[yocto] AppArmor
Tom Rini
trini at konsulko.com
Thu Jun 22 05:08:32 PDT 2017
On Thu, Jun 22, 2017 at 05:01:09AM +0300, Anders Montonen wrote:
> On 21 Jun 2017, at 23:46, Khem Raj <raj.khem at gmail.com> wrote:
> > On Tue, Jun 20, 2017 at 9:56 AM Anders Montonen <Anders.Montonen at iki.fi <mailto:Anders.Montonen at iki.fi>> wrote:
> > Has anyone tried using AppArmor with Yocto? The recipe in the
> > meta-security layer is broken, and when fixed so it actually builds, it
> > turns out the installed init script relies on functions not found in
> > Yocto's version of LSB.
> > That seems a bug to me perhaps can be fixed in initscripts ?
>
> I ended up replacing the recipe with one combining the one from meta-security and from the OpenSwitch project[1]. This allowed me to get rid of the sysvinit and apache2 dependencies. I’ll have to look for Tom Rini’s tweaks and see if he fixed the Python issues more elegantly.
>
> IIRC the issues I ran into with the meta-security recipe were:
> - The tools under binutils require the static library
> - The systemd service file isn’t installed
> - The Python apparmor module is built against Python 2.7, while the scripts that use it are Python 3. Commit
> 89683b4fee4616a08d249bc7afd7be55f3fa71a3 is wrong, it papers over a QA warning without fixing the actual problem.
> - The Python LibAppArmor module isn’t built at all.
I did fix the latter of these (along with the perl problem), but I'm
using sysvinit and needed apache2 in my project anyhow.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20170622/c8cd58e3/attachment.pgp>
More information about the yocto
mailing list