[yocto] [meta-security][PATCH 3/4] linux-yocto: make bbappend version neutral

Adrian Bunk bunk at stusta.de
Sun Mar 31 10:59:41 PDT 2019 

On Sun, Mar 31, 2019 at 10:28:59AM -0700, Armin Kuster wrote:
> update apparmor configs
> 
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
>  recipes-kernel/linux/linux-yocto/apparmor.cfg        | 12 +++++++-----
>  .../linux/linux-yocto/apparmor_on_boot.cfg           |  1 +
>  ...nux-yocto_4.%.bbappend => linux-yocto_%.bbappend} |  1 +
>  3 files changed, 9 insertions(+), 5 deletions(-)
>  create mode 100644 recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
>  rename recipes-kernel/linux/{linux-yocto_4.%.bbappend => linux-yocto_%.bbappend} (78%)
> 
> diff --git a/recipes-kernel/linux/linux-yocto/apparmor.cfg b/recipes-kernel/linux/linux-yocto/apparmor.cfg
> index 1dc4168..b5f9bb2 100644
> --- a/recipes-kernel/linux/linux-yocto/apparmor.cfg
> +++ b/recipes-kernel/linux/linux-yocto/apparmor.cfg
> @@ -1,13 +1,15 @@
>  CONFIG_AUDIT=y
> -CONFIG_AUDITSYSCALL=y
> -CONFIG_AUDIT_WATCH=y
> -CONFIG_AUDIT_TREE=y
>  # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
> +CONFIG_SECURITY_NETWORK=y
> +# CONFIG_SECURITY_NETWORK_XFRM is not set
>  CONFIG_SECURITY_PATH=y
>  # CONFIG_SECURITY_SELINUX is not set
>  CONFIG_SECURITY_APPARMOR=y
> -CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
>  CONFIG_SECURITY_APPARMOR_HASH=y
>  CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
> +# CONFIG_SECURITY_APPARMOR_DEBUG is not set
>  CONFIG_INTEGRITY_AUDIT=y
> -# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
> +CONFIG_DEFAULT_SECURITY_APPARMOR=y
> +# CONFIG_DEFAULT_SECURITY_DAC is not set
> +CONFIG_DEFAULT_SECURITY="apparmor"
> +CONFIG_AUDIT_GENERIC=y
> diff --git a/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg b/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
> new file mode 100644
> index 0000000..fc35740
> --- /dev/null
> +++ b/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
> @@ -0,0 +1 @@
> +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
>...

This and some of the other touched options are removed in kernel 5.1, 
replaced with a different CONFIG_LSM mechanism.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

More information about the yocto mailing list