i retried again from scratch with latest kernel (and headers) on my pandaes:
flag@flag-desktop:~$ bzr branch lp:qa-regression-testing
You have not informed bzr of your Launchpad ID, and you must do this to
write to Launchpad or access private data. See "bzr help launchpad-login".
Branched 1769 revisions.
flag@flag-desktop:~$ cd qa-regression-testing/
flag@flag-desktop:~/qa-regression-testing/scripts$ ./make-test-tarball test-kernel-security.py
Copying: test-kernel-security.py
Copying: testlib.py
Copying: install-packages
Copying: kernel-security
Skipping 'private/qrt/kernel_security.py' (couldn't find 'private')
Test files: /tmp/qrt-test-kernel-security.tar.gz
To run, copy the tarball somewhere, then do:
$ tar -zxf qrt-test-kernel-security.tar.gz
$ cd ./qrt-test-kernel-security
$ sudo ./install-packages test-kernel-security.py
$ ./test-kernel-security.py -v
flag@flag-desktop:~/qa-regression-testing/scripts$ cd
flag@flag-desktop:~$ tar -zxf /tmp/qrt-test-kernel-security.tar.gz
flag@flag-desktop:~$ cd qrt-test-kernel-security/
flag@flag-desktop:~/qrt-test-kernel-security$ sudo ./install-packages test-kernel-security.py
Requiring 'python-apt' ...
Requiring 'python-unit' ...
Requiring 'lsb-release' ...
Requiring 'build-essential' ...
Requiring 'python-unit' ...
Requiring 'sudo' ...
Requiring 'gdb' ...
Requiring 'gawk' ...
Requiring 'libcap-dev' ...
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
libcap-dev
0 upgraded, 1 newly installed, 0 to remove and 417 not upgraded.
Need to get 22.5 kB of archives.
After this operation, 85.0 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com/ubuntu-ports/ quantal/main libcap-dev armhf 1:2.22-1ubuntu3 [22.5 kB]
Fetched 22.5 kB in 0s (84.8 kB/s)
Selecting previously unselected package libcap-dev:armhf.
(Reading database ... 217262 files and directories currently installed.)
Unpacking libcap-dev:armhf (from .../libcap-dev_1%3a2.22-1ubuntu3_armhf.deb) ...
Processing triggers for man-db ...
Setting up libcap-dev:armhf (1:2.22-1ubuntu3) ...
flag@flag-desktop:~/qrt-test-kernel-security$ sudo ./test-kernel-security.py -v
Running test: './test-kernel-security.py' distro: 'Ubuntu 12.10' kernel: '3.5.0-211.18 (Ubuntu 3.5.0-211.18-omap4 3.5.4)' arch: 'armhf' uid: 0/0 SUDO_USER: 'flag')
test_000_make (__main__.KernelSecurityTest)
Prepare to build helper tools ... (4.7.2 (Ubuntu/Linaro 4.7.2-1ubuntu1)) ok
test_010_proc_maps (__main__.KernelSecurityTest)
/proc/$pid/maps is correctly protected ... ok
test_020_aslr_00_proc (__main__.KernelSecurityTest)
ASLR enabled ... ok
test_020_aslr_dapper_stack (__main__.KernelSecurityTest)
ASLR of stack ... ok
test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
ASLR of libs ... ok
test_021_aslr_dapper_mmap (__main__.KernelSecurityTest)
ASLR of mmap ... ok
test_022_aslr_hardy_text (__main__.KernelSecurityTest)
ASLR of text ... ok
test_022_aslr_hardy_vdso (__main__.KernelSecurityTest)
ASLR of vdso ... (skipped: only x86) ok
test_022_aslr_intrepid_brk (__main__.KernelSecurityTest)
ASLR of brk ... ok
test_030_mmap_min (__main__.KernelSecurityTest)
Low memory allocation respects mmap_min_addr ... (32768) ok
test_031_apparmor (__main__.KernelSecurityTest)
AppArmor loaded ... ok
test_031_seccomp (__main__.KernelSecurityTest)
PR_SET_SECCOMP works ... ok
test_032_dev_kmem (__main__.KernelSecurityTest)
/dev/kmem not available ... ok
test_033_syn_cookies (__main__.KernelSecurityTest)
SYN cookies is enabled ... ok
test_040_pcaps (__main__.KernelSecurityTest)
init's CAPABILITY list is clean ... ok
test_050_personality (__main__.KernelSecurityTest)
init missing READ_IMPLIES_EXEC ... (/proc/1/personality) ok
test_060_nx (__main__.KernelSecurityTest)
NX bit is working ... ok
test_061_guard_page (__main__.KernelSecurityTest)
Userspace stack guard page exists (CVE-2010-2240) ... ok
test_070_config_brk (__main__.KernelSecurityTest)
CONFIG_COMPAT_BRK disabled ... ok
test_070_config_devkmem (__main__.KernelSecurityTest)
CONFIG_DEVKMEM disabled ... ok
test_070_config_seccomp (__main__.KernelSecurityTest)
CONFIG_SECCOMP enabled ... ok
test_070_config_security (__main__.KernelSecurityTest)
CONFIG_SECURITY enabled ... ok
test_070_config_security_selinux (__main__.KernelSecurityTest)
CONFIG_SECURITY_SELINUX enabled ... ok
test_070_config_syn_cookies (__main__.KernelSecurityTest)
CONFIG_SYN_COOKIES enabled ... ok
test_071_config_seccomp (__main__.KernelSecurityTest)
CONFIG_SECCOMP enabled ... ok
test_072_config_compat_vdso (__main__.KernelSecurityTest)
CONFIG_COMPAT_VDSO disabled ... ok
test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA enabled ... (skipped: only x86) FAIL
test_072_config_debug_set_module_ronx (__main__.KernelSecurityTest)
CONFIG_DEBUG_SET_MODULE_RONX enabled ... (skipped: only x86) ok
test_072_config_security_apparmor (__main__.KernelSecurityTest)
CONFIG_SECURITY_APPARMOR enabled ... ok
test_072_config_strict_devmem (__main__.KernelSecurityTest)
CONFIG_STRICT_DEVMEM enabled ... ok
test_072_strict_devmem (__main__.KernelSecurityTest)
/dev/mem unreadable for kernel memory ... (using 0xa9d6b640L) (exit code 0) ok
... etcetc ...
flag@flag-desktop:~/qrt-test-kernel-security$ uname -a
Linux flag-desktop 3.5.0-211-omap4 #18-Ubuntu SMP PREEMPT Fri Sep 21 16:30:22 UTC 2012 armv7l armv7l armv7l GNU/Linux
on a P/omap4 userspace.
i retried again from scratch with latest kernel (and headers) on my pandaes:
flag@flag- desktop: ~$ bzr branch lp:qa-regression-testing desktop: ~$ cd qa-regression- testing/ desktop: ~/qa-regression -testing/ scripts$ ./make-test-tarball test-kernel- security. py security. py qrt/kernel_ security. py' (couldn't find 'private')
You have not informed bzr of your Launchpad ID, and you must do this to
write to Launchpad or access private data. See "bzr help launchpad-login".
Branched 1769 revisions.
flag@flag-
flag@flag-
Copying: test-kernel-
Copying: testlib.py
Copying: install-packages
Copying: kernel-security
Skipping 'private/
Test files: /tmp/qrt- test-kernel- security. tar.gz
To run, copy the tarball somewhere, then do:
$ tar -zxf qrt-test- kernel- security. tar.gz
$ cd ./qrt-test- kernel- security
$ sudo ./install-packages test-kernel- security. py
$ ./test- kernel- security. py -v desktop: ~/qa-regression -testing/ scripts$ cd desktop: ~$ tar -zxf /tmp/qrt- test-kernel- security. tar.gz desktop: ~$ cd qrt-test- kernel- security/ desktop: ~/qrt-test- kernel- security$ sudo ./install-packages test-kernel- security. py ports.ubuntu. com/ubuntu- ports/ quantal/main libcap-dev armhf 1:2.22-1ubuntu3 [22.5 kB] dev_1%3a2. 22-1ubuntu3_ armhf.deb) ...
flag@flag-
flag@flag-
flag@flag-
flag@flag-
Requiring 'python-apt' ...
Requiring 'python-unit' ...
Requiring 'lsb-release' ...
Requiring 'build-essential' ...
Requiring 'python-unit' ...
Requiring 'sudo' ...
Requiring 'gdb' ...
Requiring 'gawk' ...
Requiring 'libcap-dev' ...
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
libcap-dev
0 upgraded, 1 newly installed, 0 to remove and 417 not upgraded.
Need to get 22.5 kB of archives.
After this operation, 85.0 kB of additional disk space will be used.
Get:1 http://
Fetched 22.5 kB in 0s (84.8 kB/s)
Selecting previously unselected package libcap-dev:armhf.
(Reading database ... 217262 files and directories currently installed.)
Unpacking libcap-dev:armhf (from .../libcap-
Processing triggers for man-db ...
Setting up libcap-dev:armhf (1:2.22-1ubuntu3) ...
Trying 'libcap2-bin' ... desktop: ~/qrt-test- kernel- security$
Trying 'execstack' ...
