CONFIG_SECURITY_SELINUX_DISABLE should be disabled on 4.15/4.18 Azure

Bug #1813866 reported by Po-Hsu Lin on 2019-01-30
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Undecided
Po-Hsu Lin
linux-azure (Ubuntu)
Undecided
Po-Hsu Lin
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

The test_081_config_security_selinux_disable test failed on the Trusty
Azure kernel:

FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest)
Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315)
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2152, in test_081_config_security_selinux_disable
self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected)
File "./test-kernel-security.py", line 209, in assertKernelConfig
self.assertKernelConfigUnset(name)
File "./test-kernel-security.py", line 200, in assertKernelConfigUnset
'%s option was expected to be unset in the kernel config' % name)
AssertionError: SECURITY_SELINUX_DISABLE option was expected to be unset in the kernel config

Po-Hsu Lin (cypressyew) wrote :

Found on B-4.18, B-4.15, C-4.18

So, we should fix this in 4.15 and 4.18

Po-Hsu Lin (cypressyew) on 2019-01-31
summary: - CONFIG_SECURITY_SELINUX_DISABLE should be disabled on T-4.15 Azure
+ CONFIG_SECURITY_SELINUX_DISABLE should be disabled on 4.15/4.18 Azure
Po-Hsu Lin (cypressyew) on 2019-01-31
Changed in ubuntu-kernel-tests:
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux-azure (Ubuntu):
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in ubuntu-kernel-tests:
status: New → In Progress
Changed in linux-azure (Ubuntu):
status: New → In Progress
tags: added: azure bionic cosmic
Changed in linux-azure (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux-azure (Ubuntu Cosmic):
status: New → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers