diff options
author | mulhern <mulhern@yoctoproject.org> | 2013-09-11 09:07:30 -0400 |
---|---|---|
committer | mulhern <mulhern@yoctoproject.org> | 2013-10-23 21:57:20 -0400 |
commit | cff02a044c6aef347cff8551b156dbc8a5d403d7 (patch) | |
tree | 0e501bdd0e30a2b2b48fa9ac1297e26c8042ae5d /classes/check_security.bbclass | |
parent | 594e95f052d352c4b269a39e994785e4e60ef078 (diff) | |
download | meta-security-cff02a044c6aef347cff8551b156dbc8a5d403d7.tar.gz |
meta-security: Add a new .bbclass for meta-security layer.
Inheriting the class will cause the check_security function to run on the
ROOTFS image. Currently the check_security function just invokes
buck-security-native on the root filesystem of the image.
Diffstat (limited to 'classes/check_security.bbclass')
-rw-r--r-- | classes/check_security.bbclass | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/classes/check_security.bbclass b/classes/check_security.bbclass new file mode 100644 index 0000000..6d6682e --- /dev/null +++ b/classes/check_security.bbclass | |||
@@ -0,0 +1,7 @@ | |||
1 | check_security () { | ||
2 | ${STAGING_BINDIR_NATIVE}/buck-security -sysroot ${IMAGE_ROOTFS} -log ${T}/log.do_checksecurity.${PID} -disable-checks "checksum,firewall,packages_problematic,services,sshd,usermask" -no-sudo > /dev/null | ||
3 | } | ||
4 | |||
5 | EXTRA_IMAGEDEPENDS += "buck-security-native" | ||
6 | |||
7 | ROOTFS_POSTPROCESS_COMMAND += "check_security;" | ||