QA Regression Testing

test_151_sysctl_disables_bpf_unpriv_userns in ubuntu_qrt_kernel_security failed on F-5.4

Bug #1964459 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QA Regression Testing
Fix Released
Undecided
Unassigned
ubuntu-kernel-tests
Fix Released
Undecided
Unassigned

Bug Description

Issue found on Focal 5.4.0-105.119

With qa-regression-testing suite HEAD SHA1: 04e0e567
 ======================================================================
 FAIL: test_151_sysctl_disables_bpf_unpriv_userns (__main__.KernelSecurityTest)
 unprivileged_bpf_disabled sysctl supported
 ----------------------------------------------------------------------
 Traceback (most recent call last):
   File "./test-kernel-security.py", line 1871, in test_151_sysctl_disables_bpf_unpriv_userns
     self._test_sysctl_value('kernel/unprivileged_bpf_disabled', expected, exists=exists)
   File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py", line 1269, in _test_sysctl_value
     self.assertEqual(value, expected, report)
 AssertionError: /proc/sys/kernel/unprivileged_bpf_disabled is not 0: 2

This issue does not exist in the previous kernel (with suite HEAD SHA1: e2d43929)

Related branches

~cascardo/qa-regression-testing:unprivileged_bpf
Steve Beattie: Approve
Seth Arnold: Pending requested
Diff: 19 lines (+1/-3)
1 file modified
scripts/test-kernel-security.py (+1/-3)
Po-Hsu Lin (cypressyew)
tags: added: 5.4 focal sru-20220221 ubuntu-qrt-kernel-security
Revision history for this message
Alex Murray (alexmurray) wrote :

Since to my knowledge all kernels that support unprivileged bpf sysctl now default to it being disabled, is the fix for this as simple as:

diff --git a/scripts/test-kernel-security.py b/scripts/test-kernel-security.py
index 74a8d5ca..d2032acd 100755
--- a/scripts/test-kernel-security.py
+++ b/scripts/test-kernel-security.py
@@ -1859,14 +1859,12 @@ class KernelSecurityTest(KernelSecurityBaseTest):
     def test_151_sysctl_disables_bpf_unpriv_userns(self):
         '''unprivileged_bpf_disabled sysctl supported'''

- expected = 0
+ expected = 2
         exists = True
         if not self.kernel_at_least('4.4'):
             self._skipped("unprivileged bpf disable sysctl did not exist before xenial")
             expected = 1
             exists = False
- elif self.kernel_at_least('5.13'):
- expected = 2

         self._test_sysctl_value('kernel/unprivileged_bpf_disabled', expected, exists=exists)

Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks, fix merged into qrt in https://git.launchpad.net/qa-regression-testing/commit/?id=a7f3750539702809138ecb24fe00246cc3e24398

Changed in qa-regression-testing:
status: New → Fix Released
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Restarting tests.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Test passed with the updated test suite. Thanks!

Changed in ubuntu-kernel-tests:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.