From d5f0259c00b713e459a7dd9b9b060d9d9a43197e Mon Sep 17 00:00:00 2001
From: mickael e <mickael@freedom.press>
Date: Wed, 13 Nov 2019 09:48:48 -0500
Subject: [PATCH] Add regression test for CVE-2019-11135

---
 .../testinfra/staging/common/test_grsecurity.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/molecule/testinfra/staging/common/test_grsecurity.py b/molecule/testinfra/staging/common/test_grsecurity.py
index 2edf2cf547b..2f34fde9ddd 100644
--- a/molecule/testinfra/staging/common/test_grsecurity.py
+++ b/molecule/testinfra/staging/common/test_grsecurity.py
@@ -193,6 +193,23 @@ def test_wireless_disabled_in_kernel_config(host, kernel_opts):
     assert line in kernel_config
 
 
+@pytest.mark.parametrize('kernel_opts', [
+  'CONFIG_x86_INTEL_TSX_MODE_OFF',
+  'CONFIG_PAX',
+  'CONFIG_GRKERNSEC',
+])
+def test_kernel_options_enabled_config(host, kernel_opts):
+    """
+    Tests kernel config for options that should be enabled
+    """
+
+    kernel_config_path = "/boot/config-{}-grsec-securedrop".format(KERNEL_VERSION)
+    kernel_config = host.file(kernel_config_path).content_string
+
+    line = "{}=y".format(kernel_opts)
+    assert line in kernel_config
+
+
 def test_mds_mitigations_and_smt_disabled(host):
     """
     Ensure that full mitigations are in place for MDS