[yocto] [meta-security][PATCH 07/14] base-files: add appending to automount securityfs

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta-integrity/recipes-core/base-files/base-files-ima.inc    | 5 +++++
 meta-integrity/recipes-core/base-files/base-files_%.bbappend | 1 +
 2 files changed, 6 insertions(+)
 create mode 100644 meta-integrity/recipes-core/base-files/base-files-ima.inc
 create mode 100644 meta-integrity/recipes-core/base-files/base-files_%.bbappend

diff --git a/meta-integrity/recipes-core/base-files/base-files-ima.inc b/meta-integrity/recipes-core/base-files/base-files-ima.inc
new file mode 100644
index 0000000..7e9e210
--- /dev/null
+++ b/meta-integrity/recipes-core/base-files/base-files-ima.inc
@@ -0,0 +1,5 @@
+# Append iversion option for auto types
+do_install_append() {
+    sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
+    echo 'securityfs  /sys/kernel/security  securityfs  defaults  0  0' >> "${D}${sysconfdir}/fstab"
+}
diff --git a/meta-integrity/recipes-core/base-files/base-files_%.bbappend b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
new file mode 100644
index 0000000..c006f0e
--- /dev/null
+++ b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'base-files-ima.inc', '', d)}
-- 
2.17.1