[yocto] [meta-security][PATCH 4/4] linux-stable: add support for stable kernel bbappends

akuster808 akuster808 at gmail.com
Sun Mar 31 10:41:07 PDT 2019 

not goint to work.

dropping

On 3/31/19 10:29 AM, Armin Kuster wrote:
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
>  recipes-kernel/linux/linux-stable/apparmor.cfg    | 15 +++++++++++++++
>  .../linux/linux-stable/apparmor_on_boot.cfg       |  1 +
>  .../linux/linux-stable/smack-default-lsm.cfg      |  2 ++
>  recipes-kernel/linux/linux-stable/smack.cfg       |  8 ++++++++
>  recipes-kernel/linux/linux-stable_%.bbappend      | 11 +++++++++++
>  5 files changed, 37 insertions(+)
>  create mode 100644 recipes-kernel/linux/linux-stable/apparmor.cfg
>  create mode 100644 recipes-kernel/linux/linux-stable/apparmor_on_boot.cfg
>  create mode 100644 recipes-kernel/linux/linux-stable/smack-default-lsm.cfg
>  create mode 100644 recipes-kernel/linux/linux-stable/smack.cfg
>  create mode 100644 recipes-kernel/linux/linux-stable_%.bbappend
>
> diff --git a/recipes-kernel/linux/linux-stable/apparmor.cfg b/recipes-kernel/linux/linux-stable/apparmor.cfg
> new file mode 100644
> index 0000000..b5f9bb2
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-stable/apparmor.cfg
> @@ -0,0 +1,15 @@
> +CONFIG_AUDIT=y
> +# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
> +CONFIG_SECURITY_NETWORK=y
> +# CONFIG_SECURITY_NETWORK_XFRM is not set
> +CONFIG_SECURITY_PATH=y
> +# CONFIG_SECURITY_SELINUX is not set
> +CONFIG_SECURITY_APPARMOR=y
> +CONFIG_SECURITY_APPARMOR_HASH=y
> +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
> +# CONFIG_SECURITY_APPARMOR_DEBUG is not set
> +CONFIG_INTEGRITY_AUDIT=y
> +CONFIG_DEFAULT_SECURITY_APPARMOR=y
> +# CONFIG_DEFAULT_SECURITY_DAC is not set
> +CONFIG_DEFAULT_SECURITY="apparmor"
> +CONFIG_AUDIT_GENERIC=y
> diff --git a/recipes-kernel/linux/linux-stable/apparmor_on_boot.cfg b/recipes-kernel/linux/linux-stable/apparmor_on_boot.cfg
> new file mode 100644
> index 0000000..fc35740
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-stable/apparmor_on_boot.cfg
> @@ -0,0 +1 @@
> +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
> diff --git a/recipes-kernel/linux/linux-stable/smack-default-lsm.cfg b/recipes-kernel/linux/linux-stable/smack-default-lsm.cfg
> new file mode 100644
> index 0000000..b5c4845
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-stable/smack-default-lsm.cfg
> @@ -0,0 +1,2 @@
> +CONFIG_DEFAULT_SECURITY="smack"
> +CONFIG_DEFAULT_SECURITY_SMACK=y
> diff --git a/recipes-kernel/linux/linux-stable/smack.cfg b/recipes-kernel/linux/linux-stable/smack.cfg
> new file mode 100644
> index 0000000..62f465a
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-stable/smack.cfg
> @@ -0,0 +1,8 @@
> +CONFIG_IP_NF_SECURITY=m
> +CONFIG_IP6_NF_SECURITY=m
> +CONFIG_EXT2_FS_SECURITY=y
> +CONFIG_EXT3_FS_SECURITY=y
> +CONFIG_EXT4_FS_SECURITY=y
> +CONFIG_SECURITY=y
> +CONFIG_SECURITY_SMACK=y
> +CONFIG_TMPFS_XATTR=y
> diff --git a/recipes-kernel/linux/linux-stable_%.bbappend b/recipes-kernel/linux/linux-stable_%.bbappend
> new file mode 100644
> index 0000000..321392c
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-stable_%.bbappend
> @@ -0,0 +1,11 @@
> +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
> +
> +SRC_URI += "\
> +        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
> +        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor_on_boot.cfg', '', d)} \
> +"
> +
> +SRC_URI += "\
> +        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
> +        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
> +"

More information about the yocto mailing list