github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-04-12 06:57:36 +00:00
Code Issues Projects Releases Wiki Activity

Adjust kernel config tests to support 4.4

Browse Source 
- some options are different

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
2017-01-11 16:49:59 +00:00
parent 3bc7060843
commit 27c5b9ee9e
2 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
alpine/base/check-kernel-config/check-kernel-config.sh
View File

@@ -7,6 +7,11 @@ echo "starting kernel config sanity test with /proc/config.gz"
# decompress /proc/config.gz from the Moby host
zcat /proc/config.gz > unzipped_config
kernelVersion="$(uname -r)"
kernelMajor="${kernelVersion%%.*}"
kernelMinor="${kernelVersion#$kernelMajor.}"
kernelMinor="${kernelMinor%%.*}"
# Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
# Positive cases
cat unzipped_config | grep CONFIG_BUG=y
@@ -15,7 +20,6 @@ cat unzipped_config | grep CONFIG_DEBUG_RODATA=y
cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR=y
cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR_STRONG=y
cat unzipped_config | grep CONFIG_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_IO_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_SYN_COOKIES=y
cat unzipped_config | grep CONFIG_DEBUG_CREDENTIALS=y
cat unzipped_config | grep CONFIG_DEBUG_NOTIFIERS=y
@@ -24,11 +28,20 @@ cat unzipped_config | grep CONFIG_SECCOMP=y
cat unzipped_config | grep CONFIG_SECCOMP_FILTER=y
cat unzipped_config | grep CONFIG_SECURITY=y
cat unzipped_config | grep CONFIG_SECURITY_YAMA=y
cat unzipped_config | grep CONFIG_HARDENED_USERCOPY=y
cat unzipped_config | grep CONFIG_SLAB_FREELIST_RANDOM=y
cat unzipped_config | grep CONFIG_PANIC_ON_OOPS=y
cat unzipped_config | grep CONFIG_DEBUG_SET_MODULE_RONX=y
cat unzipped_config | grep CONFIG_UBSAN=y
# Conditional on kernel version
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
cat unzipped_config | grep CONFIG_IO_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_UBSAN=y
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
cat unzipped_config | grep CONFIG_SLAB_FREELIST_RANDOM=y
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
cat unzipped_config | grep CONFIG_HARDENED_USERCOPY=y
fi
# Negative cases
cat unzipped_config | grep 'CONFIG_ACPI_CUSTOM_METHOD is not set'
@@ -37,4 +50,4 @@ cat unzipped_config | grep 'CONFIG_DEVKMEM is not set'
cat unzipped_config | grep 'CONFIG_COMPAT_VDSO is not set'
cat unzipped_config | grep 'CONFIG_KEXEC is not set'
cat unzipped_config | grep 'CONFIG_HIBERNATION is not set'
cat unzipped_config | grep 'CONFIG_LEGACY_PTYS is not set'
cat unzipped_config | grep 'CONFIG_LEGACY_PTYS is not set'