[yocto] [meta-security][PATCH 3/4] linux-yocto: make bbappend version neutral

Sun, 31 Mar 2019 10:31:32 -0700 

update apparmor configs

Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
 recipes-kernel/linux/linux-yocto/apparmor.cfg        | 12 +++++++-----
 .../linux/linux-yocto/apparmor_on_boot.cfg           |  1 +
 ...nux-yocto_4.%.bbappend => linux-yocto_%.bbappend} |  1 +
 3 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
 rename recipes-kernel/linux/{linux-yocto_4.%.bbappend => 
linux-yocto_%.bbappend} (78%)

diff --git a/recipes-kernel/linux/linux-yocto/apparmor.cfg 
b/recipes-kernel/linux/linux-yocto/apparmor.cfg
index 1dc4168..b5f9bb2 100644
--- a/recipes-kernel/linux/linux-yocto/apparmor.cfg
+++ b/recipes-kernel/linux/linux-yocto/apparmor.cfg
@@ -1,13 +1,15 @@
 CONFIG_AUDIT=y
-CONFIG_AUDITSYSCALL=y
-CONFIG_AUDIT_WATCH=y
-CONFIG_AUDIT_TREE=y
 # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_SECURITY_NETWORK=y
+# CONFIG_SECURITY_NETWORK_XFRM is not set
 CONFIG_SECURITY_PATH=y
 # CONFIG_SECURITY_SELINUX is not set
 CONFIG_SECURITY_APPARMOR=y
-CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
 CONFIG_SECURITY_APPARMOR_HASH=y
 CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+# CONFIG_SECURITY_APPARMOR_DEBUG is not set
 CONFIG_INTEGRITY_AUDIT=y
-# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
+CONFIG_DEFAULT_SECURITY_APPARMOR=y
+# CONFIG_DEFAULT_SECURITY_DAC is not set
+CONFIG_DEFAULT_SECURITY="apparmor"
+CONFIG_AUDIT_GENERIC=y
diff --git a/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg 
b/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
new file mode 100644
index 0000000..fc35740
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
@@ -0,0 +1 @@
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
diff --git a/recipes-kernel/linux/linux-yocto_4.%.bbappend 
b/recipes-kernel/linux/linux-yocto_%.bbappend
similarity index 78%
rename from recipes-kernel/linux/linux-yocto_4.%.bbappend
rename to recipes-kernel/linux/linux-yocto_%.bbappend
index 067be8f..321392c 100644
--- a/recipes-kernel/linux/linux-yocto_4.%.bbappend
+++ b/recipes-kernel/linux/linux-yocto_%.bbappend
@@ -2,6 +2,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 
 SRC_URI += "\
         ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' 
file://apparmor.cfg', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' 
file://apparmor_on_boot.cfg', '', d)} \
 "
 
 SRC_URI += "\
-- 
2.17.1

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to