[yocto] [meta-security][PATCH 07/14] base-files: add appending to automount securityfs
Armin Kuster
akuster808 at gmail.com
Sun May 26 21:56:34 PDT 2019
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta-integrity/recipes-core/base-files/base-files-ima.inc | 5 +++++
meta-integrity/recipes-core/base-files/base-files_%.bbappend | 1 +
2 files changed, 6 insertions(+)
create mode 100644 meta-integrity/recipes-core/base-files/base-files-ima.inc
create mode 100644 meta-integrity/recipes-core/base-files/base-files_%.bbappend
diff --git a/meta-integrity/recipes-core/base-files/base-files-ima.inc b/meta-integrity/recipes-core/base-files/base-files-ima.inc
new file mode 100644
index 0000000..7e9e210
--- /dev/null
+++ b/meta-integrity/recipes-core/base-files/base-files-ima.inc
@@ -0,0 +1,5 @@
+# Append iversion option for auto types
+do_install_append() {
+ sed -i 's/\s*auto\s*defaults/&,iversion/' "${D}${sysconfdir}/fstab"
+ echo 'securityfs /sys/kernel/security securityfs defaults 0 0' >> "${D}${sysconfdir}/fstab"
+}
diff --git a/meta-integrity/recipes-core/base-files/base-files_%.bbappend b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
new file mode 100644
index 0000000..c006f0e
--- /dev/null
+++ b/meta-integrity/recipes-core/base-files/base-files_%.bbappend
@@ -0,0 +1 @@
+require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'base-files-ima.inc', '', d)}
--
2.17.1
More information about the yocto
mailing list