yocto-kernel: add apparmor fragments

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2016-10-30 09:13:27 -0700
committer: Armin Kuster <akuster808@gmail.com> 2017-02-18 11:43:20 -0800
commit: 6edbdc7a3443dea309a357618f01c13203cced71 (patch)
tree: d954a2865cbf4d5432bf04adb1de1e1764a99008 /recipes-kernel/linux
parent: 27420dbbd20809381b154ebc237d4e8dbcf4d1d4 (diff)
download: meta-security-6edbdc7a3443dea309a357618f01c13203cced71.tar.gz
2 files changed, 14 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg b/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg
new file mode 100644
index 0000000..1dc4168
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg
@@ -0,0 +1,13 @@
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_SECURITY_PATH=y
+# CONFIG_SECURITY_SELINUX is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
diff --git a/recipes-kernel/linux/linux-yocto_4.8.bbappend b/recipes-kernel/linux/linux-yocto_4.8.bbappend
index 048e8fd..78d5101 100644
--- a/recipes-kernel/linux/linux-yocto_4.8.bbappend
+++ b/recipes-kernel/linux/linux-yocto_4.8.bbappend
@@ -4,6 +4,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.8:"
 SRC_URI += "\
        ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.cfg', '', d)} \
        ${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.scc', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
 "
 SRC_URI += "\
author	Armin Kuster <akuster808@gmail.com>	2016-10-30 09:13:27 -0700
committer	Armin Kuster <akuster808@gmail.com>	2017-02-18 11:43:20 -0800
commit	6edbdc7a3443dea309a357618f01c13203cced71 (patch)
tree	d954a2865cbf4d5432bf04adb1de1e1764a99008 /recipes-kernel/linux
parent	27420dbbd20809381b154ebc237d4e8dbcf4d1d4 (diff)
download	meta-security-6edbdc7a3443dea309a357618f01c13203cced71.tar.gz

diff --git a/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg b/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg new file mode 100644 index 0000000..1dc4168 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-4.8/apparmor.cfg
@@ -0,0 +1,13 @@
		1	CONFIG_AUDIT=y
		2	CONFIG_AUDITSYSCALL=y
		3	CONFIG_AUDIT_WATCH=y
		4	CONFIG_AUDIT_TREE=y
		5	# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
		6	CONFIG_SECURITY_PATH=y
		7	# CONFIG_SECURITY_SELINUX is not set
		8	CONFIG_SECURITY_APPARMOR=y
		9	CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
		10	CONFIG_SECURITY_APPARMOR_HASH=y
		11	CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
		12	CONFIG_INTEGRITY_AUDIT=y
		13	# CONFIG_DEFAULT_SECURITY_APPARMOR is not set


diff --git a/recipes-kernel/linux/linux-yocto_4.8.bbappend b/recipes-kernel/linux/linux-yocto_4.8.bbappend index 048e8fd..78d5101 100644 --- a/recipes-kernel/linux/linux-yocto_4.8.bbappend +++ b/recipes-kernel/linux/linux-yocto_4.8.bbappend
@@ -4,6 +4,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.8:"
4	SRC_URI += "\	4	SRC_URI += "\
5	${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.cfg', '', d)} \	5	${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.cfg', '', d)} \
6	${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.scc', '', d)} \	6	${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' file://tpm.scc', '', d)} \
		7	${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
7	"	8	"
8		9
9	SRC_URI += "\	10	SRC_URI += "\