Trying 'e2fslibs-dev' ...
flag@flag-
flag@flag- desktop: ~/qrt-test- kernel- security$ sudo ./test- kernel- security. py -v kernel- security. py' distro: 'Ubuntu 12.10' kernel: '3.5.0-211.18 (Ubuntu 3.5.0-211.18-omap4 3.5.4)' arch: 'armhf' uid: 0/0 SUDO_USER: 'flag') _.KernelSecurit yTest) _.KernelSecurit yTest) aslr_00_ proc (__main_ _.KernelSecurit yTest) aslr_dapper_ stack (__main_ _.KernelSecurit yTest) aslr_dapper_ libs (__main_ _.KernelSecurit yTest) aslr_dapper_ mmap (__main_ _.KernelSecurit yTest) aslr_hardy_ text (__main_ _.KernelSecurit yTest) aslr_hardy_ vdso (__main_ _.KernelSecurit yTest) aslr_intrepid_ brk (__main_ _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) syn_cookies (__main_ _.KernelSecurit yTest) _.KernelSecurit yTest) personality (__main_ _.KernelSecurit yTest) 1/personality) ok _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) config_ devkmem (__main_ _.KernelSecurit yTest) config_ seccomp (__main_ _.KernelSecurit yTest) config_ security (__main_ _.KernelSecurit yTest) config_ security_ selinux (__main_ _.KernelSecurit yTest) SECURITY_ SELINUX enabled ... ok config_ syn_cookies (__main_ _.KernelSecurit yTest) config_ seccomp (__main_ _.KernelSecurit yTest) config_ compat_ vdso (__main_ _.KernelSecurit yTest) config_ debug_rodata (__main_ _.KernelSecurit yTest) config_ debug_set_ module_ ronx (__main_ _.KernelSecurit yTest) DEBUG_SET_ MODULE_ RONX enabled ... (skipped: only x86) ok config_ security_ apparmor (__main_ _.KernelSecurit yTest) SECURITY_ APPARMOR enabled ... ok config_ strict_ devmem (__main_ _.KernelSecurit yTest) STRICT_ DEVMEM enabled ... ok strict_ devmem (__main_ _.KernelSecurit yTest)
Running test: './test-
test_000_make (__main_
Prepare to build helper tools ... (4.7.2 (Ubuntu/Linaro 4.7.2-1ubuntu1)) ok
test_010_proc_maps (__main_
/proc/$pid/maps is correctly protected ... ok
test_020_
ASLR enabled ... ok
test_020_
ASLR of stack ... ok
test_021_
ASLR of libs ... ok
test_021_
ASLR of mmap ... ok
test_022_
ASLR of text ... ok
test_022_
ASLR of vdso ... (skipped: only x86) ok
test_022_
ASLR of brk ... ok
test_030_mmap_min (__main_
Low memory allocation respects mmap_min_addr ... (32768) ok
test_031_apparmor (__main_
AppArmor loaded ... ok
test_031_seccomp (__main_
PR_SET_SECCOMP works ... ok
test_032_dev_kmem (__main_
/dev/kmem not available ... ok
test_033_
SYN cookies is enabled ... ok
test_040_pcaps (__main_
init's CAPABILITY list is clean ... ok
test_050_
init missing READ_IMPLIES_EXEC ... (/proc/
test_060_nx (__main_
NX bit is working ... ok
test_061_guard_page (__main_
Userspace stack guard page exists (CVE-2010-2240) ... ok
test_070_config_brk (__main_
CONFIG_COMPAT_BRK disabled ... ok
test_070_
CONFIG_DEVKMEM disabled ... ok
test_070_
CONFIG_SECCOMP enabled ... ok
test_070_
CONFIG_SECURITY enabled ... ok
test_070_
CONFIG_
test_070_
CONFIG_SYN_COOKIES enabled ... ok
test_071_
CONFIG_SECCOMP enabled ... ok
test_072_
CONFIG_COMPAT_VDSO disabled ... ok
test_072_
CONFIG_DEBUG_RODATA enabled ... (skipped: only x86) FAIL
test_072_
CONFIG_
test_072_
CONFIG_
test_072_
CONFIG_
test_072_
/dev/mem unreadable for kernel memory ... (using 0xa9d6b640L) (exit code 0) ok
... etcetc ...
flag@flag- desktop: ~/qrt-test- kernel- security$ uname -a
Linux flag-desktop 3.5.0-211-omap4 #18-Ubuntu SMP PREEMPT Fri Sep 21 16:30:22 UTC 2012 armv7l armv7l armv7l GNU/Linux
on a P/omap4 userspace.
try to do that manually and tell me how it goes.