[X][SRU][PATCH 0/1] Enable CONFIG_SECURITY_SELINUX_DISABLE for s390x

Po-Hsu Lin po-hsu.lin at canonical.com
Tue Jul 9 05:53:57 UTC 2019 

From: Ubuntu <ubuntu at s2lp6g001.maas>

== SRU Justification ==
Security team requires the CONFIG_SECURITY_SELINUX_DISABLE should be
enabled in all of our kernels.

Currently it's not enabled for s390x in Xenial. And causing the
test_081_config_security_selinux_disable test in ubuntu_kernel_security
test suite complaining about this:

  ======================================================================
  FAIL: test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest)
  Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315)
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "./test-kernel-security.py", line 2158, in test_081_config_security_selinux_disable
      self.assertKernelConfig('SECURITY_SELINUX_DISABLE', expected)
    File "./test-kernel-security.py", line 207, in assertKernelConfig
      self.assertKernelConfigSet(name)
    File "./test-kernel-security.py", line 194, in assertKernelConfigSet
      '%s option was expected to be set in the kernel config' % name)
  AssertionError: SECURITY_SELINUX_DISABLE option was expected to be set in the kernel config

== Test ==
A test kernel could be found here:
https://people.canonical.com/~phlin/kernel/lp-1813721-s390x-selinux/

This issue can be verified with a q-r-t test:
test_081_config_security_selinux_disable, the test will pass with the
patched kernel.

  test_081_config_security_selinux_disable (__main__.KernelSecurityConfigTest)
  Ensure CONFIG_SECURITY_SELINUX_DISABLE is disabled (LP: #1680315) ... (skipped: l) ok

== Regression Potential ==
Low, we already have this config enabled in all kernels except this
specific Xenial s390x.


Po-Hsu Lin (1):
  UBUNTU: [Config] Enable CONFIG_SECURITY_SELINUX_DISABLE for s390x

 debian.master/config/annotations               | 2 +-
 debian.master/config/s390x/config.common.s390x | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

-- 
2.7.4

More information about the kernel-team mailing list