linux-yocto: add 4.10 kernel support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2017-04-01 16:54:47 -0700
committer: Armin Kuster <akuster808@gmail.com> 2017-04-06 10:39:42 -0700
commit: 25f50bd5104090e849912fc1757689be32542e81 (patch)
tree: 67c4420613d44fc1268d2782db806b2b505c9920
parent: 8f0f8eeea805e98169fd2711729ac78a85d555ea (diff)
download: meta-security-25f50bd5104090e849912fc1757689be32542e81.tar.gz
4 files changed, 36 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg b/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg
new file mode 100644
index 0000000..1dc4168
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg
@@ -0,0 +1,13 @@
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_SECURITY_PATH=y
+# CONFIG_SECURITY_SELINUX is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
diff --git a/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg
new file mode 100644
index 0000000..b5c4845
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg
@@ -0,0 +1,2 @@
+CONFIG_DEFAULT_SECURITY="smack"
+CONFIG_DEFAULT_SECURITY_SMACK=y
diff --git a/recipes-kernel/linux/linux-yocto-4.10/smack.cfg b/recipes-kernel/linux/linux-yocto-4.10/smack.cfg
new file mode 100644
index 0000000..62f465a
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.10/smack.cfg
@@ -0,0 +1,8 @@
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_SMACK=y
+CONFIG_TMPFS_XATTR=y
diff --git a/recipes-kernel/linux/linux-yocto_4.10.bbappend b/recipes-kernel/linux/linux-yocto_4.10.bbappend
new file mode 100644
index 0000000..35a32b6
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_4.10.bbappend
@@ -0,0 +1,13 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.10:"
+# TPM kernel support
+KERNEL_FEATURES_append += "${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
+SRC_URI += "\
+        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
+"
+SRC_URI += "\
+        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
+"
author	Armin Kuster <akuster808@gmail.com>	2017-04-01 16:54:47 -0700
committer	Armin Kuster <akuster808@gmail.com>	2017-04-06 10:39:42 -0700
commit	25f50bd5104090e849912fc1757689be32542e81 (patch)
tree	67c4420613d44fc1268d2782db806b2b505c9920
parent	8f0f8eeea805e98169fd2711729ac78a85d555ea (diff)
download	meta-security-25f50bd5104090e849912fc1757689be32542e81.tar.gz

diff --git a/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg b/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg new file mode 100644 index 0000000..1dc4168 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-4.10/apparmor.cfg
@@ -0,0 +1,13 @@
	1	CONFIG_AUDIT=y
	2	CONFIG_AUDITSYSCALL=y
	3	CONFIG_AUDIT_WATCH=y
	4	CONFIG_AUDIT_TREE=y
	5	# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
	6	CONFIG_SECURITY_PATH=y
	7	# CONFIG_SECURITY_SELINUX is not set
	8	CONFIG_SECURITY_APPARMOR=y
	9	CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
	10	CONFIG_SECURITY_APPARMOR_HASH=y
	11	CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
	12	CONFIG_INTEGRITY_AUDIT=y
	13	# CONFIG_DEFAULT_SECURITY_APPARMOR is not set


diff --git a/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg new file mode 100644 index 0000000..b5c4845 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-4.10/smack-default-lsm.cfg
@@ -0,0 +1,2 @@
	1	CONFIG_DEFAULT_SECURITY="smack"
	2	CONFIG_DEFAULT_SECURITY_SMACK=y


diff --git a/recipes-kernel/linux/linux-yocto-4.10/smack.cfg b/recipes-kernel/linux/linux-yocto-4.10/smack.cfg new file mode 100644 index 0000000..62f465a --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-4.10/smack.cfg
@@ -0,0 +1,8 @@
	1	CONFIG_IP_NF_SECURITY=m
	2	CONFIG_IP6_NF_SECURITY=m
	3	CONFIG_EXT2_FS_SECURITY=y
	4	CONFIG_EXT3_FS_SECURITY=y
	5	CONFIG_EXT4_FS_SECURITY=y
	6	CONFIG_SECURITY=y
	7	CONFIG_SECURITY_SMACK=y
	8	CONFIG_TMPFS_XATTR=y


diff --git a/recipes-kernel/linux/linux-yocto_4.10.bbappend b/recipes-kernel/linux/linux-yocto_4.10.bbappend new file mode 100644 index 0000000..35a32b6 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_4.10.bbappend
@@ -0,0 +1,13 @@
	1	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.10:"
	2
	3	# TPM kernel support
	4	KERNEL_FEATURES_append += "${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
	5
	6	SRC_URI += "\
	7	${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
	8	"
	9
	10	SRC_URI += "\
	11	${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
	12	${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
	13	"