Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg | 13 +++++++++++++
recipes-kernel/linux/linux-yocto_4.8.bbappend | 1 +
2 files changed, 14 insertions(+)
create mode 100644 recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg
diff --git a/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg
b/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg
new file mode 100644
index 0000000..1dc4168
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg
@@ -0,0 +1,13 @@
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_SECURITY_PATH=y
+# CONFIG_SECURITY_SELINUX is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
diff --git a/recipes-kernel/linux/linux-yocto_4.8.bbappend
b/recipes-kernel/linux/linux-yocto_4.8.bbappend
index 048e8fd..78d5101 100644
--- a/recipes-kernel/linux/linux-yocto_4.8.bbappend
+++ b/recipes-kernel/linux/linux-yocto_4.8.bbappend
@@ -4,6 +4,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.8:"
SRC_URI += "\
${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.cfg', '',
d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.scc', '',
d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', '
file://apparmor.cfg', '', d)} \
"
SRC_URI += "\
--
2.7.4
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
