[yocto] [meta-security][PATCH 1/2] linux-yocto: use 4.19 kernel cache now

Armin Kuster akuster808 at gmail.com
Tue Aug 13 17:02:03 PDT 2019


remove kernel fragments now that they are in the
kernel-cache for 4.19

update bbappend accordingly.

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 recipes-kernel/linux/linux-yocto/apparmor.cfg     | 15 ---------------
 .../linux/linux-yocto/apparmor_on_boot.cfg        |  1 -
 .../linux/linux-yocto/smack-default-lsm.cfg       |  2 --
 recipes-kernel/linux/linux-yocto/smack.cfg        |  8 --------
 recipes-kernel/linux/linux-yocto/yama.cfg         |  1 -
 recipes-kernel/linux/linux-yocto_4.%.bbappend     | 13 ++-----------
 6 files changed, 2 insertions(+), 38 deletions(-)
 delete mode 100644 recipes-kernel/linux/linux-yocto/apparmor.cfg
 delete mode 100644 recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
 delete mode 100644 recipes-kernel/linux/linux-yocto/smack-default-lsm.cfg
 delete mode 100644 recipes-kernel/linux/linux-yocto/smack.cfg
 delete mode 100644 recipes-kernel/linux/linux-yocto/yama.cfg

diff --git a/recipes-kernel/linux/linux-yocto/apparmor.cfg b/recipes-kernel/linux/linux-yocto/apparmor.cfg
deleted file mode 100644
index b5f9bb2..0000000
--- a/recipes-kernel/linux/linux-yocto/apparmor.cfg
+++ /dev/null
@@ -1,15 +0,0 @@
-CONFIG_AUDIT=y
-# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
-CONFIG_SECURITY_NETWORK=y
-# CONFIG_SECURITY_NETWORK_XFRM is not set
-CONFIG_SECURITY_PATH=y
-# CONFIG_SECURITY_SELINUX is not set
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_SECURITY_APPARMOR_HASH=y
-CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
-# CONFIG_SECURITY_APPARMOR_DEBUG is not set
-CONFIG_INTEGRITY_AUDIT=y
-CONFIG_DEFAULT_SECURITY_APPARMOR=y
-# CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="apparmor"
-CONFIG_AUDIT_GENERIC=y
diff --git a/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg b/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
deleted file mode 100644
index fc35740..0000000
--- a/recipes-kernel/linux/linux-yocto/apparmor_on_boot.cfg
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
diff --git a/recipes-kernel/linux/linux-yocto/smack-default-lsm.cfg b/recipes-kernel/linux/linux-yocto/smack-default-lsm.cfg
deleted file mode 100644
index b5c4845..0000000
--- a/recipes-kernel/linux/linux-yocto/smack-default-lsm.cfg
+++ /dev/null
@@ -1,2 +0,0 @@
-CONFIG_DEFAULT_SECURITY="smack"
-CONFIG_DEFAULT_SECURITY_SMACK=y
diff --git a/recipes-kernel/linux/linux-yocto/smack.cfg b/recipes-kernel/linux/linux-yocto/smack.cfg
deleted file mode 100644
index 62f465a..0000000
--- a/recipes-kernel/linux/linux-yocto/smack.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-CONFIG_IP_NF_SECURITY=m
-CONFIG_IP6_NF_SECURITY=m
-CONFIG_EXT2_FS_SECURITY=y
-CONFIG_EXT3_FS_SECURITY=y
-CONFIG_EXT4_FS_SECURITY=y
-CONFIG_SECURITY=y
-CONFIG_SECURITY_SMACK=y
-CONFIG_TMPFS_XATTR=y
diff --git a/recipes-kernel/linux/linux-yocto/yama.cfg b/recipes-kernel/linux/linux-yocto/yama.cfg
deleted file mode 100644
index 3b55731..0000000
--- a/recipes-kernel/linux/linux-yocto/yama.cfg
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_SECURITY_YAMA=y
diff --git a/recipes-kernel/linux/linux-yocto_4.%.bbappend b/recipes-kernel/linux/linux-yocto_4.%.bbappend
index 321392c..39d4e6f 100644
--- a/recipes-kernel/linux/linux-yocto_4.%.bbappend
+++ b/recipes-kernel/linux/linux-yocto_4.%.bbappend
@@ -1,11 +1,2 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-SRC_URI += "\
-        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
-        ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor_on_boot.cfg', '', d)} \
-"
-
-SRC_URI += "\
-        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack.cfg', '', d)} \
-        ${@bb.utils.contains('DISTRO_FEATURES', 'smack', ' file://smack-default-lsm.cfg', '', d)} \
-"
+KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", " features/apparmor/apparmor.scc", "" ,d)}"
+KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "smack", " features/smack/smack.scc", "" ,d)}"
-- 
2.17.1



More information about the yocto mailing list