I see a failure at least for EC2 m1.small; as such, I am tagging this bug qa-testing-failed. Except for EC2 m1.small, all tests so far passed, still to run the KVM ones: Running test: './test-kernel-security.py' distro: 'Ubuntu 11.04' kernel: '2.6.38-10.46 (Ubuntu 2.6.38-10.46-virtual 2.6.38.7)' arch: 'i386' uid: 0/0 SUDO_USER: 'ubuntu') test_000_make (__main__.KernelSecurityTest) Build helper tools ... (4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu4)) ok test_010_proc_maps (__main__.KernelSecurityTest) /proc/$pid/maps is correctly protected ... ok test_020_aslr_00_proc (__main__.KernelSecurityTest) ASLR enabled ... ok test_020_aslr_dapper_stack (__main__.KernelSecurityTest) ASLR of stack ... ok test_021_aslr_dapper_libs (__main__.KernelSecurityTest) ASLR of libs ... ok test_021_aslr_dapper_mmap (__main__.KernelSecurityTest) ASLR of mmap ... ok test_022_aslr_hardy_text (__main__.KernelSecurityTest) ASLR of text ... ok test_022_aslr_hardy_vdso (__main__.KernelSecurityTest) ASLR of vdso ... ok test_022_aslr_intrepid_brk (__main__.KernelSecurityTest) ASLR of brk ... ok test_030_mmap_min (__main__.KernelSecurityTest) Low memory allocation respects mmap_min_addr ... (65536) ok test_031_apparmor (__main__.KernelSecurityTest) AppArmor loaded ... ok test_031_seccomp (__main__.KernelSecurityTest) PR_SET_SECCOMP works ... (skipped: LP: #725089) ok test_032_dev_kmem (__main__.KernelSecurityTest) /dev/kmem not available ... ok test_033_syn_cookies (__main__.KernelSecurityTest) SYN cookies is enabled ... ok test_040_pcaps (__main__.KernelSecurityTest) init's CAPABILITY list is clean ... ok test_050_personality (__main__.KernelSecurityTest) init missing READ_IMPLIES_EXEC ... (/proc/1/personality) ok test_060_nx (__main__.KernelSecurityTest) NX bit is working ... ok test_061_guard_page (__main__.KernelSecurityTest) Userspace stack guard page exists (CVE-2010-2240) ... ok test_070_config_brk (__main__.KernelSecurityTest) CONFIG_COMPAT_BRK disabled ... ok test_070_config_devkmem (__main__.KernelSecurityTest) CONFIG_DEVKMEM disabled ... ok test_070_config_security (__main__.KernelSecurityTest) CONFIG_SECURITY enabled ... ok test_070_config_security_selinux (__main__.KernelSecurityTest) CONFIG_SECURITY_SELINUX enabled ... ok test_070_config_syn_cookies (__main__.KernelSecurityTest) CONFIG_SYN_COOKIES enabled ... ok test_071_config_seccomp (__main__.KernelSecurityTest) CONFIG_SECCOMP enabled ... ok test_072_config_compat_vdso (__main__.KernelSecurityTest) CONFIG_COMPAT_VDSO disabled ... ok test_072_config_debug_rodata (__main__.KernelSecurityTest) CONFIG_DEBUG_RODATA enabled ... FAIL test_072_config_debug_set_module_ronx (__main__.KernelSecurityTest) CONFIG_DEBUG_SET_MODULE_RONX enabled ... ok test_072_config_security_apparmor (__main__.KernelSecurityTest) CONFIG_SECURITY_APPARMOR enabled ... ok test_072_config_strict_devmem (__main__.KernelSecurityTest) CONFIG_STRICT_DEVMEM enabled ... ok test_072_strict_devmem (__main__.KernelSecurityTest) /dev/mem unreadable for kernel memory ... (using 0x87a3ecL) (exit code 0) ok test_073_config_security_file_capabilities (__main__.KernelSecurityTest) CONFIG_SECURITY_FILE_CAPABILITIES enabled ... (skipped: only Intrepid through Lucid) ok test_073_config_security_smack (__main__.KernelSecurityTest) CONFIG_SECURITY_SMACK enabled ... ok test_074_config_security_default_mmap_min_addr (__main__.KernelSecurityTest) CONFIG_DEFAULT_MMAP_MIN_ADDR ... (65536) ok test_075_config_stack_protector (__main__.KernelSecurityTest) CONFIG_CC_STACKPROTECTOR set ... ok test_082_stack_guard_kernel (__main__.KernelSecurityTest) Kernel stack guard ... ok test_090_module_blocking (__main__.KernelSecurityTest) Sysctl to disable module loading exists ... ok test_091_symlink_following_in_sticky_directories (__main__.KernelSecurityTest) Symlinks not followable across differing uids in sticky directories ... ok test_092_hardlink_restriction (__main__.KernelSecurityTest) Hardlink disallowed for unreadable/unwritable sources ... ok test_093_ptrace_restriction (__main__.KernelSecurityTest) ptrace allowed only on children or declared processes ... ok test_093_ptrace_restriction_extras (__main__.KernelSecurityTest) ptrace from thread on tracee that used prctl(PR_SET_PTRACER) ... ok test_093_ptrace_restriction_parent_via_thread (__main__.KernelSecurityTest) ptrace of child works from parent threads (LP: #737676) ... ok test_093_ptrace_restriction_prctl_via_thread (__main__.KernelSecurityTest) prctl(PR_SET_PTRACER) works from threads (LP: #729839) ... ok test_094_rare_net_autoload (__main__.KernelSecurityTest) rare network modules do not autoload ... ok test_095_kernel_symbols_acl (__main__.KernelSecurityTest) /proc/sys/kernel/kptr_restrict is enabled ... ok test_095_kernel_symbols_missing (__main__.KernelSecurityTest) kernel addresses in kallsyms and modules are zeroed out ... ok test_096_boot_symbols_unreadable (__main__.KernelSecurityTest) kernel addresses in /boot are not world readable ... ok test_096_proc_entries_unreadable (__main__.KernelSecurityTest) sensitive files in /proc are not world readable ... ok test_100_keep_acpi_method_disabled (__main__.KernelSecurityTest) /sys/kernel/debug/acpi/custom_method stays disabled ... ok ====================================================================== FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest) CONFIG_DEBUG_RODATA enabled ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 557, in test_072_config_debug_rodata self.assertEqual(self._test_config('DEBUG_RODATA'), expected) AssertionError: False != True ---------------------------------------------------------------------- Ran 48 tests in 16.273s FAILED (failures=1)