2014-05-16 18:16:46 |
Jamie Strandboge |
description |
I ran the security image tests under the x86 emulator and discovered that the kernel configuration is not sufficient to use ufw. Granted, using ufw under the x86 touch emulator is itself a bit of a corner case, however, there shouldn't be a reason to exclude these netfilter options and if the emulator is going to become a touch image smoke test target (eg, http://ci.ubuntu.com/smokeng/utopic/), then this will have to be fixed for the tests to pass.
Steps to reproduce:
1. create and start the emulator (use --revision=NN when using already downloaded images in $HOME/emulator ubuntu-emulator). Eg:
$ sudo XDG_CACHE_HOME=$HOME/emulator ubuntu-emulator create --channel=ubuntu-touch/utopic-proposed --arch=i386 test_x86
$ ubuntu-emulator run --scale=0.5 test_x86
2. run the check-requirements script:
$ adb shell /usr/share/ufw/check-requirements -f | grep FAIL
hashlimit: FAIL
limit: FAIL
ctstate (new, recent set): FAIL (no runtime support)
ctstate (new, recent update): FAIL (no runtime support)
ctstate (new, limit): FAIL
multiport: FAIL
comment: FAIL
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
hashlimit: FAIL
limit: FAIL
ctstate (new, recent set): FAIL (no runtime support)
ctstate (new, recent update): FAIL (no runtime support)
ctstate (new, limit): FAIL
multiport: FAIL
comment: FAIL
icmpv6 with hl (neighbor-solicitation): FAIL
icmpv6 with hl (neighbor-advertisement): FAIL
icmpv6 with hl (router-solicitation): FAIL
icmpv6 with hl (router-advertisement): FAIL
ipv6 rt: FAIL
This easiest thing to do would be to use the same netfilter options as on generic or mako. |
I ran the security image tests under the x86 emulator and discovered that the kernel configuration is not sufficient to use ufw. Granted, using ufw under the x86 touch emulator is itself a bit of a corner case, however, there shouldn't be a reason to exclude these netfilter options and if the emulator is going to become a touch image smoke test target (eg, http://ci.ubuntu.com/smokeng/utopic/), then this will have to be fixed for the tests to pass.
Steps to reproduce:
1. create and start the emulator (use --revision=NN with 'create' when using already downloaded images in $HOME/emulator ubuntu-emulator). Eg:
$ sudo XDG_CACHE_HOME=$HOME/emulator ubuntu-emulator create --channel=ubuntu-touch/utopic-proposed --arch=i386 test_x86
$ ubuntu-emulator run --scale=0.5 test_x86
2. run the check-requirements script:
$ adb shell /usr/share/ufw/check-requirements -f | grep FAIL
hashlimit: FAIL
limit: FAIL
ctstate (new, recent set): FAIL (no runtime support)
ctstate (new, recent update): FAIL (no runtime support)
ctstate (new, limit): FAIL
multiport: FAIL
comment: FAIL
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
hashlimit: FAIL
limit: FAIL
ctstate (new, recent set): FAIL (no runtime support)
ctstate (new, recent update): FAIL (no runtime support)
ctstate (new, limit): FAIL
multiport: FAIL
comment: FAIL
icmpv6 with hl (neighbor-solicitation): FAIL
icmpv6 with hl (neighbor-advertisement): FAIL
icmpv6 with hl (router-solicitation): FAIL
icmpv6 with hl (router-advertisement): FAIL
ipv6 rt: FAIL
This easiest thing to do would be to use the same netfilter options as on generic or mako. |
|