all of our kernels.

  Currently it's not enabled for s390x in Xenial. And causing the
  test_081_config_security_selinux_disable test in ubuntu_kernel_security
  test suite complaining about this:

    ======================================================================
    FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest)
    Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 2158, in test_081_config_security_selinux_disable
        self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected)
      File "./test-kernel-security.py", line 207, in assertKernelConfig
        self.assertKernelConfigSet(name)
      File "./test-kernel-security.py", line 194, in assertKernelConfigSet
        '%s option was expected to be set in the kernel config' % name)
    AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in the kernel config

  == Test ==
  A test kernel could be found here:
  https://people.canonical.com/~phlin/kernel/lp-1813721-s390x-selinux/

  This issue can be verified with a q-r-t test:
  test_081_config_security_selinux_disable, the test will pass with the
  patched kernel.

    test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest)
    Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) ... (skipped: l) ok

  == Regression Potential ==
  Low, we already have this config enabled in all kernels except this
  specific Xenial s390x.


  ----------------------------------------------------------------------

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-142-generic 4.4.0-142.168
  ProcVersionSignature: Ubuntu 4.4.0-142.168-generic 4.4.167
  Uname: Linux 4.4.0-142-generic s390x
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
  AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: s390x
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
  CurrentDmesg:

  Date: Tue Jan 29 02:30:42 2019
  HibernationDevice: RESUME=UUID=ca468a9c-9563-442c-85c6-6055e800a66e
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lspci:

  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  PciMultimedia:

  ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb'
  ProcKernelCmdLine: root=UUID=b65b756a-ba4e-4c53-aa32-0db2bdb50bb3 crashkernel=196M
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-142-generic N/A
   linux-backports-modules-4.4.0-142-generic  N/A
   linux-firmware                             1.157.21
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1813721/+subscriptions