Re: [yocto] AppArmor

2017-07-04 Thread Tom Rini
On Thu, Jun 29, 2017 at 09:35:06PM -0400, Tom Rini wrote: > On Thu, Jun 29, 2017 at 01:56:22PM +0300, Anders Montonen wrote: > > Hi Tom, > > > > On Thu, 22 Jun 2017, Tom Rini wrote: > > > > > >I did fix the latter of these (along with the perl problem), but I'm > > >using sysvinit and needed apach

Re: [yocto] AppArmor

2017-06-29 Thread Tom Rini
On Thu, Jun 29, 2017 at 01:56:22PM +0300, Anders Montonen wrote: > Hi Tom, > > On Thu, 22 Jun 2017, Tom Rini wrote: > > > >I did fix the latter of these (along with the perl problem), but I'm > >using sysvinit and needed apache2 in my project anyhow. > > Your commit fixes most of the problems, bu

Re: [yocto] AppArmor

2017-06-29 Thread Anders Montonen
Hi Tom, On Thu, 22 Jun 2017, Tom Rini wrote: I did fix the latter of these (along with the perl problem), but I'm using sysvinit and needed apache2 in my project anyhow. Your commit fixes most of the problems, but /usr/bin/aa-easyprof still gets installed with a shebang referring to the host

Re: [yocto] AppArmor

2017-06-22 Thread Tom Rini
On Thu, Jun 22, 2017 at 05:01:09AM +0300, Anders Montonen wrote: > On 21 Jun 2017, at 23:46, Khem Raj wrote: > > On Tue, Jun 20, 2017 at 9:56 AM Anders Montonen > > wrote: > > Has anyone tried using AppArmor with Yocto? The recipe in the > > meta-security layer is b

Re: [yocto] AppArmor

2017-06-21 Thread Anders Montonen
On 21 Jun 2017, at 23:46, Khem Raj wrote: > On Tue, Jun 20, 2017 at 9:56 AM Anders Montonen > wrote: > Has anyone tried using AppArmor with Yocto? The recipe in the > meta-security layer is broken, and when fixed so it actually builds, it > turns out the installed i

Re: [yocto] AppArmor

2017-06-21 Thread Khem Raj
On Tue, Jun 20, 2017 at 9:56 AM Anders Montonen wrote: > Hi, > > Has anyone tried using AppArmor with Yocto? The recipe in the > meta-security layer is broken, and when fixed so it actually builds, it > turns out the installed init script relies on functions not found in > Yocto's version of LSB.

Re: [yocto] AppArmor

2017-06-21 Thread Gunnar Andersson
Dominic ar Foll writes: > I have been presenting AGL  Smack based security model in quite a few  > conferences over the world and not many people have come to me > to talk about their "solution" working either on SE Linux or > AppArmor. So far I have the impression that AGL is quite unique in >

Re: [yocto] AppArmor

2017-06-21 Thread Tom Rini
On Tue, Jun 20, 2017 at 04:19:24PM +0300, Anders Montonen wrote: > Hi, > > Has anyone tried using AppArmor with Yocto? The recipe in the > meta-security layer is broken, and when fixed so it actually builds, > it turns out the installed init script relies on functions not found > in Yocto's versi

Re: [yocto] AppArmor

2017-06-21 Thread Dominig ar Foll (Intel Open Source)
Anders, in the Automotive Grade Linux (AGL) we are using Smack + Cynara and that has required quite a bit of side work to make it operational.  - http://docs.automotivelinux.org/ I have been presenting AGL  Smack based security model in quite a

[yocto] AppArmor

2017-06-20 Thread Anders Montonen
Hi, Has anyone tried using AppArmor with Yocto? The recipe in the meta-security layer is broken, and when fixed so it actually builds, it turns out the installed init script relies on functions not found in Yocto's version of LSB. Regards, Anders -- __