github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-08-10 02:57:40 +00:00
Code Issues Projects Releases Wiki Activity

Adjust kernel config tests to support 4.4

Browse Source 
- some options are different

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2017-01-11 16:49:59 +00:00
parent 4996ec700c
commit ea612505f6
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
alpine/base/check-kernel-config/check-kernel-config.sh
View File

@ -7,6 +7,11 @@ echo "starting kernel config sanity test with /proc/config.gz"
# decompress /proc/config.gz from the Moby host # decompress /proc/config.gz from the Moby host
zcat /proc/config.gz > unzipped_config zcat /proc/config.gz > unzipped_config
kernelVersion="$(uname -r)"
kernelMajor="${kernelVersion%%.*}"
kernelMinor="${kernelVersion#$kernelMajor.}"
kernelMinor="${kernelMinor%%.*}"
# Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project # Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
# Positive cases # Positive cases
cat unzipped_config | grep CONFIG_BUG=y cat unzipped_config | grep CONFIG_BUG=y
@ -15,7 +20,6 @@ cat unzipped_config | grep CONFIG_DEBUG_RODATA=y
cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR=y cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR=y
cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR_STRONG=y cat unzipped_config | grep CONFIG_CC_STACKPROTECTOR_STRONG=y
cat unzipped_config | grep CONFIG_STRICT_DEVMEM=y cat unzipped_config | grep CONFIG_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_IO_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_SYN_COOKIES=y cat unzipped_config | grep CONFIG_SYN_COOKIES=y
cat unzipped_config | grep CONFIG_DEBUG_CREDENTIALS=y cat unzipped_config | grep CONFIG_DEBUG_CREDENTIALS=y
cat unzipped_config | grep CONFIG_DEBUG_NOTIFIERS=y cat unzipped_config | grep CONFIG_DEBUG_NOTIFIERS=y
@ -24,11 +28,20 @@ cat unzipped_config | grep CONFIG_SECCOMP=y
cat unzipped_config | grep CONFIG_SECCOMP_FILTER=y cat unzipped_config | grep CONFIG_SECCOMP_FILTER=y
cat unzipped_config | grep CONFIG_SECURITY=y cat unzipped_config | grep CONFIG_SECURITY=y
cat unzipped_config | grep CONFIG_SECURITY_YAMA=y cat unzipped_config | grep CONFIG_SECURITY_YAMA=y
cat unzipped_config | grep CONFIG_HARDENED_USERCOPY=y
cat unzipped_config | grep CONFIG_SLAB_FREELIST_RANDOM=y
cat unzipped_config | grep CONFIG_PANIC_ON_OOPS=y cat unzipped_config | grep CONFIG_PANIC_ON_OOPS=y
cat unzipped_config | grep CONFIG_DEBUG_SET_MODULE_RONX=y cat unzipped_config | grep CONFIG_DEBUG_SET_MODULE_RONX=y
# Conditional on kernel version
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
cat unzipped_config | grep CONFIG_IO_STRICT_DEVMEM=y
cat unzipped_config | grep CONFIG_UBSAN=y cat unzipped_config | grep CONFIG_UBSAN=y
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
cat unzipped_config | grep CONFIG_SLAB_FREELIST_RANDOM=y
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
cat unzipped_config | grep CONFIG_HARDENED_USERCOPY=y
fi
# Negative cases # Negative cases
cat unzipped_config | grep 'CONFIG_ACPI_CUSTOM_METHOD is not set' cat unzipped_config | grep 'CONFIG_ACPI_CUSTOM_METHOD is not set'

2
alpine/test/test.sh
View File

@ -11,4 +11,4 @@ docker pull armhf/alpine
docker run --rm armhf/alpine uname -a docker run --rm armhf/alpine uname -a
docker swarm init docker swarm init
docker run mobylinux/check-config@sha256:4282f589d5a72004c3991c0412e45ba0ab6bb8c0c7d97dc40dabc828700e99ab docker run mobylinux/check-config@sha256:4282f589d5a72004c3991c0412e45ba0ab6bb8c0c7d97dc40dabc828700e99ab
docker run mobylinux/check-kernel-config@sha256:beabc0fd77bb9562a03104eecb34286d5aa695896e0d3e56b36876b24d2a9126 docker run mobylinux/check-kernel-config@sha256:8c48a0f8456e1e5027eb2540974e6304d8cf58263c7553b61838cb627c4e790c