diff options
Diffstat (limited to 'meta-security/recipes-kernel/linux')
12 files changed, 8 insertions, 67 deletions
diff --git a/meta-security/recipes-kernel/linux/linux-%_5.%.bbappend b/meta-security/recipes-kernel/linux/linux-%_5.%.bbappend new file mode 100644 index 000000000..76b5df55b --- /dev/null +++ b/meta-security/recipes-kernel/linux/linux-%_5.%.bbappend @@ -0,0 +1,4 @@ +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "yama", " features/yama/yama.scc", "" ,d)}" + diff --git a/meta-security/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg b/meta-security/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg deleted file mode 100644 index ae6cdcdf0..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto-5.0/apparmor.cfg +++ /dev/null @@ -1,9 +0,0 @@ -CONFIG_AUDIT=y -CONFIG_SECURITY_PATH=y -CONFIG_SECURITY_APPARMOR=y -CONFIG_SECURITY_APPARMOR_HASH=y -CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_DEFAULT_SECURITY_APPARMOR=y -CONFIG_DEFAULT_SECURITY="apparmor" -CONFIG_AUDIT_GENERIC=y diff --git a/meta-security/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg b/meta-security/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg deleted file mode 100644 index fc3574015..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto-5.0/apparmor_on_boot.cfg +++ /dev/null @@ -1 +0,0 @@ -CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 diff --git a/meta-security/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg b/meta-security/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg deleted file mode 100644 index b5c48454e..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto-5.0/smack-default-lsm.cfg +++ /dev/null @@ -1,2 +0,0 @@ -CONFIG_DEFAULT_SECURITY="smack" -CONFIG_DEFAULT_SECURITY_SMACK=y diff --git a/meta-security/recipes-kernel/linux/linux-yocto-5.0/smack.cfg b/meta-security/recipes-kernel/linux/linux-yocto-5.0/smack.cfg deleted file mode 100644 index 0d5fc645c..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto-5.0/smack.cfg +++ /dev/null @@ -1,7 +0,0 @@ -CONFIG_NETLABEL=y -CONFIG_SECURITY_NETWORK=y -# CONFIG_SECURITY_NETWORK_XFRM is not set -CONFIG_SECURITY_SMACK=y -CONFIG_SECURITY_SMACK_BRINGUP=y -CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y -CONFIG_TMPFS_XATTR=y diff --git a/meta-security/recipes-kernel/linux/linux-yocto-dev.bbappend b/meta-security/recipes-kernel/linux/linux-yocto-dev.bbappend new file mode 100644 index 000000000..239e30e70 --- /dev/null +++ b/meta-security/recipes-kernel/linux/linux-yocto-dev.bbappend @@ -0,0 +1,2 @@ +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" ++KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" diff --git a/meta-security/recipes-kernel/linux/linux-yocto/apparmor.cfg b/meta-security/recipes-kernel/linux/linux-yocto/apparmor.cfg deleted file mode 100644 index b5f9bb2a6..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto/apparmor.cfg +++ /dev/null @@ -1,15 +0,0 @@ -CONFIG_AUDIT=y -# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set -CONFIG_SECURITY_NETWORK=y -# CONFIG_SECURITY_NETWORK_XFRM is not set -CONFIG_SECURITY_PATH=y -# CONFIG_SECURITY_SELINUX is not set -CONFIG_SECURITY_APPARMOR=y -CONFIG_SECURITY_APPARMOR_HASH=y -CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y -# CONFIG_SECURITY_APPARMOR_DEBUG is not set -CONFIG_INTEGRITY_AUDIT=y -CONFIG_DEFAULT_SECURITY_APPARMOR=y -# CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_DEFAULT_SECURITY="apparmor" -CONFIG_AUDIT_GENERIC=y diff --git a/meta-security/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg b/meta-security/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg deleted file mode 100644 index fc3574015..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg +++ /dev/null @@ -1 +0,0 @@ -CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 diff --git a/meta-security/recipes-kernel/linux/linux-yocto/smack-default-lsm.cfg b/meta-security/recipes-kernel/linux/linux-yocto/smack-default-lsm.cfg deleted file mode 100644 index b5c48454e..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto/smack-default-lsm.cfg +++ /dev/null @@ -1,2 +0,0 @@ -CONFIG_DEFAULT_SECURITY="smack" -CONFIG_DEFAULT_SECURITY_SMACK=y diff --git a/meta-security/recipes-kernel/linux/linux-yocto/smack.cfg b/meta-security/recipes-kernel/linux/linux-yocto/smack.cfg deleted file mode 100644 index 62f465a45..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto/smack.cfg +++ /dev/null @@ -1,8 +0,0 @@ -CONFIG_IP_NF_SECURITY=m -CONFIG_IP6_NF_SECURITY=m -CONFIG_EXT2_FS_SECURITY=y -CONFIG_EXT3_FS_SECURITY=y -CONFIG_EXT4_FS_SECURITY=y -CONFIG_SECURITY=y -CONFIG_SECURITY_SMACK=y -CONFIG_TMPFS_XATTR=y diff --git a/meta-security/recipes-kernel/linux/linux-yocto_4.%.bbappend b/meta-security/recipes-kernel/linux/linux-yocto_4.%.bbappend index 321392c0b..39d4e6f50 100644 --- a/meta-security/recipes-kernel/linux/linux-yocto_4.%.bbappend +++ b/meta-security/recipes-kernel/linux/linux-yocto_4.%.bbappend @@ -1,11 +1,2 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI += "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor_on_boot.cfg', '', d)} \ -" - -SRC_URI += "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \ -" +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}" +KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}" diff --git a/meta-security/recipes-kernel/linux/linux-yocto_5.0.%.bbappend b/meta-security/recipes-kernel/linux/linux-yocto_5.0.%.bbappend deleted file mode 100644 index f810e2112..000000000 --- a/meta-security/recipes-kernel/linux/linux-yocto_5.0.%.bbappend +++ /dev/null @@ -1,11 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-5.0:" - -SRC_URI += "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor_on_boot.cfg', '', d)} \ -" - -SRC_URI += "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \ -" |